COMSEC (Communications Security)

COMSEC stands for Communications Security: the discipline of protecting communications from unauthorized interception or analysis. Originally a military and intelligence-community term covering cryptography, transmission security, emission security, and physical security of communications systems. The umbrella concept that covers everything from end-to-end encryption to operational discipline around what gets discussed on which channel.

What it means in practice

The COMSEC discipline applies at multiple layers. Cryptography: the math and protocols that protect content (Signal protocol, age, PGP, TLS). Transmission security: protecting the metadata and the existence of communication (Tor, I2P, Briar peer-to-peer, sealed sender). Emission security: protecting against adversary-side capture of the communication via electromagnetic, acoustic, or visual leakage (faraday bags, voice-over-secure-channel rather than near a smart speaker, screen-privacy filters in public). Physical security: protecting the endpoints where communications are composed and read (clean devices, hardware-key 2FA, BFU power-off, the broader operational discipline). The Predaxia operational frame: COMSEC is not a tool, it is a practice; the practice combines tooling (Signal, Tor, hardware keys) with discipline (which channel for which conversation, what gets said where, what assumptions about the adversary).

Where it shows up

Operationally relevant for: journalists protecting source communications, lawyers maintaining attorney-client privilege across digital channels, NGO field staff coordinating in adversarial environments, military and intelligence professionals (the original audience), and the broader category of any operator whose communications matter beyond casual use. The Predaxia editorial frame: COMSEC is the umbrella under which Signal, Tor, encrypted email, hardware keys, faraday bags, and the operational protocols all sit; the individual tools are specific implementations, the discipline is the structural posture. The user who has Signal but no policy on which conversations go there, the lawyer who has encrypted email but discusses privileged matters at the airport coffee shop within range of microphones, the activist who has Tor Browser but logs into their real-name accounts from it: the COMSEC discipline is the structural piece their tooling alone does not provide.

What you can change today

Three habits. First, channel-discipline mapping: write down which communications go on which channel, before the conversation starts. Sensitive source contact: Signal, with disappearing messages; routine professional communication: encrypted email; financial discussion with the lawyer: in-person plus encrypted email; the conversation that should not exist in any channel: in-person without devices present. Second, emission-security awareness: where you have the conversation matters as much as which channel; the Signal call near a smart speaker has different security properties than the same call from a faraday-bagged phone in a quiet room. Third, the COMSEC review: every quarter, look at the conversations of the past three months and ask whether the channel choice was right; the discipline that compounds over months produces operational COMSEC, the one-time setup does not.