If they visit the White House, government facility ... should go in a locker.
I worked for a company that sent people onsite to government contractors. One contractor we rarely visited was at a facility where you arrived at the front gate in your rental car with your ID, keys, and equipment you needed. You were told if you brought anything else expect to lose it.
They took your ID and keys at the gate, searched the car, you were blindfoled and they escorted you to the location of the equipment. If you had to go to the bathroom your were escorted (all the way...). You left with the clothes on your back.
We went through a lot of laptops, but ... that place was secure.
Security involving politicians / civilian workers ... much harder I imagine.
Unsurprisingly, data egress to third parties is a major security vector - especially for mission critical jobs like working in the House. MS apps incorporating Copilot have faced similar blocks as well.
This requirement for data stewardship is called out in HITPOL8 as well [1][2] (the AI tool standards set by the House CAO).
[0] - https://faq.whatsapp.com/203220822537614/?cms_platform=iphon...
[1] - https://cha.house.gov/_cache/files/4/2/42dca19e-194b-481e-b1...
[2] - https://cha.house.gov/_cache/files/0/8/08476380-95c3-4989-ad...
It might be good if you're a journalist, but it's not as good if you have compliance requirements beyond confidentiality.
[0] - https://cha.house.gov/_cache/files/4/2/42dca19e-194b-481e-b1...
[1] - https://cha.house.gov/_cache/files/0/8/08476380-95c3-4989-ad...
When trying to avoid subpoenas of data on the device itself, it's important to frequently "lose" the phone with the messages on.
In Brazil even subpoenas can be sent via WhatsApp.
The court: "No problem, just join the session on video using WhatsApp"
Remote court sessions are usually on Google Meet or Zoom
But that is a concern of information security.
Compliance is often part of this calculus, and many on this forum get wrapped around the axle thinking it's always about cryptography or something. Encryption is only a small part of the broader practice of information security.
The handling and metadata around encrypted messages is nearly as exploitable as the actual message contents. End-to-end encryption is necessary but not sufficient. The infrastructure has to be designed to minimize risk of other forms of exploitive analysis as well but in the case of WhatsApp that is essentially their business model.
Essentially the software creating the keys is not controlled by the same entity controlling the transmission method.
In email/matrix you have an additional protection in that you can host your own server; the best protection is the one you never have the possibility of traffic being diverted, and even if it was it would be encrypted so that the server doesn’t leak anyway, security is like an onion after all.
Without even looking at things like HTTP headers, this is what the metadata an E2EE-encrypted message (with verified+cross-signed keys) looks like, with specific identifiers censored just in case:
{
"type": "m.room.encrypted",
"sender": "@.......:jeroenhd.nl",
"content": {
"algorithm": "m.megolm.v1.aes-sha2",
"ciphertext": "AwgAEqAC/..........",
"device_id": "EDNM......",
"sender_key": "+rKR.......",
"session_id": "H3Oyob........",
"m.relates_to": {
"m.in_reply_to": {
"event_id": "$5qFg........"
}
}
},
"origin_server_ts": 17507.......,
"unsigned": {
"membership": "join",
"age": 127,
"transaction_id": "m17507........."
},
"event_id": "$_KBk.......",
"room_id": "!.........:jeroenhd.nl"
}
I understand why they implemented some of the metadata this way, but the encryption-stapled-to-unencrypted-messaging approach just leaves a lot to be desired. Signal, on the other hand, leaks pretty much nothing.
- yes not end-to-end encrypted by default
- but I haven't seen any complaints about their end-to-end encryption, except that it isn't enabled by default
- and unlike WhatsApp they publish reproducible builds so we can know the endpoints do what the source code says
Please don't fulminate. Please don't sneer, including at the rest of the community.
Eschew flamebait. Avoid generic tangents. Omit internet tropes.
Just getting a well-known Python package authorized for install on a single machine can take multiple years. People are used to corporations engaging in security theater, but in the DoD world it's much the opposite: the security apparatus is so paranoid and strict that nobody can get anything done.
https://www.microsoft.com/en-us/microsoft-365/government
Some other examples:
- AWS GovCloud https://aws.amazon.com/govcloud-us/
- Google Workspace for Government https://workspace.google.com/industries/government/
- GovSlack https://slack.com/solutions/govslack
- Atlassian Government Cloud https://www.atlassian.com/government
The unwarranted confidence is stunning in a post that is so fundamentally incorrect. I don't like Teams, but your take is deeply unaligned with reality.
Or maybe that Microsoft pays more than Meta.
This is the sticking point, because WhatsApp has now integrated Meta AI into the app, but (obviously) do not provide an on-prem data store. This is why Deepseek AI (the Deepseek app) and ChatGPT (the OpenAI app) are barred as well.
Data Stewardship and Zero Trust has been an internal initiative in the House for a couple years now.
The fact that almost no one on this thead knows these (imo overused) terms and design patterns highlights one of the various major gaps in Software Dev I've been observing for several years now - especially the North American market (given the hours that this was posted). The inability to incorporate or understand some basic security architectures is a major gap.
Edit: Keep pushing the downvotes. The truth hurts, and plays a role in jobs leaving, and funds like my employer funding cybersecurity startups in Israel, India, and Eastern Europe because the ecosystem doesn't exist in the US anymore. A similar trend happened in data layer related work.
We don't need more SKLearn plumbers calling themselves "ML Engineers" or Angular monkeys calling themselves "Fullstack Engineers" - we need people who truly understand fundamentals (or - shudders - first principles), be they mathematical (optimization), systems (virtualization), or algorithms (efficient data structures)
Its not that they aren't known, but rather we just came off a long trend of thin-clients and cloud storage. Some companies merely stay in that ethereal space, while others had concerns about their data. Criticizing people for doing what experts were pushing for the past 20 years doesn't need to devolve into calling their expertise into question.
The downvotes are for that, not because "you're wrong".
My original comment is mostly saying that it is too critical of staff saying "how did they not know" when we're now starting to return to in-house solutions. The prior solution was "Go Cloud", now its "Stay Home". In a decade, once enough people learn the struggles of having everything in-house, the next solution will be "Go Cloud" again, or whatever the future equivalent is.
The overall purpose of my comment was more akin to "calm down, we're just in a new tech cycle, no one's an idiot for following the last cycle's solution".
Maybe a significant portion of the HN base simply never worked with companies that either sold to or were a part of regulated industries, but I do not buy that.
Furthermore, all of the design patterns I am describing can and have be implemented within cloud environments as well.
[0] - https://apps.apple.com/us/app/deepseek-ai-assistant/id673759...
Can you explain why the thinking is wrong?
Teams is more secure in my opinion.
I as an admin can control who you can/can't talk to, what you can share with them, when you can share it. Correctly configured MS Teams is a pretty secure setup.
On the flipside im not sure i can make someone else's Whatsapp not auto download anything sent to it.... The two apps aren't really comparable unless I've missed an entire 'Whatapps for government/enterprise' business arm.
Microsoft maintains specific secure government versions of Teams that use their own special secure data centers. It's a full parallel extra secure set of infrastructure.
MS Teams allow for offline/local storage of its video/chat conferencing.
Personally, I'd be embarrassed to let people know I thought that way, but to each their own.
The situation is entirely different when you are managing very large organizations.
In those situation, you don't necessarily need the need the data to be invisible to the intermediary servers, because you might either just be able to control them yourself, secure them with NDAs, etc. And if the server is controlled by you, then you might not even want the data to be invisible to yourself. But, your primary risks may be the compromise of endpoint devices, mistakes or leaks by your users, or a lack of controls over data exchange. Also, many organizations may need to provide records of their internal communications in order to comply with legal requirements.
You might be surprised to know that enterprise offerings of many apps that otherwise support E2EE, often have a way for administrators to intentionally turn those features off.
For you, you trust yourself the most, followed by your device, and the intermediate servers are a threat. For an organisation, the servers are the most trusted entity, followed by the org-provided device, and a certain percentage of users are an active threat.
Which is an anti-feature given this application: you want a certain level of oversight and control over what staffers communicate.
> The Office of Cybersecurity has deemed WhatsApp a high-risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption, and potential security risks involved with its use
(Of course that statement seems to be highly confused overall. What "stored data encryption"?)
I was of the impression that Whatsapp’s messages (and its backups, photos, etc) kind of just hung around in plaintext once they reached the device.
Which would seem to be a problem should the device be stolen, or observed by other applications on the phone or a tethered device, or twiddled with sneaky hardware (e.g. [0]) that might use physical means to access the device’s file system.
Although as I understand it, the privacy claims are kind of window dressing anyway, and Meta has been more than willing to share plenty of WhatsApp’s data with all and sundry… even before AI-in-the-same-search-bar came along [1]
[0] https://shop.hak5.org/products/omg-cable
[1] https://www.propublica.org/article/how-facebook-undermines-p...
The operating system (Android/iOS) encrypts everything anyway. Why would you double that? More to the point, do any of the other "safe" apps, like iMessage, do that?
Man, politics and finance are a trainwreck enabled by apathetic voters who think democracy is about picking a sports team.
> "high-risk to users due to the lack of transparency in how it protects user data..."
> "We disagree with the House Chief Administrative Officer's characterization in the strongest possible terms."
It seems like this is non-responsive to the first claim. Meta goes on to say that WhatsApp is end-to-end encrypted, but the quotes never really do address the transparency issue.
Go on...
Use Signal.
Of course, the US government already has approved procedures and devices for secure communication, so senior official making up their own is reckless and unprofessional.
None of this is meant to excuse these officials for not authenticating everybody in that group or for using highly informal text messages to plan an airstrike of all things.
Ultimately there's no excuse for leaking information when you're at that level of government; I just feel like the app industry needs to take responsibility and fix several obvious, well-known and common UI issues.
Supposedly, it was the result of a helpful Apple feature getting the wrong phone number for one of the intended group participants. Then Signal cheerfully used that wrong phone number to add the reporter to the group.
* https://www.theguardian.com/us-news/2025/apr/06/signal-group...
If there are UI issues, they should be fixed because they are also annoying when planning somebody a surprise birthday party. (Or all the other stuff an encrypted chat app might be good for).
On the other hand, PGP just calling itself “pretty good” was pretty funny. Maybe that’s the level of active humbleness that everybody should aim for.
* https://articles.59.ca/doku.php?id=em:sg End to End Encrypted Messaging in the News: An Editorial Usability Case Study (my article)
When it comes to practical cryptography, nobody is doing signing parties anyway. It's all TOFU unless someone forces people's hands, and when you force people to do security you can assume they won't bother checking if the QR code they're scanning is coming from a real app or a livestream of someone else's app, they just want to get the scanning done. The whole key scan thing is probably only of any use to people keeping contact after meeting with journalists.
* Signal
* Twillo
* The phone company
That's all OK as far as it goes, but the root problem here is that a typical Signal user is made aware of none of this. Sure it's legit to take convenience over security, but it is not OK to leave this tradeoff completely unknown to the people affected.
https://www.theemcshop.com/benchtop-faraday-tents/select-fab...
Signal is only as secure as the device it runs on. Cell Phones are not secure. They are blackboxes and probably track you and may have built-in backdoors (only to be used to catch 'real' criminals), etc.
The idea that you can turn a device like that into some form of secure communication platform by installing an app is not realistic.
https://www.fastcompany.com/91352935/pentagon-pizza-index-th...
I think it is fair to assume that the US intelligence apparatus has inside knowledge on how comprised or otherwise different platforms are. They are the experts in compromising apps so I'm going to take their word for it.
We learned from Snowden how this is achieved, have people forgotten all of that already?
So to recap, how I assume this is done. A combination of "legal" American routes to gain access to data and embedding agents in the actual organizations to do your technical bidding.
This is speculation but if I were compromising whatsapp I'd leave a bug in there that allowed me to compromise accounts on demand. Something like being able to reduce the randomness of the RNG for a particular account. Then I could just decrypt the messages super easy (cause I already know a range of RNG seeds that work) and it would look to everyone like it was encrypted.
So, who is the chief culprit for doing this, if I was a guessing man (and I am) I would probably say Israel has compromised WhatsApp and the US gov knows it and would like Israel not to know everything that Whitehouse staffers are saying.
(..)
"Messages on WhatsApp are end-to-end encrypted by default, meaning only the recipients and not even WhatsApp can see them. This is a higher level of security than most of the apps on the CAO's approved list that do not offer that protection."
Also Government: WhatsApp has a backdoor. Don't use it.
People: don't use Signal! It has a back door! Instead, use Telegram, it doesn't have encryption by default and is highly suspect of a foreign adversary
Also people: "I'll just send copies of all my messages to the government because they have my data anyways"
Unless you have proof that he made a secret deal with Putin (you get Ukraine, we get Syria and Iran), how is this pro Russian?
Zuck put a backdoor
And
Zuck, put a backdoor
…are about as different as they could be
Source?
>Also Government: WhatsApp has a backdoor. Don't use it.
If "zuck" is really in the pocket of the US government, why should they worry about their own backdoors?
Have you ever watched a Saturday morning cartoon? Minions betray their masters all the time. An effective evil overlord doesn’t underestimate their lackey’s capacity for duplicity and betrayal at a pivotal moment.
The most fun may even appreciate the gall: https://memory-alpha.fandom.com/wiki/The_Nagus_(episode)#:~:...
It's the most hilarious thing about backdoors or collecting extensive covert intel on your own population, that any failure of opsec makes it much easier for all your adversaries to also spy on them in ways they would never otherwise be able to, then compromise them, and flip them.
I assume he does. I assume moreover that most people aware of this at Meta consider this due diligence in defending shareholder value. What's that line from Dune 2, a wise hunter climbs the tallest hill? _You need to see._
he U.S. Army is establishing Detachment 201: The Army’s Executive Innovation Corps, a new initiative designed to fuse cutting-edge tech expertise with military innovation. On June 13, 2025, the Army will officially swear in four tech leaders.
Det. 201 is an effort to recruit senior tech executives to serve part-time in the Army Reserve as senior advisors. In this role they will work on targeted projects to help guide rapid and scalable tech solutions to complex problems. By bringing private-sector know-how into uniform, Det. 201 is supercharging efforts like the Army Transformation Initiative, which aims to make the force leaner, smarter, and more lethal.
The four new Army Reserve Lt. Cols. are
Shyam Sankar, Chief Technology Officer for Palantir;
Andrew Bosworth, Chief Technology Officer of Meta;
Kevin Weil, Chief Product Officer of OpenAI; and
Bob McGrew, advisor at Thinking Machines Lab and former Chief Research Officer for OpenAI.
So yes, Meta's CTO is now a high ranking army officer
Plus, when it comes to important communications, the weird, hacked, Israeli Signal fork already has access to these documents anyway, even when they don't accidentally add a journalist to the group chat.
If we're talking summaries of government communications, that's more Microsoft territory, who don't even bother adding proprietary E2EE implementations to their chat software.