Mastodon Feed
Boosted by taral ("JP Sugarbroad"):
glent@aus.social ("Glen, now with 100% OPSEC") wrote:
A quick note that the issue with the use of Signal in the infamous Mother of All Group Chats is not encryption. Nor is the Signal program deficient for use by folk like us.
The issue is authorisation (the authority to do a thing) and, specifically, labelling.
Those TOP SECRET stamps you see on TV are labels. Authorisation schemes are all based around labels: people with *this* label can access items with *that* label.
Government information security is awash with labels. Security clearances, nationality, project codewords, compartmental information -- all are labels. The idea being that a person with a Secret clearance, and "cleared" into compartmented information label, and "read into" a codeword project can access the document with labels SECRET//CRYPTO//AWASH HAVEN (and I am absolutely avoiding real-life labels here, because I don't need ASIO at my door waving the Official Secrets Act).
Now you can see how a military group chat will work. Each chat will have a label (say SECRET//BOMBPEOPLE) and people seeking to join that chat will need to have labels which indicate they have a Secret clearance and have been read into the BOMBPEOPLE codeword.
You can also see that if we invite the Editor of The Atlantic to that SECRET//BOMBPEOPLE conversation then the Editor will lack the labels indicating the Secret clearance and BOMBPEOPLE codeword and their attempt to join the group will not be authorised.
Signal, being communications for ordinary folk, doesn't support much authorisation and does not need military-style label-based authorisation, with its labelling of people, communication channels, and information. Imagine the hassle of configuring all those labels just to text your dad.
This is really what is meant when experts say that Signal is not suitable for national security use.