Atlantic just released all the texts this a.m. and it is not good

[Aloha Hoosier]

FWIW, here's a couple key snippets from CISA's guidance.

I get what you're saying -- about the information being classified or not. And I completely understand that it's operative.

But I don't take what CISA is saying here for discussions about cookie recipes and T-ball games. They did recommend adoption of a public messaging platform "for secure communications" by "highly targeted individuals...likely to possess information of interest to these threat actors."

Why would they do this at all?

We have SIPR systems and SIPRNET for classified conversations. This isn't it.

We always want to make it difficult for any information get into the wrong hands. That includes unclassified official business email and conversations. Also, as I used to semi-joke with my wife when on active duty, I'm a high value target for terrorists so I don't want them to easily know my location or personal plans. No mystery here.

 

[crazed_hoosier2]

We have SIPR systems and SIPRNET for classified conversations. This isn't it.

We always want to make it difficult for any information get into the wrong hands. That includes unclassified official business email and conversations. No mystery here.

Well, naturally they'd want to make it difficult.

But you don't think it's misguided for CISA to be advocating the usage of a public messaging platform for transmitting "sensitive information" (their term, not mine)?

I think it is. I don't think any sensitive information -- classified or not -- belongs on a public messaging platform.

 

[twenty02]

I am reading it. And I don't get the impression at all that it's merely in reference to non-sensitive information (ie, non government business). It clearly references sensitive information -- which implies government business.

It also says to assume that any communication -- be it on a personal or government device -- can be compromised.

My problem, from the moment I heard about this, is why a public messaging platform would be used for discussing sensitive information. And CISA's guidance here is recommending just that.

It is only recommending it in the absence of access to anything better. That's a major distinction. So yeah, better to use Signal than just sending SMS texts....

The director of some sub agency in the Dept of Interior probably doesn't have access to higher level communication security. How is that relevant to this?

We know why they used this. Common sense. Set to delete in 4 weeks. If shit went bad no trace this discussion ever happened

 

[Aloha Hoosier]

Well, naturally they'd want to make it difficult.

But you don't think it's misguided for CISA to be advocating the usage of a public messaging platform for transmitting "sensitive information" (their term, not mine)?

I think it is. I don't think any sensitive information -- classified or not -- belongs on a public messaging platform.

Not at all misguiding. First, generally mostly the IT guys really read CISA stuff. Second, there are official instructions and policies that explicitly describe what systems can be used for specific levels of sensitivity and classification to every government worker. Third, every government worker gets training every year on this.

 

[crazed_hoosier2]

It is only recommending it in the absence of access to anything better. That's a major distinction. So yeah, better to use Signal than just sending SMS texts....

The director of some sub agency in the Dept of Interior probably doesn't have access to higher level communication security. How is that relevant to this?

We know why they used this. Common sense. Set to delete in 4 weeks. If shit went bad no trace this discussion ever happened

But the language they use -- "sensitive information" -- does clearly imply official government business...be it the Department of the Interior or otherwise. As I said, I don't think that anybody would consider cookie recipes and T-ball schedules to be sensitive.

 

[crazed_hoosier2]

Not at all misguiding. First, generally mostly the IT guys really read CISA stuff. Second, there are official instructions and policies that explicitly describe what systems can be used for specific levels of sensitivity and classification to every government worker. Third, every government worker gets training every year on this.

You don't think it's misguided for the government agency that deals with communication security to be recommending the use of a public messaging platform to transmit sensitive information?

Well, we'll have to agree to disagree on that. I think it's a terrible idea. Encryption can only do so much -- as should be obvious right now.

 

[Noodle]

Not at all misguiding. First, generally mostly the IT guys really read CISA stuff. Second, there are official instructions and policies that explicitly describe what systems can be used for specific levels of sensitivity and classification to every government worker. Third, every government worker gets training every year on this.

Meanwhile, I cannot even connect my firm laptop to my network printer at home due to security rules (many of which are mandated by certain clients). Apparently a big issue is that many printers have memory such that our security system sees it as an external storage device. We banned the use of thumb drives over 5 years ago. Now, if I need documents off of a thumb drive someone has to use an air-gapped computer to extract the documents and then sterilize them before they can be loaded onto a firm computer.

 

[Mark Milton]

You don't think it's misguided for the government agency that deals with communication security to be recommending the use of a public messaging platform to transmit sensitive information?

Well, we'll have to agree to disagree on that. I think it's a terrible idea. Encryption can only do so much -- as should be obvious right now.

Raymond Reddington used a flip phone--never had a lick of trouble

 

[The Original Happy Goat]

I'd like to know why CISA was recommending it. And why (at least in the case of Ratcliffe at the CIA) the agency was installing it. If Ratcliffe is right, the use of Signal wasn't some rogue decision on their part.

The government recommends these apps for sensitive, but non-official communication. They aren't recommended for what these guys were using if for. That DOD memo NPR had explicitly said not to use them for this kind of thing.

 

[Aloha Hoosier]

You don't think it's misguided for the government agency that deals with communication security to be recommending the use of a public messaging platform to transmit sensitive information?

Well, we'll have to agree to disagree on that. I think it's a terrible idea. Encryption can only do so much -- as should be obvious right now.

There a many levels of sensitive information. They do pass some sensitive information on unclassified systems and there are rules for what levels and what protection is required. Some things require encryption. Usually, PII stuff. Unclassified information is never to be passed on an unclassified system, as simple as that.

 

[Bowlmania]

Karoline Leavitt: The “Signal Hoax” is all Jeffrey Goldberg’s fault.

 

[twenty02]

You don't think it's misguided for the government agency that deals with communication security to be recommending the use of a public messaging platform to transmit sensitive information?

Well, we'll have to agree to disagree on that. I think it's a terrible idea. Encryption can only do so much -- as should be obvious right now.

John Bolton agrees....


"I think the key point here is the United States government over decades has spent billions of dollars to create the world's most secure telecommunications capabilities. And why these senior officials, virtually all of whom are 24-7 able to get onto a secure phone, a secure video, a secure computer, why they would shift off of that for any reason to any commercial system ... that's the first, that's the original sin. Everything else after that just makes things worse," Bolton said.


So why would they have done this in the first place?
The most obvious answer is most often the correct one.

 

[crazed_hoosier2]

There a many levels of sensitive information. They do pass some sensitive information on unclassified systems and there are rules for what levels and what protection. Somethings require encryption. Usually, PII stuff. Unclassified information is never to be passed on an unclassified system, as simple as that.

IMO, if information is sensitive at all, it doesn't belong on a public network -- encryption or not.

I'm not saying that this is what the policy is. I'm saying that this is my opinion...based on my own experiences with information security. It's an issue for us, too. But we don't have access to isolated platforms. So we don't have a choice.

It seems to me like the federal government does have that choice.

 

[mcmurtry66]

Meanwhile, I cannot even connect my firm laptop to my network printer at home due to security rules (many of which are mandated by certain clients). Apparently a big issue is that many printers have memory such that our security system sees it as an external storage device. We banned the use of thumb drives over 5 years ago. Now, if I need documents off of a thumb drive someone has to use an air-gapped computer to extract the documents and then sterilize them before they can be loaded onto a firm computer.

Could be worse. I have two monitors on my desk and can’t find my mouse. I typically just use my laptop. I also had a zoom meeting and was yelling bc I couldn’t get it to work with me in the video until one of my partners came in and said the monitor doesn’t have a camera you stupid fck

 

[crazed_hoosier2]

John Bolton agrees....


"I think the key point here is the United States government over decades has spent billions of dollars to create the world's most secure telecommunications capabilities. And why these senior officials, virtually all of whom are 24-7 able to get onto a secure phone, a secure video, a secure computer, why they would shift off of that for any reason to any commercial system ... that's the first, that's the original sin. Everything else after that just makes things worse," Bolton said.


So why would they have done this in the first place?
The most obvious answer is most often the correct one.

Yeah, he's echoing what I've been saying.

 

[twenty02]

It seems to me like the federal government does have that choice.

I wouldn't make that assumption. Particularly those parts of govt outside of the national security space.

 

[The Original Happy Goat]

IMO, if information is sensitive at all, it doesn't belong on a public network -- encryption or not.

I'm not saying that this is what the policy is. I'm saying that this is my opinion...based on my own experiences with information security. It's an issue for us, too. But we don't have access to isolated platforms. So we don't have a choice.

It seems to me like the federal government does have that choice.

There are two elements here. There's the sensitivity of the information, which obviously raises concerns, but there's also the official and novel nature of it. Using these apps to, say, recap with the group what you talked about in a meeting is one thing. But updating the group with new information or making/cascading decisions raises record-keeping concerns, too. That's probably why the policy is to use them only in limited circumstances.

 

[outside shooter]

I don’t think Goldberg published all of it. Only the parts he wanted to write about.

I just heard him interviewed on NPR. He first contacted senior officials in the CIA and other agencies to identify anything that would compromise US security. The CIA identified a couple of sentences yesterday, so he did not publish them, but published everything else. It seems that he bent over backwards to be responsible

 

[crazed_hoosier2]

I wouldn't make that assumption. Particularly those parts of govt outside of the national security space.

Maybe. It would depend on its architecture. If they go all the way down to the physical layer for isolation, that would be very expensive to scale.

 

[Mark Milton]

Could be worse. I have two monitors on my desk and can’t find my mouse. I typically just use my laptop. I also had a zoom meeting and was yelling bc I couldn’t get it to work with me in the video until one of my partners came in and said the monitor doesn’t have a camera you stupid fck

 

[swman]

That “yes or no” crap doesn't fly in my presence.

Nothing simpler than a yes no question. I’d suspect that Mike Johnson’s idea of getting rid of federal courts that rule against The Dancing Orange Orangutan does fly in your presence. You’ve never heard a democrat float such undemocratic ideas.

 

[Aloha Hoosier]

Yeah, he's echoing what I've been saying.

No he’s not. He’s talking about using secure systems for what they were discussing - classified. That’s not necessary for a standard official business meeting which that started as before Hegseth added Top Secret strike plan details. If someone in the meeting (Hegseth) wanted to talk classified he would have, should have said, “I have some information which we need to discuss in the high side.” By the way, not everyone in that meeting even had a need to know what Hegseth shared.

The idea of having SIPR for all, which it seems you’re getting at is unworkable. Not everyone in government has a clearance and the expense to provide SIPR devices and to make every office meet SIPR requirements would be astronomical,

 

[mcmurtry66]

Nothing simpler than a yes no question. I’d suspect that Mike Johnson’s idea of getting rid of federal courts that rule against The Dancing Orange Orangutan does fly in your presence. You’ve never heard a democrat float such undemocratic ideas.

Young man that simpleness doesn’t fly in COH’s presence. We’re trying to get you to think for yourself. To think critically. That’s why you’ll only receive open-ended, probing questions that never elicit yes or no answers

 

[Cortez88]

That “yes or no” crap doesn't fly in my presence.

Well, Your Honor, in that case changes need to be made immediately.

 

[Noodle]

Could be worse. I have two monitors on my desk and can’t find my mouse. I typically just use my laptop. I also had a zoom meeting and was yelling bc I couldn’t get it to work with me in the video until one of my partners came in and said the monitor doesn’t have a camera you stupid fck

Thank goodness you don't work in national security.

 

[Marvin the Martian]

Young man that simpleness doesn’t fly in COH’s presence. We’re trying to get you to think for yourself. To think critically. That’s why you’ll only receive open-ended, probing questions that never elicit yes or no answers

CO always always always saw the world black and white when the subject was Biden or Obam

 

[Noodle]

Sound like Waltz could be toast after all.

Inside Trump's rage at 'stupid' top national security aide

President Donald Trump lauded National Security Advisor Michael Waltz as a 'good man' who will continue to do a 'good job' during an event at the White House on Tuesday.

www.dailymail.co.uk

 

[swman]

Total violation. It's not even a question now. The link in the OP gets you to Atlantic's article with the entire chat with screenshots.

This all should have been on SIPR or better in a SCIF in person. Hegseth had to be getting the strike mission details from his SIPR device and then reposting it on Signal. Strike mission plans are always classified, typically Secret and sometimes Top Secret.

While there is no chance anyone will be charged, the law was indeed broken here.

The President should fire Waltz and Hegseth and distance himself from this and to show that he has at least some concern for protecting classified information.

Surely you jest. Remember the classified documents found in his toilet in Florida?

 

[mcmurtry66]

CO always always always saw the world black and white when the subject was Biden or Obam

 

[mcmurtry66]

Sound like Waltz could be toast after all.

Inside Trump's rage at 'stupid' top national security aide

President Donald Trump lauded National Security Advisor Michael Waltz as a 'good man' who will continue to do a 'good job' during an event at the White House on Tuesday.

www.dailymail.co.uk

fire him. and pete. global affairs has been a mess so far. replace them. and believe me it can happen. very very quickly.

 

[swman]

I don’t think Goldberg published all of it. Only the parts he wanted to write about.

Do you think all of the participants were ignorant of the obvious violation you see? While there was apparently a reference to a separate system, nobody (that we know of) suggested moving the discussion.

Of corse the million dollar question here is exactly how Goldberg got included. That clown is the last person on earth you would think a Republican Administration would make a mistake about.

Let me guess. He’s a clown because Orange Jesus and his minions, you included, think so? That must be the best tasting koolaid since Haley Bop.

 

[IUCrazy2]

But the language they use -- "sensitive information" -- does clearly imply official government business...be it the Department of the Interior or otherwise. As I said, I don't think that anybody would consider cookie recipes and T-ball schedules to be sensitive.

I will limit this to Hegseth as he is squarely in an area I can speak specifically about. Every DoD civilian employee is required to complete training on a yearly basis as to handling of different types of classified information, from CUI all the way up to Top Secret. All of those are considered sensitive and would run the gamut from your boss's phone number (PII) up to state secrets. Government phones come with the same texting ability as the phone in your hand. What they are saying is not to use iPhone messenger, use the signal app if you are having any discussions. Sensitive would include sharing the direct contact information of a base commander. Things that are publically available can be considered sensitive when it is being passed from one government worker to another.

Hegsett is a former officer and has likely had an even more in depth briefing than a typical DoD civilian. He absolutely knows that you CANNOT transmit the information he did over Signal or any other off the shelf app out there. @Aloha Hoosier is 100% accurate in his description of the different methods they have available to have this level of discussion. Giving times, type of aircraft, target data, etc. before an attack increases the risk involved for our service members. This was an absolute shit show of a **** up on Hegseth's part. He has to be the example to the people he leads and every single one of them knows that there was no way in hell he didn't know he was in the wrong sharing that data. It doesn't matter one damn bit what CISA has to say because DoD is very clear on the rules, he would be facing termination, fines, and potentially jail if he wasn't a political appointee. The political operatives in both parties have gotten really loose with INFOSEC and it needs to stop. What Hegseth shared could literally get people killed.

So I won't be as nice. Conservatives, there is no ifs, ands, or buts around this. They ****ed up. They need to issue their mea culpas. They need to stop using these apps to try and skirt FOIA and Presidential Record keeping laws. There isn't a needle to thread here.

 

[IUINSB]

fire him. and pete. global affairs has been a mess so far. replace them. and believe me it can happen. very very quickly.

Nepo hire would probably be better than all the admin DEI hires.

 

[Mark Milton]

fire him. and pete. global affairs has been a mess so far. replace them. and believe me it can happen. very very quickly.

Not gonna lie--he looks like the doll from "the Boy"

 

[mcmurtry66]

Nepo hire would probably be better than all the admin DEI hires.

He’s the 🐐

 

[Spartans9312]

Karoline Leavitt: The “Signal Hoax” is all Jeffrey Goldberg’s fault.

These people must want this shit to stay in the news. They attacked the guy so he said screw it and released more info. All they had to do was take responsibility…people are forgiving in most instances. Get the facts out fast for all to see. Quit being cowards.

 

[mcmurtry66]

Not gonna lie--he looks like the doll from "the Boy"

Hegseth looks like Jeff Lewis from flipping out

 

[Aloha Hoosier]

I will limit this to Hegseth as he is squarely in an area I can speak specifically about. Every DoD civilian employee is required to complete training on a yearly basis as to handling of different types of classified information, from CUI all the way up to PPI. All of those are considered sensitive and would run the gamut from your boss's phone number (PII) up to state secrets. Government phones come with the same texting ability as the phone in your hand. What they are saying is not to use iPhone messenger, use the signal app if you are having any discussions. Sensitive would include sharing the direct contact information of a base commander. Things that are publically available can be considered sensitive when it is being passed from one government worker to another.

Hegsett is a former officer and has likely had an even more in depth briefing than a typical DoD civilian. He absolutely knows that you CANNOT transmit the information he did over Signal or any other off the shelf app out there. @Aloha Hoosier is 100% accurate in his description of the different methods they have available to have this level of discussion. Giving times, type of aircraft, target data, etc. before an attack increases the risk involved for our service members. This was an absolute shit show of a **** up on Hegseth's part. He has to be the example to the people he leads and every single one of them knows that there was no way in hell he didn't know he was in the wrong sharing that data. It doesn't matter one damn bit what CISA has to say because DoD is very clear on the rules, he would be facing termination, fines, and potentially jail if he wasn't a political appointee. The political operatives in both parties have gotten really loose with INFOSEC and it needs to stop. What Hegseth shared could literally get people killed.

So I won't be as nice. Conservatives, there is no ifs, ands, or buts around this. They ****ed up. They need to issue their mea culpas. They need to stop using these apps to try and skirt FOIA and Presidential Record keeping laws. There isn't a needle to thread here.

Hegseth claiming what he posted is unclassified is a lie. Everyone in DoD knows their boss is a liar. The CENTCOM four star commander knows his immediate boss is a liar and he’s probably mad enough to eat nails over this.

 

[IUCrazy2]

There are two elements here. There's the sensitivity of the information, which obviously raises concerns, but there's also the official and novel nature of it. Using these apps to, say, recap with the group what you talked about in a meeting is one thing. But updating the group with new information or making/cascading decisions raises record-keeping concerns, too. That's probably why the policy is to use them only in limited circumstances.

They couldn't even use it to recap that meeting based on the subject matter. It is more "Hey JD, I have something to talk to you about. Are you near a high level?" That is the type of message you can send on Signal. If he responded, "I am free at noon." That is giving his schedule a bit and so would be sensitive but it isn't classified info.

They messed up. I think Hegseth should at least be reprimanded and Waltz should probably be bounced.

 

[outside shooter]

Sound like Waltz could be toast after all.

How many milliseconds will it take dbm, CO.H, and others to flip-flop against all of them, as soon as Trump does?