If you need your partners/bankers/salespeople/cabinet-level officials etc. to be able to converse with their clients on the E2E encrypted systems those clients already use, like WhatsApp and Signal, but maintain retention for legal or internal data-mining reasons, the only way to do that is to have a modified client, perhaps cracked or forked from an official client, that speaks the same wire protocol, but copies messages to separate storage.

Now, such a system could be set up to route those copied messages in a separately E2E-encrypted way to the client's in-house/on-prem archival systems, and have the client be responsible for implementing decryption and secure storage at rest. But it's far easier to just sell a centralized cloud-based archival/retrieval system - which must necessarily be able to decrypt messages, and thus makes for an incredibly juicy target.

Given the supply-chain risks of the provider offering the customized clients anyways, one would expect them to have a strong security focus... but it certainly seems this was not the case.

> the only way to do that is to have a modified client

My firm requires screenshots. If the concern is that someone would bypass that, well, someone could bypass TeleMessage, too.

One has to wonder what type of legal requirement this satisfies.

It certainly wouldn’t hold up to the “beyond a reasonable doubt” standard for US criminal prosecution.

I’ve been exposed to “lit holds” for various document management system before and usually a third party such as Box or Microsoft can attest to the immutability of files placed under lit hold, and/or there is an audit trail to make sure the chain of custody is intact.

> what type of legal requirement this satisfies

Typically between commercially reasonable and best efforts.

> been exposed to “lit holds” for various document management system before

I think these are held to a higher standard than run-of-the-mill securities compliance.

Why not try a new Document Management system - comes witH AI oCr and Extraction module. Name - DocuSensa AI

I wonder if it is just organizations that don't really care about anything other than brand name (signal is known as pretty good, right) and CYA.

Like it might legitimately be the case that you personally have expended more brainpower trying to understand the decision than they put into making it.

This is probably it.

Or there might be an issue with trusting their own IT departments. With Signal they don't even have to trust Signal (haha, but they might think that you know).

There's another possibility: NSA told them to use Signal w/ TeleMessage so that NSA could see everything because they have an agreement with TeleMessage or because NSA knows about all these vulns in TeleMessage.

There's other possibilities too.

You might be subject to compliance requirements for archival but also want to talk to other people who use signal.

For example DC Police may have confidential informants who would be best to use Signal because that isn't unusual. But the people there are communicating need to retain the communication.

So basically, you tell at-risk people they're E2E, but keep a copy on whatever storage system you want to use and send another to your friends.

This is the fundamental problem that end-to-end encryption doesn’t solve, right? If the person on the other end is malicious or really dumb they can still leak your messages.

E2EE’s biggest use case is preventing the government from reading your messages. If you are messaging the government (or are in the government) then this isn’t relevant.

This has always been possible with screenshots. SGNL is just an enterprise solution.

At the end of they day you need to trust who you are talking to and never over share.

E2E means that the messaging provider can't read the messages. The receiver can still see the messages and do whatever they want with them.

Most people don’t care about anonymous communication. The agendas of those who do vary.

Signal is essentially iMessage that works in Android for all intents. Supporting it lets you communicate with outside entities. Otherwise the only mechanism to do so is email, which is problematic at best.

Government and finance are required by law to archive and audit communications. Some companies do anyway to keep tabs on staff.

> Why not use a proper centralized chat with actual retention and encryption?

This is the right question to ask. It might be that such a thing doesn't quite exist in the way that the customers want (doubtful; Slack should work just fine), or more likely it might be a cultural issue (that Signal is ingrained in some of these executives' minds as _the_ secure system to use, and/or that they don't want Slack/Whatever to be the service provider for IM _and_ the service provider for retention, or that they don't want Slack/Whatever with on-prem services because they don't trust their own IT, etc.).

Obviously TeleMessage's value add is to add retention to Signal, which defeats the point of Signal. That leads me to think that the motivation is cultural.

Considering they accidentally included a journalist, compatibility with the existing user network. If you need logged chat with normal Signal users, TeleMessage would probably be the way to do this.

> I don’t understand the value proposition of TeleMessage. Uses Signal but defeats the point of using Signal.

I kind of feel the same way about Signal itself due to its reliance on phone numbers.

Only one person in the groupchat needs to be using Telemessage, ie. a CIA agent can use a government device with Telemessage to talk to sources on Signal. Signal has a great protocol & robust clients, and getting caught with Signal on your phone is probably a bit better than being caught with CIAChat on your phone.

The actual implementation here is atrocious though.