Everyone here is speaking like there HAS to be a backdoor for the messages to be auditable, forgetting that they could modify the application to abide to some sort of device management strategy that uploads a backup to some server when connected to a LAN for example.
Signal already gives encrypted backups with a password you see one time when setting up. I imagine you could easily modify that to lock the app with tye Android administrator shenanigans, and then periodically upload incremental backups.
The messages would of course remain encrypted but the key would be in the IT administration's hold.
I believe the end-to-end part of Signal is very interesting if you consider the whole NETWORK to be hostile, but that both ENDS are friendly once authenticated.
I can see a very FoA-friendly implementation of this.
It always seemed kind of stupid to me that they would spend billions of dollars to reinvent another wheel. It's like saying "Physics are good and we could add some more research and engineering for our case, but no, physics is opensource so let's make our own physics"
I think the idea of a backdoor comes because CIA/FBI/NSA has incentives to be anti-encryption. It is their job to break it. So they want their lives to be easier. But the DoD has an incentive to have strong encryption. It is their job to defend their communications.
But I'll disagree with you (while agreeing with you) on this
> Everyone here is speaking like there HAS to be a backdoor
The DoD __does__ have a backdoor. It is the cellphone, not Signal. There doesn't have to be a backdoor in Signal for them to have full access to these communications.
Signal already gives encrypted backups with a password you see one time when setting up. I imagine you could easily modify that to lock the app with tye Android administrator shenanigans, and then periodically upload incremental backups.
The messages would of course remain encrypted but the key would be in the IT administration's hold.
I believe the end-to-end part of Signal is very interesting if you consider the whole NETWORK to be hostile, but that both ENDS are friendly once authenticated.
I can see a very FoA-friendly implementation of this.
It always seemed kind of stupid to me that they would spend billions of dollars to reinvent another wheel. It's like saying "Physics are good and we could add some more research and engineering for our case, but no, physics is opensource so let's make our own physics"
Not exactly the same but ...