On what I thought would be a rather boring Monday, I opened my various social media pages to find them 
inundated with the news that government officials, including the Secretary of Defense, spilled details of recent US military movements in a Signal chat channel which included non-government people in the chat. I also had many folks asking me what Signal was, and why those officials would be using it to discuss what was – at the time of the messages being sent – secret military maneuvers. So, let’s dive into the topic:
Signal is an end-to-end encrypted chat application available for mobile devices and many desktop operating systems. Essentially, it allows people and groups to exchange messages with each other that are encrypted from the moment they leave the sender’s device until they reach the receiver(s) devices, meaning that anyone snooping around between the two won’t be able to read the messages. These applications are very popular with security researchers, journalists, and others who believe – or know – that their communications are being monitored, because those communications are indecipherable gibberish to anyone but the sender and receiver. In the case of Signal, the sender(s) and receiver(s) of each individual chat or group use unique encryption/decryption keys, so not even Signal themselves can read anything sent across the network. This is different from apps like FaceBook Messenger where the company that runs the service can see all the messages, even though no one else has that ability, and adds another layer of security in the event that the service provider gets compromised themselves.
Normally, the idea that highly-confidential information in a Signal chat was visible to the general public would be a cause for extreme concern, as the sophistication required to even attempt to break the encryption in Signal is significant enough for such an event to be insanely rare at best. In this case, no one had to steal the data and decrypt it, they were invited into the chat directly. Of course, the idea that such information was being shared in a 3rd-party, non-government managed applications at all was also an extreme cause for concern all by itself.
A senior editor for The Atlantic (a news magazine) was accidentally added to a Signal chat that included – amongst others – Secretary of Defense Pete Hegseth, members of military groups, and possibly the President himself. How this happened is being investigated but the current best guess is that Jeffrey Goldberg (the editor) was added by accident when someone attempted to add a different person entirely that had a similar name. Signal accepted the request to add Mr. Goldberg and added him to the chat and provided the necessary decryption protocols, meaning someone completely outside of the US Government could now freely read information about highly sensitive military operations no matter if he wanted to or not. To his credit, Mr. Goldberg did not publish information about ongoing operations, but waited until that information was made public through official sources before publishing the story of how he was able to see it well before that point in time. One such piece of information was the recent bombing of Houthi rebel targets in Yemen – information which could have spelled the absolute failure of the operation if it had been leaked – so I give Mr. Goldberg credit for his holding the story back until it couldn’t derail actual military events.
Some questions I’ve gotten on the story, and the best answers I could find:
– Is Signal safe? Yes, for the most part. Barring any accidental adding of magazine editors to chats, Signal is generally acknowledged to be a safe and easily utilized communications application.
– Can government employees even install Signal? This one is a bit complicated to answer. The simple version is that there are some government agencies where the application is not permitted, but for the most part it is allowed on the personal devices of government officials.
– Why was anyone discussing highly sensitive – or potentially even classified – information on a chat app? We don’t have the answer for this one yet. Humans will do odd things sometimes, and apparently one of those odd things is to discuss incredibly sensitive topics in a commercial chat app that isn’t managed by the US Government on devices that are also not managed by the US Government.
– Exactly what got sent to the reporter? According to the Atlantic article, the Secretary of Defense sent the details of the bombing strike against the Houthi rebels about two hours before the strike began – and then various participants in the chat continued to discuss the operation as it occurred.
– What happens now? The US Government will have to undertake an investigation into three key topics:
1 – Why were officials discussing this stuff on Signal instead of through official US Government tools?
2 – Who invited Mr. Goldberg into the chat – accidentally or otherwise?
3 – Why didn’t anyone realize a member of the press was sitting in said chat?
It will no doubt be some time before we find out exactly how this happened. It will also most likely lead to several resignations and high-profile firings. I’ll try to update the story as more information is made public.
UPDATE – March 24, 2025 – Mr. Gordon apparently held back some of the chat logs from Secretary Hegseth and others that he believes contained information about upcoming military and government operations. While we will never know if this information is considered “Classified,” it is most definitely highly sensitive and should not have been shared outside of US Government information systems.