An encrypted group chat on Signal, meant for high-level coordination within the US National Security Council, reportedly included top officials involved in ordering a strike on Iranian-backed Houthi rebels in Yemen.
The group was created by US national defense advisor Mike Waltz for top administration officials; but he accidentally added Atlantic editor-in-chief Jeffrey Goldberg to the chat.
The White House incident, which has reverberated through diplomatic and cybersecurity circles, has prompted an internal investigation by the National Security Council. Officials confirmed that a discussion about military operations appears to have occurred and are looking into how Goldberg’s phone number was added to the group.
What is Signal?
Signal is a free messaging app that enables users to send texts, make voice and video calls, and hold group chats. Its main selling point is its use of end-to-end encryption, which ensures that only the sender and recipient can access the content of a message or call.
The platform uses the open-source Signal Protocol, which is also employed by WhatsApp, owned by Meta. Telegram, another popular app, does not use end-to-end encryption by default and requires users to activate it manually.
Although Signal offers strong encryption, experts note the app is not without flaws. Messages are encrypted in transit, but once they arrive on a device, they can be accessed if that device is compromised. Furthermore, the app does not provide full transparency on how message data is stored or accessed locally — a potential vulnerability.
Signal includes features like large group chats — up to 1,000 participants — and disappearing messages. In the group involving US officials, Goldberg observed that some messages were set to delete after one week, others after four.
‘Gold standard’ or security risk?
Meredith Whittaker, president of the Signal Foundation, described the app on X (formerly Twitter) as “the gold standard of private communication.” However, she did not respond directly to the incident involving the White House.
Cybersecurity experts broadly agree that Signal is more secure than most mainstream messaging apps. Still, they caution that no platform is fully immune to misuse or breaches, especially if a user’s device is accessed or credentials are leaked.
A former senior official in the Biden administration’s National Security Council said that while Signal was permitted for limited use on government-issued devices, its deployment was strictly regulated. “It was mostly used to prompt a colleague to check a classified message sent through secure government systems,” the official said.
Legal, ethical concerns with encrypted messaging
Beyond technical security, the Signal incident highlights concerns about transparency and accountability. Messages sent through encrypted apps are often inaccessible to external auditors or records systems — especially when they are set to self-delete.
This raises challenges for compliance with freedom-of-information laws and legal requirements related to public record-keeping. Without additional archiving tools, Signal messages may fall outside the scope of official documentation.
The use of encrypted platforms by public officials is a global trend. An Associated Press review found that officials in at least 50 countries — at federal, state and local levels — are using such apps for both personal and professional communication. In some cases, accounts are tied to official phone numbers; in others, they are linked to private devices.
Who built Signal — and why?
Signal was created by Moxie Marlinspike, a software developer who previously led Twitter’s security team. He combined two open-source encryption projects to build the app.
In 2018, the nonprofit Signal Foundation was established to support the platform’s development. One of the foundation’s board members is Brian Acton, co-founder of WhatsApp, who donated $50 million to help launch it. The foundation is funded entirely by user donations and carries no advertising or investor support.
Balancing privacy and oversight
As digital communication tools evolve, so too do the questions around them. The Signal controversy reflects broader concerns: How should governments handle sensitive communications in the digital age? Can transparency and national security coexist on encrypted platforms?
In a world where any message can become headline news, the way public officials use — and misuse — encryption is becoming a matter of public interest.