The problem with the military using an off the shelf system like Signal isn't the tangible features (re: encryption, usable ux). The problem is one of control. What happens when the government gets into a dispute with Signal (say, over a warrantless wiretap) and Signal decides in protest that it will no longer have any DoD affiliated customers? What happens when, through a series of shell companies and legal loopholes, a controlling stake in Signal ends up in Chinese or Russian hands?
From the PoV of the DoD, owning the system from end to end is a feature they shouldn't compromise on, even if the other features suffer and it costs more than it otherwise would.
It feels like we’ve taken a step backwards. I remember years ago when the UK government could only communicate over blackberrys with custom certs/encryption keys. Now the UK government/cabinet seem to share everything with each other via WhatsApp groups. I don’t really see that as progress.
Perhaps they are ones that I expect the DoD has considered? As far as I know Signal is open source and no commercial arrangement is required to make use of it, putting the DoD in a position to respond in a technical capacity should there be a conflict.
In legal terms, I believe the DoD could stop any acquisition on national security groups. The US government, like many national governments, reserves that power. Signal is developed and run by a 501c3, making this a somewhat unlikely series of events.
Again, those are great points. I'm just not sure they wind up being any risks the DoD can't readily control.
The trend for the last couple of decades (since Reagan?) is: if it’s not used to kill people, contract it out. Systems that used to be run by DoD personnel are now ran by Oracle/Microsoft in the cloud and Northrop/Raytheon and various small companies for on-premise.
Matrix is like a bright teenager: they are full of promise and to be encouraged at every opportunity, but they also need to cut their hair and stop wearing CND T-shirts before they can be taken seriously.
(I’d add here that I’m a big fan and user of matrix, while being aware of its limitations as a marketed product.)
Matrix have shipped some high profile products to clients like national governments, but there’s little hope for traction with the general public when the riot.im signup process is so unpolished, and when the most common entry point into the Matrix system brands itself with a name other than Matrix.
Signal uses the signal website and signal app for iOS and signal app for desktop and refers to the signal protocol in all it’s literature. Matrix could take a leaf out of their book!
(Perhaps licensing the trademark would be a good start?: Riot -> Matrix Riot, Synapse -> Matrix Synapse, and move the riot.im functions into a domain that has matrix in it?)
The problem with the military using an off the shelf system like Signal isn't the tangible features (re: encryption, usable ux). The problem is one of control. What happens when the government gets into a dispute with Signal (say, over a warrantless wiretap) and Signal decides in protest that it will no longer have any DoD affiliated customers? What happens when, through a series of shell companies and legal loopholes, a controlling stake in Signal ends up in Chinese or Russian hands?
From the PoV of the DoD, owning the system from end to end is a feature they shouldn't compromise on, even if the other features suffer and it costs more than it otherwise would.