|
Getting your Trinity Audio player ready...
|
It does not matter that, allegedly, the content of the Signal group chat wasn’t “classified.” In an instance such as this, where operational details of a military operation are revealed, I suspect that senior military commanders decide what classification is required. Perhaps the President retroactively declassified the information to help provide cover for his incompetent appointees.
We don’t have all the details; however, from what we know, the participants were senior civilian administration personnel. From the details that were released, it appears that this was a “heads up” meeting so that key cabinet officers knew ahead of time what events were planned. Most citizens are not privy to what traditional protocols and procedures are required, such as ensuring that only those with a “need to know” are included in the communication. Since a journalist from a national periodical was included in the group chat, I have to wonder how this type of incident was never reported during any previous administration. Is this the first instance of a commercial app used on unsecured commercial phones to share sensitive information? If so, we have an unacceptable breach of security discipline at the highest levels of government.
This isn’t a partisan political event. National security and the safety of human intelligence assets and armed forces members must be protected no matter which party is in power.
I’m astonished that none of the cabinet-level officials called a time-out and insisted that the conversation be moved to secure devices or that those nearby move to a secure facility. That’s the first issue; the second issue is why not one of those involved ensured that only the required individuals were included in the chat. I understand that the VP, Secretary of State, and then the Secretary of Defense are all in the line of succession and should know better. Two of the three are former military officers. Several other group chat members are also former military or served in Congress and know what is required when communicating about military operations classified as top secret.
It is of utmost importance to understand how this event came to pass. Critics of this administration have a point when questioning the qualifications and temperament of key cabinet appointees. The Commander in Chief is nonplused because the outcome was satisfactory. He does not understand why and how procedures for handling sensitive information have evolved, and why protocols must be followed. We also have a leadership problem. If senior administration personnel aren’t required to follow the rules and are held accountable, how can they expect those under their control to do so?
Frank Orienter
If signal is widely used among government officials, it’s probably to hide their comunications from the normal monitoring and security. That’s a bad thing. That’s a very bad thing. If you don’t work in cybersecurity you wouldn’t understand it. Without the proper protocols, restrictions and monitoring – anything could be done anywhere without any paper trail for whether it’s legal or not. That’s exactly like the watergate tapes. That’s exactly why we HAVE records for evidence should someone do something wrong.
But let’s just say that when you want to hide your communications from view of those that SHOULD be able to monitor it, it usually implies something shady. I didn’t approve of Hilary Clinton’s use of a private email server either. But in the end she wasn’t talking war plans for imminent attacks on that server either – there are levels of incompence. Also after Clinton’s screwup they changed the rules about off-government servers for use for official acts. Obama could have retroactively declared the (very few) classified but improperly marked documents unclassified retroactively. He didn’t. Trump and his cronies did. This was definitely official and despite declaring it “not classified” everyone who works with classified materials is calling foul here. A normal military person was just tossed in jail for 18 months for doing essentially what Hesgeth did.
This is at the top level. If you hire dumb people you get dumb results.
Seems like a no win argument here. The lamenting about this chain on Signal is supposedly its alleged vulnerability to hacking. You just argued is so safe it may violate open records protocols. (can’t be both) . Its reported that Signal comes standard issue on many Fed Govt Phones (one article below says this was “best practice” for security during the Biden Admin. )
I have no knowledge that these Cabinet officials are “dumb”. When Biden DOD Sec Lloyd Austin simply didn’t come to work and didn’t tell anyone, I didn’t hear any disparaging of his mental Acquity? (nobody knowing the whereabouts of the Def Sec could be a security problem) Speaking of dumb, our previous President was not in the running for cognitive agility poster boy…
Gabbard says Signal comes ‘pre-installed’ on government devices https://www.politico.com/news/2025/03/26/gabbard-signal-government-devices-cybersecurity-00250731
Biden-era guidance encouraged use of Signal app by highly-targeted govt officials: ‘Best practice’ https://www.foxnews.com/politics/biden-era-guidance-encouraged-use-signal-app-highly-targeted-govt-officials-best-practice?msockid=04774bafde4762be183e5e2edf5b636d
Tom, the argument is that Signal is generally safe for mundane communications, although that’s debatable as the Russians have been known to hack it using a QR code, but its use may have been to avoid record keeping and transparency. Signal automatically scrubs messages, that is why it may violate open records protocols and laws. It’s not that these people are dumb, it’s that they are amateurs out of their league.
The apps that Government normally uses to be secure, for instance Teams under the Microsoft GCC High tenant, are designed so that the data remains here in the US and so that unrelated contacts are not given access to data they should not have access to. For instance if you wish to connect to Teams from outside the country you need to first have permission to even communicate from that area – usually granted on a case-by-case basis for a limited time – and you must already have a VPN in place to be able to have those communications, 2 factor authentication active on both the VPN and the microsoft account, and the VPN must be set up not to allow local communications on the device in question to avoid data leaking out. How do I know this? Well I’ve had to set these things up for GCC High tenants. They come OUT OF THE BOX without the abilty to hook to organizations or individual that aren’t authorized. You literally could not have added a newspaper person to a chat without them having a login to your tenant. Everything you do in teams and every login or permission change is logged and archived for future forensic examination. Not so with Signal. Signal does not require a VPN. There is no way to restrict contacts to only those with credentials in your tenant. There is no way to create permitted and non-permitted lists of users. No way to archive and track the changes to the account or the signins or usage of those other than yourself. No overall administrator of organizational users of the app to be sure that they are following protocol or be notified if they are not. A tech support person from outside a GCC high tenant – even if they are a Microsoft Employee – cannot access the account without a tenant administrator giving permission. All employees of Microsoft who CAN access the tenant are US Citizens with the proper security clearances. None of that is true in Signal which is an international company. If you asked me today whether I thought any directive from Biden to use Signal without these precautions being in place I’d tell you the same thing – dumb dumb dumb.
“I understand that the VP, Secretary of State, and then the Secretary of Defense are all in the line of succession and should know better. Two of the three are former military officers.”
It’s not clear why one would make that assumption with this group. The fact Hegseth and Gabbards are amateurs, and simply sycophant appointees was clear during their confirmation. Simply being in the military at a low level is not presumptive evidence that one knows high level protocols. Vance was a grunt military journalist, Hegseth was an instructor in the Minnesota National Guard, Gabbards was a military police officer with no intelligence background. Of the three you mentioned Rubio was in the best position to know better and that’s not saying much. Being a pawn does not make one a chess master.
It gets worse. As a cybersecurity consultant this is the part I’m even more worried about, rather than just the inadvertent revealing of data:
* These communications were NOT performed on government issued phones. These were the individuals private phones. What this means:
* They are hiding conversations from NARA and from the ability to track them. This is exactly what they got all up in arms about with Hillary Clinton’s email servers – conversations that should be on protected hardware and software on unprotected devices.
* The communications occurred over an unapproved application that is not normally installed on individuals government issued phones. There are multiple reasons for this, but even the Author of Signal acknowledges that this is not an approved use of their app by the US cyber security folks. That may seem trivial, but I worked with government entities in the past and the apps they use are specifically meant to protect from any ability to access them outside authorized personell. They literally COULDN’T have accidentally included the journalist if they were using the proper communications app and hardware.
* One of the participants – using an unsecured phone, and an unapproved applications was literally IN RUSSIA at the time. If you don’t think Russia has the ability to compromise communications within their own network areas I have news for you…… He then “didn’t remember” where he was during the communications while under oath to Congress. That’s what we call lying under oath folks.
This whole thing gives me shudders as a computer security expert. The Vice President and his military cronies should NEVER be using these apps or hardware for secure communications with each other.
If THIS is happening – imagine what else is happening with DOGE and all the other amateurs and clickbait “own the libs” people Trump hired from his cadre of loyalists. Who doesn’t remember the revolving door of incompetence from his last term? There were people on his team that literally lasted like 2 weeks before burying themselves in incompetence or controversy or getting fired for bringing up legitimate issues with Trump’s foolish endeavors or whims.
Lee, thank you for your insight in this matter.
The writer makes excellent points. Very constructive letter. Not a partisan issue, but a serious foul-up that the Administration needs to learn from.
I generally don’t take the hand-wringers in this case seriously. Many of the same folks took the opposite view when it was revealed that Hillary Clinton as Sec of State had used a private email server for govt biz (after she agreed with the BHO admin not to) . President Obama insisted on using a non secure Blackberry for the first years of his admin. Not to mention its been documented a several occasions that the CCP has hacked into Fed Govt data bases on numerous occasions. (which seem to be one day stories and a yawn). Then Def Sec Lloyd Austin simply checked out for several days and didn’t tell anyone in the Biden Administration, don’t recall any calls for his head. If you believe the media accounts, Signal is widely used throughout the Federal Govt. I’m always suspicious of “coincidences” where one of the Administration’s biggest critics in the media just happened to be in a policy discussion chain. It appears a mistake was made here. I’m sure it will be corrected.