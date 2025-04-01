Last week, senior US administration officials—including Defense Secretary Pete Hegseth, CIA Director John Ratcliffe, Director of National Intelligence Tulsi Gabbard, National Security Adviser Mike Waltz, and Vice President JD Vance—used the encrypted app Signal to discuss a planned military strike in Yemen. But in a critical misstep , they mistakenly included The Atlantic’s editor-in-chief, Jeffrey Goldberg, in the group conversation.

The incident has sparked widespread backlash and prompted Democratic lawmakers to call for a congressional investigation into what they describe as a serious national security breach.

Signal is an open-source, end-to-end encrypted messaging platform that operates on centralised servers maintained by Signal Messenger. It stores users’ messages and data on their own devices, not on external servers, and allows for disappearing messages.

Despite its reputation for strong encryption, Signal is not hosted on government-controlled infrastructure, nor does it use US government-certified encryption—raising questions about why top officials entrusted with national security would opt for a third-party app.

Is Signal, with its 70 million users worldwide, truly as secure as its reputation suggests—or simply more convenient?

Encryption without barriers

The text-and-voice app that is a little over a decade old, is widely regarded by mobile security specialists as the gold standard for end-to-end encrypted communication. Its use has become common not only among privacy-minded activists, but also among government officials, members of Congress, lawmakers, generals, and corporate leaders.

The phrase “Let’s take this to Signal” has become a universal cue for a conversation that needs to go off record.

A recent review by the Associated Press , found more than 1,100 government officials across all 50 states are currently using Signal.

But Signal’s popularity does not eliminate the risk of user error or platform misuse. The Trump administration’s chat exchange reportedly took place just two hours before a planned military strike targeting a Houthi leader in Yemen, according to screenshots obtained by The Atlantic​. The messages included time, location, and military assets involved—details that would typically be classified.

The fallout was swift. "I am appalled by the egregious security breach from top administration officials," Republican Senator Lisa Murkowski wrote on X. "Their disregard for stringent safeguards and secure channels could have compromised a high-stakes operation and put our service members at risk"​.

The decision to bypass secure, government-controlled communication systems has raised alarms in Washington, with lawmakers demanding answers . But cybersecurity experts say the issue may stem less from ideology and more from usability.

“The issue is not encryption, but access control,” said M. Angela Sasse, Professor of Human-Centred Security at Ruhr University Bochum and University College London.



“Anyone can join Signal, send invitations, and be included by accident, as seems to have happened in this case. With a government-controlled system, this would not happen because the government can restrict access to specific participants with government-issued identities and access permissions.” she explained to TRT World.