Security Turtles All the Way Down
An amazing security lapse just occurred: a journalist was accidentally included on a group chat via Signal to discuss sensitive war plans. This was wrong on so many different levels—read the article; it’s one of the msot amazing things I’ve ever read—but what I want to talk about is what “secure” means.
Let’s start with what Signal is. It bills itself as a “simple, powerful, and secure messenger”. It works more or less like any other text/voice/video communication platforms, but it’s strongly end-to-end encrypted. But is it really “secure”? That depends on your definition.
The first layer up is the cryptographic protocol employed. It’s almost certainly correct, though cryptography is notoriously hard to get right. And the NSA has stated that AES-256, for example, is good enough for top secret material. But there’s a catch: the application must be "properly implemented". On that, I’m much less confident; the rate of bug fix releases in Signal is quite high, and it has lots of features. That’s all well and good, but features imply code, and having lots of code implies lots of bugs, and bugs are the enemy of security. Is the code in Signal correct enough to be secure? I have no idea—but I’m nervous.
Past that, we have to think about identity: how do you know to whom you’re talking? That matters—is Squirrel really talking to Moose or to Boris or Natasha? The NSA’s secure phone systems apparently uses certificates containing the user’s name and clearance level. Signal doesn’t do that, for good reason—it’s for easy communication among arbitrary people, with no central authority wanted or needed (or possible) to issue such certificates. But if you get a call on your secure phone from someone claiming to be the head of the CIA, you want to know that’s who it is. You also want to know their clearance level, a concept rightfully foreign to Signal. In fact, apparently what is displayed on the screen of an NSA secure phone is the lower of the clearance levels of the two parties on the call. There is of course no analogue to this in Signal.
If you’re talking about war plans, your adversaries are major foreign intelligence agencies, organizations with vast technical capabilities. Is your phone or laptop secure against such attackers? Almost certainly not. And such adversaries have all sorts of other ways to eavesdrop on what you’re doing, which is why top secret conversations, even over secure gear, must take place in SCIFs (Sensitive Compartmented Intelligence Facilities). Notably, ordinary mobile phones and other personal electronic devices are not allowed in SCIFs.
So let’s look at the chain of failures here. First, the Signal messages were sent from devices on the open Internet. Almost certainly, at least some of these were not in SCIFs. They were thus exposed to hacking and to other forms of surveillance. People were in the chat without strong assurance of who they were. There was no visual indication of the security level of the chat. And all of this happened because these very high level people didn’t follow basic security rules. Adding a journalist to the group was the least of the problems and might have resulted from someone mistapping a name on a list (though “Jeffrey Goldberg” is not a rare name; I know someone else of that name)—but on a secure chat system, the wrong one probably wouldn’t have been listed at all.
The rules and procedures can be annoying, but they’re there for a reason. Here, every single safeguard was negated by one simple decision: to use Signal rather than a really secure platofrm for the discussion.
Update: Just when you thought it couldn’t get any stupider…
One of the members of the group Signal chat was in Russia at the time.
Also, just last week, the Pentagon warned that Russia was targeting Signal, that a vulnerability in it had been found, and that in any event, Signal was not approved for any non-public information, even unclassified information.
