Exploring the Confusing and Fragmented Landscape of Signal Adoption within the Government

According to a dozen current and former officials, the encrypted messaging app is widely utilized across multiple agencies, even in light of concerns regarding its security vulnerabilities.

Exploring the Confusing and Fragmented Landscape of Signal Adoption within the Government
The nation's top intelligence officials have informed lawmakers that it is standard practice for them to discuss sensitive national security matters on the encrypted messaging app Signal. They noted that this app is widely utilized within their agencies and is even pre-installed on their government devices.

However, discussions with a dozen current and former government employees present a more complicated picture regarding the government's use of this commercially available chat app. Guidance on its use varies significantly across different agencies, and there appears to be a lack of clear oversight concerning the type of information exchanged.

Certain agencies, such as the Department of Defense, have recently issued warnings about the app's security vulnerabilities, underlining that Signal is "not approved to process or store nonpublic unclassified information."

This issue has gained prominence in the aftermath of a report from The Atlantic, which detailed how members of the president's Cabinet—including Vice President JD Vance, Director of National Intelligence Tulsi Gabbard, CIA Director John Ratcliffe, and Defense Secretary Pete Hegseth—used the app to coordinate military actions in Yemen.

The contents of the group chat, including specifics on the timing and types of weapons used during the strikes, were fully disclosed last week by The Atlantic's Jeffrey Goldberg, who was inadvertently added to the discussion by national security adviser Mike Waltz.

Current and former federal employees, who spoke anonymously to discuss sensitive communication methods within the government, revealed that the use of Signal on government phones has been more lax in recent months, although they were unsure when the policy change occurred or who authorized it. These officials largely agree that the app should not be used to discuss sensitive or classified information that could be intercepted by adversaries.

“For comms like that, you just always assume that there’s somebody on your phone,” said one former CIA official, who deemed the detail shared in the controversial group chat “beyond idiotic.”

The Trump administration has claimed that the discussions were not classified; however, cybersecurity and national security experts have expressed skepticism about this assertion. The matter is further complicated by reports that Waltz created and managed multiple additional Signal group chats to convey sensitive national security information to Cabinet members. While he has denied leaking classified information, he has not publicly addressed the existence of these other Signal discussions.

It remains unclear which agencies permit their employees to utilize the app on government-issued devices, with significant variation common even within different offices. Neither the Pentagon nor the CIA responded to requests for comment, and the Cybersecurity and Infrastructure Security Agency declined to answer questions regarding Signal's use at the agency.

Alexa Henning, spokesperson for the Office of the Director of National Intelligence, indicated last week that “widespread use” of Signal began under the Biden administration, noting that “at ODNI, when I got my phone, it was pre-installed.”

Not all officials, however, share that experience.

“I don’t recall using it on my government phone,” said Chris Inglis, who was the national cyber director at the White House from 2021 to 2023.

One Defense Department employee mentioned that two senior officials in at least one service branch of the Pentagon had to specifically request Signal's installation on their government devices, for which they received waivers. An administration official stated that “Signal is available on many US government devices based on local IT policies.”

A former White House official from the Biden administration noted that Signal was not present on their government-issued device and remarked that it “would be very new and rare” for federal officials to have the app automatically included on their devices.

Matthew Shoemaker, who served as a Defense Intelligence Agency analyst until 2021, indicated that while Signal was used during his tenure, it was "almost exclusively restricted to scheduling purposes," such as notifying supervisors of delays due to personal matters.

“That’s why Signalgate is all the more staggering — because these senior leaders were doing the exact opposite of what even my most junior intelligence officers knew not to do,” he commented.

Signal's strong privacy features, including end-to-end encryption and minimal data collection, render it more secure than many messaging applications. However, officials responsible for handling classified information follow specific protocols, often conducting such communications within Sensitive Compartmented Information Facilities (SCIFs).

One former security and intelligence official acknowledged that Signal is “increasingly used across the U.S. government” but specified that it is mainly for “unclassified discourse.”

“Agencies and departments typically have guidelines regarding what apps are sanctioned for use on government phones and for what purposes,” they added.

Top Trump administration officials involved in the controversy have dismissed the notion that Signal should not be utilized as an official communication tool.

During a House Intelligence Committee testimony, Gabbard stated that Signal “comes pre-installed on government devices.” She referenced guidance from the Cybersecurity and Infrastructure Security Agency issued in December following a major hack linked to the Chinese government, which recommended that “highly targeted individuals,” including government personnel, “use only end-to-end encrypted communications” like Signal. However, this guidance was not mandatory and does not pertain to classified information.

Meanwhile, Ratcliffe testified to the Senate Intelligence Committee that Signal “was loaded onto my computer at the CIA, as it is for most CIA officers,” asserting that this practice began during the Biden administration.

A current employee at CISA revealed to PMG that agency workers were not permitted to download the app onto their government-issued devices.

Numerous former national security officials reported receiving no explicit directives from their agencies about their communications on Signal, aside from the general training provided on cybersecurity and handling sensitive or classified information.

“It’s so blindly obvious, I don’t recall it being a big focus,” noted a former senior Pentagon official who served during the Biden administration and confirmed their use of Signal on a government device.

Experts have voiced concerns regarding Signal’s disappearing messages feature, which allows messages to be automatically erased after a specified timeframe. According to the Federal Records Act, communications from the administration must be preserved, with any deletion of such communications potentially regarded as a criminal act.

“One of the problems for government officials using Signal is they can automatically set it to delete messages, and then once deleted, it can’t be brought back,” explained Greg Nojeim, director of the Security and Surveillance Project at the nonprofit Center for Democracy and Technology.

In the end, government communications differ from personal messages.

“Security concerns aside … our communications were officially the property of the government, subject to FOIA, and must be retained in perpetuity,” said Inglis.

Debra A Smith for TROIB News

Discover more Science and Technology news updates in TROIB Sci-Tech