But Their Texts!
A gobsmacking security lapse is a sign of shocking recklessness
It’s the most shocking national security story of the year, but you’d be forgiven if you mistook it for a Saturday Night Live sketch. Earlier this month, Jeffrey Goldberg, the editor-in-chief of The Atlantic was inadvertently looped into a group chat on the encrypted messaging app Signal. The other participants comprised a who’s-who of the highest level national security officials in the United States, including Defense Secretary Pete Hegseth, Vice-President J.D. Vance, and National Security Advisor Michael Waltz, among others. Goldberg imagined he must be the target of a prank or hoax, as the group proceeded to casually discuss the most sensitive national security information imaginable over this unofficial channel, with a journalist as a fly on the wall. He realized it was the real thing when a detailed discussion of air strikes on specific targets in Yemen was shortly followed by actual strikes on those targets.
Obviously the incident is incredibly alarming in itself: For an unauthorized party, let alone a journalist, to be accidentally included in a conversation of such extraordinary sensitivity, unnoticed by any of the participants, indicates an almost unbelievable level of dangerous incompetence. Any hostile power (and probably plenty of friendly ones) would give their eyeteeth for such access. But it is, somehow, much worse than that, because for this to be possible at all implies a routine and systematic flouting of the most basic security protocols, not just by one senior official, but by effectively all of them.
The first thing to note is that from the description Goldberg provides, it’s quite clear that while the specific chat group to which he was invited was a new one, the policy of convening top-secret ad hoc working groups on Signal chat was not. Nobody remarks on the venue, or in any way indicates that there’s something unusual or novel about planning an imminent military action over a commercial app. They hop straight to business, as though this is all standard operating procedure—though, needless to say, it is in no way an officially sanctioned procedure.
Second, while Signal provides excellent security for encrypted messaging—it’s about as good as you can get from a widely-available commercial app—security for super-high-value targets like these, who are at the top of the wish-list for all the most sophisticated intelligence agencies on Earth, is about a lot more than the quality of the encryption in the app you use. That’s why discussions of this sort are meant to be conducted not only via internal secure channels—whose software will not permit you to oopsie-add random uncleared strangers from your private contact list—but on secure devices in secure locations. Good encryption in transit is of no use if the endpoint device is compromised—either by surreptitiously installed malware or an adversary gaining physical access. Nor is it any help if the message can be intercepted as the user reads it—either by good old-fashioned shoulder surfing or more high-tech variants, like a TEMPEST side-channel attack, which operates by picking up and analyzing radio wave emanations from the screen of a device.
Everything about the circumstances suggests none of the necessary precautions to prevent such attacks were being taken here. Signal is not approved for use on government-issued hardened devices, and (for obvious security reasons) users cannot just download and install arbitrary apps from some app store to such devices. So it seems very likely all these people are using their ordinary personal devices. Similarly, it seems very doubtful all of these people were chatting from a Sensitive Compartmented Information Facility (SCIF), where personal devices are prohibited: J.D. Vance, at least, volunteered that he was out on the road at a public event in Michigan.
Again, while presumably it is unusual for someone to be so gobsmackingly incompetent as to invite a reporter to such chats, the tone and tenor of the conversation suggests that this flouting of all the normal rules governing communications of this sensitivity was unremarkable and routine for all involved. In short: They do this all the time.
One reason for this, no doubt, is simple convenience and laziness. Really robust security tends to be necessarily somewhat inconvenient. Texting on your personal phone is a hell of a lot more user-friendly than hauling yourself to a SCIF and using the clunky secure system. But the other, as Goldberg speculates, is less innocuous: Talking over an unofficial channel, where messages can be set to auto-erase after a fixed period of time, means you never have to worry about some pesky FOIA requester, Inspector General, or oversight committee getting hold of a compromising or potentially illegal conversation. At least so long as you have the presence of mind not to copy a reporter on it. Needless to say, for just this reason, there are document retention rules in place to prevent precisely this sort of circumvention.
As you’re probably already thinking, there are obvious parallels here to the private e-mail server scandal that helped doom Hillary Clinton’s presidential campaign. This is particularly ironic since some of the participants on this chat were among those most loudly condemning Clinton’s inexcusable recklessness with classified information. I wrote a bit about that scandal at the time, and while I argued that it would strain the law to bring criminal charges against Clinton personally, I also rejected the efforts of some Democratic apologists to dismiss the whole thing as a nothingburger. As I wrote at the time:
Beyond the poor judgement implied by her sloppy approach to classified information, the effect (and probable intent) of Clinton’s use of a private server was to hamper government transparency by giving her improper de factocontrol over correspondence that should be subject to Freedom of Information Act requests—which is to my mind perhaps the most troubling aspect of her conduct.
I still think that’s correct. But this case is really much, much worse. Clinton, as everyone well out of diapers presumably recalls, maintained a private e-mail server—in itself there’s nothing wrong with that—which she dubiously chose to use for official correspondence. As a result, and it seems in most cases due to carelessness by her staff, dozens of e-mail threads on the server contained information that should have been classified as “secret” and eight contained information that should have been marked “top secret.” Critics were perfectly justified in attacking this as a display of egregiously bad judgement.
The improper e-mails on Clinton’s server, however, do at least appear to have been inadvertent. It often occurs that information is revealed publicly and becomes widely known, but remains formally classified, making it easy for staff to slip up, and it appears many of the lapses in Clinton’s case were of this sort. More importantly, nobody has alleged that any of those classified e-mails contained anything as catastrophically sensitive as plans for imminent military action. It was inexcusably careless, but it’s at least plausible that it was not deliberate on anyone’s part.
The Signal thread is a very different animal. None of the participants can possibly have been confused about whether plans to bomb targets in Yemen ought to be discussed via a commercial application on a personal device. And there can be no question of the dire consequences if an unauthorized party privy to that exchange had chosen to make a quick buck by peddling it to adversaries.
What this surreal incident has revealed is an administration staffed at the highest level by people who view national security as a convenient talking point to crow about when it scores political points, but in practice regard security protocols as something for the little people—to be shrugged aside whenever they entail a modicum of personal inconvenience, or raise the specter of future accountability.
Well, they promised the most transparent administration in history.