How the Atlantic's Jeffrey Goldberg Got Added to the White House Signal Chat
274 comments
·April 6, 2025rayiner
doright
I wonder if this will be high level enough an incident to make companies end those opt-out contact autosuggestions in messenger apps for good.
Then again if they had been ended by now, we might never have heard of this SNAFU.
joenot443
I think in the very best case we _might_ see Apple/G adding an option into the OS to disable contact autosuggestion, but I wouldn't hold my breath.
When a feature is mildly useful 95% of the time and an awkward footgun 5%, I think it still remains a good addition, but one that can be turned off if necessary.
Double checking the recipients in a chat discussing national security is a super low bar and the parties involved are rightfully embarrassed by this one. I'm not letting them blame it on the product managers
hermitcrab
Surely the real question is why they were using Signal, rather than a secure government network?
AndrewKemendo
Former Intelligence officer here.
Cause SIPR, JWICS, GIANT etc… are nearly impossible to access - to the extent where for SCI info (which is arguably the level of data they were passing) they constrain you to having to communicate in a certified SCIF
The SecDef has a bunch of SCIFs but even NSC staff don’t to the same degree.
People pass TS/SCI data outside of the system regularly - congress is notorious for this and I have personally had multi year operations shut down because a congressman talked about it at a hearing.
I know of plenty of parking lot “SCIF” and sneakernet SCI conversations because time was an issue
The reality is this admin doesn’t care about the structures that the national security community is statuatorily mandated to use, but there’s nobody that is going to do anything to them about deviating.
Classified networks suck to use, anyone who can get around it does. The fact that its the secdef and nsc and they got busted just demonstrates that they view their behavior as more important than the system.
Left to the viewer to determine if thats a good tradoff
oyashirochama
The thing is, it's up to the official classification officer to decide on how far is too far for classification down and this administration loves to short man everything so likely they decided it wasn't an issue, but it is, and someone should be blamed in my opinion since that is that official's job.
You can go around legally too just ask what is and isn't considered classified by derivative.
AndrewKemendo
Which is kind of the point
Most OCAs are 2-3 stars and are marginally aware of what they are signing
Rescinding or otherwise ignoring OCAs and caveats as an appointee, NSC officers or especially cabinet level person (don’t get me started on elected officials who have zero respect for classified information ntk) is basically an embedded privilege of rank
RHIP is always applicable
ok_dad
SIPR is easy to access, there are terminals all over. We had SIPR laptops in cabinets no one ever used. TS/SCI not so much, but there are still SCIFs on every military base and there are a lot of those. Not having access to proper facilities is a bad excuse for the people who work with the president.
zamadatix
SCIF (Wikipedia): A sensitive compartmented information facility (SCIF /skɪf/), in United States military, national security/national defense and intelligence parlance, is an enclosed area within a building that is used to process sensitive compartmented information (SCI) types of classified information.
RichardCA
The recent PBS Frontline on the Jack Teixeira / Discord leaks provides an excellent primer on how classified systems work these days.
singleshot_
> but there’s nobody that is going to do anything to them about deviating.
Well, Chinese intelligence, but probably not anyone else, right?
know-how
[dead]
nightfly
Can't follow FOIA requests if there is no record of the conversation existing
hypeatei
I doubt FOIA is even a concern considering this is classified information. I think they're more worried about investigations by a future DOJ or by a future Congress since they can look at this information (if it's not deleted, that is)
nkozyra
> I doubt FOIA is even a concern considering this is classified information
A bit of a conundrum then since multiple folks in the admin said it wasn't classified.
mpalmer
FOIA requests can be made against formerly-classified information. But it's beside the point; any(?) non-classified information/communiques in government are subject to FOIA. Plenty of non-classified info in that chat and the ones we still aren't privy to.
Cthulhu_
Lack of oversight, too much power, failing checks and balances.
It's not unique either; the former prime minister of the Netherlands, Rutte, insists on using a Nokia phone and plain text messages, refusing to divulge what is in those messages and deleting them as there's limited space, thus not adhering to any archival requirements.
nindalf
Plaintext SMS in the year of our lord 2025. People will do literally anything other than following the fucking law and recording their correspondence.
ungreased0675
Because a secure government messaging platform doesn’t exist. The DoD is horrible at buying modern software.
Still not an excuse, because the people with the power to fix it are using Signal instead.
spacebanana7
Reminds me of how the British government runs on WhatsApp.
khafra
You can joke about Microsoft Teams not being a real messaging platform, but running it on a network that's physically separated from the Internet is quite effective at keeping random journalists out of your chat groups.
codedokode
But how do you connect to this network from a mobile phone, for example, when playing golf?
NetRunnerSu
German government seems to be trying the Matrix network.
billfor
Because CISA recommended it and it’s preinstalled on some government phones.
https://www.bleepingcomputer.com/news/security/cisa-urges-sw...
Raudius
That only explains that Signal was considered safe and allowed on their phones not that it was an authorized medium for sharing confidential information.
foundart
According to the article: “ the White House had authorized the use of Signal, largely because there is no alternative platform to text in real time across different agencies, two people familiar with the matter said.”
mft_
Genuine question: I get that there’s usually an expected/different process, and (obvs) the ability to add the wrong person is a problem (!) but is there a fundamental practical reason that their using Signal is/was a problem?
saulpw
The reason that there's an "expected" process is because the people who were hired to think deeply about security got together and, for a bunch of reasons including "(obvs) the ability to add the wrong person is a problem", decided that the process should be something other than Signal. I'm not sure if we know all of the reasons they made that decision, but I think we can infer a few:
- all communication must be stored for legal purposes
- all communication must be on secure government hardware
- the entire security infrastructure must be operated by the government
Which of these aren't fundamental and practical?
shitpostbot
Signal is end-to-end encrypted. One end is the Signal app on your phone. The other end is the Signal app on their phone. The Signal app is developed by people, using computers. Both of those things can be compromised, neither of them are under the perview of the U.S. security agencies.
I would put the market value of a backdoor into all Senior White House communications as certainly >$10B, and probably >$100B, limited only by how long the buyer believed it would be a reliable source of intel. (it may be better to offer it as a subscription service.)
At that point everything should be assumed to be compromised until demonstrated to a reasonable degree of confidence that it's probably safe. A random install from an app store is not that.
mmooss
> I would put the market value of a backdoor into all Senior White House communications as certainly >$10B, and probably >$100B, limited only by how long the buyer believed it would be a reliable source of intel. (it may be better to offer it as a subscription service.)
Yes - how much would Russia, China, or Iran - and US allies - pay to know what the US is planning? What secrets the US has - strengths and weaknesses. It could be existential for their countries. They even could cash in on market-moving information, and even if they wouldn't pay $100B, so could investors.
But I don't know if I'd try the subscription model with state intelligence agencies. It exposes you indefinitely, rather than take the money and disappear; they won't like you having access to the valuable information; they can just take what you have; they are very dangerous.
Hamuko
My guess that the actual secure government messaging services are a pain to use vs. Signal that's on your phone in your pocket, and these people don't really value security over their own convenience. They did share some of the details over actual secure systems ("you should have a statement of conclusions with taskings per the Presidents guidance this morning in your high side inboxes"), but I guess when the attacks were starting, it was easier to just blast them on Signal.
nsagent
> According to the White House, the number was erroneously saved during a “contact suggestion update” by Waltz’s iPhone, which one person described as the function where an iPhone algorithm adds a previously unknown number to an existing contact that it detects may be related.
It's interesting that this was the cause. I'm sure we all have our own stories of how UI/UX niggles (regardless of platform or app) have led to unintended behavior.
While I understand automatic suggestions can be helpful at times, when the UX doesn't clearly identify the cues that lead to the suggestion, with a way for a human to confirm it, this type of error is a likely result.
3eb7988a1663
I have not followed the case too closely, but it seems like the timeline was roughly:
- deny anything wrong happened - Atlantic is a liar
- the leak might have happened, but nothing secret was shared
- ok fine, secret military information was shared
- here is an analysis that says it was the phone at fault, not human error
I have trouble believing anything except butt covering at play. When you are repeatedly caught lying, I do not immediately believe the latest story iteration, even if it is plausible.
BLKNSLVR
I think the most accurate thing Trump has said so far in 47th Presidency was "everything's computer" about the Tesla dash.
Almost everything else out of his mouth, at least towards the media, has existed somewhere on the scale between 'large clump of BS wrapped around a tiny nugget of truth' and 'bald-faced lie'.
And when fairly obvious lies are repeated, the rest of what is said by himself and the rest of his administration retains the stink of the same taint.
D-Coder
DARVO: Deny, Attack, Reverse Victim and Offender.
fransje26
> here is an analysis that says it was the phone at fault, not human error
> I have trouble believing anything except butt covering at play.
No, I did not cheat. We just happened to be hanging around without undergarments, and, you know, we had been eating bananas, and somehow some banana peel fell on the floor, and then I slipped, and grabbed the first thing I could hold on to, and that's how we both accidentally fell on the couch, and then the dog got excited and jumped on us to play, and that's how I unvoluntarily got jump-humped into this unfortunate event..
blitzar
> iPhone algorithm adds a previously unknown number to an existing contact
They must have different iPhones to me, because mine doesn't do that. If I were cynical I would say they made this up.
cosmic_cheese
It’s a real feature in first party apps (messages, mail, etc), but it’s not fully automatic. When it thinks that a number/address/etc is related to an existing contact, it’ll prompt the user to confirm or deny, and upon confirmation the info is added. Ultimately it’s up to the user.
randallsquared
I don't know when they added it to iOS, but my iPhone does this. I get a text from some new number and the message includes (e.g.) "Hey this is Tom." and a notice right in Messages says it "found" a contact that this may be and asks if I want to add the number to that contact. I could imagine having this happen correctly a few times in a row might make one trust that it knows what it's doing.
tsimionescu
Absolutely, and it's generally OK to trust it.
I wouldn't trust it with my bank details though (i.e. while I might send bank details to my life partner, I definitely wouldn't send them to someone my iPhone thinks might be my partner). And I DEFINITELY wouldn't trust it with military operation details.
refurb
The iPhone contacts app is an absolute cluster of an app in terms of how it manages adding contacts (or allows other apps to add contacts).
Years ago I had my nicely arranges contacts in place, then added Gmail and it upload contacts so now they were all duplicated. Then when I dug into it, I realize you have have folders of different contacts, but depending on the view they are shown as combined.
Then add on top Gmail keeps asking me if I want to update someone's contacts from an email they sent me. I click yes, but it keeps coming up even though their contact info doesn't change (what?).
Then if I try to copy a message from iMessage, it will randomly assume a number is someone's phone number and ask me if I want to create a new contact (what?). If my fingers were fatter it would be easier to click "yes" and end up with a non-phone number added to some person's contacts.
I only trust the contacts that I add manually, everything else is suspect.
zozbot234
Could be one of those newfangled "AI" features.
elijaht
It’s not new, been seeing this for years
more_corn
Really? I think the text of the pop up is “new number found for CONTACT NAME. Add it to contact?”
lukan
But does it extract this information from a email where a different contact was included? That part sounds weird to me (but possible).
selfhoster
[flagged]
maest
> According to the White House, the number was erroneously saved during a “contact suggestion update” by Waltz’s iPhone, which one person described as the function where an iPhone algorithm adds a previously unknown number to an existing contact that it detects may be related.
I'm sorry, how is that knowable? Is there a log of iPhone users interactions that shows this?
Or is it the case that investigators pointed to the wrong number being saved in Waltz' phone and Waltz replied: "Oh, the only explanation is that I must have misclicked when my phone asked me to update my contacts."
Cthulhu_
Sure, but the use case of Signal isn't for secret communications, so the stakes of adding the wrong person should be a lot lower in normal use.
If it was intended as a secure communications platform for government use, they wouldn't be using phone numbers and an address book that can have incorrect information.
I did read Signal was being used in the military etc, but only as a notification system that they should check their actually secure communications thing.
xtiansimon
> “…iPhone algorithm adds a previously unknown number…”
What?
chneu
They're lying. This is up there with "I was hacked" when getting caught replying to porn accounts.
xtiansimon
Pants on fire just doesn't seem to cover it.
It's just that Google Voice app on iPhone did something weird in a recent call. I hadn't been using it very much at all, and about a month ago I got a notice from Google saying, Use it or lose it. Ok. So I use it and the suggestion thing threw me for a loop.
On my phone's 120 mm screen, if you switch to the keypad, but before you type a number, the top of the screen says "Suggestions". But I didn't see that. I'm looking back and forth between a phone number in an email signature and the on screen keypad. Once you start typing the number, "Suggestions" goes away. So I finish typing and look up to see the name of a personal contact (never called from Google Voice, btw). I had to type the number again I was so confused.
I was thinking, that's what you get for free IP phone number and free app. Now I read the OP and think, now my iPhone is going to start acting like crap too?
Funny to think it, but I wonder if these Gov peeps are using the free versions or if they pay for these services?
whoisthemachine
It's interesting and funny from a tech perspective that auto-suggestions on iPhone got him.
It's also proof that 1) security processes are important for a reason and 2) don't discuss information you don't want getting out on a consumer device (or really on any internet connected device) and 3) these guys' plan of using signal to avoid record keeping was foolish and stupid, more than just because of their silly fear that Democrats would release their records (that would require Democrats growing a spine).
troyvit
> these guys' plan of using signal to avoid record keeping was foolish and stupid, more than just because of their silly fear that Democrats would release their records (that would require Democrats growing a spine).
s/was/is. As in -- they're going to keep using Signal.
And yeah it is all for naught because as you say, there is no sign the dems as a group will grow a spine.
whoisthemachine
> s/was/is. As in -- they're going to keep using Signal.
If that does turn out to be the case then I am certain this won't be the last time they inadvertently share information.
kjellsbells
Even if the democrats received a sudden vertebrae infusion, they hold no levers of power. One might ask where the spines are of the Republicans who are in a position to apply pressure from the inside. Trumpism may die due to pressure from the outside, but it seems far more likely that it will be taken down from the inside, eg internecine billionaire arguments, or a congressional palace coup.
troyvit
> One might ask where the spines are of the Republicans who are in a position to apply pressure from the inside.
Oooh I actually think that's the question that history will ask. We've seen groups choose party over country before, but I can't think of a time in my life where it was to this extent.
ttul
“… after he mistakenly saved his number months before under the contact of someone else he intended to add.”
This is precisely why the government has its own very inconvenient devices and network, which cannot possibly fall victim to the same completely understandable human error. Had the team been using secure devices on the secure network, no journalist would ever have been accidentally added to the chat.
That these people are in charge of national security is beyond ridiculous. It speaks volumes about the unprecedented political setup we find ourselves in that such frankly inexperienced and naive people are in charge after Senate confirmations that were intended to protect us all from such a mistake.
ttyprintk
When not being a Florida politician, Mike Waltz has had this role since the early 2000s (for Cheney) and believes contact fields “get sucked” through invisible series of tubes. He’s never seen a Senate confirmation and I bet never will.
bsimpson
The article also says that they were using Signal as a standin because there's not yet a secure system that crosses agencies.
It also tries to blame past administrations for this (which includes Trump last time).
apical_dendrite
There's absolutely a secure system that crosses agencies - they even refer to it in the Signal chat (see the comment about sending details to your "high side inboxes"). But you can't use that system on your personal phone, and it doesn't let you avoid record-keeping requirements by setting messages to auto-delete.
XorNot
The US has been perfectly capable of executing complicated military operations for decades prior without needing to use Signal to coordinate messaging amongst heads of staff.
Henchman21
Ah but those are trained military personnel, not reality tv stars and infotainment hosts
fuzzfactor
Actually more capable up until now, this is naturally an historic low, completely reflecting the integrity of the Commander-in-Chief, or lack thereof, by comparison.
OneDeuxTriSeiGo
This is blatantly incorrect though. The NSA actually set up the DMCC phone system specifically for this purpose. They are phones with 100% of the infrastructure already set up for communicating classified or sensitive information even while abroad and they are hardened enough that they are generally considered unclassified when powered down. They come in a DMCC-S (secret) and DMCC-TS (top secret) flavor. Any somewhat senior member at any agency or department that regularly interacts with classified information could request one of these devices. They provide cross agency encrypted call, text, and other capabilities at all security levels.
https://www.disa.mil/-/media/Files/DISA/Fact-Sheets/DMCC-TS-...
mint2
So why are we Taking claims and justifications from this admin at face value? Fool me once, shame on you, fool me twice shame on me”
selfhoster
"These people"
Indeed, like this:
https://www.fbi.gov/news/press-releases/statement-by-fbi-dir...
"From the group of 30,000 e-mails returned to the State Department, 110 e-mails in 52 e-mail chains have been determined by the owning agency to contain classified information at the time they were sent or received."
ttul
Nothing in my comment implies that what Clinton did was any more lawful. But since you raised the point, I’ll just note that it is quite interesting that Clinton’s circumstance was thoroughly investigated by the FBI, whereas in the Signal debacle, it seems Trump’s administration is going to let it go.
Why the double standard?
jliptzin
Why would Trump fire anyone? Voters have signaled that they no longer care how classified information is handled. Maybe they no longer know why classified information should be carefully guarded, or it's just not a priority anymore. We all remember the FBI's photos of top secret documents being stashed in the Mar a Lago bathroom and ballroom. Not only did Trump not face any consequences for that whatsoever, he actually gained votes compared to the last time he ran. Trump is behaving completely rationally here. He's not going to lose even 1% of his support base over this, so why would he take any action? It's pretty interesting that for all the decades of skepticism and distrust of the government I've heard coming from conservatives (2A to guard against tyranny, "government is the problem", etc), they're putting an awful lot of blind trust in this particular administration.
eightman
Or Waltz has been leaking to Goldberg and every other journalist in his contacts and did it by accident.
thinkingemote
I have been reading spy thrillers recently and my pet toy theory was that this was an attempt to unmask a mole. Leak information and see who publishes it.
Politicians regularly intentionally leak information they want leaked, and politicians also encounter leaks that they don't want leaked. Perhaps Goldberg did the only thing he could - he identified the trap.
jmull
I don’t see how this “clears” Waltz.
For one thing, as far as I know, the iphone doesn’t attach phone numbers to contacts automatically, it just asks. The article claims the iphone did it, but I think Waltz must have.
Also, this why you don’t use a random group chat app for national security conversations. Your general app is designed for engagement which includes building out the social network. Of course it’s going to err on the side of inclusion, when here you want to err on the side of exclusion.
For national security, contact info would be vetted, verified, and strictly up-to-date. There would be multiple guards that would prevent a thoughtless tap months earlier from leading to the wrong person being given national security information.
It sure is frightening that these bozos are in charge of things that have high stakes.
sparky_z
It was Hegseth, not Waltz, that suddenly started dropping classified operations details (without promoting) into a group chat that was just set up for the purpose of planning for a future meeting. He's the one who really fucked up here.
jmull
Hegseth's messages were the worst but not the only ones. E.g., Waltz goes on to share details of targets hit.
And no one ever says, "Don't share operational details in this chat," either before Hegseth's details message or after. It's perfectly clear that was normal and expected.
The chat starts with pulling together the group, continues with high-level agreement to proceed, then the details start dropping... You know... exactly the way work-related chats go. I've had innumerable work chats like this.
Hegseth's own severe incompetence doesn't somehow absolve Waltz of his. I used "bozo" in the plural for a reason.
You don't have to carry water for these idiots. They may nominally be on your "side", but they aren't holding up their end of it. They are making huge mistakes which have real consequences for us all. Time to start calling them out on it, not trying to defend them with technicalities, false dichotomies, and misdirection.
crawsome
Among all the promoted opinions that are trying to muddy the waters on the subject to make them seem innocent, there shines a beam of truth:
>It's perfectly clear that was normal and expected.
Their lack of protocol, lack of humility, and just lying about everything shows how unfit they are for leadership.
sixothree
> And no one ever says, "Don't share operational details in this chat,"
The work I do isn't 1/10th as sensitive as this but we have this branch in our threads all the time. I can't imagine the carelessness required for this to happen this way.
remus
It seems reasonably likely they were using signal to avoid records keeping requirements and public scrutiny. If you found a group of employees using signal with disappearing messages to talk about work outside of your normal work chat (slack etc.) you'd be pretty suspicious, let alone if they were working in public office!
Terr_
Oh, absolutely, I try to remind people that even starting this group chat was criminal, because it's an attempt to break public records laws.
ljf
Also if you then saw colleagues discussing company secrets or legally privileged information on a group chat, the onus is on everyone in the chat to call that out as wrong.
codedokode
Nothing good comes out of keeping records so it is natural that people do not want to keep them.
HenryBemis
A very friend of mine was going through a nasty divorce. Although we weren't talking about the divorce/case he set our messages on auto-delete. Apparently his (now, ex-wife) had SMS and WhatsApp messages in court to be used for her cased.
Any 'loving message' to her from the early days ("you are so perfect") and any 'nasty message' to others ("oh that bitch!!") sent to anyone was presented in court. So for caution he auto-deleted even the messages that were innocuous, just in case it could be used against him "oh he wanted to spend money for a new phone/laptop, thus he has money, thus I will take it"
refurb
From what I've gathered, Signal use was prolific among people in this administration and the past one.
I'm not surprised. My own company sends out several emails that Whatsapp can't be used as it's not secure, yet I get Whatsapp messages from leadership I work with constantly.
People ignore directives all the time. Usually out of convenience.
People have even called it out in a Whatsapp chat "hey guys, we're not supposed to use Whatsapp" and people usually ignore it.
nailer
The parent poster is right though, signal is permitted and encouraged for any discussion that would’ve happened over SMS, the issues are somebody dropping details into a channel meant for planning a meeting, as well as somebody accidentally adding somebody that should not have been there.
infecto
I don’t like Waltz but I think this is the better take that has no really taken hold well in the media. Why was Hegseth posting information that should be in a need to know basis and to folks that have no benefit know before hand. This is the primary issue and I believe a disqualification for being SECDEF. Others would get immediately fired and a healthy chance of being prosecuted.
The other issue is having this chat outside of formal means. I am not as well educated but having civilians that serve at the pleasure of the president I would assume must follow some rules around formal and recorded communications.
ethbr1
Hegseth's primary qualification for being the Secretary of Defense is being a yes-man who owes the administration for his job.
It's not surprising that given a choice between {serving the needs of the military} and {serving the needs of the administration}, he defaulted to the latter.
adgjlsfhk1
everyone else in the chat is responsible for not shutting it down
trhway
>Why was Hegseth posting information that should be in a need to know basis
He was tripping on power (reminds any other washed out alcoholic talking). It was a collective orgasm in that chat.
jasonm23
> better take that has no really taken hold well in the media.
The media ... not covering a story accurately, or with integrity?!
Say it isn't so!
mcintyre1994
None of them seemed at all surprised though, and a bunch of them responded positively. The group didn’t act like the chat was just for setting up a meeting.
ncr100
They were all still breaking Presidential Records Act. They knew it.
Including Waltz.
They deserve punishment at the Executive level.
I want a President who follows laws.
elihu
Hegseth's posts were the most egregious, but there was a lot of sensitive information that could have been inferred from the rest of it -- basically that the U.S. was planning some sort of attack against the Houthis, they debated whether to do it or not and chose to go ahead, and the approximate timing of the attack is implied by the timing of meetings and decision windows.
https://www.cnn.com/interactive/2025/03/politics/yemen-war-p...
verelo
It’s an interesting point, but are they even allowed to communicate on these devices with this app? I feel that has to be a question with an answer and i would assume it’s no?
sorcerer-mar
Yes they are, but explicitly not for non-public DoD information. It's for stuff like "hey get to a SCIF so we can talk" and otherwise replacing what you'd normally use SMS for.
saghm
I don't think we need to go out of our way to exonerate any of them. "Really fucking up" isn't something exclusive.
miroljub
Are you sure it war not intentional?
They wanted to send a message to the recipients without going through an official channels. What is a better way than adding a journalist to the "secret" group to "leak" it?
hcknwscommenter
Sub headline in the link says investigation "cleared" Waltz. When of course, what actually happened is that the investigation showed how extremely reckless negligent and careless Waltz was. I wish the guardian was more explicit about how nonsense this government propaganda is about this incident.
toast0
How about that nobody else questioned who the new guy was?
mannykannot
You don't keep your job under this administration by sticking your head out.
lokar
He was “cleared” of what mattered to Trump, being disloyal.
mannykannot
While I thoroughly dislike self-serving bullshit, this is at least about as blatant a case of self-serving bullshit as it gets.
leereeves
[flagged]
autoexec
> "The U.S. Cybersecurity and Infrastructure Security Agency, or CISA, has recommended that “highly valued targets” — senior officials who handle sensitive information — use encryption apps [like Signal] for confidential communications. Those communications are not typically releasable under public record laws."
The same memo where they made that recommendation also said: "Unmanaged 'messaging apps,' including any app with a chat feature, regardless of the primary function, are NOT authorized to access, transmit, process non-public DoD information. This includes but is not limited to messaging, gaming, and social media apps. (i.e., iMessage, WhatsApps, Signal). "
Even after that, they were again explicitly warned not to use Signal for anything sensitive:
https://www.cbsnews.com/news/nsa-signal-app-vulnerabilities-...
tsimionescu
You are taking this recommendation completely out of context. This is a recommendation for confidential communications, not releasable under public record laws.
But neither of those applies for the Signal chat in question. That was not confidential communication, it was top secret active military data. And, like any other military-related decision, it was very much in the category of information that must be recorded and was going to eventually be releasable under public record laws, as soon as its confidential nature expired, 50+ years from now most likely.
stavros
In the way a pilot might misclick one time on a popup and crash a plane, yes. Except that never happens, because pilots know better than to use systems where a single misclick can mean a crash, which is much more than we can say about the top tiers of the US government.
outer_web
Let's not condemn the top tiers of the US government based on the top tiers of the current administration.
immibis
Eastern Air Lines flight 401 crashed because the pilot accidentally changed the autopilot setting while diagnosing a separate problem.
Of course, the more fundamental reason was that he wasn't looking at where the aeroplane was going, not even periodically.
null
maxerickson
Doesn't know how the phone works -- careless.
Clicks the button without knowing what impact it will have on a device he uses for national security communication -- reckless.
Uses a personal device -- careless and reckless.
op00to
Again: war plans should be on high side systems NOT Signal.
freehorse
The main reason that government software is supposed to be used instead of signal is not that signal does not have good e2ee. It is to avoid fuck ups like adding a random, non-government person to a classified chat. An interface proper for this use would not allow such things to happen because one made a wrong click somewhere.
grotorea
I'm not sure if I understood the details from the article, but there was also a previous mistake where Waltz added Goldberg's number as a contact number for Hughes. This was just iPhone doing its thing and syncing contacts I guess?
mexicocitinluez
Man, the amount of people who will carry water for this admin astonishes me.
You couldn't even be bothered to read the sources you're quoting.
> That doesn't sound "extremely reckless negligent and careless". It sounds like he misclicked one time on an unexpected popup.
hwut? We're not talking about accidently texting your ex-girlfriend though I know people like you need to rely on false equivocations to sanewash the garbage.
graemep
> Sub headline in the link says investigation "cleared" Waltz. When of course, what actually happened is that the investigation showed how extremely reckless negligent and careless Waltz was.
That sounds like cleared to the standards expected of politicians.
foldr
No, this is not the standard expected of politicians. This is an unusual — probably even unprecedented — level of recklessness and carelessness for a National Security Advisor. We can expect the person advising the President on national security not to accidentally leak classified information to a journalist via an unsecured communication channel. That expectation is routinely complied with.
NoTeslaThrow
> the investigation showed how extremely reckless negligent and careless Waltz was
This is just a case where there's an individual to blame. We're looking back at at least eighty years of negligence and recklessness. Basically every conflict we've been in indicates clearly we don't have the competence nor the honesty that a reasonable human would find sufficient to manage such a destructive entity.
4d4m
Anyone remember being told Signal was an unsecured app and not to use it?
Rules for thee but not for me. Pepperidge farm remembers.
simonbarker87
Is this comparable to Hilary Clinton’s email issue out of interest? (not American so only have a passing familiarity with much of this)
outer_web
It is comparable but not similar. Clinton had a private server for handling diplomatic emails. The vast majority of traffic was unclassified, the classified material was later deemed to be improperly marked (except three documents iirc).
This case is a single incident (that we are aware of) where a clearance holder manually bypassed security and tracking by transcribing attack plans to a commercial chat platform.
dralley
The information that Hegseth shared shouldn't have been shared regardless of whether the app was secure, and regardless of whether Jeff was there. Nobody in that chat needed to know those details, he was just showing off like the insecure dilletante he is.
hello_moto
Like an eager intern showing off their capabilities in front of the Engineering Leads.
A news reporter turned SecDef will make one be like that… eager
fuzzfactor
If you're the new Secretary of Defense and you've never held a rank anywhere near a military General, you need to spend about 12 hours a day 7 days a week, with real active Generals for a lot longer than this before making any bold moves.
Anything less is certainly dereliction of duty.
isubkhankulov
The Secretary of Defense is a civilian position intended to be independent of the active-duty leadership so as to prevent coups. In practice, many prior SecDef’s had to get waivers to serve.
leereeves
This thread is misunderstanding the job of Secretary of Defense. They aren't interns learning from the generals how to lead an army or plan logistics. They're project managers who ensure the generals are aligned with the President's goals.
WillPostForFood
The National Security Advisor and Vice President shouldn't know when and how an attack is happening? That's ridiculous. They were literally debatng whether to do it, of course they need to know. Beyond that, the people in the White House need to prepare messaging, position the president.
apical_dendrite
This is a great explanation for why they should be keeping these conversations on systems that are designed for handling classified information and have controls to prevent adding a random person to the conversation.
bediger4000
The systems you describe exist. An interesting story would investigate why the systems weren't used in the Goldberg situation.
9283409232
I think the easy answer is that current systems are subject to FOIA and they are doing their best to avoid FOIA because whatever they are doing is very illegal.
mcculley
It would not have to be illegal, much less very illegal for them to want to keep their discussions away from public scrutiny. It is unacceptable even for mundane official discussions.
I have often observed government officials carrying two phones and using both of them in the same meeting.
nsagent
I'm completely unfamiliar with what systems exist, but here's what the article states:
> the White House had authorized the use of Signal, largely because there is no alternative platform to text in real time across different agencies, two people familiar with the matter said.
> Previous administrations, including the Biden White House, did not develop an alternative platform to Signal, one of the people said.
Are you saying these sources are dissembling? Wouldn't surprise me at this point, but just making sure I understand what you're saying.
the_snooze
The systems exist are in the form of "you go into a secure room with specially-networked computers and do your sensitive comms there." These are secure not only because of the use of strong encryption (which Signal does) but also because of the restricted access (which Signal doesn't). You can't accidentally add a journalist on these secure systems for the simple reason that the US government doesn't give accounts or physical access to randos (which Signal effectively does).
simplicio
I mean, if the devices exist, I'm skeptical its that hard to just give them to whomever you want to use them and give them all DoD accounts or whatever. The people involved being in different agencies seems like a dodge.
est
As described near the end of the article
> White House had authorized the use of Signal, largely because there is no alternative platform to text in real time across different agencies, two people familiar with the matter said.
apical_dendrite
All of these guys have SCIFs at their homes and offices, and if they're traveling they have access to a SCIF. They can absolutely get secure messages across agencies in real time - Waltz even says this in the group chat when he tells them to check their "high side inboxes". They just can't get them as texts to their personal phones - for very good reason. It's a more inconvenient system by design.
What these guys are arguing is that there's a case for using Signal for something like what Waltz was initially doing - telling people to check a more secure system and asking them to name a point person. But of course the risk is that a) even that information is extremely useful to an adversary; b) once the more convenient system exists, you're relying on people to carefully adhere to the rules about what should go on it, and guys like Hegseth are morons who don't feel like they need to follow the rules.
> According to the White House, the number was erroneously saved during a “contact suggestion update” by Waltz’s iPhone, which one person described as the function where an iPhone algorithm adds a previously unknown number to an existing contact that it detects may be related.
Politics aside, these auto-suggestions are a landmine in business contexts and should be disabled by IT where possible. Sometimes I'll be sending emails including both my client and internal team and the lawyers for the other side. The phone will decade that these email addresses are related in some way. So next time I want to send an internal strategy email to my client and the team, the app will helpfully suggest copying opposing counsel. Not great.