Signal is viewed as one of the most secure messaging apps available to the public, but both experts and lawmakers are sharing their concerns about its use by top Trump administration officials.
Several cabinet secretaries, CIA director John Ratcliffe, and the national security advisor Mike Waltz were discussing their plans to strike Yemen in a group chat on the app and accidentally added a journalist, Jeffrey Goldberg of The Atlantic, to the conversation. Goldberg revealed in a first-hand account on Monday that “precise information about weapons packages, targets, and timing” was included in the chat.
The Atlantic’s editor-in-chief said the use of the app displayed “shocking recklessness.”
Miguel Fornés, a cybersecurity expert at the cybersecurity company Surfshark, argued that the incident is a wake-up call for any organisation handling sensitive information.
“Protocols of handling critical information exist to prevent such breaches,” Fornés said in a statement shared with The Independent. “Most companies and government agencies have reliable security policies designed to manage sensitive documents and ensure secure communication among involved parties.”
“Typically, only approved devices within an authorized network are permitted to perform actions such as viewing documents, joining a chat, or, in this case, even being invited to a chat,” he added. “All information across a company must be disclosed following principles of least privilege and need to know. This restricts permissions, minimizes access, and limits the exposure of sensitive information to only those who absolutely require it.”
Fornés argued that “Signal offers encrypted messaging, but it does not provide the same level of security as government telecommunications systems.”
“If a journalist is accidentally added to such a private chat, imagine how spies or malicious actors can bypass this to exploit the vulnerability, potentially accessing sensitive information and compromising national security,” said Fornés. “This incident exemplifies a full-fledged case of a data leak of top-secret information.”
Security and privacy expert Mikko Hypponen told The Independent in an email that “Signal is considered to be the most secure of the consumer chat applications. The main developer is highly trusted, and the software source code is open and available for review. I use Signal every day myself. People use it just like any other chat apps, for the same purposes.”
“While Signal is designed for security, it is not meant to be used for sharing classified information among government officials. It’s not supposed to be used for war planning,” he added. “Governments have built secure facilities and devices for that purpose. For example, somebody could steal an unlocked iPhone from you, and read everything posted on the Signal chat on that device. Government-grade spyware like PEGASUS can be used to gain access to key people’s phones, and read everything on them. They broke the rules, as simple as that.”
Mark Montgomery, the senior director at the Foundation for Defense of Democracies, agreed, telling Politico, “I guess Signal is a few steps above leaving a copy of your war plan at the Chinese Embassy — but it’s far below the standards required for discussing any elements of a war plan.”
Signal has increased in popularity in Washington following the revelation of a large-scale breach connected to the Chinese government of U.S. telecommunications networks, allowing hackers to get hold of American cell phone records and to spy on the conversations of top politicians, such as President Donald Trump and Vice President JD Vance.
U.S. officials have said that Americans should use apps like Signal as an extra layer of security. The app has significant privacy features and collects minimal amounts of data, in addition to having default settings of encrypting all messages and calls. The app also deletes all messages from a conversation within a certain time frame. However, experts say that it shouldn’t be used by government officials instead of internal government systems.
A former White House official told Politico that the use of Signal to discuss war plans was “unbelievable.”
“These guys all have traveling security details to set up secure comms for them, wherever they are,” the official added, noting that those taking part in the group chat were likely using their personal devices, as most often, Signal cannot be downloaded to government devices.
“Their personal phones are all hackable, and it’s highly likely that foreign intelligence services are sitting on their phones watching them type the s*** out,” the former White House official told Politico.
“Forget Signal, just do it over a dating app, you might as well, that would be just as secure as what you’re doing,” they added.
Former National Security Agency official Jacob Williams noted when speaking to Politico that Signal can be linked to a desktop application, meaning that the app’s data is “being delivered to potentially multiple desktop and laptop computers, where it isn’t being stored in a phone’s secure enclave. That data is then at risk from commodity malware on the system.”
During a hearing on Tuesday with Director of National Intelligence Tulsi Gabbard and CIA Director John Ratcliffe, who were both reportedly part of the group chat outlined by Goldberg, Virginia Democratic Senator Mark Warner said, “If this was the case of a military officer or an intelligence officer and they had this kind of behavior, they would be fired.”
“This is one more example of the kind of sloppy, careless, incompetent behavior, particularly toward classified information,” added Warner.
Oregon Democratic Senator Ron Wyden argued: “I’m of the view that there ought to be resignations, starting with the national security advisor and the secretary of defense.”
Ratcliffe attempted to place the blame on the Biden administration during the hearing, saying that it was “permissible” to use Signal in a work environment and that such a practice “preceded” the Trump administration.
“It is permissible to use to communicate and coordinate for work purposes, provided…that any decisions that are made are also recorded through formal channels,” said Ratcliffe.
Gabbard, meanwhile, claimed that “there was no classified material that was shared in that Signal chat,” despite reporting by Goldberg that the chat included war plans and the name of an active CIA agent.
The Independent has contacted Signal for comment.
