I’m not at all surprised that high-level government officials use commercially available encrypted chat software to have highly sensitive discussions.
If you Google just about any European nation, the word “pols” and the chat client “WhatsApp,” you’ll be treated to years of periodic scandals, slips, and leaks from private-party chats to serious government business being done on an app far less secure than Signal. The use of apps like this is so ubiquitous among diplomats that several papers over the last decades have referred to “WhatsApp Diplomacy.”
People have watched too much James Bond and vastly overrate the technology that the intelligence agencies have developed to secure government communications. I know people who have worked on this field as contractors — and they know their work is far behind the private sector. There is a reason that governments beg Apple to build a back door into their phones; they really can’t crack Apple’s security.
And so, as reporting comes out in the following days, I’d bet the farm it will show that use of Signal’s encrypted chat on iPhones is not unusual, but something close to standard operating procedure or even best practice.
As far as I know, the U.S. government has never developed its own secure encrypted asynchronous chat client. It can set up government secure conversations, so long as the participants are all live and are near equipment. That is, it can set up secure meetings on its own hardware and software. But asynchronous chats like the one the Houthi Small Group engaged in have become ubiquitous and expected in all lines of professional work but seem not to be possible on the government’s systems. It’s what allows the vice president to weigh in while he’s boarding a plane to do other business. To facilitate this kind of communication, the Cybersecurity and Infrastructure Security Agency (CISA) (part of the Department of Homeland Security) recommended that high-level government officials switch to Signal last year.
As Jim Geraghty noted on the podcast, there have been subsequent warnings that Russia had penetrated Signal. The Pentagon sent warnings to government officials about this in the days after the chat that is now so famous. (If using Signal were unusual, or forbidden, why issue the warning?) In any case, the compromise of Signal was a relatively basic phishing attack. Russian intel used QR codes to dupe Ukrainian soldiers into group chats: Clicking on the Russian-made QR code led to the leak of data. Signal has already patched this.
So, I disagree with my colleague Mark Wright when he says of the participants on the leaked chat: “All of them having an affirmative duty to object to that medium of conversation.” I bet all of them believed they were following the best recommended practice. Dominic Pino says it is against protocol — yes, and no. It’s against the rules, and yet, CISA encourages it. Because it is practical. I would argue that the affirmative duty is for the government to rewrite the laws and not to overly prosecute more junior officials who are trying to navigate this mess.
Almost all the calls to fire specific persons come down to raw philosophical rivalries. CIA head John Ratcliffe arguably shared the most sensitive data, but because he is not part of the factional disputes, he is not seen as a target. Instead, I’ve seen people argue that JD Vance is undermining the president and should resign, which is preposterous. In general, hawks argue for firing Pete Hegseth, allegedly for sharing what he did, but I think really for the crime of being too deferent to the elected vice president in the chat. And hawks argue to spare Michael Waltz because he’s a good guy, even though his account of how he managed to include The Atlantic’s Jeffrey Goldberg in the chat (basically, “I dunno”) cannot be true if Jeffrey Goldberg’s account of it is true (basically, “We correspond often!”)
I happen to agree with what I suspect will happen: Everyone is going to get a stern warning to double-check participants on sensitive calls, and then they will return to using Signal on their iPhones because it combines the highest portion of security with convenience.