It's interesting and funny from a tech perspective that auto-suggestions on iPhone got him.
It's also proof that 1) security processes are important for a reason and 2) don't discuss information you don't want getting out on a consumer device (or really on any internet connected device) and 3) these guys' plan of using signal to avoid record keeping was foolish and stupid, more than just because of their silly fear that Democrats would release their records (that would require Democrats growing a spine).
Sub headline in the link says investigation "cleared" Waltz. When of course, what actually happened is that the investigation showed how extremely reckless negligent and careless Waltz was. I wish the guardian was more explicit about how nonsense this government propaganda is about this incident.
> "The U.S. Cybersecurity and Infrastructure Security Agency, or CISA, has recommended that “highly valued targets” — senior officials who handle sensitive information — use encryption apps [like Signal] for confidential communications. Those communications are not typically releasable under public record laws."
The same memo where they made that recommendation also said: "Unmanaged 'messaging apps,' including any app with a chat feature, regardless of the primary function, are NOT authorized to access, transmit, process non-public DoD information. This includes but is not limited to messaging, gaming, and social media apps. (i.e., iMessage, WhatsApps, Signal). "
Even after that, they were again explicitly warned not to use Signal for anything sensitive:
You are taking this recommendation completely out of context. This is a recommendation for confidential communications, not releasable under public record laws.
But neither of those applies for the Signal chat in question. That was not confidential communication, it was top secret active military data. And, like any other military-related decision, it was very much in the category of information that must be recorded and was going to eventually be releasable under public record laws, as soon as its confidential nature expired, 50+ years from now most likely.
In the way a pilot might misclick one time on a popup and crash a plane, yes. Except that never happens, because pilots know better than to use systems where a single misclick can mean a crash, which is much more than we can say about the top tiers of the US government.
The main reason that government software is supposed to be used instead of signal is not that signal does not have good e2ee. It is to avoid fuck ups like adding a random, non-government person to a classified chat. An interface proper for this use would not allow such things to happen because one made a wrong click somewhere.
Man, the amount of people who will carry water for this admin astonishes me.
You couldn't even be bothered to read the sources you're quoting.
> That doesn't sound "extremely reckless negligent and careless". It sounds like he misclicked one time on an unexpected popup.
hwut? We're not talking about accidently texting your ex-girlfriend though I know people like you need to rely on false equivocations to sanewash the garbage.
I'm not sure if I understood the details from the article, but there was also a previous mistake where Waltz added Goldberg's number as a contact number for Hughes. This was just iPhone doing its thing and syncing contacts I guess?
> Sub headline in the link says investigation "cleared" Waltz. When of course, what actually happened is that the investigation showed how extremely reckless negligent and careless Waltz was.
That sounds like cleared to the standards expected of politicians.
No, this is not the standard expected of politicians. This is an unusual — probably even unprecedented — level of recklessness and carelessness for a National Security Advisor. We can expect the person advising the President on national security not to accidentally leak classified information to a journalist via an unsecured communication channel. That expectation is routinely complied with.
> the investigation showed how extremely reckless negligent and careless Waltz was
This is just a case where there's an individual to blame. We're looking back at at least eighty years of negligence and recklessness. Basically every conflict we've been in indicates clearly we don't have the competence nor the honesty that a reasonable human would find sufficient to manage such a destructive entity.
I doubt FOIA is even a concern considering this is classified information. I think they're more worried about investigations by a future DOJ or by a future Congress since they can look at this information (if it's not deleted, that is)
FOIA requests can be made against formerly-classified information. But it's beside the point; any(?) non-classified information/communiques in government are subject to FOIA. Plenty of non-classified info in that chat and the ones we still aren't privy to.
You can joke about Microsoft Teams not being a real messaging platform, but running it on a network that's physically separated from the Internet is quite effective at keeping random journalists out of your chat groups.
Lack of oversight, too much power, failing checks and balances.
It's not unique either; the former prime minister of the Netherlands, Rutte, insists on using a Nokia phone and plain text messages, refusing to divulge what is in those messages and deleting them as there's limited space, thus not adhering to any archival requirements.
My guess that the actual secure government messaging services are a pain to use vs. Signal that's on your phone in your pocket, and these people don't really value security over their own convenience. They did share some of the details over actual secure systems ("you should have a statement of conclusions with taskings per the Presidents guidance this morning in your high side inboxes"), but I guess when the attacks were starting, it was easier to just blast them on Signal.
Because now _this_ party is in power and controls the systems and information, but in 4/8/12 years _that_ party will be in power and a good-willing-mistake-making-bureaucrat may leak these 'by accident/mistake/etc' if they are properly recorded on a gov-controlled system.
But the auto-delete-after-1-week messages from Signal would never be recovered (unless someone is logging all that data and in the future will be able to crack it).
> According to the White House, the number was erroneously saved during a “contact suggestion update” by Waltz’s iPhone, which one person described as the function where an iPhone algorithm adds a previously unknown number to an existing contact that it detects may be related.
Politics aside, these auto-suggestions are a landmine in business contexts and should be disabled by IT where possible. Sometimes I'll be sending emails including both my client and internal team and the lawyers for the other side. The phone will decade that these email addresses are related in some way. So next time I want to send an internal strategy email to my client and the team, the app will helpfully suggest copying opposing counsel. Not great.
> According to the White House, the number was erroneously saved during a “contact suggestion update” by Waltz’s iPhone, which one person described as the function where an iPhone algorithm adds a previously unknown number to an existing contact that it detects may be related.
It's interesting that this was the cause. I'm sure we all have our own stories of how UI/UX niggles (regardless of platform or app) have led to unintended behavior.
While I understand automatic suggestions can be helpful at times, when the UX doesn't clearly identify the cues that lead to the suggestion, with a way for a human to confirm it, this type of error is a likely result.
I have not followed the case too closely, but it seems like the timeline was roughly:
- deny anything wrong happened - Atlantic is a liar
- the leak might have happened, but nothing secret was shared
- ok fine, secret military information was shared
- here is an analysis that says it was the phone at fault, not human error
I have trouble believing anything except butt covering at play. When you are repeatedly caught lying, I do not immediately believe the latest story iteration, even if it is plausible.
I think the most accurate thing Trump has said so far in 47th Presidency was "everything's computer" about the Tesla dash.
Almost everything else out of his mouth, at least towards the media, has existed somewhere on the scale between 'large clump of BS wrapped around a tiny nugget of truth' and 'bald-faced lie'.
And when fairly obvious lies are repeated, the rest of what is said by himself and the rest of his administration retains the stink of the same taint.
> here is an analysis that says it was the phone at fault, not human error
> I have trouble believing anything except butt covering at play.
No, I did not cheat. We just happened to be hanging around without undergarments, and, you know, we had been eating bananas, and somehow some banana peel fell on the floor, and then I slipped, and grabbed the first thing I could hold on to, and that's how we both accidentally fell on the couch, and then the dog got excited and jumped on us to play, and that's how I unvoluntarily got jump-humped into this unfortunate event..
It’s a real feature in first party apps (messages, mail, etc), but it’s not fully automatic. When it thinks that a number/address/etc is related to an existing contact, it’ll prompt the user to confirm or deny, and upon confirmation the info is added. Ultimately it’s up to the user.
I don't know when they added it to iOS, but my iPhone does this. I get a text from some new number and the message includes (e.g.) "Hey this is Tom." and a notice right in Messages says it "found" a contact that this may be and asks if I want to add the number to that contact. I could imagine having this happen correctly a few times in a row might make one trust that it knows what it's doing.
I wouldn't trust it with my bank details though (i.e. while I might send bank details to my life partner, I definitely wouldn't send them to someone my iPhone thinks might be my partner). And I DEFINITELY wouldn't trust it with military operation details.
The iPhone contacts app is an absolute cluster of an app in terms of how it manages adding contacts (or allows other apps to add contacts).
Years ago I had my nicely arranges contacts in place, then added Gmail and it upload contacts so now they were all duplicated. Then when I dug into it, I realize you have have folders of different contacts, but depending on the view they are shown as combined.
Then add on top Gmail keeps asking me if I want to update someone's contacts from an email they sent me. I click yes, but it keeps coming up even though their contact info doesn't change (what?).
Then if I try to copy a message from iMessage, it will randomly assume a number is someone's phone number and ask me if I want to create a new contact (what?). If my fingers were fatter it would be easier to click "yes" and end up with a non-phone number added to some person's contacts.
I only trust the contacts that I add manually, everything else is suspect.
I read that. But it would still be Goldbergs signature block. So is apple so "dumb" to just take this number and assume it belongs to the email adress contact? To be confirmed with a single touch?
It is for sure a terrible design for a top secret communications system.
For a consumer platform, it makes some sense, and the prompt is supposed to be “hey you might want to do this”, and the user can decide if it makes sense. I’ve used an iphone since they came out, have seen this prompt like twice, and got it right both times. But I’m not a national security advisor or anything so maybe it’s more clear to me.
> According to the White House, the number was erroneously saved during a “contact suggestion update” by Waltz’s iPhone, which one person described as the function where an iPhone algorithm adds a previously unknown number to an existing contact that it detects may be related.
I'm sorry, how is that knowable? Is there a log of iPhone users interactions that shows this?
Or is it the case that investigators pointed to the wrong number being saved in Waltz' phone and Waltz replied: "Oh, the only explanation is that I must have misclicked when my phone asked me to update my contacts."
Sure, but the use case of Signal isn't for secret communications, so the stakes of adding the wrong person should be a lot lower in normal use.
If it was intended as a secure communications platform for government use, they wouldn't be using phone numbers and an address book that can have incorrect information.
I did read Signal was being used in the military etc, but only as a notification system that they should check their actually secure communications thing.
It's just that Google Voice app on iPhone did something weird in a recent call. I hadn't been using it very much at all, and about a month ago I got a notice from Google saying, Use it or lose it. Ok. So I use it and the suggestion thing threw me for a loop.
On my phone's 120 mm screen, if you switch to the keypad, but before you type a number, the top of the screen says "Suggestions". But I didn't see that. I'm looking back and forth between a phone number in an email signature and the on screen keypad. Once you start typing the number, "Suggestions" goes away. So I finish typing and look up to see the name of a personal contact (never called from Google Voice, btw). I had to type the number again I was so confused.
I was thinking, that's what you get for free IP phone number and free app. Now I read the OP and think, now my iPhone is going to start acting like crap too?
Funny to think it, but I wonder if these Gov peeps are using the free versions or if they pay for these services?
The higher level story here is that the US government is simply unable to build software. You’ll notice that over the last 10 years there have been classified records scandals from politicians of both parties: it’s because the US government doesn’t have any communications tools even 1% as usable as anything from the iOS App Store.
The problem isn't in making "bad" software. The government has very specific requirements for communication related to security and preservation/documentation. They need communication tools that run off the public internet and maintain a detailed record of every message sent.
The problem today is that some (many?) politicians either don't understand or agree with those goals and pick more convenient tools that they may have been used to as a civilian.
why would this be the higher level story? The US government doesn't build guns either, but they're capable of buying the appropriate one from the market.
There are more than enough enterprise chats out there with security levels ranging from "good enough if you trust a major US corp" (Teams DoD) to "complete paranoia" (finance communication apps with on-premise encryption/decryption modules plugged into your HSM)
The higher level story is that the administration deliberately used an app that circumvents records laws, lied about it under oath, and then did not take any accountability whatsoever for their actions. "Carelessness is contagious"
When you design a feature for a business app, it has to be immculate, brain dead easy to use, and be explained 9 times in 3 different training seminars before anyone will figure it out.
Meanwhile, if the new hit filter on TikTok was buried under a hidden search, with a feature toggle, consent form and rotating secret password, end users would figure it out in 5 minutes.
Not merely imbeciles but imbeciles enacting a plan to own power and obliterate everything except for elite right wing extremists. This includes obliterating the non-white Trumper imbeciles and lower socioeconomic imbecile Trunpers who have not even the slightest clue that they're just servile tools.
I have been reading spy thrillers recently and my pet toy theory was that this was an attempt to unmask a mole. Leak information and see who publishes it.
Politicians regularly intentionally leak information they want leaked, and politicians also encounter leaks that they don't want leaked. Perhaps Goldberg did the only thing he could - he identified the trap.
For one thing, as far as I know, the iphone doesn’t attach phone numbers to contacts automatically, it just asks. The article claims the iphone did it, but I think Waltz must have.
Also, this why you don’t use a random group chat app for national security conversations. Your general app is designed for engagement which includes building out the social network. Of course it’s going to err on the side of inclusion, when here you want to err on the side of exclusion.
For national security, contact info would be vetted, verified, and strictly up-to-date. There would be multiple guards that would prevent a thoughtless tap months earlier from leading to the wrong person being given national security information.
It sure is frightening that these bozos are in charge of things that have high stakes.
It was Hegseth, not Waltz, that suddenly started dropping classified operations details (without promoting) into a group chat that was just set up for the purpose of planning for a future meeting. He's the one who really fucked up here.
Hegseth's messages were the worst but not the only ones. E.g., Waltz goes on to share details of targets hit.
And no one ever says, "Don't share operational details in this chat," either before Hegseth's details message or after. It's perfectly clear that was normal and expected.
The chat starts with pulling together the group, continues with high-level agreement to proceed, then the details start dropping... You know... exactly the way work-related chats go. I've had innumerable work chats like this.
Hegseth's own severe incompetence doesn't somehow absolve Waltz of his. I used "bozo" in the plural for a reason.
You don't have to carry water for these idiots. They may nominally be on your "side", but they aren't holding up their end of it. They are making huge mistakes which have real consequences for us all. Time to start calling them out on it, not trying to defend them with technicalities, false dichotomies, and misdirection.
It seems reasonably likely they were using signal to avoid records keeping requirements and public scrutiny. If you found a group of employees using signal with disappearing messages to talk about work outside of your normal work chat (slack etc.) you'd be pretty suspicious, let alone if they were working in public office!
Yes. This is as bad or worse than Clinton's email servers. It deserves to be talked about at least as long and investigated at least as thoroughly. Which in the case of Clinton involved bringing it up for nearly a decade, an FBI investigation, an Inspector General's report on the FBI's and DOJ's handling of the case and a three year State Department investigation. It's only fair to apply the same standard here
By all means, bring up something vaguely similar from ten years ago to somehow justify the idiotic and criminal actions of the current batch of clowns. Why can't people just say "this is bad and they deserve to be punished"?
Also if you then saw colleagues discussing company secrets or legally privileged information on a group chat, the onus is on everyone in the chat to call that out as wrong.
Should be, but the US is run by cults of personality where they defer to people they see as their superiors - that is, "if Hegseth does it, it's ok, right?"
>the onus is on everyone in the chat to call that out as wrong
that would be in a group of even minimally qualified professionals, not the clowns who got their jobs on a whim of the bigger clown. You know the monkey with a nuclear bomb. I hope we wouldn't see how they handle the real bomb, and for now just the tariffs have like an extremely large nuke just wiped $10T+, and it isn't "just stock market", it is large complicated efficient logistics chains and trade relations that were built over years and were powering this civilization. To compare, the damage from the Ukraine war - you'd need several tens of nukes to produce such damage - is just around a "meager" $1T.
From what I've gathered, Signal use was prolific among people in this administration and the past one.
I'm not surprised. My own company sends out several emails that Whatsapp can't be used as it's not secure, yet I get Whatsapp messages from leadership I work with constantly.
People ignore directives all the time. Usually out of convenience.
People have even called it out in a Whatsapp chat "hey guys, we're not supposed to use Whatsapp" and people usually ignore it.
A very friend of mine was going through a nasty divorce. Although we weren't talking about the divorce/case he set our messages on auto-delete. Apparently his (now, ex-wife) had SMS and WhatsApp messages in court to be used for her cased.
Any 'loving message' to her from the early days ("you are so perfect") and any 'nasty message' to others ("oh that bitch!!") sent to anyone was presented in court. So for caution he auto-deleted even the messages that were innocuous, just in case it could be used against him "oh he wanted to spend money for a new phone/laptop, thus he has money, thus I will take it"
The parent poster is right though, signal is permitted and encouraged for any discussion that would’ve happened over SMS, the issues are somebody dropping details into a channel meant for planning a meeting, as well as somebody accidentally adding somebody that should not have been there.
I don’t like Waltz but I think this is the better take that has no really taken hold well in the media. Why was Hegseth posting information that should be in a need to know basis and to folks that have no benefit know before hand. This is the primary issue and I believe a disqualification for being SECDEF. Others would get immediately fired and a healthy chance of being prosecuted.
The other issue is having this chat outside of formal means. I am not as well educated but having civilians that serve at the pleasure of the president I would assume must follow some rules around formal and recorded communications.
Hegseth's primary qualification for being the Secretary of Defense is being a yes-man who owes the administration for his job.
It's not surprising that given a choice between {serving the needs of the military} and {serving the needs of the administration}, he defaulted to the latter.
(I assume/will try to interpret as...) Meaning that the role has some rules (written and unwritten). I can gossip about what went wrong at work today when out drinking with friends without breaking any laws/contracts, or I can just shut up and not gossip/brag that "today we killed 100 people", especially when celebrating the death of people.
I thought his primary qualification for being the secretary of defence was:
——
Being a Major in the Minnesota Army National Guard.
And the following Overseas deployments:
- Guantanamo Bay (2004-2005): He served as a second lieutenant with a security platoon, guarding detainees.
- Iraq (2005-2006): He deployed with the 3rd Brigade of the 101st Airborne Division, serving as an infantry platoon leader in Baghdad and later as a civil-military operations officer in Samarra.
- Afghanistan (2011-2012): He served as a captain and senior counterinsurgency instructor at the Counterinsurgency Training Center in Kabul.
Awards
Hegseth earned two Bronze Star Medals for his service in Iraq and Afghanistan, as well as a Combat Infantryman Badge, which recognizes soldiers who have directly engaged in ground combat. He also received two Army Commendation Medals and the National Defense Service Medal with Bronze Service Star, along with Expert Infantryman and Combat Infantryman badges.
His military career spanned from 2002 to 2021, including active duty and time in the Individual Ready Reserve.
In addition to his military service, Hegseth holds a Bachelor of Arts in Politics from Princeton University and a Master of Public Policy from Harvard University’s John F. Kennedy School of Government, which complement his practical experience with academic credentials relevant to leadership and policy.
———-
You can argue he’s good at the job or bad at the job.
I would have no issue if you said he was completely incompetent.
But saying that hs a ‘primary qualification is being a yes man’ is a ridiculous laughable argument.
A decent military record is table stakes, if he did not have a reasonable military record at all he would not have the position - so that’s his primary qualification. People that were close to the administration that didn’t have a military record would not have been eligible for the job.
Not you, but many others were arguing at the time that his primary qualification was ‘being a Fox News anchor’, which is infuriating. It’s not - it’s his military service. There are many people that are Fox News anchors, none of them were eligible for the job because they do not have a military record.
I have no argument with claiming he won the job because of his connections.
It's actually not table stakes nor a matter of eligibility. We've had several SecDefs, all dramatically more competent than Hegseth, who did not have any military experience.
William J. Perry (94-97, 2+5yr Army)
William Cohen (97-01)
Robert Gates (06-11, 2yr AF)
Leon Panetta (11-13, 2yr Army)
Chuck Hagel (13-15, 1yr Army)*
Ash Carter (15-17)
* To be fair, Hagel's year was volunteering to be drafted and sent to Vietnam as an infantry squad leader
> We've had several SecDefs, all dramatically more competent than Hegseth, who did not have any military experience.
Who do you have in mind? Carter, Cohen, and Cheney were the only confirmed secretaries from the past 40 years who fit "no military experience".
There are a handful of recent secretaries with < 5 years of military experience who did not even reach the rank of Captain (e.g. Rumsfeld, Robert Gates, Panetta, Perry).
To be clear: I agree with you that military experience is not really a qualification for the job, unless the individual has achieved high enough rank (i.e. General) to be involved in strategic planning. And certainly most secretaries of defense don't have that (Austin and Mattis are quite rare on that front, doubly so because they needed congressional waivers to serve in the position while still being active-duty military).
If I was on Slack at work and someone tried sharing secrets I would immediately say hey, we have protocols for this. Now we have to rotate keys. Please follow the protocols. Let’s walk you through it if you don’t remember. Etc.
And those are just API keys or similar data. We take it seriously because 1. It actually matters and 2. The habit will save your ass when it counts. Make it a habit
These guys have not made security a habit. It doesn’t actually matter to these guys. That’s scary. This is so much more than access to my org’s AWS services.
There is something bigger at play when so many people make mistakes all at once. Considering the seriousness of the topic, wasn't there any sort of protocol or monitoring system that would alert them that the information is too privileged for that medium? I have seen ordinary institutions behave more sensibly. I don't have any experience in national security matters. But even as a tech professional, I would expect at least one dedicated official to be watching the channel for compliance. How does such an experienced institution make such fundamental mistakes?
> But even as a tech professional, I would expect at least one dedicated official to be watching the channel for compliance.
The group already had the supposed who's who of dedicated security professionals .. as appointed by Trump admin, of course.
Vice President JD Vance, senior White House staff, three Cabinet secretaries, and the directors of two Intelligence Community agencies.
Oh, and Marco Rubio .. the actual "acting archivist of the United States" responsible for ensuring that such conversation chains are preserved for posterity and not auto discarded on Signal.
I don’t disagree, but I think GP means someone who is not a political appointee, like the non-partisan national security officers whose role is basically exactly what GP discussed. I don’t know if it’s usual for NSC officers to be included in these kinds of chats that are ostensibly just for coordinating secure meetings between principals though - maybe it should be
Sure, the equivilant of a professional court reporter with a standards enforcing role ... but that was never ever going to be a thing on a non SCIF casual signal group setup to gossip and swap fire emoji's outside of the official chain of defence command ...
Hegseth's posts were the most egregious, but there was a lot of sensitive information that could have been inferred from the rest of it -- basically that the U.S. was planning some sort of attack against the Houthis, they debated whether to do it or not and chose to go ahead, and the approximate timing of the attack is implied by the timing of meetings and decision windows.
None of them seemed at all surprised though, and a bunch of them responded positively. The group didn’t act like the chat was just for setting up a meeting.
It’s an interesting point, but are they even allowed to communicate on these devices with this app? I feel that has to be a question with an answer and i would assume it’s no?
Yes they are, but explicitly not for non-public DoD information. It's for stuff like "hey get to a SCIF so we can talk" and otherwise replacing what you'd normally use SMS for.
They wanted to send a message to the recipients without going through an official channels. What is a better way than adding a journalist to the "secret" group to "leak" it?
“… after he mistakenly saved his number months before under the contact of someone else he intended to add.”
This is precisely why the government has its own very inconvenient devices and network, which cannot possibly fall victim to the same completely understandable human error. Had the team been using secure devices on the secure network, no journalist would ever have been accidentally added to the chat.
That these people are in charge of national security is beyond ridiculous. It speaks volumes about the unprecedented political setup we find ourselves in that such frankly inexperienced and naive people are in charge after Senate confirmations that were intended to protect us all from such a mistake.
When not being a Florida politician, Mike Waltz has had this role since the early 2000s (for Cheney) and believes contact fields “get sucked” through invisible series of tubes. He’s never seen a Senate confirmation and I bet never will.
There's absolutely a secure system that crosses agencies - they even refer to it in the Signal chat (see the comment about sending details to your "high side inboxes"). But you can't use that system on your personal phone, and it doesn't let you avoid record-keeping requirements by setting messages to auto-delete.
The US has been perfectly capable of executing complicated military operations for decades prior without needing to use Signal to coordinate messaging amongst heads of staff.
These people *WERE* military personnel and there is no way they haven't been repeatedly exposed to proper procedures for information handling. They absolutely should know better and deserve to face consequences for this sort of incompetence.
Mike Walz is a Special Forces officer and only retired as a Colonel from the National Guard to take his position as National Security Advisor.
Tulsi Gabbard is still a Lieutenant Colonel in the National Guard.
Pete Hegseth was a Major in the National Guard, ending his service in 2021.
JD Vance is probably the most junior of the veterans, leaving the Marine Corps as a Corporal in 2007.
Actually more capable up until now, this is naturally an historic low, completely reflecting the integrity of the Commander-in-Chief, or lack thereof, by comparison.
This is blatantly incorrect though. The NSA actually set up the DMCC phone system specifically for this purpose. They are phones with 100% of the infrastructure already set up for communicating classified or sensitive information even while abroad and they are hardened enough that they are generally considered unclassified when powered down. They come in a DMCC-S (secret) and DMCC-TS (top secret) flavor. Any somewhat senior member at any agency or department that regularly interacts with classified information could request one of these devices. They provide cross agency encrypted call, text, and other capabilities at all security levels.
"From the group of 30,000 e-mails returned to the State Department, 110 e-mails in 52 e-mail chains have been determined by the owning agency to contain classified information at the time they were sent or received."
Nothing in my comment implies that what Clinton did was any more lawful. But since you raised the point, I’ll just note that it is quite interesting that Clinton’s circumstance was thoroughly investigated by the FBI, whereas in the Signal debacle, it seems Trump’s administration is going to let it go.
"because the White House had authorized the use of Signal, largely because there is no alternative platform to text in real time across different agencies, two people familiar with the matter said.
Previous administrations, including the Biden White House, did not develop an alternative platform to Signal, one of the people said."
Is that true? There is no alternative platform to text in real time across different agencies? And nobody had a problem with that?
Most of the Generals and Colonels I've worked with use government-issued smartphones with access to their government Outlook account, and send encrypted group emails back and forth that way.
The information that Hegseth shared shouldn't have been shared regardless of whether the app was secure, and regardless of whether Jeff was there. Nobody in that chat needed to know those details, he was just showing off like the insecure dilletante he is.
If you're the new Secretary of Defense and you've never held a rank anywhere near a military General, you need to spend about 12 hours a day 7 days a week, with real active Generals for a lot longer than this before making any bold moves.
The Secretary of Defense is a civilian position intended to be independent of the active-duty leadership so as to prevent coups. In practice, many prior SecDef’s had to get waivers to serve.
How does that prevent coups? Like the reason a military coup works is because the military has a shitload of weapons. How does having the secretary of defense not able to be in on a military coup prevent a military coup?
At that point they’re bringing an org chart to a gun fight.
This thread is misunderstanding the job of Secretary of Defense. They aren't interns learning from the generals how to lead an army or plan logistics. They're project managers who ensure the generals are aligned with the President's goals.
I would say that they oversee the Pentagon and ensure that the military stays in civilian control. In the past, theories from war games percolate through the Joint Chiefs, who meet with SECDEF before presenting options to the President.
I was surprised Hegseth even desired a side channel that had the potential downside that he could accidentally text the coordinates of a carrier. Stuff like that gets Generals relieved immediately.
Equally bewildered as there is no real upside to this and the other folks on the line dont have any purpose of knowing prestrike information.
I am not as educated in these manners but this type of information seems to be of the type you don’t text on commercial applications and would be on a need to know basis. Maybe you can communicate the idea that something is planned to happen but not timelines of the specific assets.
The National Security Advisor and Vice President shouldn't know when and how an attack is happening? That's ridiculous. They were literally debatng whether to do it, of course they need to know. Beyond that, the people in the White House need to prepare messaging, position the president.
This is a great explanation for why they should be keeping these conversations on systems that are designed for handling classified information and have controls to prevent adding a random person to the conversation.
I think the easy answer is that current systems are subject to FOIA and they are doing their best to avoid FOIA because whatever they are doing is very illegal.
It would not have to be illegal, much less very illegal for them to want to keep their discussions away from public scrutiny. It is unacceptable even for mundane official discussions.
I have often observed government officials carrying two phones and using both of them in the same meeting.
When working, one should primarily be on only one of those devices. I have observed government officials using both concurrently to escape some conversations being subpoenaed.
I'm completely unfamiliar with what systems exist, but here's what the article states:
> the White House had authorized the use of Signal, largely because there is no alternative platform to text in real time across different agencies, two people familiar with the matter said.
> Previous administrations, including the Biden White House, did not develop an alternative platform to Signal, one of the people said.
Are you saying these sources are dissembling? Wouldn't surprise me at this point, but just making sure I understand what you're saying.
The systems exist are in the form of "you go into a secure room with specially-networked computers and do your sensitive comms there." These are secure not only because of the use of strong encryption (which Signal does) but also because of the restricted access (which Signal doesn't). You can't accidentally add a journalist on these secure systems for the simple reason that the US government doesn't give accounts or physical access to randos (which Signal effectively does).
Thanks for clarifying! Certainly seems like dissembling to me. Wish news organizations actually did the due diligence and reported these kinds of details.
I mean, if the devices exist, I'm skeptical its that hard to just give them to whomever you want to use them and give them all DoD accounts or whatever. The people involved being in different agencies seems like a dodge.
> White House had authorized the use of Signal, largely because there is no alternative platform to text in real time across different agencies, two people familiar with the matter said.
All of these guys have SCIFs at their homes and offices, and if they're traveling they have access to a SCIF. They can absolutely get secure messages across agencies in real time - Waltz even says this in the group chat when he tells them to check their "high side inboxes". They just can't get them as texts to their personal phones - for very good reason. It's a more inconvenient system by design.
What these guys are arguing is that there's a case for using Signal for something like what Waltz was initially doing - telling people to check a more secure system and asking them to name a point person. But of course the risk is that a) even that information is extremely useful to an adversary; b) once the more convenient system exists, you're relying on people to carefully adhere to the rules about what should go on it, and guys like Hegseth are morons who don't feel like they need to follow the rules.
"Look, forget the myths the media's created about the White House--the truth is, these are not very bright guys, and things got out of hand." --from All the President's Men
That was over 50 years ago, and now no one over a 90 IQ thinks these guys are bright.
Good point. On the Daily podcast (NYT) Goldberg was asked what was in the chat after the strikes. He said a plenty of different emojis. Goldberg's reaction was also interesting, he thought at the moment that every workplace is the same. Personally I'd expect some serious mood and attitude when there are so much at stake including people lives, but humans are humans
It is comparable but not similar. Clinton had a private server for handling diplomatic emails. The vast majority of traffic was unclassified, the classified material was later deemed to be improperly marked (except three documents iirc).
This case is a single incident (that we are aware of) where a clearance holder manually bypassed security and tracking by transcribing attack plans to a commercial chat platform.
Hillary also had her phones destroyed (by hammer) so that those messages couldn't be saved for the record, much like Signal was set to destroy messages so they couldn't be saved.
"But Trump decided against firing him in large part because he did not want the Atlantic and the news media more broadly to have the satisfaction of forcing the ouster of a top cabinet official weeks into his second term."
That's about Michael Waltz. The decision is based not on whether Waltz revealed classified info, but about appearances. Seems dangerous to make decisions this way.
An alternative interpretation is simply "I don't care": So top secret info leaked; don't do it again. You're doin' a heck of a job.
If it does happen again... honestly, would the rationale be different?
Sure, they'd have a conniption if it had happened under Biden. But that would be purely about harassing Biden rather than a serious consideration of national security.
The difference is that the media would pick up the conniption fit, and ask questions endlessly. Here, we see a shrug and a decision to not follow up. The acceptance of sorry opsec practices is baked into the coverage
It's sometimes called "sanewashing". There has been so much overwhelming incompetence that it has become the dog-bites-man story. Even otherwise competent news media can't figure out how to say "this is just plain criminal".
With all due respect, that's an aggressive assumption. "The media, after 4 years of Trump, can't figure out what to write", seems less likely than "media's editors and owners like Trump and want him to make sense and succeed".
They said Waltz had been "cleared of wrongdoing" and yet
> Donald Trump’s national security adviser Mike Waltz included a journalist in the Signal group chat about plans for US strikes in Yemen after he mistakenly saved his number months before under the contact of someone else he intended to add, according to three people briefed on the matter.
What about the 'wrongdoing' associated with using a messaging system that keeps no records. The president doesn't have the authority to over-ride this lawful requirement.
There is no accountability for this administration. It's funny watching all the anti-DEI folks talk about meritocracy because the only qualification you need to be in the Trump administration is undying loyalty. Ethics don't matter and neither does ability. Just be loyal.
> Waltz also appears to have also engendered some sympathy from inside Trump’s orbit over the group chat because the White House had authorized the use of Signal, largely because there is no alternative platform to text in real time across different agencies, two people familiar with the matter said.
- No alternative platform: Presumably on purpose. If it were a good security practice to text this type of information in real time across existential-level national-security agencies by using multiple private vendors (e.g., Apple, Signal, AT&T, Verizon, …), I'll go out on a limb to guess that the government would have implemented that idea before 2025.
It's not on purpose, it's a lack of IT coordination and has been a long-standing issue in the government. As an example, until about 2010-2012, nearly every US military base hosted its own email server and employees (military, civilian, contractor) received an email address like first.last@base.af.mil (replace af with another branch as appropriate). Now it'll be first.last@us.af.mil.
They consolidated each branch's email and other comm systems over a number of years with good and bad results. Cross-branch communication could still be improved, but it's much better than it used to be. Cross department and agency communication is still broken. And the only purpose is so they can retain control of their fiefdoms.
That's the fun part. They did. DISA and the NSA have had the DMCC-TS (and DMCC-S) phones available across basically every agency or department for years now. They come already provisioned with Cellcrypt for messaging and phone calls as well as email access.
These are the standard communication device for senior members of the US government who are working regularly with classified information.
You can build the most secure app and install it on the most secure hardware, but if people simply instead use their private phone to chat with other people on their private phone using a random app from the App Store, then it just doesn't matter.
You can then write as many rules as you like about how you're not allowed to that, but if you don't follow up and enforce those rules then people will keep doing it. Bottom line, no one cares about security enough to compromise convenience, and unless you start to literally throw people in jail they never will.
I suggest getting to ground on how OPSEC works (or doesn’t) for the White House, NSC, and others. To what degree are various intel agencies proactively versus retroactively involved? This is probably very complicated. Common sense guesses or understandings are unlikely to reflect reality. My guess is that proactive OPSEC for private phones is patchy at best.
For anyone who studies this in detail, I suggest passing the information to credible investigative journalists exclusively. This may be a dumpster fire. (If not exclusively, then on embargo.)
The initial message from Hughes to Waltz happened during the campaign, so neither was a government official and they were both using their personal phones. The problem is that they continued to use their personal phones after they became government officials.
There's a limit to what security officials can do when top-level people are deliberately circumventing the controls.
The point of the article is that he accidentally updated his contact on his personal phone (from the campaign, when he was not a government official and did not have a government-issued phone) with the wrong number because he clicked on an iOS suggested contact update generated by receiving a text message. Then, he imported that contact into Signal and then added it to the group chat.
So there are three explanations:
1. Everything happened on his personal phone
2. He was logged into Signal on his personal phone to update the contact, and was also logged into the same Signal account on his government-issued phone. He imported the contact on his personal phone and then added it to the chat on his government-issued phone. From an infosec standpoint, this is not much better than #1 because he still has an unsecured device logged into the same Signal account that he's using for secure comms.
3. He was only logged into Signal on his government-issued phone and then manually copied the number into his government phone from his personal phone, not noticing that it was the wrong number. For anyone who has worked with users, this doesn't seem realistic. These guys have huge numbers of contacts, are very busy, and they do the most convenient thing possible for them. They do not sit around for hours copying information from one phone to another.
Let's assume that Waltz only used Signal from his government-issued phone and manually copied the number from his personal phone. He thought that the number he was copying was from Hughes' personal phone - it was in his personal contacts and he had been using it before either of them were in government. So even if Waltz himself was using a government-issued phone, which seems unlikely, he was simultaneously assuming that his subordinate was using a personal phone.
Even if you take the most generous interpretations you end up with the conclusion that NSC personnel were routinely using personal devices and accounts for secure comms.
The whole point of the Senate testimony from the DNI was that Signal was an approved application that comes pre installed on Government issued devices - and yes indeed, for secure comms.
Even Teams flags external participants to a chat. How was a phone number not known to be within the government perimeter allowed to be added with no alarm to a chat thread in an app pre installed and approved by the agency ?
There are more questions than answers here and its clearly suspicious to say the least that a prominent threat vector such as a mistaken phone number could go unnoticed and not trip a single flag. We're not talking about compromised sim cards or anything, a simple fat finger could expose a secure messaging app thread to an external participant and this is approved by the department for years? How many "Mistakes" over the years have gone unreported ?
Waltz or anyone on that thread isn't responsible for IT, so who ultimately didn't secure this vector?
You're making an assumption that the professional career civil servants are in charge. The whole theme of this administration is that they are dismantling the administrative state and the civil service. The political echelon has made it extremely clear that if they want something, the civil service cannot stop them from getting it, regardless of tradition or legality. So when DOGE says they want probationary employees fired, but the law says that probationary employees can only be fired for performance or conduct reasons, then OPM directs the agencies to fire probationary employees for performance, and the agency carries out that directive. Does it matter that nobody has actually assessed the performance of these employees? Or that OPM has no authority to direct an agency to fire anyone? No. You see this pattern again and again - agencies giving DOGE root access to systems, the administration ignoring statutes that say they have to notify congress or provide a reason before firing someone, etc. Dismantling agencies despite statutes that explicitly state that only Congress can do that.
There are absolutely no institutional guardrails. If Mike Waltz says he wants to put his personal contacts into Signal, nobody is going to stop him from doing that because they know from numerous examples that the administration does not care about laws or civil service protections an is happy to fire anyone who stands in their way.
How does the Guardian have such intimate details of a forensic investigation at the White House level and in the same breath claim that unauthorized access to non public information is a threat to national security ?
It makes no sense for the media on one side of the political spectrum to claim the right to unfettered access to secrets.
So the Guardian getting access to internal White House deliberations and a FORENSIC INVESTIGATION, is not cause for concern but everything that people you don’t like , is, apparently.
This is precisely why the political divide is impossible to bridge. Everything I said indicates seriousness about classified information or even simply unauthorized access to information in such a cavalier manner that it’s published in the Guardian. Somehow, calling it out is more problematic than achieving a political end.
No, you are not differentiating between information that is classified and information that is merely non-public.
This is a difference in law, there is a difference in duty of care (although even then, the Trump administration is responsible in both cases), and an enormous in impact (mission failure vs Trump embarrassment).
The DNI has officially declared that no classified information was in the signal thread. The whole thread is public now.
The information about a sensitive investigation, clearly not meant for anyone outside the White House seems to be available freely to the Guardian. How come? Where is the line if any?
Yes, and if you make a "human error" that is really, really bad then you should be fired.
I mean, Jesus Christ when I was 16 and working at a Dairy Queen I saw people get fired for their drawer coming up a dollar short. Why are we holding fast food cashiers to a higher standard than our top government officials? Does that legitimately sound okay to anyone?
It's interesting and funny from a tech perspective that auto-suggestions on iPhone got him.
It's also proof that 1) security processes are important for a reason and 2) don't discuss information you don't want getting out on a consumer device (or really on any internet connected device) and 3) these guys' plan of using signal to avoid record keeping was foolish and stupid, more than just because of their silly fear that Democrats would release their records (that would require Democrats growing a spine).
Sub headline in the link says investigation "cleared" Waltz. When of course, what actually happened is that the investigation showed how extremely reckless negligent and careless Waltz was. I wish the guardian was more explicit about how nonsense this government propaganda is about this incident.
How about that nobody else questioned who the new guy was?
You don't keep your job under this administration by sticking your head out.
He was one of many initials present at the beginning of the chat, no?
No. To the others he would have appeared as a random number.
He would appear as whatever he set his profile name to.
He was “cleared” of what mattered to Trump, being disloyal.
[flagged]
> "The U.S. Cybersecurity and Infrastructure Security Agency, or CISA, has recommended that “highly valued targets” — senior officials who handle sensitive information — use encryption apps [like Signal] for confidential communications. Those communications are not typically releasable under public record laws."
The same memo where they made that recommendation also said: "Unmanaged 'messaging apps,' including any app with a chat feature, regardless of the primary function, are NOT authorized to access, transmit, process non-public DoD information. This includes but is not limited to messaging, gaming, and social media apps. (i.e., iMessage, WhatsApps, Signal). "
Even after that, they were again explicitly warned not to use Signal for anything sensitive:
https://www.cbsnews.com/news/nsa-signal-app-vulnerabilities-...
You are taking this recommendation completely out of context. This is a recommendation for confidential communications, not releasable under public record laws.
But neither of those applies for the Signal chat in question. That was not confidential communication, it was top secret active military data. And, like any other military-related decision, it was very much in the category of information that must be recorded and was going to eventually be releasable under public record laws, as soon as its confidential nature expired, 50+ years from now most likely.
In the way a pilot might misclick one time on a popup and crash a plane, yes. Except that never happens, because pilots know better than to use systems where a single misclick can mean a crash, which is much more than we can say about the top tiers of the US government.
Let's not condemn the top tiers of the US government based on the top tiers of the current administration.
Eastern Air Lines flight 401 crashed because the pilot accidentally changed the autopilot setting while diagnosing a separate problem.
Of course, the more fundamental reason was that he wasn't looking at where the aeroplane was going, not even periodically.
And as a result, "crew resource training" is now mandatory for pilots, to try and prevent it happening again in the future.
Doesn't know how the phone works -- careless.
Clicks the button without knowing what impact it will have on a device he uses for national security communication -- reckless.
Uses a personal device -- careless and reckless.
Again: war plans should be on high side systems NOT Signal.
The main reason that government software is supposed to be used instead of signal is not that signal does not have good e2ee. It is to avoid fuck ups like adding a random, non-government person to a classified chat. An interface proper for this use would not allow such things to happen because one made a wrong click somewhere.
Man, the amount of people who will carry water for this admin astonishes me.
You couldn't even be bothered to read the sources you're quoting.
> That doesn't sound "extremely reckless negligent and careless". It sounds like he misclicked one time on an unexpected popup.
hwut? We're not talking about accidently texting your ex-girlfriend though I know people like you need to rely on false equivocations to sanewash the garbage.
I'm not sure if I understood the details from the article, but there was also a previous mistake where Waltz added Goldberg's number as a contact number for Hughes. This was just iPhone doing its thing and syncing contacts I guess?
> Sub headline in the link says investigation "cleared" Waltz. When of course, what actually happened is that the investigation showed how extremely reckless negligent and careless Waltz was.
That sounds like cleared to the standards expected of politicians.
No, this is not the standard expected of politicians. This is an unusual — probably even unprecedented — level of recklessness and carelessness for a National Security Advisor. We can expect the person advising the President on national security not to accidentally leak classified information to a journalist via an unsecured communication channel. That expectation is routinely complied with.
> the investigation showed how extremely reckless negligent and careless Waltz was
This is just a case where there's an individual to blame. We're looking back at at least eighty years of negligence and recklessness. Basically every conflict we've been in indicates clearly we don't have the competence nor the honesty that a reasonable human would find sufficient to manage such a destructive entity.
Surely the real question is why they were using Signal, rather than a secure government network?
Can't follow FOIA requests if there is no record of the conversation existing
I doubt FOIA is even a concern considering this is classified information. I think they're more worried about investigations by a future DOJ or by a future Congress since they can look at this information (if it's not deleted, that is)
FOIA requests can be made against formerly-classified information. But it's beside the point; any(?) non-classified information/communiques in government are subject to FOIA. Plenty of non-classified info in that chat and the ones we still aren't privy to.
Because a secure government messaging platform doesn’t exist. The DoD is horrible at buying modern software.
Still not an excuse, because the people with the power to fix it are using Signal instead.
You can joke about Microsoft Teams not being a real messaging platform, but running it on a network that's physically separated from the Internet is quite effective at keeping random journalists out of your chat groups.
But how do you connect to this network from a mobile phone, for example, when playing golf?
Reminds me of how the British government runs on WhatsApp.
Lack of oversight, too much power, failing checks and balances.
It's not unique either; the former prime minister of the Netherlands, Rutte, insists on using a Nokia phone and plain text messages, refusing to divulge what is in those messages and deleting them as there's limited space, thus not adhering to any archival requirements.
Plaintext SMS in the year of our lord 2025. People will do literally anything other than following the fucking law and recording their correspondence.
My guess that the actual secure government messaging services are a pain to use vs. Signal that's on your phone in your pocket, and these people don't really value security over their own convenience. They did share some of the details over actual secure systems ("you should have a statement of conclusions with taskings per the Presidents guidance this morning in your high side inboxes"), but I guess when the attacks were starting, it was easier to just blast them on Signal.
Because now _this_ party is in power and controls the systems and information, but in 4/8/12 years _that_ party will be in power and a good-willing-mistake-making-bureaucrat may leak these 'by accident/mistake/etc' if they are properly recorded on a gov-controlled system.
But the auto-delete-after-1-week messages from Signal would never be recovered (unless someone is logging all that data and in the future will be able to crack it).
> According to the White House, the number was erroneously saved during a “contact suggestion update” by Waltz’s iPhone, which one person described as the function where an iPhone algorithm adds a previously unknown number to an existing contact that it detects may be related.
Politics aside, these auto-suggestions are a landmine in business contexts and should be disabled by IT where possible. Sometimes I'll be sending emails including both my client and internal team and the lawyers for the other side. The phone will decade that these email addresses are related in some way. So next time I want to send an internal strategy email to my client and the team, the app will helpfully suggest copying opposing counsel. Not great.
> According to the White House, the number was erroneously saved during a “contact suggestion update” by Waltz’s iPhone, which one person described as the function where an iPhone algorithm adds a previously unknown number to an existing contact that it detects may be related.
It's interesting that this was the cause. I'm sure we all have our own stories of how UI/UX niggles (regardless of platform or app) have led to unintended behavior.
While I understand automatic suggestions can be helpful at times, when the UX doesn't clearly identify the cues that lead to the suggestion, with a way for a human to confirm it, this type of error is a likely result.
I have not followed the case too closely, but it seems like the timeline was roughly:
- deny anything wrong happened - Atlantic is a liar
- the leak might have happened, but nothing secret was shared
- ok fine, secret military information was shared
- here is an analysis that says it was the phone at fault, not human error
I have trouble believing anything except butt covering at play. When you are repeatedly caught lying, I do not immediately believe the latest story iteration, even if it is plausible.
I think the most accurate thing Trump has said so far in 47th Presidency was "everything's computer" about the Tesla dash.
Almost everything else out of his mouth, at least towards the media, has existed somewhere on the scale between 'large clump of BS wrapped around a tiny nugget of truth' and 'bald-faced lie'.
And when fairly obvious lies are repeated, the rest of what is said by himself and the rest of his administration retains the stink of the same taint.
> here is an analysis that says it was the phone at fault, not human error
> I have trouble believing anything except butt covering at play.
No, I did not cheat. We just happened to be hanging around without undergarments, and, you know, we had been eating bananas, and somehow some banana peel fell on the floor, and then I slipped, and grabbed the first thing I could hold on to, and that's how we both accidentally fell on the couch, and then the dog got excited and jumped on us to play, and that's how I unvoluntarily got jump-humped into this unfortunate event..
DARVO: Deny, Attack, Reverse Victim and Offender.
> iPhone algorithm adds a previously unknown number to an existing contact
They must have different iPhones to me, because mine doesn't do that. If I were cynical I would say they made this up.
It’s a real feature in first party apps (messages, mail, etc), but it’s not fully automatic. When it thinks that a number/address/etc is related to an existing contact, it’ll prompt the user to confirm or deny, and upon confirmation the info is added. Ultimately it’s up to the user.
I don't know when they added it to iOS, but my iPhone does this. I get a text from some new number and the message includes (e.g.) "Hey this is Tom." and a notice right in Messages says it "found" a contact that this may be and asks if I want to add the number to that contact. I could imagine having this happen correctly a few times in a row might make one trust that it knows what it's doing.
Absolutely, and it's generally OK to trust it.
I wouldn't trust it with my bank details though (i.e. while I might send bank details to my life partner, I definitely wouldn't send them to someone my iPhone thinks might be my partner). And I DEFINITELY wouldn't trust it with military operation details.
The iPhone contacts app is an absolute cluster of an app in terms of how it manages adding contacts (or allows other apps to add contacts).
Years ago I had my nicely arranges contacts in place, then added Gmail and it upload contacts so now they were all duplicated. Then when I dug into it, I realize you have have folders of different contacts, but depending on the view they are shown as combined.
Then add on top Gmail keeps asking me if I want to update someone's contacts from an email they sent me. I click yes, but it keeps coming up even though their contact info doesn't change (what?).
Then if I try to copy a message from iMessage, it will randomly assume a number is someone's phone number and ask me if I want to create a new contact (what?). If my fingers were fatter it would be easier to click "yes" and end up with a non-phone number added to some person's contacts.
I only trust the contacts that I add manually, everything else is suspect.
Could be one of those newfangled "AI" features.
It’s not new, been seeing this for years
Really? I think the text of the pop up is “new number found for CONTACT NAME. Add it to contact?”
But does it extract this information from a email where a different contact was included? That part sounds weird to me (but possible).
The article says an email including Goldberg’s signature block was copied and pasted into a text message from Hughes.
I read that. But it would still be Goldbergs signature block. So is apple so "dumb" to just take this number and assume it belongs to the email adress contact? To be confirmed with a single touch?
That would be weird to me.
It is for sure a terrible design for a top secret communications system.
For a consumer platform, it makes some sense, and the prompt is supposed to be “hey you might want to do this”, and the user can decide if it makes sense. I’ve used an iphone since they came out, have seen this prompt like twice, and got it right both times. But I’m not a national security advisor or anything so maybe it’s more clear to me.
[flagged]
> According to the White House, the number was erroneously saved during a “contact suggestion update” by Waltz’s iPhone, which one person described as the function where an iPhone algorithm adds a previously unknown number to an existing contact that it detects may be related.
I'm sorry, how is that knowable? Is there a log of iPhone users interactions that shows this?
Or is it the case that investigators pointed to the wrong number being saved in Waltz' phone and Waltz replied: "Oh, the only explanation is that I must have misclicked when my phone asked me to update my contacts."
Sure, but the use case of Signal isn't for secret communications, so the stakes of adding the wrong person should be a lot lower in normal use.
If it was intended as a secure communications platform for government use, they wouldn't be using phone numbers and an address book that can have incorrect information.
I did read Signal was being used in the military etc, but only as a notification system that they should check their actually secure communications thing.
> “…iPhone algorithm adds a previously unknown number…”
What?
They're lying. This is up there with "I was hacked" when getting caught replying to porn accounts.
Pants on fire just doesn't seem to cover it.
It's just that Google Voice app on iPhone did something weird in a recent call. I hadn't been using it very much at all, and about a month ago I got a notice from Google saying, Use it or lose it. Ok. So I use it and the suggestion thing threw me for a loop.
On my phone's 120 mm screen, if you switch to the keypad, but before you type a number, the top of the screen says "Suggestions". But I didn't see that. I'm looking back and forth between a phone number in an email signature and the on screen keypad. Once you start typing the number, "Suggestions" goes away. So I finish typing and look up to see the name of a personal contact (never called from Google Voice, btw). I had to type the number again I was so confused.
I was thinking, that's what you get for free IP phone number and free app. Now I read the OP and think, now my iPhone is going to start acting like crap too?
Funny to think it, but I wonder if these Gov peeps are using the free versions or if they pay for these services?
The higher level story here is that the US government is simply unable to build software. You’ll notice that over the last 10 years there have been classified records scandals from politicians of both parties: it’s because the US government doesn’t have any communications tools even 1% as usable as anything from the iOS App Store.
The problem isn't in making "bad" software. The government has very specific requirements for communication related to security and preservation/documentation. They need communication tools that run off the public internet and maintain a detailed record of every message sent.
The problem today is that some (many?) politicians either don't understand or agree with those goals and pick more convenient tools that they may have been used to as a civilian.
It's really no different than your company CEO storing confidential documents on their personal DropBox. It was the easiest place for them to put it.
They have such software, but you can’t simply delete messages
why would this be the higher level story? The US government doesn't build guns either, but they're capable of buying the appropriate one from the market.
There are more than enough enterprise chats out there with security levels ranging from "good enough if you trust a major US corp" (Teams DoD) to "complete paranoia" (finance communication apps with on-premise encryption/decryption modules plugged into your HSM)
The higher level story is that the administration deliberately used an app that circumvents records laws, lied about it under oath, and then did not take any accountability whatsoever for their actions. "Carelessness is contagious"
Usability is overrated, or human are spoiled.
End of day, you just need to communicate, most software, how ever outdated, should be sufficient.
It’s a user problem, blaming software is a distraction.
I describe this as the "The TikTok Paradox"
When you design a feature for a business app, it has to be immculate, brain dead easy to use, and be explained 9 times in 3 different training seminars before anyone will figure it out.
Meanwhile, if the new hit filter on TikTok was buried under a hidden search, with a feature toggle, consent form and rotating secret password, end users would figure it out in 5 minutes.
As you say, people are spoiled.
No, that’s not the higher level story here. The higher level story is that the US is currently led by irresponsible imbeciles.
Not merely imbeciles but imbeciles enacting a plan to own power and obliterate everything except for elite right wing extremists. This includes obliterating the non-white Trumper imbeciles and lower socioeconomic imbecile Trunpers who have not even the slightest clue that they're just servile tools.
The entire concept of using a mobile device to deal with state secrets is insane.
“Your scientists were so preoccupied with whether they could, they didn’t stop to think if they should.” - Dr. Ian Malcolm, Jurassic Park
Or Waltz has been leaking to Goldberg and every other journalist in his contacts and did it by accident.
I have been reading spy thrillers recently and my pet toy theory was that this was an attempt to unmask a mole. Leak information and see who publishes it.
Politicians regularly intentionally leak information they want leaked, and politicians also encounter leaks that they don't want leaked. Perhaps Goldberg did the only thing he could - he identified the trap.
I don’t see how this “clears” Waltz.
For one thing, as far as I know, the iphone doesn’t attach phone numbers to contacts automatically, it just asks. The article claims the iphone did it, but I think Waltz must have.
Also, this why you don’t use a random group chat app for national security conversations. Your general app is designed for engagement which includes building out the social network. Of course it’s going to err on the side of inclusion, when here you want to err on the side of exclusion.
For national security, contact info would be vetted, verified, and strictly up-to-date. There would be multiple guards that would prevent a thoughtless tap months earlier from leading to the wrong person being given national security information.
It sure is frightening that these bozos are in charge of things that have high stakes.
It was Hegseth, not Waltz, that suddenly started dropping classified operations details (without promoting) into a group chat that was just set up for the purpose of planning for a future meeting. He's the one who really fucked up here.
Hegseth's messages were the worst but not the only ones. E.g., Waltz goes on to share details of targets hit.
And no one ever says, "Don't share operational details in this chat," either before Hegseth's details message or after. It's perfectly clear that was normal and expected.
The chat starts with pulling together the group, continues with high-level agreement to proceed, then the details start dropping... You know... exactly the way work-related chats go. I've had innumerable work chats like this.
Hegseth's own severe incompetence doesn't somehow absolve Waltz of his. I used "bozo" in the plural for a reason.
You don't have to carry water for these idiots. They may nominally be on your "side", but they aren't holding up their end of it. They are making huge mistakes which have real consequences for us all. Time to start calling them out on it, not trying to defend them with technicalities, false dichotomies, and misdirection.
Among all the promoted opinions that are trying to muddy the waters on the subject to make them seem innocent, there shines a beam of truth:
>It's perfectly clear that was normal and expected.
Their lack of protocol, lack of humility, and just lying about everything shows how unfit they are for leadership.
It seems reasonably likely they were using signal to avoid records keeping requirements and public scrutiny. If you found a group of employees using signal with disappearing messages to talk about work outside of your normal work chat (slack etc.) you'd be pretty suspicious, let alone if they were working in public office!
Oh, absolutely, I try to remind people that even starting this group chat was criminal, because it's an attempt to break public records laws.
100%, we have public records requirements for a reason and that needs to be followed. I assume you take the same issue with private email servers.
Yes. This is as bad or worse than Clinton's email servers. It deserves to be talked about at least as long and investigated at least as thoroughly. Which in the case of Clinton involved bringing it up for nearly a decade, an FBI investigation, an Inspector General's report on the FBI's and DOJ's handling of the case and a three year State Department investigation. It's only fair to apply the same standard here
Absolutely. And it’s astounding that Waltz also uses private email for official business[1]
This is a problem and it needs to be stopped.
1. https://americanoversight.org/investigation/the-trump-admini...
By all means, bring up something vaguely similar from ten years ago to somehow justify the idiotic and criminal actions of the current batch of clowns. Why can't people just say "this is bad and they deserve to be punished"?
Also if you then saw colleagues discussing company secrets or legally privileged information on a group chat, the onus is on everyone in the chat to call that out as wrong.
Should be, but the US is run by cults of personality where they defer to people they see as their superiors - that is, "if Hegseth does it, it's ok, right?"
Most large companies monitor devices. You start GMailing source code to yourself, you get fired.
>the onus is on everyone in the chat to call that out as wrong
that would be in a group of even minimally qualified professionals, not the clowns who got their jobs on a whim of the bigger clown. You know the monkey with a nuclear bomb. I hope we wouldn't see how they handle the real bomb, and for now just the tariffs have like an extremely large nuke just wiped $10T+, and it isn't "just stock market", it is large complicated efficient logistics chains and trade relations that were built over years and were powering this civilization. To compare, the damage from the Ukraine war - you'd need several tens of nukes to produce such damage - is just around a "meager" $1T.
Nothing good comes out of keeping records so it is natural that people do not want to keep them.
Wait, what? Sarcasm or implicit “if you’re a criminal”?
For most people and companies record keeping is important and valuable.
It is sometimes legally mandatory, but in what context does a company ever look again at old slack chats or work sms?
From what I've gathered, Signal use was prolific among people in this administration and the past one.
I'm not surprised. My own company sends out several emails that Whatsapp can't be used as it's not secure, yet I get Whatsapp messages from leadership I work with constantly.
People ignore directives all the time. Usually out of convenience.
People have even called it out in a Whatsapp chat "hey guys, we're not supposed to use Whatsapp" and people usually ignore it.
A very friend of mine was going through a nasty divorce. Although we weren't talking about the divorce/case he set our messages on auto-delete. Apparently his (now, ex-wife) had SMS and WhatsApp messages in court to be used for her cased.
Any 'loving message' to her from the early days ("you are so perfect") and any 'nasty message' to others ("oh that bitch!!") sent to anyone was presented in court. So for caution he auto-deleted even the messages that were innocuous, just in case it could be used against him "oh he wanted to spend money for a new phone/laptop, thus he has money, thus I will take it"
The parent poster is right though, signal is permitted and encouraged for any discussion that would’ve happened over SMS, the issues are somebody dropping details into a channel meant for planning a meeting, as well as somebody accidentally adding somebody that should not have been there.
I don’t like Waltz but I think this is the better take that has no really taken hold well in the media. Why was Hegseth posting information that should be in a need to know basis and to folks that have no benefit know before hand. This is the primary issue and I believe a disqualification for being SECDEF. Others would get immediately fired and a healthy chance of being prosecuted.
The other issue is having this chat outside of formal means. I am not as well educated but having civilians that serve at the pleasure of the president I would assume must follow some rules around formal and recorded communications.
Hegseth's primary qualification for being the Secretary of Defense is being a yes-man who owes the administration for his job.
It's not surprising that given a choice between {serving the needs of the military} and {serving the needs of the administration}, he defaulted to the latter.
I agree with Hegseth not being qualified and everything, so +1 for the snark, but.. how was this "serving the needs of the administration"?
In this particular situation, Hegseth had two choices.
1. Limit what was shared in the Signal group to non-operational details and refer all involved to their secured systems.
2. Make it easier for everyone else and just post the details directly in the chat.
He chose the one that he thought would curry favor with other members of the administration.
(I assume/will try to interpret as...) Meaning that the role has some rules (written and unwritten). I can gossip about what went wrong at work today when out drinking with friends without breaking any laws/contracts, or I can just shut up and not gossip/brag that "today we killed 100 people", especially when celebrating the death of people.
I thought his primary qualification for being the secretary of defence was:
——
Being a Major in the Minnesota Army National Guard.
And the following Overseas deployments:
- Guantanamo Bay (2004-2005): He served as a second lieutenant with a security platoon, guarding detainees.
- Iraq (2005-2006): He deployed with the 3rd Brigade of the 101st Airborne Division, serving as an infantry platoon leader in Baghdad and later as a civil-military operations officer in Samarra.
- Afghanistan (2011-2012): He served as a captain and senior counterinsurgency instructor at the Counterinsurgency Training Center in Kabul.
Awards
Hegseth earned two Bronze Star Medals for his service in Iraq and Afghanistan, as well as a Combat Infantryman Badge, which recognizes soldiers who have directly engaged in ground combat. He also received two Army Commendation Medals and the National Defense Service Medal with Bronze Service Star, along with Expert Infantryman and Combat Infantryman badges.
His military career spanned from 2002 to 2021, including active duty and time in the Individual Ready Reserve.
In addition to his military service, Hegseth holds a Bachelor of Arts in Politics from Princeton University and a Master of Public Policy from Harvard University’s John F. Kennedy School of Government, which complement his practical experience with academic credentials relevant to leadership and policy.
———-
You can argue he’s good at the job or bad at the job.
I would have no issue if you said he was completely incompetent.
But saying that hs a ‘primary qualification is being a yes man’ is a ridiculous laughable argument.
I realize much has been made of his military service.
If he was the only reserve O-4 with combat experience we could find to serve as Secretary of Defense, then yes, that would be a primary qualification.
Given the rank, that's ridiculous. Ergo his primary qualification is something else.
A decent military record is table stakes, if he did not have a reasonable military record at all he would not have the position - so that’s his primary qualification. People that were close to the administration that didn’t have a military record would not have been eligible for the job.
Not you, but many others were arguing at the time that his primary qualification was ‘being a Fox News anchor’, which is infuriating. It’s not - it’s his military service. There are many people that are Fox News anchors, none of them were eligible for the job because they do not have a military record.
I have no argument with claiming he won the job because of his connections.
It's actually not table stakes nor a matter of eligibility. We've had several SecDefs, all dramatically more competent than Hegseth, who did not have any military experience.
Recently, from review:
* To be fair, Hagel's year was volunteering to be drafted and sent to Vietnam as an infantry squad leader> We've had several SecDefs, all dramatically more competent than Hegseth, who did not have any military experience.
Who do you have in mind? Carter, Cohen, and Cheney were the only confirmed secretaries from the past 40 years who fit "no military experience".
There are a handful of recent secretaries with < 5 years of military experience who did not even reach the rank of Captain (e.g. Rumsfeld, Robert Gates, Panetta, Perry).
To be clear: I agree with you that military experience is not really a qualification for the job, unless the individual has achieved high enough rank (i.e. General) to be involved in strategic planning. And certainly most secretaries of defense don't have that (Austin and Mattis are quite rare on that front, doubly so because they needed congressional waivers to serve in the position while still being active-duty military).
You do not seriously believe that he got hired based solely or even primarily on that, let's face it, quite mediocre military service resume.
He was on Fox being a yes man with some military experience
Trump saw him and liked him on TV
Trump made him SecDef
You're saying that pretty much any career officer is qualified to be secretary of defense? Even "completely incompetent" ones (your words)?
"...a ridiculous laughable argument"
Right back at you.
everyone else in the chat is responsible for not shutting it down
Yeah, ultimately they are all morons.
If I was on Slack at work and someone tried sharing secrets I would immediately say hey, we have protocols for this. Now we have to rotate keys. Please follow the protocols. Let’s walk you through it if you don’t remember. Etc.
And those are just API keys or similar data. We take it seriously because 1. It actually matters and 2. The habit will save your ass when it counts. Make it a habit
These guys have not made security a habit. It doesn’t actually matter to these guys. That’s scary. This is so much more than access to my org’s AWS services.
If you worked for the Trump administration, you would then be fired for getting in the way of what he wants.
Sure they are all morons and culpable but still the largest failure is the person who leaked details.
There is something bigger at play when so many people make mistakes all at once. Considering the seriousness of the topic, wasn't there any sort of protocol or monitoring system that would alert them that the information is too privileged for that medium? I have seen ordinary institutions behave more sensibly. I don't have any experience in national security matters. But even as a tech professional, I would expect at least one dedicated official to be watching the channel for compliance. How does such an experienced institution make such fundamental mistakes?
> But even as a tech professional, I would expect at least one dedicated official to be watching the channel for compliance.
The group already had the supposed who's who of dedicated security professionals .. as appointed by Trump admin, of course.
Vice President JD Vance, senior White House staff, three Cabinet secretaries, and the directors of two Intelligence Community agencies.
Oh, and Marco Rubio .. the actual "acting archivist of the United States" responsible for ensuring that such conversation chains are preserved for posterity and not auto discarded on Signal.
~ https://en.wikipedia.org/wiki/United_States_government_group...
Speaking from an allied five eyes perspective .. it was an amateur hour clown show of epic proportions.
Followed up by Trump trashing America’s intelligence capability on the say so of a far-right conspiracy theorist and 9/11 truther.
I don’t disagree, but I think GP means someone who is not a political appointee, like the non-partisan national security officers whose role is basically exactly what GP discussed. I don’t know if it’s usual for NSC officers to be included in these kinds of chats that are ostensibly just for coordinating secure meetings between principals though - maybe it should be
Sure, the equivilant of a professional court reporter with a standards enforcing role ... but that was never ever going to be a thing on a non SCIF casual signal group setup to gossip and swap fire emoji's outside of the official chain of defence command ...
Humor me here, but i thought using e2e encryption was less bad than other forms of communication
>Why was Hegseth posting information that should be in a need to know basis
He was tripping on power (reminds any other washed out alcoholic talking). It was a collective orgasm in that chat.
> better take that has no really taken hold well in the media.
The media ... not covering a story accurately, or with integrity?!
Say it isn't so!
Hegseth's posts were the most egregious, but there was a lot of sensitive information that could have been inferred from the rest of it -- basically that the U.S. was planning some sort of attack against the Houthis, they debated whether to do it or not and chose to go ahead, and the approximate timing of the attack is implied by the timing of meetings and decision windows.
https://www.cnn.com/interactive/2025/03/politics/yemen-war-p...
None of them seemed at all surprised though, and a bunch of them responded positively. The group didn’t act like the chat was just for setting up a meeting.
I don't think we need to go out of our way to exonerate any of them. "Really fucking up" isn't something exclusive.
It’s an interesting point, but are they even allowed to communicate on these devices with this app? I feel that has to be a question with an answer and i would assume it’s no?
Yes they are, but explicitly not for non-public DoD information. It's for stuff like "hey get to a SCIF so we can talk" and otherwise replacing what you'd normally use SMS for.
Hegseth, the DUI hire?
Are you sure it war not intentional?
They wanted to send a message to the recipients without going through an official channels. What is a better way than adding a journalist to the "secret" group to "leak" it?
“… after he mistakenly saved his number months before under the contact of someone else he intended to add.”
This is precisely why the government has its own very inconvenient devices and network, which cannot possibly fall victim to the same completely understandable human error. Had the team been using secure devices on the secure network, no journalist would ever have been accidentally added to the chat.
That these people are in charge of national security is beyond ridiculous. It speaks volumes about the unprecedented political setup we find ourselves in that such frankly inexperienced and naive people are in charge after Senate confirmations that were intended to protect us all from such a mistake.
When not being a Florida politician, Mike Waltz has had this role since the early 2000s (for Cheney) and believes contact fields “get sucked” through invisible series of tubes. He’s never seen a Senate confirmation and I bet never will.
The article also says that they were using Signal as a standin because there's not yet a secure system that crosses agencies.
It also tries to blame past administrations for this (which includes Trump last time).
There's absolutely a secure system that crosses agencies - they even refer to it in the Signal chat (see the comment about sending details to your "high side inboxes"). But you can't use that system on your personal phone, and it doesn't let you avoid record-keeping requirements by setting messages to auto-delete.
The US has been perfectly capable of executing complicated military operations for decades prior without needing to use Signal to coordinate messaging amongst heads of staff.
Ah but those are trained military personnel, not reality tv stars and infotainment hosts
These people *WERE* military personnel and there is no way they haven't been repeatedly exposed to proper procedures for information handling. They absolutely should know better and deserve to face consequences for this sort of incompetence.
Mike Walz is a Special Forces officer and only retired as a Colonel from the National Guard to take his position as National Security Advisor.
Tulsi Gabbard is still a Lieutenant Colonel in the National Guard.
Pete Hegseth was a Major in the National Guard, ending his service in 2021.
JD Vance is probably the most junior of the veterans, leaving the Marine Corps as a Corporal in 2007.
Actually more capable up until now, this is naturally an historic low, completely reflecting the integrity of the Commander-in-Chief, or lack thereof, by comparison.
This is blatantly incorrect though. The NSA actually set up the DMCC phone system specifically for this purpose. They are phones with 100% of the infrastructure already set up for communicating classified or sensitive information even while abroad and they are hardened enough that they are generally considered unclassified when powered down. They come in a DMCC-S (secret) and DMCC-TS (top secret) flavor. Any somewhat senior member at any agency or department that regularly interacts with classified information could request one of these devices. They provide cross agency encrypted call, text, and other capabilities at all security levels.
https://www.disa.mil/-/media/Files/DISA/Fact-Sheets/DMCC-TS-...
So why are we Taking claims and justifications from this admin at face value? Fool me once, shame on you, fool me twice shame on me”
that’s why in the past cabinet members have a personal SCIF at home.
Work from home? My pearls!
"These people"
Indeed, like this:
https://www.fbi.gov/news/press-releases/statement-by-fbi-dir...
"From the group of 30,000 e-mails returned to the State Department, 110 e-mails in 52 e-mail chains have been determined by the owning agency to contain classified information at the time they were sent or received."
Nothing in my comment implies that what Clinton did was any more lawful. But since you raised the point, I’ll just note that it is quite interesting that Clinton’s circumstance was thoroughly investigated by the FBI, whereas in the Signal debacle, it seems Trump’s administration is going to let it go.
Why the double standard?
"because the White House had authorized the use of Signal, largely because there is no alternative platform to text in real time across different agencies, two people familiar with the matter said.
Previous administrations, including the Biden White House, did not develop an alternative platform to Signal, one of the people said."
Is that true? There is no alternative platform to text in real time across different agencies? And nobody had a problem with that?
Most of the Generals and Colonels I've worked with use government-issued smartphones with access to their government Outlook account, and send encrypted group emails back and forth that way.
Anyone remember being told Signal was an unsecured app and not to use it?
Rules for thee but not for me. Pepperidge farm remembers.
This is part of the reason I don't keep contacts on my iPhone anymore.
The information that Hegseth shared shouldn't have been shared regardless of whether the app was secure, and regardless of whether Jeff was there. Nobody in that chat needed to know those details, he was just showing off like the insecure dilletante he is.
Like an eager intern showing off their capabilities in front of the Engineering Leads.
A news reporter turned SecDef will make one be like that… eager
If you're the new Secretary of Defense and you've never held a rank anywhere near a military General, you need to spend about 12 hours a day 7 days a week, with real active Generals for a lot longer than this before making any bold moves.
Anything less is certainly dereliction of duty.
The Secretary of Defense is a civilian position intended to be independent of the active-duty leadership so as to prevent coups. In practice, many prior SecDef’s had to get waivers to serve.
How does that prevent coups? Like the reason a military coup works is because the military has a shitload of weapons. How does having the secretary of defense not able to be in on a military coup prevent a military coup?
At that point they’re bringing an org chart to a gun fight.
Probably to stop the personality. Coups are often driven by "soldiers loyal to...". Having a civilian in the role would pre-empt that.
OTOH a waiver undoes all of that. It shows how much of democracy depends on people following conventions and traditions.
Ok, that's what I always must have thought there was no match for.
I've been more wrong before . . .
This thread is misunderstanding the job of Secretary of Defense. They aren't interns learning from the generals how to lead an army or plan logistics. They're project managers who ensure the generals are aligned with the President's goals.
I would say that they oversee the Pentagon and ensure that the military stays in civilian control. In the past, theories from war games percolate through the Joint Chiefs, who meet with SECDEF before presenting options to the President.
I was surprised Hegseth even desired a side channel that had the potential downside that he could accidentally text the coordinates of a carrier. Stuff like that gets Generals relieved immediately.
Equally bewildered as there is no real upside to this and the other folks on the line dont have any purpose of knowing prestrike information.
I am not as educated in these manners but this type of information seems to be of the type you don’t text on commercial applications and would be on a need to know basis. Maybe you can communicate the idea that something is planned to happen but not timelines of the specific assets.
The National Security Advisor and Vice President shouldn't know when and how an attack is happening? That's ridiculous. They were literally debatng whether to do it, of course they need to know. Beyond that, the people in the White House need to prepare messaging, position the president.
This is a great explanation for why they should be keeping these conversations on systems that are designed for handling classified information and have controls to prevent adding a random person to the conversation.
The systems you describe exist. An interesting story would investigate why the systems weren't used in the Goldberg situation.
I think the easy answer is that current systems are subject to FOIA and they are doing their best to avoid FOIA because whatever they are doing is very illegal.
It would not have to be illegal, much less very illegal for them to want to keep their discussions away from public scrutiny. It is unacceptable even for mundane official discussions.
I have often observed government officials carrying two phones and using both of them in the same meeting.
> I have often observed government officials carrying two phones and using both of them in the same meeting.
I have two phones. One for work and my personal phone. What's your point?
When working, one should primarily be on only one of those devices. I have observed government officials using both concurrently to escape some conversations being subpoenaed.
I'm completely unfamiliar with what systems exist, but here's what the article states:
> the White House had authorized the use of Signal, largely because there is no alternative platform to text in real time across different agencies, two people familiar with the matter said.
> Previous administrations, including the Biden White House, did not develop an alternative platform to Signal, one of the people said.
Are you saying these sources are dissembling? Wouldn't surprise me at this point, but just making sure I understand what you're saying.
The systems exist are in the form of "you go into a secure room with specially-networked computers and do your sensitive comms there." These are secure not only because of the use of strong encryption (which Signal does) but also because of the restricted access (which Signal doesn't). You can't accidentally add a journalist on these secure systems for the simple reason that the US government doesn't give accounts or physical access to randos (which Signal effectively does).
Yes
https://www.disa.mil/-/media/Files/DISA/Fact-Sheets/DMCC-TS-...
Thanks for clarifying! Certainly seems like dissembling to me. Wish news organizations actually did the due diligence and reported these kinds of details.
This sell sheet describes a phone capable of and approved for TS voice calls and data hotspot, but does not advertise text messaging.
While the sheet doesn't mention it, the Cellcrypt app is a fully functioned encrypted text messaging app.
https://www.cellcrypt.com/cellcrypt-federal
With post quantum protection. Amazing.
I mean, if the devices exist, I'm skeptical its that hard to just give them to whomever you want to use them and give them all DoD accounts or whatever. The people involved being in different agencies seems like a dodge.
As described near the end of the article
> White House had authorized the use of Signal, largely because there is no alternative platform to text in real time across different agencies, two people familiar with the matter said.
All of these guys have SCIFs at their homes and offices, and if they're traveling they have access to a SCIF. They can absolutely get secure messages across agencies in real time - Waltz even says this in the group chat when he tells them to check their "high side inboxes". They just can't get them as texts to their personal phones - for very good reason. It's a more inconvenient system by design.
What these guys are arguing is that there's a case for using Signal for something like what Waltz was initially doing - telling people to check a more secure system and asking them to name a point person. But of course the risk is that a) even that information is extremely useful to an adversary; b) once the more convenient system exists, you're relying on people to carefully adhere to the rules about what should go on it, and guys like Hegseth are morons who don't feel like they need to follow the rules.
"Look, forget the myths the media's created about the White House--the truth is, these are not very bright guys, and things got out of hand." --from All the President's Men
That was over 50 years ago, and now no one over a 90 IQ thinks these guys are bright.
Good point. On the Daily podcast (NYT) Goldberg was asked what was in the chat after the strikes. He said a plenty of different emojis. Goldberg's reaction was also interesting, he thought at the moment that every workplace is the same. Personally I'd expect some serious mood and attitude when there are so much at stake including people lives, but humans are humans
Is this comparable to Hilary Clinton’s email issue out of interest? (not American so only have a passing familiarity with much of this)
It is comparable but not similar. Clinton had a private server for handling diplomatic emails. The vast majority of traffic was unclassified, the classified material was later deemed to be improperly marked (except three documents iirc).
This case is a single incident (that we are aware of) where a clearance holder manually bypassed security and tracking by transcribing attack plans to a commercial chat platform.
Hillary also had her phones destroyed (by hammer) so that those messages couldn't be saved for the record, much like Signal was set to destroy messages so they couldn't be saved.
"But Trump decided against firing him in large part because he did not want the Atlantic and the news media more broadly to have the satisfaction of forcing the ouster of a top cabinet official weeks into his second term."
That's about Michael Waltz. The decision is based not on whether Waltz revealed classified info, but about appearances. Seems dangerous to make decisions this way.
I wonder what their source is for that.
An alternative interpretation is simply "I don't care": So top secret info leaked; don't do it again. You're doin' a heck of a job.
If it does happen again... honestly, would the rationale be different?
Sure, they'd have a conniption if it had happened under Biden. But that would be purely about harassing Biden rather than a serious consideration of national security.
The difference is that the media would pick up the conniption fit, and ask questions endlessly. Here, we see a shrug and a decision to not follow up. The acceptance of sorry opsec practices is baked into the coverage
It's sometimes called "sanewashing". There has been so much overwhelming incompetence that it has become the dog-bites-man story. Even otherwise competent news media can't figure out how to say "this is just plain criminal".
With all due respect, that's an aggressive assumption. "The media, after 4 years of Trump, can't figure out what to write", seems less likely than "media's editors and owners like Trump and want him to make sense and succeed".
you think?
They said Waltz had been "cleared of wrongdoing" and yet
> Donald Trump’s national security adviser Mike Waltz included a journalist in the Signal group chat about plans for US strikes in Yemen after he mistakenly saved his number months before under the contact of someone else he intended to add, according to three people briefed on the matter.
That clears him? That should implicate him!
What about the 'wrongdoing' associated with using a messaging system that keeps no records. The president doesn't have the authority to over-ride this lawful requirement.
There is no accountability for this administration. It's funny watching all the anti-DEI folks talk about meritocracy because the only qualification you need to be in the Trump administration is undying loyalty. Ethics don't matter and neither does ability. Just be loyal.
[flagged]
If only there were information systems that supported the discussion of classified information without the risk of including a random contact.
> Waltz also appears to have also engendered some sympathy from inside Trump’s orbit over the group chat because the White House had authorized the use of Signal, largely because there is no alternative platform to text in real time across different agencies, two people familiar with the matter said.
- No alternative platform: Presumably on purpose. If it were a good security practice to text this type of information in real time across existential-level national-security agencies by using multiple private vendors (e.g., Apple, Signal, AT&T, Verizon, …), I'll go out on a limb to guess that the government would have implemented that idea before 2025.
No alternative that is not subject to FOIA requests. Signal deletes messages in violation of the Presidential Records Act. That is why it is chosen.
At least we know that Signal isn't backdoored, as far as the POTUS knows.
> No alternative platform: Presumably on purpose.
It's not on purpose, it's a lack of IT coordination and has been a long-standing issue in the government. As an example, until about 2010-2012, nearly every US military base hosted its own email server and employees (military, civilian, contractor) received an email address like first.last@base.af.mil (replace af with another branch as appropriate). Now it'll be first.last@us.af.mil.
They consolidated each branch's email and other comm systems over a number of years with good and bad results. Cross-branch communication could still be improved, but it's much better than it used to be. Cross department and agency communication is still broken. And the only purpose is so they can retain control of their fiefdoms.
That's the fun part. They did. DISA and the NSA have had the DMCC-TS (and DMCC-S) phones available across basically every agency or department for years now. They come already provisioned with Cellcrypt for messaging and phone calls as well as email access.
These are the standard communication device for senior members of the US government who are working regularly with classified information.
https://www.disa.mil/-/media/Files/DISA/Fact-Sheets/DMCC-TS-...
The issue with these devices is that the systems they use follow all recordkeeping laws and any communications are subject to FOIA.
[dead]
[flagged]
You can build the most secure app and install it on the most secure hardware, but if people simply instead use their private phone to chat with other people on their private phone using a random app from the App Store, then it just doesn't matter.
You can then write as many rules as you like about how you're not allowed to that, but if you don't follow up and enforce those rules then people will keep doing it. Bottom line, no one cares about security enough to compromise convenience, and unless you start to literally throw people in jail they never will.
I suggest getting to ground on how OPSEC works (or doesn’t) for the White House, NSC, and others. To what degree are various intel agencies proactively versus retroactively involved? This is probably very complicated. Common sense guesses or understandings are unlikely to reflect reality. My guess is that proactive OPSEC for private phones is patchy at best.
For anyone who studies this in detail, I suggest passing the information to credible investigative journalists exclusively. This may be a dumpster fire. (If not exclusively, then on embargo.)
The initial message from Hughes to Waltz happened during the campaign, so neither was a government official and they were both using their personal phones. The problem is that they continued to use their personal phones after they became government officials.
There's a limit to what security officials can do when top-level people are deliberately circumventing the controls.
This is not true. The phones are government issued and the DNI has testified to Congress that Signal was pre installed on their official phones.
The point of the article is that he accidentally updated his contact on his personal phone (from the campaign, when he was not a government official and did not have a government-issued phone) with the wrong number because he clicked on an iOS suggested contact update generated by receiving a text message. Then, he imported that contact into Signal and then added it to the group chat.
So there are three explanations:
1. Everything happened on his personal phone
2. He was logged into Signal on his personal phone to update the contact, and was also logged into the same Signal account on his government-issued phone. He imported the contact on his personal phone and then added it to the chat on his government-issued phone. From an infosec standpoint, this is not much better than #1 because he still has an unsecured device logged into the same Signal account that he's using for secure comms.
3. He was only logged into Signal on his government-issued phone and then manually copied the number into his government phone from his personal phone, not noticing that it was the wrong number. For anyone who has worked with users, this doesn't seem realistic. These guys have huge numbers of contacts, are very busy, and they do the most convenient thing possible for them. They do not sit around for hours copying information from one phone to another.
Let's assume that Waltz only used Signal from his government-issued phone and manually copied the number from his personal phone. He thought that the number he was copying was from Hughes' personal phone - it was in his personal contacts and he had been using it before either of them were in government. So even if Waltz himself was using a government-issued phone, which seems unlikely, he was simultaneously assuming that his subordinate was using a personal phone.
Even if you take the most generous interpretations you end up with the conclusion that NSC personnel were routinely using personal devices and accounts for secure comms.
The whole point of the Senate testimony from the DNI was that Signal was an approved application that comes pre installed on Government issued devices - and yes indeed, for secure comms.
Even Teams flags external participants to a chat. How was a phone number not known to be within the government perimeter allowed to be added with no alarm to a chat thread in an app pre installed and approved by the agency ?
There are more questions than answers here and its clearly suspicious to say the least that a prominent threat vector such as a mistaken phone number could go unnoticed and not trip a single flag. We're not talking about compromised sim cards or anything, a simple fat finger could expose a secure messaging app thread to an external participant and this is approved by the department for years? How many "Mistakes" over the years have gone unreported ?
Waltz or anyone on that thread isn't responsible for IT, so who ultimately didn't secure this vector?
You're making an assumption that the professional career civil servants are in charge. The whole theme of this administration is that they are dismantling the administrative state and the civil service. The political echelon has made it extremely clear that if they want something, the civil service cannot stop them from getting it, regardless of tradition or legality. So when DOGE says they want probationary employees fired, but the law says that probationary employees can only be fired for performance or conduct reasons, then OPM directs the agencies to fire probationary employees for performance, and the agency carries out that directive. Does it matter that nobody has actually assessed the performance of these employees? Or that OPM has no authority to direct an agency to fire anyone? No. You see this pattern again and again - agencies giving DOGE root access to systems, the administration ignoring statutes that say they have to notify congress or provide a reason before firing someone, etc. Dismantling agencies despite statutes that explicitly state that only Congress can do that.
There are absolutely no institutional guardrails. If Mike Waltz says he wants to put his personal contacts into Signal, nobody is going to stop him from doing that because they know from numerous examples that the administration does not care about laws or civil service protections an is happy to fire anyone who stands in their way.
[flagged]
[flagged]
[flagged]
How does the Guardian have such intimate details of a forensic investigation at the White House level and in the same breath claim that unauthorized access to non public information is a threat to national security ?
It makes no sense for the media on one side of the political spectrum to claim the right to unfettered access to secrets.
Because it’s not “non-public” information but classified information that’s the problem.
Why would this investigation be classified?
If you read the original piece in the Atlantic, Goldberg didn’t publish much of the information initially thinking it would be irresponsible to do so.
So the Guardian getting access to internal White House deliberations and a FORENSIC INVESTIGATION, is not cause for concern but everything that people you don’t like , is, apparently.
This is precisely why the political divide is impossible to bridge. Everything I said indicates seriousness about classified information or even simply unauthorized access to information in such a cavalier manner that it’s published in the Guardian. Somehow, calling it out is more problematic than achieving a political end.
No, you are not differentiating between information that is classified and information that is merely non-public.
This is a difference in law, there is a difference in duty of care (although even then, the Trump administration is responsible in both cases), and an enormous in impact (mission failure vs Trump embarrassment).
The DNI has officially declared that no classified information was in the signal thread. The whole thread is public now.
The information about a sensitive investigation, clearly not meant for anyone outside the White House seems to be available freely to the Guardian. How come? Where is the line if any?
I’m no apologist, but it sounds like he used an approved tool and made a human error. The key thing is that the tool is approved.
What is an apologist but someone who provides excuses and justifications for someone's behaviour?
Yes, and if you make a "human error" that is really, really bad then you should be fired.
I mean, Jesus Christ when I was 16 and working at a Dairy Queen I saw people get fired for their drawer coming up a dollar short. Why are we holding fast food cashiers to a higher standard than our top government officials? Does that legitimately sound okay to anyone?
... for this purpose?