Summary
Defense Secretary Pete Hegseth denied allegations that he texted classified war plans to a Signal group chat that mistakenly included The Atlantic’s Jeffrey Goldberg.
The National Security Council confirmed the chat’s authenticity but called the inclusion of Goldberg an inadvertent mistake.
Lawmakers from both parties demanded investigations, with former CIA Director Leon Panetta warning of potential espionage violations.
Hegseth dismissed Goldberg as a “deceitful” journalist. Trump denied knowledge of the incident.
Even if everyone in the chat had a need-to-know, you do not use insecure 3rd-party software for classified communications. Secure networks already exist for this.
Not to mention why they are using it in the first place… so they can’t be FOIA’d
Doesn’t protect from FOIA, if you use your phone for official communication and it stores records, your phone can be FOIA’d.
Isn’t the issue that Signal messages aren’t stored on the phone and can be set to auto delete after some time? So there’s no tracking of official federal business? Or am I thinking about this the wrong way?
Signal messages ARE stored on the phone. They’re briefly stored on the signal servers with end to end encryption as well until they are transmitted to all the recipients, at which point signal deletes them from their server. And yes they can be auto-deleted.
Once they are on the phone though, all the encryption benefits are up to the user.
Did they password protect signal? Is their phone itself encrypted at rest? How long after the phone is unlocked and signal opened do the messages remain unencrypted where malware could then access them? How long does the phone remain unlocked once the password is entered but the screen is turned off? Are they even using secure passwords on phones or simple 4 digit pins?
I see - thank you. If they delete the messages from their phone there would be no tracking of official government business, right? Also, Gabbard wouldn’t disclose if she used a personal phone for this Signal chat or not which is troublesome.
Correct, there’s no tracking if deleted from the phones which would be a violation.
I don’t know, but I imagine the mere fact that it could be deleted with no trace would be a violation of itself.
No you’re absolutely right and the fact that this is apparently common practice in the admin is revelatory.
Legally yes. Practically, the people handling the FOIA request do not know about it and do not have access to it, so they will not look at it when responding to a FOIA request. Also practically, if you submit a FOIA request for operational details of military action, the response will be no, and every judge you stand before to challenge that no will side with the government.
According to the original article, the messages were set to auto delete after a max of 4 weeks :)
I think Signal is getting tarred unfairly here. The thing that made that channel insecure was their ineptitude, not verifying who was in the group.
They gave a journalist the encryption key to their secure channel.
There’s other, record keeping related, concerns with them using signal for communicating, but I don’t think the security of Signal is being called into question when used properly.
Correct. Signal is still an excellent app. The problem is that it can have a wide array of contacts that can be added by the slip of a thumb (aka User Error). I’d imagine that secure government software does not happen to have the editors in chief of major news publications saved on there. They probably also have a flag coded in there that alerts you if someone without proper security clearance is added by mistake.