Signal, renowned for its robust security features, has emerged as a favored platform among journalists, whistleblowers, and privacy advocates. Yet, the app is not without its vulnerabilities, a fact underscored by recent events involving high-ranking officials from the Trump administration, including Defense Secretary Pete Hegseth. The incident has stirred significant discussions within political and national security circles.
Accidental Inclusion in Sensitive Discussions
On Monday, the Atlantic’s editor-in-chief, Jeffrey Goldberg, revealed that he had been inadvertently added to a Signal group chat focused on military operations against Houthi targets in Yemen. At first glance, this may appear to be a minor oversight. Signal is widely regarded as the premier encrypted messaging service, with no known breaches attributed to hackers. Its encryption protocol serves as the backbone for several popular messaging platforms, including WhatsApp and iMessage. Notably, in 2023, Signal began enhancing its encryption to counter potential threats posed by quantum computing.
However, as Mallory Knodel, founder of the Social Web Foundation, pointed out, the app’s security cannot prevent human error. “Signal is as secure as it gets for end-to-end encrypted messaging, but this leak was because they added an untrusted party to the chat,” she remarked during a conversation with NBC News.
Goldberg’s unintentional inclusion in the chat, which also featured discussions among Hegseth, Vice President JD Vance, National Intelligence Director Tulsi Gabbard, and national security adviser Mike Waltz, lasted for six days before he opted to remove himself. Throughout this period, the remaining members of the group appeared oblivious to his presence. Despite the sensitive nature of the discussions, Goldberg refrained from disclosing any classified information, including the identity of a senior CIA official mentioned in the chat.
Protocol Breaches and Security Implications
Engaging in discussions about sensitive military operations via smartphone group chats deviates significantly from established protocols. Typically, military communications are conducted through specialized systems such as the Secret Internet Protocol Router Network (SIPRNet) for secret communications and the Joint Worldwide Intelligence Communications System (JWICS) for top-secret exchanges. These networks are designed to operate independently from the broader internet, thereby reducing susceptibility to cyber threats.
Signal’s end-to-end encryption is tailored to safeguard messages from interception during transmission. However, as this incident illustrates, the app’s security measures cannot account for the potential risks associated with human error in communication practices.
