100% agree, as someone subjected to the trials of FedRAMP High and DoD IL-5 audits, how is Signal the go to when there's programs for getting SaaS services approved for unclassified communications already in place. Framed selfishly, why the heck are we even bothering with these frameworks if folks are just yolo'ing messages onto Signal? If we've got to suffer through FIPS-validated crypto, DISA STIGs, etc. shouldn't the messaging platform used at least meet par?
There was a lot of chatter on Bluesky earlier about what devices and systems were and should have been used in this particular case, and whether or not some of the testimony given was truthful or accurate.
This Intercept article I think is a little misleading as it's taking something said in testimony at face value, and not really contextualizing it well. Some of these issues are raised in the piece a bit, but to me it reads a little strangely, like a lot of context and background is missing.
