U.S. national-security leaders included me in a group chat
1417 comments
·March 24, 2025Folcon
I'm an external individual to the US, but I must admit that some of the sentiments being expressed here in this thread and elsewhere about the lack of accountability deeply concern me, it reminds me of many things I saw growing up and still see today in south asia.
Independent of anything else, I do see the overton window shifting in the US, the most subtle of which are norms and expectations around acts of corruption.
Every nation has it's minor acts of corruption, small favours between friends, which I've always thought of as being functionally impossible to remove as they also allow for a flexible environment which allows things to get done.
However the norms seem to be shifting more towards the idea that those in power can act as they will, and in fact the expected thing is they will act to enrich themselves. I hope this does not happen, because this is death to entrepreneurship, this is one of those things that will poison the economy, when people no longer trust that what they make can be theirs, that others can look on in envy at the work they have built on their blood and sweat and can take it as their due because they have power.
That will create a chilling effect for anyone who wishes to create and will make them wonder as myself and many others have considered, whether it's better to create their life's work elsewhere.
I sincerely hope this doesn't happen here, once this mindset becomes a norm, it's incredibly hard thing to stamp out.
20after4
It's so much worse than that already. If corruption was the only problem we face in the US then there might be some real hope to reverse course.
bsenftner
The corruption is caused by their short sightedness, a total lack of critical analysis capacity to see past the surface assessment of pretty much everything. The problem in the United States is that adults are no longer adults, we manufacture immature people with simplistic world views that seriously know no better, and they have the entire Republican Party hostage, a material percentage of the Democratic Party, and in general the USA is awash in a state of noncommunication because such people cannot see past their immediate assessments to find any common ground. Sure, we have real adults, but not enough to make a critical difference in the quality of our public discourse, to reverse this nose dive.
noboostforyou
Bingo! And the sadder part is this isn't even anything new, but it's all come to a head now.
“There is a cult of ignorance in the United States, and there has always been. The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.”
― Isaac Asimov, 1980
mmmpetrichor
In the past, I think the two party system somewhat protected against this. The complete capture of the party by trump has removed the system's ability to guard against this. Most senior republicans from a generation ago would recoil at what is happening in their party today. but many of the ones around during the trump takeover were absolutely spineless during his first administration, and things are far worse now.
belter
The full text now:
"The statements by Hegseth, Gabbard, Ratcliffe, and Trump—combined with the assertions made by numerous administration officials that we are lying about the content of the Signal texts—have led us to believe that people should see the texts in order to reach their own conclusions. There is a clear public interest in disclosing the sort of information that Trump advisers included in nonsecure communications channels, especially because senior administration figures are attempting to downplay the significance of the messages that were shared..."
https://www.theatlantic.com/politics/archive/2025/03/signal-...
"Here are the Attack Plans That Trump's Advisers Shared on Signal" - https://news.ycombinator.com/item?id=43481521
mentalgear
I'd recommend for Entrepreneurs, just like Scientists now do, to consider Europe as a safe-haven. In the EU the rule of law still matters.
somenameforme
The grass isn't always greener. I think the core underlying issue at all of this is social divides within countries. When groups of people become sufficiently antagonistic towards one another, it really enables widespread corruption because people will actively blind themselves (or handwave away) to the wrongs of "their side" and magnify the wrongs of "the other side" with no limits to the hyperbole.
And Europe is most certainly not an exception to this, especially in current times. For instance 65% of EU citizens do not believe that high level corruption is sufficiently pursued. [1] And basically every EU country (outside of Scandiland) has a majority to vast majority who believe that corruption is widespread in their country.
inamorty
But public perception doesn’t necessarily reflect actual levels of corruption. Having dodgy planning approved is not the same as buying a seat at the head of the government for a quarter billion dollars.
akudha
The grass isn’t always greener
Like most things in life, I suppose it is all relative? Diabetes sucks, but it sure sucks less than cancer.
Of course it would be lovely if there is zero corruption, zero pollution, zero nepotism etc. Which is highly unlikely to happen?
Which brings the question - what is the best country to live, relatively speaking?
coldtea
Sure, that's why von der Leyen run the huge Pfizer deals then conveniently "lost" the SMS about them, hired her pals as defense consultants hiding €100+ million of the costs and the decisions which favored the companies supporting her (e.g. lucrative contracts were awarded to the global consulting giant McKinsey & Company, where von der Leyen's son works as an associate, and several other cases.
And she is just the tip of the iceberg of EU corruption. In general such politicians only get repercusions selectively, and usually only when the political direction changes and they're no longer useful to the establishment.
https://en.wikipedia.org/wiki/Pfizergate
https://www.politico.eu/article/5-things-to-know-about-ursul...
gspr
I love how this subthread devolved into arguing about Europe's attached bottlecap regulations and that the GDPR has resulted in lots of very annoying cookie banners.
So in the US you have a corrupt, authoritarian takeover of a society – and in Europe you have well-meaning, but somewhat annoying, regulations that still need some work to function perfectly.
Cthulhu_
The cookie banners were never mandated by GDPR, that's entirely the industry's fault and intent - dark UX patterns to try and annoy the user into agreeing, or a silent protest to the perceived overbearing nature of the GDPR.
They could've just respected a browser's do-not-track header but chose not to. The EU legislators should've done that too, that is, dictate a standardized method for people to opt in.
pembrook
Not sure how you could possibly come up with this idea — but I’d recommend not consuming hysterical media narratives and instead looking at actual data. This is a chart of globally relevant companies founded in Europe in the last 50 years:
https://www.reddit.com/r/neoliberal/s/1Fn23uYVxK
The data depicts the exact opposite of what you are saying. As an entrepreneur, you can be “safe” knowing you will have far less chance to succeed in the EU.
bildung
These just compare market cap. As the US economy is disproportionally financialized, that outcome is hardly surprising: This was just measuring market financialization by proxy. I mean two of the largest on the left, Google and Meta, are essentially just ad companies.
Now compare companies by actual revenue:
https://en.wikipedia.org/wiki/List_of_largest_companies_in_E...
https://en.wikipedia.org/wiki/List_of_largest_companies_in_t...
I omitted the 50 years distinction because, unsurprisingly, the companies in the US are younger.
None of these are actually relevant for founders, however, as even in the US you only have a couple dozen large cap companies, but millions of founders.
What is relevant is the share of employers per capita, as that shows us how many founders actually exist.
https://data.worldbank.org/indicator/SL.EMP.MPYR.ZS?most_rec...
https://data.worldbank.org/indicator/SL.EMP.MPYR.ZS?most_rec...
ta1243
Stop pretending that America of today is anything like America of 15 years ago
Marazan
Historical data is not great for forming an argument when the basis is that things have radically changed and historical results don't matter anymore.
casey2
How much of this is because of the US strong-arming companies in their sphere of influence? Nobody here actually forgot the MegaUpload fiasco, it's just that people pretend to forget abusive relationships.
null
whiplash451
Europe suffers from another kind of "corruption", more akin to a corrupted file system: absurd, rigid and unpredictable regulation makes life very hard for businesses, which drives large private capital away.
I am European, and every time I open one of those stupid locked-on bottle caps, I feel pain for my country, for Europe (and for my face).
varius
Then send a message to the producer. The law requires for caps to be attached but doesn't describe how. I have a water bottle next to me that has a cap connected by one long piece after opening that doesn't touch my face at all when drinking.
Sure, Europe has some red tape that should be removed but don't paint it as some kind of Kafka's universe because it's not that bad. I'm from east side of Iron Curtain and I remember how bad that was.
Also, most of the businesses will do what's needed to be done because the market is big.
Personally, I prefer to live a life in a slightly over regulated place that at least keeps common people in mind than whatever is US turning into.
nkrisc
> I am European, and every time I open one of those stupid locked-on bottle caps, I feel pain for my country, for Europe (and for my face).
Is life so bad in Europe that’s what you have to complain about? Sounds truly like a nightmare - caps attached to bottles? Barbaric.
Cthulhu_
Stop buying disposable bottles then. They are part of a solution to a waste problem, but by continuing to buy disposablle bottles you're contributing to the issue.
lukan
"every time I open one of those stupid locked-on bottle caps, I feel pain for my country, for Europe (and for my face)."
You know that it is easy to remove the plastic locking the caps on? (Just twist them) And to me it is also easy to drink with them locked on, just have it side ways.
So I also do have lots of complaints about the EU, but this ain't it.
redeux
This is what you complain about in Europe? Every day when I drop my children off at school I wonder if today’s the day. That’s not hyperbole, it’s my reality in the US.
franga2000
European law is a patchwork of suboptimal solutions to hard (but often self-imposed) problems. The US meanwhile doesn't try to solve them at all.
Yes, the bottle caps annoy me, but if the beverage companies stuck to the much more recyclable glass bottles we wouldn't be in this mess in the first place.
Yes, the GDPR popups annoy me, but the law also punishes companies for being creepy exploitative bastards. If they had any morals, we wouldn't have the popups either.
So yes, Europe is sometimes frustrating, but at least it does some government. The US simply doesn't. It's a free-for-all hellscape and I'd much rather be lightly scraped on the face by a little plastic cap that one time a month I need to drink from a disposable plastic bottle than live in...that...
jkbyc
One EU AI startup even named itself after these bottle caps:) https://www.bottlecapai.com/
username332211
Nevermind the bottle caps.
The internet is borderline unusable without extensions like "I don't care about cookies". And in situations where you care about them, you can not, because something has to record that I've seen the GDPR consent form. Recently, in the name of... who knows what, it's become a pain in the ass to access Google maps from Google search.
The idea that Europe can become a safe haven for entrepreneurs is beyond laughable. The vaunted "rule of law" has degraded into nothing more than fetishizing arbitrary and irrational rules.
dyauspitr
Yes, unfortunately we’re already at that point. Republicans and their base close ranks so effectively that it’s essentially a safe haven for all sorts of corruption and serious crime. The voters won’t punish them at the ballot and they’ve essentially captured all sources of checks and balances.
sureglymop
It's Republicans and Democrats. You're in this position in the first place because you have no real political diversity. It's not gonna change in that two party system either.
sethammons
Vote for ranked choice voting, starting at the local levels.
Grade school needs rank choice voting activities to help make it feel familiar.
user3939382
I mean this with all due respect. Anyone who talks about Democrats and Republicans like they’re on one of the teams has totally missed the political charade being orchestrated in DC. These parties do not represent you.
immibis
Both are bad. One is much, much worse than the other.
wernercd
[flagged]
aredox
DOGE is not "an audit of the government". It is a propaganda exercise based on lies, whose only effect will be to make the government - and citizens - lose more money (for ex. see NOAA).
An audit would be listing and flagging items for review. What DOGE is doing is actually taking the decision of cutting stuff, without review, as retribution, to fully capture the state for the GOP and Musk.
Trump immediatly fired every inspector general as soon as he could (in violation of federal law).
https://www.axios.com/2025/01/25/trump-fires-inspectors-gene...
jimt1234
The ends justify the means is now openly accepted, even celebrated.
null
e40
And conflicts of interest don’t exist.
null
brandensilva
I'm already feeling like entrepreneurship is out the window.
It's a combination of AI being owned from these mega corporations and corruption at the highest level that I'm losing sight of what is the purpose building my startup business in an authoritarian landscape.
Trump illegally promoting Elon's corporation with a yard sale, kissing his feet for donating millions to his campaign thanks to citizens united, allowing him to ransack the federal government as an unelected official, to making vandalism a domestic terrorist act for people fed up when him,and now putting Elon in charge of investigating Signalgate.
People need to stand up now before they cannot.
boppo1
>when people no longer trust that what they make can be theirs, that others can look on in envy at the work they have built on their blood and sweat and can take it as their due because they have power.
We just need liberals to embrace the 2nd with as much fervor as the right.
null
joshuamerrill
I began my career in a classified environment working on government satellite programs.
In my first week on the job, I was told, explicitly, that if I shared Classified or Controlled Unclassified information over unapproved channels, I would be reprimanded—likely fired, or less likely, prosecuted.
It was also made clear that safeguarding the nation's secrets from the carelessness of others was my responsibility, too.
It is mind-boggling that 18 people were on this thread, and none of them ever suggested that this discussion would be better served in a SCIF. To say nothing of SecDef starting the thread on Signal in the first place.
How many other such threads are active at the highest levels of government right now?
Does Chinese intelligence know?
I'm not suggesting punishment, or even prosecution, for the people involved. But the idea that this breach can occur with no accountability, consequences, or operational changes is unacceptable.
cjohnson318
Why shouldn't punishment or prosecution be suggested. I've worked with classified information, and I would have been held accountable for my actions, why shouldn't they? I'm tired of this Too Important To Have Consequences business. It defeats the whole purpose of having qualifications, and security, and rules of any kind.
rcpt
Anything less than criminal prosecution would be an abomination of justice.
Galanwe
Well once you've stated that the president is immune and can pardon whoever for whatever, there's really not much to do. The US needs a new constitution to enforce this, otherwise the very concept of justice cannot exist.
wernercd
[flagged]
Aeolun
> I'm tired of this Too Important To Have Consequences business
Sure, but short of something similar to the UH CEO, do you think anything will actually happen to them?
If they’re doing this then the president presumably knows and does too. Even if they get prosecuted and convicted (after years of legal nonsense) they’d just get pardoned.
cjohnson318
No, I don't think anything will change, but I'm still tired of it.
johntitorjr
[dead]
hamasho
Honestly, I'm giving up hoping for even a fraction of deserved punishment too. It's hard to handle the emotional dissonance I feel repeatedly when I see injustice, so I've adjusted myself to expect minimal or no punishment and just hope things improve a little. I know this is exactly what those people who repeatedly do malicious things want to happen, and I'm not suggesting we give up seeking social justice. I just can't handle the rage I feel every time or I'll suffer from severe depression again. I need to save my willpower to still hope for a better world and to encourage or support people who are actually working to improve society.
0xEF
I'm in the same boat. This whole thing is a War of Attrition, and my enemies are willing because I am getting too old and increasingly stressed out to keep up with and counter their irrationality. I honestly don't know where they get the energy to continuously be so stupid as to take classified information to a group chat, encrypted or not, like they're planning a night out.
These morons are going to get American citizens killed due to gross incompetence. I'm still trying to wrap my head around the fact that half my country said "yep, let's go with these guys" when they saw a bunch of bungling Nazis yelling at clouds like something out of Hogan's Heroes. I'd laugh at the absurdity of it all if I didn't think we were in genuine danger.
hn_throwaway_99
Do you honestly think that (a) Trump's Justice Department would prosecute any of these offenses, and (b) even if so, that Trump wouldn't just pardon anyone involved?
cjohnson318
Yeah, there's no way anything is going to happen to these guys. I'm saying that's a great suggestion, and one that everyone should be able to agree on.
But yeah, I agree with you. Nothing is going to happen. Just like no one at the top has been held to any kind of a standard at all since maybe Nixon. Who knows, if he had just stuck it out maybe he would have gotten off too.
belter
The corruption is now, total and absolute. A complete Nero Court like the decadent days of the end of the Roman Empire.
"Trump’s crypto empire set to expand with new stablecoin and investment fund offerings" - https://apnews.com/article/trump-crypto-world-liberty-truth-...
"...Witkoff and his father, Trump’s special diplomatic envoy Steve Witkoff, helped launch World Liberty Financial with Trump and his sons last year. Under the terms outlined on the company’s website, a Trump-owned company has the “right to receive 75% of the net protocol revenues” from World Liberty Financial after expenses..."
https://www.goodreads.com/book/show/18077789-dying-every-day
poulsbohemian
We all know this is the likely outcome, but Congress should use its powers to force the Trump administration to be public in not prosecuting and in pardoning, for the purposes of upholding rule of law to the extent possible. And the forth estate needs to throw both in their face to ensure the public understands both how everything about both what they did, and how the Trump administration will respond, is both unlawful and harmful to our country.
chrisco255
[flagged]
adrr
Do you think they’ll get prosecuted? I am willing to bet money that congress won’t even have hearings on it.
reverius42
Congress is already having hearings (at the committee level): https://www.axios.com/2025/03/24/congress-yemen-signal-hegse...
But it's not clear that will progress to anything further.
asteroidburger
The Senate Intelligence Committee already held a hearing today: https://www.npr.org/2025/03/25/nx-s1-5339484/signal-war-plan...
chrisco255
None of what they said was actually classified, and if the conversation included the president and vice president, then they inherently decide what is and is not classified. The power of the executive branch is vested in the president.
outside1234
But have you considered that they are Billionaires and therefore can do whatever they want?
jjallen
I don’t think everyone involved in this fiasco are billionaires.
belter
The alternative explanation, is that they have so much dirt on Trump, they can't be fired...
cjohnson318
Like my dad always said, "money talks and shit walks".
mandeepj
The problem is that most of those 18 people are just random folks picked on the premise of just one qualification: THey'd be Yes Man/Woman!! They aren't career professionals. I believe that explains the mess they've created and their incompetent approach to their duties.
It's still not too late to impeach that entire shack of clowns.
davidw
These are the same folks who scrubbed the Navajo Code Talkers from the DoD web site for being "DEI" or some such.
fragmede
we replaced them with DUI hires.
ModernMech
> It's still not too late to impeach that entire shack of clowns.
The problem is that the people in control of the power to impeach are also picked for being yes men/women. It's yes-men all the way down by design.
jimbokun
It’s Trump’s one true talent.
He got the Supreme Court and the judiciary leaning his way in his first term. Congress is controlled by either his Republican primary candidates, or Republicans who are too afraid to cross him.
Now he’s purging from the federal branch anyone who is not completely ideologically loyal to him. That is the true purpose of Doge.
fuzzfactor
>U.S. national-security leaders
Those aren't leaders, quite the opposite, nothing but typical Trump-like non-leaders disgracing leadership positions.
>those 18 people are just random folks
OTOH if you picked 18 random patriotic Americans, odds are none would be that far below average at defending what normal Americans have always held dear.
null
nla
On the subject of a 'shack of clowns,' now do the Afganistan withdrawal.
pathOf_aFineMan
Kind of off topic as that was the previous Trump administration, but they were also a 'shack of clowns'
bigbacaloa
[dead]
refurb
[flagged]
dragonwriter
It's a pretty big false dichotomy to present "people directly opposed to their policy platforms" as the sole alternative to people "picked on the premise of just one qualification: they'd be Yes Man/Woman".
chairmansteve
They pick competent, experienced people who are aligned with their policies. Not Fox News presenters and YouTube influencers.
nkassis
Are we really looking at the best group of people that the current president could find to do these roles that agree with his policy platform? There was no one else with relevant experience willing?
eggnet
No, that was not suggested. You are not arguing in good faith.
apical_dendrite
It's pretty easy to compare the backgrounds of every prior secretary of defense with Pete Hegseth. They're typically people with significant experience managing government agencies, retired 3 and 4 star generals, or senators/congressmen with serious foreign policy experience. The last person with as little defense policy experience as Hegseth was probably McNamara, and he was President of Ford, e.g. someone who knew how to manage a large organization.
rat87
most people generally agreed with them but they also tried to pick people of talent and courage who might disagree on a number of issues. Trump doesn't care about any of that
egl2020
Heck, one of my co-workers at a FAANG freaked out when he realized that he had used his personal phone to take a picture of a meeting blackboard instead of his corp phone. He spent the afternoon trying to figure out how to scrub the photo.
gonzo41
There is a great thread on r/army where people are listing out all the Military careers destroyed by minor mistakes that pale in comparison to this.
null
Ey7NFZ3P0nzAe
I'd be really interested in a link!
fragmede
I had that problem, but the FAANG I was at was also the same company as the one running my phone's OS, so it wasn't as bad.
ghostpepper
> Does Chinese intelligence know?
How likely is it that all 18 of those people were accessing from mobile operating systems with no known working exploit chain? I would say pretty unlikely.
exikyut
If they're "just" using Signal, they're likely "just" using stock Android if there isn't a policy requiring iPhones in lockdown mode. It's a very good question as to whether such a policy exists.
moshun
At this point it wouldn’t surprise me if they were using free Android phones they won in a raffle set up by foreign intelligence agents
lmm
Which do you think is more likely to be under foreign control and why? Bearing in mind that iPhones are made in China.
anderber
Also, Steve Witkoff was in Moscow during the Signal text chain.
null
riehwvfbk
[flagged]
whynotminot
Some of us are viewing this through the lens of the actual risk this could have caused to real American servicemen and women, and not just scoring points on television.
Like what is wrong with you that this is your reaction to something so serious?
ohgr
At least here in the UK our politicians delete all their messages on WhatsApp https://www.politico.eu/article/the-british-governments-disa...
More seriously, having worked in an undisclosed defence company, we were told that we would be prosecuted if we did this. There were many many security controls in place that prevented this from happening on top of the threat.
stevenjgarner
Are you able to share any of those security controls? How do you stop presumably well-intended Signal app users from conferencing? Are you talking about cellular signal blocking, or are you talking about avoiding public networks entirely in favor of Sensitive Compartmented Information Facilities (SCIFs)?
ohgr
Many layers of physical controls and regular audits mostly.
whattheheckheck
Why are you specifically calling out you are not suggesting punishment nor prosecution?
joshuamerrill
Because I don't know whether either of those are appropriate.
There aren't many comparable breaches to this one. The closest in modern times may be Hillary Clinton's email server being used for government business. In that case, the FBI investigated and declined to bring charges, under the expectation that a jury would be unlikely to render a guilty verdict.
Okay, fine. But the FBI investigated and laid out the facts.
My fear is that the current administration sees this as a PR problem. No, this was an operational failure. We should feel lucky that merely an American journalist was added by mistake.
We should expect the FBI to investigate this, too. But I worry the facts are too inconvenient for even that level of accountability.
bb88
Why would we expect Patel and Bongino to investigate anything here? They were put there to investigate anyone else other than the current administration.
Why would any FBI agent take a risk on investigating anyone potentially in current or future administrations? They'll get fired later when the political winds change.
codewench
18 USC 793(f) seems to apply here:
"Whoever, being entrusted with or having lawful possession or control of any document, writing ... through gross negligence permits the same to be removed from its proper place of custody or delivered to anyone in violation of his trust ... and fails to make prompt report of such loss, theft, abstraction, or destruction to his superior officer—
Shall be fined under this title or imprisoned not more than ten years, or both."
We can only guess about the "prompt reporting of the issue", but from what I've seen and heard I'm willing to put money on the fact that, no, this was not reported.
mandeepj
> The closest in modern times may be Hillary Clinton's email server being used for government business.
Wait, there's more!! https://www.pbs.org/newshour/politics/cummings-jared-kushner...
lmeyerov
There is no reason to believe we are lucky. Instead, this is more of a canary in the coal mine that the DOD OIG and Congress are less able to excuse for a long-running hazard.
How much of the administration, for how long, and for what, is using hackable systems and without mandated audit trails for protected communications? Whether external hackers are already successfully snooping, or internal cover-ups are happening of ongoing corruption, both are deeply problematic, and can be happening in parallel to stupid leaks like this. Likewise, we can't even investigate and cleanup properly because these people are illegally deleting the forensic data for their illegal and insecure actions.
It's not even a surprise. Ex: It's already pretty well documented to embarrassing extents like the president flushing official documents down toilets and clogging them. Ex: The admins use of signal was a thing in the first term as well. The only new thing afaict is the public and checks-and-balances people have the evidence in front of them of illegal use when accepting the lies and criminality.
georgemcbay
> We should feel lucky that merely an American journalist was added by mistake.
This time. We also have no idea how many times this has happened without the unique circumstances where the person incorrectly included would draw attention to the leak as part of their job as a journalist.
Generally speaking, if something like this can happen once, it has probably happened more than once.
We probably are very lucky that the time it very publicly happened was fairly early on in the tenure of this dumpster fire of a Presidential cabinet.
Of course instead of them seeing it this way they are certain to keep going after the journalist in an attempt to make him the bad guy of the story to project blame away, because that is what incompetent people do.
mulmen
> FBI investigated and declined to bring charges
Does the FBI make this determination? Wouldn’t that be the Attorney General’s call?
tayo42
> We should feel lucky that merely an American journalist was added by mistake.
Might not even be the first time already, just the first time they messed up and we found out...
nla
Hunter Biden: Hold my beer.
rschiavone
Yeah that should be the bare minimum
itsanaccount
because hackernews is full of people who cultivate a specific naivety when it comes to power so they don't have to contemplate their responsibility or position therin. its endemic and I have a hobby pointing it out again, and again, and again.
FreebasingLLMs
Because he wants the behavior to change, as it is a risk to the country's security. Typically these types of things at this level rarely result in prosecution; the compromise typically is a change in behavior / promise to do better / etc.
defrost
A US public watchdog is now sueing for action to be taken.
The people in the chat group included Vice President JD Vance, Defense Secretary Pete Hegseth, various other Trump administration officials and aides and notably Secretary of State Marco Rubio.
As American Oversight lawyers pointed out in their lawsuit Tuesday, Rubio is also the acting archivist of the United States and, as such, “is aware of the violations” that allegedly occurred.
The lawsuit, brought by the watchdog group American Oversight, requests that a federal judge formally declare that Hegseth and other officials on the chat violated their duty to uphold laws around the preservation of official communications.
Those laws are outlined in the Federal Records Act and, according to lawyers for American Oversight, if agency heads refuse to recover or protect their communications, the national archivist should ask the attorney general to step in.
Time will tell how this buttery Signals chat plays out .. it's certainly given other many other countries more fuel to ridicule the USofA, it's hard to believe these clowns are our partners in global "intelligence".
atonse
Setting aside the obvious shock of the actual subject, I'm going to try the herculean task of bringing this back to being a HN-related topic...
My guess is that there is someone named Jeffrey Goldberg in the NatSec team (or high up, it seems like a common combination of first and last name at least), and likely that they meant to add him, rather than the EDITOR IN CHIEF of the Atlantic of all people. Could this be a UI/UX thing with Signal? (not differentiating between two Jeffrey Goldbergs on your contact list?).
bsimpson
This sounds less like a Signal problem than an information organization problem. Signal can only show what's in its datastore (your contact list).
I just checked on Android - if you try to add someone to a group chat, it shows their name and profile pic.
One potential Signal-side wrinkle is that it allows you to add people to a group chat who are in another chat you're in, but who aren't in your contacts list. There are strangers I was apparently at a dinner party with years ago who are eligible to be added to a group chat. If Jeffrey Goldberg has his Signal profile name set to JG and he wasn't in Mike Waltz's phone with a more specific name, that could lead to this mistake.
petre
Then it's a good thing there's not an Abdul-Malik al-Houthi in the administration, as they might have included the wrong person on the private group chat.
tehjoker
They should add one then, because the operation described is illegal under international law and should not have been executed. They are punishing Yemen for resisting the US backed Israeli genocide in Gaza. It is ghastly.
lmm
> This sounds less like a Signal problem than an information organization problem. Signal can only show what's in its datastore (your contact list).
Signal's insistence on punting on the trust/identity problem is a Signal problem IMO, particularly when its advocates make such a fuss (when it suits them) about being a properly end-to-end cryptosystem and not just a toolbox of algorithms. Most of the systems it's competing with make at least some attempt at providing a chain of trust so you don't have to individually verify everyone you want to talk to.
GoblinSlayer
Skype solves it with an invite link. If you want to send an account, you take its invite link and send it, thus making a manual web of trust without search.
lbarron6868
I believe they meant to contact Jamieson Greer (JG), and maybe Waltz had both of them listed by initials? That's the leading theory.
rattray
https://en.wikipedia.org/wiki/Jamieson_Greer
US Trade Representative
null
rnjesus
i think this is likely what happened, though i also find it just as plausible that he was fat-fingered or drunk-added into the group (i’ve been added to group chats accidentally by both these “methods”)
outer_web
[flagged]
ChuckMcM
Entirely possible. Which is why Government services for 'chat' explicitly don't allow contacts to appear who aren't already in the government. You've also no doubt seen email as it appears in Government inboxes with the big red banner "Came from outside, don't trust this" kinds of things will all the links disabled.
Two things that are really troublesome. The first, as Josh Marshall of TPM points out, "No one on that chat asked 'Why are we doing this on Signal?'" which suggests that it isn't the first time Signal was used for 'off books' stuff and that perhaps there are many such conversations. The second is that the conversation was set up while one of the participants was in the Kremlin waiting to talk to Putin. So either 'Kremlin Free WiFi' or the local cell tower providing connectivity?
Most pundits feel like this administration is trying to keep things out of FOIA and discoverability reach which has its own problems.
So yes, tools for Government communications don't have this problem, hell even Microsoft Teams on their US cloud get better protection than this.
mullingitover
> Most pundits feel like this administration is trying to keep things out of FOIA and discoverability reach which has its own problems.
I don't think we need to ponder so hard about this.
This administration is headed by a man who kept stolen TS/SCI national secrets in a bathroom at his house.
A fish rots from the head.
rahkiin
Keeps*. He took them back some weeks ago
croisillon
> "Came from outside, don't trust this"
DrScientist
> Most pundits feel like this administration is trying to keep things out of FOIA and discoverability reach which has its own problems.
Similar issues have come up in the UK about Boris Johnson et al using Whatsapp etc during Covid, and one of the things they said in their defence did have some value - at least in relation to the idea of unminuted discussions.
ie these chat's are what used to be corridor/bar/cafe conversations - ie unminuted discussions are old as government - it's just they are now happening on various messaging apps rather than in person, at much faster pace, and with more people involved.
So I think it's a mistake to think its reasonable that all discussions should be recorded - the real question here is how to get the right balance - and make sure any decision making meetings are recorded - rather than the chat around the decision.
The way it worked in the past - was to get a proper decision you needed all the people in the same room - and so it was automatically minuted as it was an official meeting ( but not the chat at coffee before the meeting ) - now it's possible to get people together virtually that distinction is blurred.
Not sure what the answer is - but just saying it's probably unreasonable to expect all communications to be recorded - people need space to float ideas, or bitch like normal people - however on the other hand it is essential key meetings are minuted - not just for transparency - but for the study of history.
sethammons
> So either 'Kremlin Free WiFi' or the local cell tower providing connectivity
Or just let someone look over your shoulder?
snickerbockers
I'm putting my money on somebody fat-fingering the wrong contact. Maybe it's just me but I swear every phone I've ever owned has had extremely unreliable UIs, stemming from a combination of phantom touches being detected, and the phone moving buttons around as I'm trying to interact with it, as if it's on dialup line struggling to load somebody's Sonic the Hedgehog fanpage on GeoCities one gif at a time in 1996. And it's just phones too, this never happens on my PCs.
Of course, none of this excuses the failure to verify the identities of everybody in their chat, the choice to use a (probably) unvetted app on a (probably) unvetted personal device, or any other of a number of basic opsec rules that should be obvious to anybody who is vested with the authority to order an airstrike on the other side of the planet.
abeyer
Agree, though I 100% see it on PC too, when web pages try to override standard scroll behavior to do some visual trick at the expense of well tested platform and browser scrolling support.
Alupis
I don't use Signal, and am unfamiliar with the UI/UX.
However, it seems more plausible to me that Jeffrey Goldberg is in someone's contact list from previous on-purpose leaks (to control narrative, etc, typical "anonymous sources say" stuff) - and was accidentally added to this group.
Zak
When adding people to a chat, it shows the contact list from the device, with avatars. It is also possible to manually enter a phone number or username.
It's very likely that senior government officials have a phone with journalists saved in the contacts. It's easy to imagine why there are rules against using the same phone for secret war stuff, yet here we are.
GoblinSlayer
It could be just a different profile.
Vox_Leone
It could happen on Whatsapp. I've seen a lot of groups where everybody is an admin.
jredwards
There is someone with the same initials, not with the same name. I saw someone else point out a potential candidate here but I don't recall the exact name.
nkurz
I've seen Jamieson Greer as US Trade Representative (same initials) and Jeffrey Kruse of the Defense Intelligence Agency (same first name) mentioned as possibly being the intended invitee.
roughly
I mean, I expect the actual approved governmental secure messaging apps would make it much harder to accidentally add a journalist to the thread, so I don’t know if this is a Signal problem per se.
runamok
100%. Let's not blame Signal where it's on you to only invite the proper potentially anonymous contact you want to communicate with. Very different goals.
ocdtrekkie
This also highlights why the conversation being held on Signal is so bad. Imagine if "J G" expressed concerns about going forward with the attack. Making actual decisionmaking on go or no go over a non-classified system is insanely stupid.
ttyprintk
Signal could fundraise on new flair for DOGE implants, cabinet members, and folks who have side-loaded FSB certs.
Balgair
If anything, I'm a bit surprised that Jeff Goldberg burned this source.
If anything, I'd suspect that he'd keep the channel open as long as he could.
Or, he's got other channels that work better.
All the same, I mean, wow. These guys are just morons here, there's really no other way around it. I'm trying to think of a charitable way to spin this and I've got nothing.
Like, very clearly, these people are going to get service-members killed due to their idiocy
tptacek
As soon as he realizes (or a reasonable person would realize) that the group chat is not a hoax, and that he is getting confidential military information over that channel, his continued membership in the channel demonstrates intent to receive the information, which makes anything he writes about it in the future legally problematic. It's complicated and it's not like just receiving classified information from a source is intrinsically criminal, but it'll be the entire fact pattern he'd be confronted with by prosecutors.
overfeed
The fourt cases related to Watergate established that receiving classified information is not illegal, and affirmed 1A rights. I'd argue it's a exactly the same as a journalist overhearing this motley crew discussing the war plan in the halls of the White House without being aware there's a journalist nearby. I wouldn't bank on the current supreme court to uphold precedence, or the current administration persecuting the journalist for "hacking" into a "secure" government chat group - which is what they'll allege without evidence. I suspect the journalist cares more about national security than the cowboys in the chat group, and is acutely aware that they are a target for hacking by nation-states, which would leak classified information.
chimeracoder
> I would bank in the current supreme court to uphold precedence
Counting on SCOTUS to respect precedent at this point is either extremely optimistic or extremely naive.
milesrout
The US Supreme Court hews close to precedent. The only two significant overturned decisions in the last decade are Roe v Wade, which regardless of your views on abortion was a poorly reasoned decision, which was really judicial legislation, that had to be essentially amended several times (whether abortion should be permitted is a separate question from whether Roe was good law, which it obviously wasn't) and Chevron, which was contrary to the most fundamental principles of the rule of law (that is, that the interpretation of the law is a fundamentally judicial function).
Neither were really political decisions. The SCOTUS doesn't split along ideological or party lines all the time. It often splits in different ways, and often makes decisions on very politically heated topics unanimously. You should have more confidence in it. It is the least bad of your three major institutions of government by far.
To go back to Chevron, you have to look beyond the US and understand that for anyone else anywhere else in the world, the idea of the courts deferring in their interpretation of the law to executive agencies is just ridiculous. It never made any sense. Its result was inevitable: a new government was elected and suddenly the law changed overnight because government departments all published their new "interpretations" of the law. That is just silly, it makes a mockery of the principles of the rule of law, and it gives too much power to the government. Law should be made by parliament (which you call congress, for some reason) and rulemaking powers should be explicitly delegated to executive agencies where appropriate. Vagueness in the law should be interpreted and resolved by the courts, not by the executive in a way that is subject to political whimsy.
itbeho
There should be protection for people that receive information in this manner that is equivalent to whistleblower protection. No law abiding citizen should ever be prosecuted in favor of protecting a government fuck up.
tptacek
I agree. I'm remarking positively, not normatively.
danesparza
"his continued membership in the channel demonstrates intent to receive the information"
Nope. His authority as a journalist prevails. He published the article -- so his intent was to do his job as a journalist, and the public has a right to know.
National security or institutional trust was not damaged by the journalist -- only by the ignorance of the politicians now running our military.
The information was newsworthy and in the public interest.
Publication did not cause harm (and you might argue that dropping actual bombs caused much more harm).
The information was obtained legally and without foresight.
The journalist has an obligation to report the information if it serves the public interest, especially if it reveals systemic failures, endangers democracy, or impacts public policy.
codethief
I think you are talking past each other. OP's point was about future publications (possibly including confidential information only shared through that Signal group).
CyberDildonics
That's the part you're concerned with? Criminal liability of the journalist while the alcoholic was sending government secrets over a signal group chat to unverified members?
lapcat
> If anything, I'm a bit surprised that Jeff Goldberg burned this source.
> If anything, I'd suspect that he'd keep the channel open as long as he could.
> Or, he's got other channels that work better.
The Signal chat group was called the “Houthi PC small group.” It appeared to be a short-term, mission-specific group rather than a long-term, open-ended group. Thus, it's unlikely that much more information would be gained in the future. Goldberg's inclusion in the chat was the main story here, not the specific details revealed to Goldberg, many of which he kept confidential.
mercurywells
They've been bombing the Houthis for quite a few days now
bayarearefugee
He was probably worried about the legal ramifications of not doing so, though these days he may be more likely to get sent off to some El Salvadoran prison for writing the article and exposing their staggering incompetence than he would be for continuing to knowingly listen in on the chat.
itbeho
He did the right thing. He's obviously of a certain political bent, but recognized this kind of leak could lead to the loss of American service member lives. He didn't share everything from the chat. I respect him for what he did.
And I agree with your assessment. Morons...
ty6853
Hard to say. Sharing it may have lead to saving of servicemen lives since it may cause an abort. Not like it is a self defense mission, attacks on Houthi is totally optional meddling that likely breeds more 'terrorists'.
9dev
Trying to assess the consequences of publishing highly classified information on military operations is a ridiculously reckless idea. None of us have enough data about the full picture to even try to guess correctly here. The only sane thing to do is to maintain confidentiality and leave it to the involved agencies to draw consequences as they see fit.
mostafah
My guess is that he was consulting their lawyers during this. IANAL but it might have been a crime if he did not leave the group as soon as he was sure it was real. He keeps mentioning that he was not certain this is real until the first attacks. After the first attack, he could not continue this argument.
herzigma
Jeff Goldberg loves his country more than he cares about a "source."
anigbrowl
My theory is that he had to balance the journalistic scoop of the century with the risk of being arrested for illegally accessing/storing classified information. If they had noticed before he published the story then he could have been vanned and the public told that he had infiltrated a secure channel, and who would be able to say otherwise? MAGA people would cheerfully call for his execution.
nradov
Under US federal law it is generally not a crime for a person without a security clearance to receive or store classified information. The legal problems come in when they solicit it or take some other action to obtain it.
zeven7
Laws matter less than they used to. When the President regularly uses the term "retribution" to describe his mode of operation, I don't blame someone for taking a more careful approach in a case like this. It shouldn't be that way, for a journalist. But a lot of things shouldn't be the way they are today.
anigbrowl
Would you trust the current DOJ to handle this fairly if it landed in your lap?
jzb
"If anything, I'd suspect that he'd keep the channel open as long as he could."
The real story is that he was added to the channel, so it doesn't surprise me that he didn't try to lurk indefinitely. I'm guessing these things are also ad-hoc, so perhaps the well was already dry after the attack?
But this is some truly amateur-hour shit. I've seen better communications discipline from volunteer open source projects than this.
matwood
> I've seen better communications discipline from volunteer open source projects than this.
Because those people are likely competent. The problem with hiring mostly yes-men/women is competence is secondary.
simonh
Steve Witkoff was on the chat while he was in Russia.
There’s a vulnerability in Signal where you can set up linked devices that replicate your signal messages. You can do this by just scanning a QRcode. This is known to be used by Russian hackers.
What are the chances the Russians duped Witkoff into scanning a QR code while he was in Moscow?
HumblyTossed
> What are the chances the Russians duped Witkoff into scanning a QR code while he was in Moscow?
What are the chances this admin had him do it ON PURPOSE?
throwaway5752
And why would they when they can pop Starlink and get a far bigger prize? https://www.nytimes.com/2025/03/17/us/politics/elon-musk-sta...
bb88
Why must a Signal attack take place only in Russia? If Russia intelligence operations can operate freely in the US, they can attack US Officials in the US as well.
simonh
Good point. I was just thinking Witkoff must be dealing with Russian functionaries all the time in Moscow so they have near constant direct access. There’s nothing to stop them duping one of them in the US though, and it doesn’t seem like duping these guys would be a stretch.
bb88
Honestly, the Russians probably already have done so. It's just a matter of who's phone in that group has been compromised.
In a previous world, some three letter agency (FBI maybe?) would seize the phones in the chat to investigate the leak.
beefnugs
Man in the middle attacks require access to the mobile or networking infrastructure (so not necessary, but much more likely and easy)
lucb1e
> There’s a vulnerability in Signal where you can set up linked devices that replicate your signal messages.
You mean the desktop linking feature? If that's considered a vulnerability, then so is being able to chat with someone after getting their public key unverified from an overseas server, the primary mode in which everyone uses it (including the people in this chat, evidently, since no out-of-band key exchange was performed)...
Not to mention the "vulnerability" where you copy the phone's storage and get the key material onto another device to do with what you will, which may be harder or easier depending on the hardware but I'd trust any sufficiently funded security agency to be able to do this for common devices
remus
If you're part of the US government, with access to the most sensitive information which will put people's lives at risk if compromised, then yes this is a vulnerability because "russian GRU agent nicks your phone and scans your signal QR code" is a real threat.
lucb1e
Bringing in a phone with decryption keys for this conversation is a risk, then, not just Signal's featureset...
I agree it could be hardening to allow users/organizations to disable this feature, and also other features such as automatic media decoding and other mechanisms that are trade-offs between security and usability, but simply does not meet the definition of a vulnerability (nobody will assign this a CVE number to track the bug and "resolve" it)
regularjack
If you're part of the US government, you're not supposed to use signal to discuss this kind of stuff.
uberdru
Totally! Probably for a restaurant menu or something. . . It also seems likely that they added Jeffrey Goldberg, (the Atlantic's editor-in-chief) to the chat as the outlet, so the whole thing would become public. . . .
bb88
How about a restaurant that doesn't have menus and requires patrons to scan a QR code?
Acrylic table menus have inserts which can be easily replaced.
stavros
You guys are forgetting that you have to scan the QR code from Signal's "link new device" menu, and then approve the new device, which is a somewhat uncommon thing for a restaurant menu to ask you to do.
belter
What are the chances Trump portrait[1] has a passive microphone? [2]
[1] "Putin gave Trump portrait to envoy, Kremlin confirms" - https://thehill.com/policy/international/5212691-putin-trump...
[2] https://en.wikipedia.org/wiki/The_Thing_(listening_device)
m000
Right. So the problem is not that everyone in the chat was using an unsanctioned app to exchange classified information, but these insidious Ruskies who tricked Witkoff and hacked his personal Signal account.
simonh
That's the White House line, apparently they did nothing wrong. It's that Journalists's fault. It can't be the Russians though, they're trusted allies now.
anthomtb
This hypocrisy reminds me of one of my former lead developers. He required everyone on the team to go through multi-person code reviews and pass an extensive CI suite before merging changes into our mainline.
But him? Half that time he'd approve his own changes without review, the other half he would force-push and bypass the CI system entirely.
He knew the system well and seemed to do enough local testing to avoid major breakage but still. Why have a bunch of rules and policies that you do not follow yourself?
theoryofx
He knew the system well and seemed to do enough local testing to avoid major breakage but still. Why have a bunch of rules and policies that you do not follow yourself?
Because these rules and policies are for people that are judged to need them by the person with the authority and responsibility for making the decision.
Policies like these always have a cost and (hopefully) a benefit. Presumably this lead dev judged that the cost vs benefit didn't make sense for themselves but did for others. It's entirely possible they were correct.
tdeck
One of the main purposes of code review is to ensure that your code is understandable to other people. Good lead developers understand this. Bad ones find a way to push through their changes without review or get them rubber stamped, in my experience. Then you end up with big parts of the codebase that only the lead dev can work in productively.
bdangubic
the whole team has to review every single line of code to make sure everyone understands it? or is there a threshold like “we good if 7 out of 79 understand it?” almost 3 decades hacking and have never heard anyone saying that purpose of the code review (in the top 987 reasons teams may institute it) is to ensure your code is understandable by other people… wild :)
Buttons840
As long as authority and responsibility land on the same person, I see no problem with it.
If, however, a junior develop is responsible for making a change, but has no authority to make the change, then there is a problem.
bdangubic
lord help all people that work in places where you need “authority” to make a change…
altairprime
Code reviews are often used as an excuse to disclaim responsibility when problems occur, and as a way to deny authority under the guise of mandatory review requests. They do also have many benefits for e.g. continuity of service, but those two drawbacks remain relevant today.
regularjack
Rules are to be followed by everyone without exception, otherwise they should not be called rules.
idle_zealot
> Why have a bunch of rules and policies that you do not follow yourself?
If you can get away with it, why wouldn't you set things up this way? Rules for thee, not for me. You can't try to view power plays like this through the lenses of ethics or morality. The point is to use rules to bind and punish your enemies and to make sure that only your friends can get away with breaking them. You do this with media capture and twisted narratives, taking advantage of the erosion of rule of law as a respected concept among the public.
dragonwriter
> If you can get away with it, why wouldn't you set things up this way?
Ethics and morality.
> You can't try to view power plays like this through the lenses of ethics or morality.
Yes, you can, that's the entire point of ethics and morality.
> The point is to use rules to bind and punish your enemies and to make sure that only your friends can get away with breaking them.
Well, yes, that's the point of the specific actions being discussed; that doesn't make it impossible to look at them through a lens of ethics and morality, it just makes them look bad through such a lens.
idle_zealot
Perhaps rather than "can't try to view" it's more accurate to say that it's an ineffective lense to try to understand the motivations and dynamics at play. You can, and should, analyse the ethics of just about everything in order to make value judgements. Those judgements just have very little to do with people's motivations, and to assume a principled moral stance on the part of an observed actor will leave you baffled more often than enlightened.
useless_foghorn
Power is less appealing if you aren't seeking to abuse it. I agree that an ethics and morality lens is both useful and necessary, but I fear it doesn't illuminate the actions and motivations of the powerful. Perhaps in contrast or relief, but not directly.
zmgsabst
You want a better outcome.
Culture transmission is more effective when followers can emulate leaders — so you’ll have an easier time getting people to obey when your goal is to get them to act the way you do. In this case, you’ll expend less political capital on enforcing your policy regarding code reviews and testing if you adhere to the same policy. (And accordingly, have an easier time avoiding disgrace like public failures if your service.)
If you want to view it purely through the lens of power politics, saving your political capital on issues like this preserves it for things with better rewards — eg, you’ll have an easier time getting your projects approved if your manager isn’t constantly having to deal with the fallout of your policy double standards impacting morale. Or for setting a standard that working fewer hours is acceptable if you’re meeting your quotas — which nobody can dispute you’re doing, as the whole teams is validating that you are.
This kind of petty power game is rarely an optimal exercise of power.
conductr
I think it's more likely a trust issue. He didn't trust the other devs to push things directly, but ofc he trusts himself. I do this with somethings myself. But I also do the inverse, where I don't want to trust myself so I setup a bunch of checks and tests to save my future self from my present self
I think when you're the 'architect' or know the full stack very well, to where you fully repl/grok it and occasionally need to do hot patch type work, the former approach is nice. But, my brain has limited memory and time erodes quickly, so I also know when to rely on the latter approach and I try to do it as much as possible
authorfly
That's a real difference when something is your final responsibility too (as team lead or an architect). You think of it differently, you predict and anticipate changes better. It's like taking care of your kid vs your kids friend.
shaneoh
I think he could have just been a bit lazy.
t-writescode
That’s the definition of authoritarianism.
csomar
Apples and Oranges? If he is the person responsible should a system break then it's totally up to him. In that case, he made sure you did not break his system (because he'd be responsible). And if he broke his system himself then it's on him.
I don't see a problem with it (as long as he can't transfer the blame somewhere else).
boringg
The example you give is about control - he wanted control over everyone else's inputs but trusted himself. Not a great look as a leader.
duxup
That’s one of the reasons I always worry about high level employees who “still write code”. It’s just too much opportunity for them to make bad choices and many ICs are afraid to speak up to avoid it.
Same goes for some “10x developers” who are fast because the rules don’t apply to them. Meanwhile the rules slow everyone else down (yea big surprise he is faster). And everyone else has to clean up after these guys when they get sloppy.
jiggawatts
My personal pet peeve is network admins that have unfettered Internet access from their workstation IP, but everyone else has to traverse half a dozen “security” appliances that break developer CLI tools and slow down everything else.
Glyptodon
I relate to this a bit...
But for me the foundational issue is that my coworkers aren't holding up the bar when reviewing contractor code. And reviewing all the code isn't my job description.
Meanwhile my job description does include maintaining a system my coworkers don't really know anything about, and so I mostly make sure it's tests pass and let me manager know about anything I need to do to it.
charcircuit
>Why have a bunch of rules and policies that you do not follow yourself?
Because the goal is to keep risk to a reasonable level, not necessarily minimize it as much as possible.
AWebOfBrown
Another interpretation of this is that the lead developer adequately mitigated the risk of errors while also managing the risk of not shipping fast enough. It's very easy to criticise when you're not the one answering for both, especially the latter.
ctrlp
In my opinion there are at least two ways to interpret this:
a) It's an unintentional opsec failure. Perhaps there was an address book collision with another intended user. Perhaps it was fat-fingered. This seems likely.
b) It was an intentional leak. Perhaps overtly, perhaps covertly, by one or more of the channel members for unknown purposes. This seems less likely as there are better ways to leak with less blowback risk.
Regarding using Signal in the first place. Yes, this seems like bad opsec, but it's possible that the current admin working groups don't trust the official secure channels and assume they are compromised and they are being spied upon by their own or foreign agencies. That seems very likely, given the circumstances. In which case, it is still a possible opsec failure, but perhaps a less bad risk than trusting operational security to known adverse agencies. This is the more interesting case, imho, since the assumption on here is largely that these types of coordination should be happening on official government channels. But "government" is not necessarily a unified collective working towards the same goals. If you have a strong suspicion that agents within your own team are acting against your goals, then of course, you have to consider communicating on alternative channels. Whether that's to evade legal restrictions or transparency, like with the Clinton email servers, or to evade sabotage, I'm not judging the ethics, just considering the necessity of truly secure communication.
Is that trust in Signal justified? It suggests members at the highest security clearances believe Signal is not compromised. Are they correct? In any case, clearly there are more ways to fail opsec than backdoors.
GVIrish
Using Signal in this case is wrong and foolish full stop, and the extremely likely reason they did so is so they could escape standard government record keeping compliance (NARA).
To start with, classified information is ONLY supposed to viewed in a SCIF. Secondly, it should never be loaded onto private devices. The private phones of national security leadership would be prime targets for every hostile intelligence agency in the world. It matters little if the information was encrypted in transit if the host device is compromised.
One would have to be a fool to not trust all of the classified tools and safeguards the US government uses only to then use a commercial app on commercial phones to communicate classified data in public while stateside and abroad. Just the fact that someone could accidentally add an unauthorized person to the chat is but one reason it was crazy for them to do this.
kelipso
The most likely reason is convenience, not escaping record keeping.
Libcat99
The report includes notes on certain messages having durations set before they would disappear. This indicates intent.
matwood
It can certainly be both. Just like they have already tried to shield DOGE from FOIA transparency requests.
KerrAvon
Avoiding government record keeping is literally part of the Project 2025 plan.
anigbrowl
Then why would you enable the disappearing messages functionality?
lesuorac
Avoiding FOIA requests is the reason every secretary of state since Collin Powell uses private email to conduct business.
bobtheborg
"classified information is ONLY supposed to viewed in a SCIF"
No.
No, no, no.
Most classified information is NOT designated SCI. When classified info was mostly paper, it was placed in GSA approved safes in regular 'ole office buildings. You'd get to work, open your safe, and do your work. Most SIPRNet computers are not in SCIFs.
Heck, you can even mail classified documents via USPS. Confidential and secret documents can be sent registered mail.
GVIrish
SCIFs are for viewing TS materials, whether or not they are SCI. Even then, SCIFs are often employed for processing things that are only marked Secret or systems only handling Secret. But yes, if we want to be specific, Secret has a lower bar and can be worked on outside of SCIFs but still not in public or at home.
heyflyguy
There are a ton of assumptions in here that have yet to be proven true.
zdragnar
CISA explicitly promoted the use of signal by all top government officials.
bglazer
This is true, but lacks specificity. Do you think CISA would recommend sharing details of imminent military operations via signal?
acdha
Where? They recommended it for members of the public as part of their general recommendation for end-to-end encryption but that’s a very different scenario than government employees who have official systems.
quadragenarian
[citation needed]
Assuming this is true, how did they determine what a "top" government official is? So if you're the SecDef you should use it but not the deputy SecDef? How would this guidance not pertain to all government officials?
ctrlp
Sure, those are the reasons for, but would be interesting for you to address the salient point of not trusting those government systems. I'm sure you can make the counterargument.
GVIrish
That doesn't really make sense. If they had strong reason to believe that the secure comms systems they were supposed to be using were compromised, using personal phones to communicate outside of SCIFs is very, very far from what any competent person who understands and is briefed on the threat environment would do. Note that none of the people involved are making that argument because it would make them look even more incompetent.
matthewdgreen
If the CIA and NSA (let alone Russian and Chinese intelligence) are illegally spying on you, your civilian phone is toast. You shouldn't be ordering DoorDash on the thing.
threeseed
The administration has not made this argument though. You have.
So why should we default to the position of not trusting those systems when every previous administration has used it without issus.
nitwit005
They are the government. You're suggesting trusting a third party over trusting themselves.
anigbrowl
I mean, the conversation included references to materials sent on 'the high side' (classified-material email systems). If they consider those systems secure, what's the point of using Signal instead?
dogman144
For a tech forum, this take is pretty darn close to once again giving bad/dumb actors benefit of the doubt backed up by zero.zero% technical logic by claiming they’re actually playing 4D OPSEC chess.
They replace “ideologically compromised SCIFs” with…… 18 separate iOS devices that I’m sure are on 18 separate OS/app versions and device postures and…
Got news for you - want to compromise e2e encryption and Signal? You do it via what they did. So no, they are not correct.
AdamN
Yeah Signal isn't the issue - it's the phones. In the end Signal was probably easier and faster to use while a bit more secure than WhatsApp but one has to presume that a chunk of those phones have been compromised for months.
bastardoperator
They can bake any Tom Clancy style excuse they want. They broke the law and they're incompetent. Even if you want to ignore one, they still need to go. Making mistakes like this anywhere else would cost you your job.
anigbrowl
It may or may not be bad security (I lean toward a rather than b), but it definitely violates record-keeping requirements. Deliberations of public officials might need to be classified, but they should definitely be recorded. If you're using disappearing messages to auto-erase records of conversations, it's a kind of fraud upon the public.
myvoiceismypass
Using Signal is very very very intentional. They may have fat fingered an invite but that does not excuse the whole skirting-all-natsec-protocols.
boringg
Option (a) 100%.
This is an abysmal mistake on the big stage for a bunch of new people on the job. That it is the intelligence community makes it feel so much worse.
alistairSH
"abysmal mistake" makes it sound like this wasn't a considered action and willful disregard for both op-sec and the law. There is zero chance these guys didn't know what they were doing...
At minimum, Mike Waltz is retired special ops, Rubio has had high-level clearance for ages from his time in the Senate, same for Gabbard in the House. None of them responded "Hey, this is poor op-sec and illegal, perhaps take this to an approved messaging service?"
boringg
Im not defending anything here but i also know how unsophisticated executives are and these guys are for sure not technical savvy people. Normally handlers do all the orchestration. I mean it looks pretty clear they chose to work outside the standard operating channels.
refurb
“Abysmal” mistake seems excessive.
Basically a journalist was added to a discussion group of high ranking politicians.
This journalist is well known within those circles and has plenty of access to those people regardless.
The conversation may have been war plans, but the action is pretty uncontroversial across both parties, and went off without a problem so the impact of the leak was nil.
Seems like a great topic for making political hay, but twins that a mistake that can be easily corrected.
boringg
Fine, deeply embarrassing on an international front that your highest level intelligence agency can't do Op Sec securely.
I can't imagine having my personal secure commentary being put out into the public and I don't have national security under my belt.
CSMastermind
> Is that trust in Signal justified? It suggests members at the highest security clearances believe Signal is not compromised. Are they correct? In any case, clearly there are more ways to fail opsec than backdoors.
If you new that Signal was secretly a front by the CIA/NSA then you'd feel pretty comfortable using it.
ctrlp
Secretly? Surely you're not suggesting people on Signal Foundation's board are intelligence assets? Surely, you're joking. That could never, ever, ever be the case. Why would you say such things.
jandrewrogers
FWIW, Signal has been the de facto semi-informal chat app throughout the US intelligence community for many years. I first started using Signal several years ago because I needed it to chat with people in DC.
European governments do the same but with WhatsApp.
ctrlp
I've had a similar experience.
ludicrousdispla
stop lying
lenerdenator
The behavior will continue until an effective negative stimulus is introduced.
thewileyone
So it'll just continue ...
amai
Reminds me of https://en.wikipedia.org/wiki/German_Taurus_leak
„Among the topics the officials discussed in their conversation, conducted using standard commercial Cisco Webex video conferencing software, were the presence of UK and US military personnel in Ukraine and the potential use of Taurus missiles to blow up the Crimean Bridge.“
yencabulator
A thing using authorized channels that was spied on by a different state has practically nothing in common with this.
(Yes, it probably shouldn't have been an authorized channel, but it was.)
realityking
Though the channel wasn’t cleared for the level of information that was discussed.
WebEx was cleared up to the equivalent of Restricted. The conversation likely reached the level of Secret or Top Secret.
Two of the generals were disciplined. (4-figure fine)
Animats
Here's how Eisenhower dealt with a similar leak.[1]
General Henry Miller made public comments about the secret date of the Allied invasion of Normandy in May 1944. He was a personal friend of Eisenhower. Eisenhower demoted him and sent him back to the US in disgrace. He wasn't court-martialed.
rafaelmn
I'm sorry but how in the hell is that a similar leak other than they are in the same category ?
Not justifying Trump administration but just seems like a whole different level of stakes.
dontparticipate
Today's bombing of Yemen is tomorrow's landing of Marines on Taiwan, or I guess these days marching into Montreal and landing in Greenland. All of these require complete OPSEC from the entire chain of command.
nitwit005
People could, obviously, die from leaking a military operation. You're right that more people would die in a larger operation, but I'd assume most of us are okay with firing or prosecuting people for risking lives for not following basic policies.
rafaelmn
Yes, but one is involving hundred thousand lives on a land invasion by a military general, another is about long range bombing being less effective by warning the target hours in advanced by a civilian/politician.
The level of potential impact, expectations and repercussions are very very different between the two. He should absolutely get fired because you cant do that sort of thing at that position - but equating the two is disingenuous. The general should have been court-martialed in that situation.
https://web.archive.org/web/20250324194236/https://www.theat...