If you've been anywhere near social media lately, you've probably heard about the "Signal Scandal" that suddenly popped into the news cycle, courtesy of The Atlantic (paywall). For those of you not up to speed, the short version goes something like this: Someone from the Trump Administration added Jeffrey Goldberg, the Editor in Chief of The Atlantic magazine to a Signal chat involving senior leaders in the defense and intelligence community coordinating airstrikes in Yemen.
This app used to coordinate these strikes is called “Signal” and is used by millions of people (including me) for secure end-to-end communication.
In my YouTube livestream, presented here without ads, I dove into this situation. It takes about an hour to get there, but here are the basics:
From what we can piece together, an official invited the editor in chief of The Atlantic to a signal group involving the strategic discussion of strikes on the Houthi terrorist group in Yemen.
Obviously, that's not great. The federal government has spent millions of dollars in ensuring secure communications for its officials, so the idea of falling back to private communications devices is mystifying. Not only are the devices less secure, but using unapproved devices to communicate secret information is a crime (18 U.S. Code § 798 - Disclosure of classified information).
Typically, secret information (with some exceptions) must be sent and received in a SCIF or Sensitive Compartmentalized Information Facility.
A SCIF can be pretty much anything - President Trump has a SCIF at his private residence in Mar-a-Lago. A hotel room can me transformed into a SCIF. Mike Malloy, the main character from The Win Machine (Available at Amazon) had one in his DC Office.
But the one common thread is that these SCIFs are approved by an authorizing party and only approved communications devices are used.
Signal is a civilian communications app. It is not approved to send or receive classified information. While it is encrypted from end to end, that does not mean that messages are safe from interception once they are on the device. A simple screenshot can bypass all of the end-to-end encryption security.
You can also make the argument that some of the people on the Signal thread in question have the authority to declassify documents, but there is a process for doing so. Secret information isn’t automatically declassified just by speaking it, even if you have the authority to declassify.
The scary part is that if the actors involved were casual enough to coordinate airstrikes over a civilian app, what else are they talking about? And why would people be messaging sensitive information if there is a phone number in the chat that they don’t recognize.
This is called “Data Spillage.” It’s bad, but not entirely uncommon. But it is entirely preventable.
All that being said, I think we are starting to see “The Tyranny of Signal” work its way into government. Signal has been embraced by many military units to coordinate minor logistics and formation times because it is useful and convenient.
However, Signal has turned into a monster, where things can be changed at the last minute just because a Signal message can be sent out with updates.
So maybe the solution here would be to develop a secure, portable military communications tool which can handle a degree of classification - almost like a handset that everybody in the military uses exclusively?
but throwing hardware at a problem doesn’t necessaraly solve the underlying condition. The lesson here is simple but crucial: discipline and awareness around communications aren't optional—they're essential. And national security staff should be better than this.
Share this post