The messaging app Signal that Trump administration officials used to discuss an attack on Yemen’s Houthi rebels was created by a one-time anarchist to help activists, journalists, and others communicate beyond the prying eyes of government intelligence agencies — not to plan government military operations.
Launched by American cryptographer Moxie Marlinspike in 2014, Signal relies on strong end-to-end encryption to ensure users’ privacy and does not save information about the messages it handles. Those features have boosted its popularity among those seeking to evade government or corporate surveillance and cemented Signal’s reputation as the most secure chat app on the market.
Government officials are known to use Signal, too, for communicating among themselves and sometimes to send reporters a news tip. But even with its enhanced security, the app remains off-limits for US officials to exchange sensitive or classified information.
Those restrictions failed to stop top officials in President Trump’s administration from using the app to discuss plans for a military strike in Yemen. On Monday, the Atlantic reported that Defense Secretary Pete Hegseth, Vice President JD Vance, and National Security Adviser Mike Waltz earlier this month participated in a Signal group to discuss the Houthi attack. The group was uncovered when one of the officials mistakenly added Atlantic editor Jeffrey Goldberg to it.
Revelations of the breach and the use of an unauthorized platform to exchange sensitive information sent shock waves through Washington, with security experts cautioning that Signal wasn’t an appropriate platform for discussing highly sensitive government information.
“This was a significant operational security failure and should be reviewed closely,’’ said Mark Montgomery, a retired rear admiral and senior director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies. “Signal is not a secure platform for classified government information.’’
Mobile devices infected with spyware can allow hackers to read messages, even on Signal, according to James Lewis, senior vice president at the Center for Strategic and International Studies. One of the secrets of espionage, Lewis added, is that people tend to be lazy and take shortcuts. “That’s how you get them,’’ he said.
“People will tell you that Signal is safe to use, but if you are in the White House or DoD, you have better options,’’ Lewis said.
National security and intelligence officials are required to use secured, government-issued devices for communications involving classified information. Typically, those discussions involve only individuals with proper security clearances and take place in a sensitive compartmented information facility, which blocks any outside electronic or cellular interference to additionally monitor and control access.
The US government uses its own standalone systems for sharing sensitive information, especially involving potential military operations or other covert actions. Those platforms include SIPRNET, a network for sharing secrets between the State Department and the Defense Department.
At the Defense Department, rules specifically bar sensitive information from social messaging platforms. Guidance released by the Pentagon in October 2023 stressed that those apps were “NOT authorized to access, transmit, process non-public Defense Department information. This includes but is not limited to messaging, gaming, and social media apps. (i.e., iMessage, WhatsApp, Signal).’’
The uproar has shined a light on Signal, a long time bastion for government dissidents and investigative journalists. The app, with fewer than 100 million active users, is a relatively small player in the messaging industry when compared to the likes of WhatsApp and its two billion users.
