The recent ‘Signal-gate’ flap committed by top US national security officials is an evergreen reminder that convenience and operational security rarely go together. In mid-March 2025, key US national security principals convened a chat group on the Signal messaging app to consider and then detail an upcoming military strike against Houthi militants in Yemen. This group included US Vice President JD Vance, Secretary of Defense Pete Hegseth, Director of National Intelligence Tulsi Gabbard, National Security Advisor Michael Waltz, and CIA Director John Ratcliffe, amongst others. The group’s existence, in addition to its content, was revealed after Waltz inadvertently invited journalist Jeffrey Goldberg to join the chat group. Once the military strike was completed, Goldberg published a piece in The Atlantic describing the chat in general terms, but withholding certain details citing concerns about operational sensitivities. However, after suffering much verbal abuse from chat participants and their right-wing media allies, Goldberg then published the chat details in a second piece to dispute claims that he was embellishing what was really said in the chat; namely, that there was no classified information revealed. Goldberg’s second article laid bare the seriousness of the security breach by US national security officials and the content beggars belief that the information being shared was unclassified, although those involved still deny that they had done anything wrong.
Like most contentious political topics in the US, where one stands on Signal-gate depends on what political jersey one wears. The Trump administration and its allies maintain the error was including a journalist in an otherwise acceptable chat group. In contrast, most democrats have focused on the error of transmitting operational details over a third party platform, regardless of who was involved. We view both mistakes as serious and argue that the information was classified. In this piece we explore our claims and consider the implications of this breach for US national security.
“Clean on OPSEC”?
Operational Security (OPSEC) is an umbrella term that law enforcement, military, and intelligence agencies use to protect operations against inadvertent leaks or hostile intelligence collection. OPSEC can protect both classified and unclassified information. OPSEC is not a set of specific rules pertaining to the handling of sensitive information. Rather, it is a broad doctrinal principle national security practitioners understand as the first and most basic rule of the trade. So, when Hegseth claimed “we are currently clean on OPSEC”, he was wrong on multiple fronts.
When Goldberg was inadvertently added to the Principals Committee ('PC') Signal chat “Houthi PC small group”, two primary mistakes were revealed. First, that US national security principals (Vice President, Secretary Defence, Director of National Intelligence, National Security Adviser, CIA Director, etc.) were discovered to be using Signal, an unclassified and publicly available messaging app, to transmit classified information. Signal is a well-regarded messaging service known for its robust end-to-end encryption. The Signal president was recently on the main stage of SXSW 2025 extolling its virtues as a secure platform and claiming total privacy for users of the system. Signal has garnered wide visibility and a well-deserved reputation for security, although the inadvertent adding of a journalist to the chat is a salutary reminder that humans remain the weakest link in cybersecurity. Despite its strong encryption, and being an allowable app on government-issued devices, national security agencies do not allow it for transmitting classified information.
Was the information discussed on Signal classified?
The principals involved denied that any classified material was discussed via the Signal chat. However, a review of the US Central Command (CENTCOM—the regional command tasked with carrying out the strikes) and Office of the Director of National Intelligence (ODNI—the coordinating agency for the US Intelligence Community) classification guidelines plainly contradict this assertion. On pages I-3 of the CENTCOM classification guide, any communication about operations which reveals “movement of ammunition, aircraft, personnel, units, or comm equipment; date and time mission/operation begins; and timelines/schedules” should be classified as Secret. Hegseth’s Signal messages contained detailed information that CENTCOM would have categorized as classified. Furthermore, according to page 36 of the ODNI guide in a section covering “Military Planning”, discussion of “information providing indication or advanced warning that the US or its allies are preparing an attack” should be classified as Top Secret. Director of National Intelligence Tulsi Gabbard, also on the Signal chat group, should have clearly recognized the classification level required by her own agency’s guidelines.
There is nothing to support the White House claims that no classified information was discussed on the Signal chat and the claim that there were no locations in the chat can be readily dismissed because the location was already clear from the name of the chat group itself. The Houthis only govern Yemen. As far as we are aware, no career professional former national security official or intelligence officer has judged the chat to be unclassified. This stands to reason as the evidence is overwhelming and simply applying the CENTCOM and ODNI standards would yield a classified marking; the only areas of disagreement between apolitical professionals is whether the information was in fact Secret or Top Secret given the variance in the classification guides.
However, the revelation of the strike details has drawn attention away from a more nuanced point; namely, that the deliberations of senior national security officials about the impending use of force would be of high interest to hostile governments. Specifically, a window into the foreign policy decision-making process, insights into the candid views of senior national security officials, and how they interact with each other to influence the President, would be the kind of high-value information that US intelligence would be trying to steal from other governments.
Why are classified systems essential?
For those of us who have worked within classified environments, one of the most confounding elements of this breach is how unnecessary it was. All cabinet-level principals have constant availability of government-approved classified systems. This includes access to both fixed and mobile Sensitive Compartmented Information Facilities (SCIFs). National security principals are not officers in the field who may be forced to improvise ways to communicate sensitive information, nor were they operating on an emergency basis (i.e. time was not a critical factor) and this was admitted in the chat. Other than convenience, there is no need for the “PC Houthi small group” to convene outside of a classified environment. It is true that controls on classified information are often byzantine in nature and can be difficult to navigate. But that is by design. Utilizing SCIFs, burn bags (special receptacles for discarded classified material), and separate classified email systems are all inconvenient but necessary protocols for safeguarding classified information.
Controls placed on classified information also help mitigate potential human error. Communicating via a classified system would have obviated these risks by not allowing for the potential of unauthorized access in the first place. Signal may feature unbreakable encryption, but devices outside of a classified environment (such as personal-issue mobile phones) are subject to much more risk. It is highly likely that everyone on the “PC Houthi small group” list (except Golberg, presumably) is actively targeted for collection by hostile intelligence services. Their deliberations and perspectives would be carefully scrutinized in foreign capitals and thus it is a standard practice of intelligence services to monitor foreign security officials for collection opportunities. Many of the members of the Signal chat were travelling abroad during some of the chat where devices could have been compromised. When travelling outside of the US, government and personal electronic devices are often subjected to technical collection risks not present in the domestic environment. Officials are briefed on these risks and practice precautions accordingly (like communicating via only secure channels). Adversarial intelligence services operate around the globe and some foreign environments present steep counterintelligence challenges. For example, Russian intelligence has reported links to Iran-backed Houthis and could have expediently relayed anything they learned about the impending strike. Given the damage that Ukraine has done to Russian forces with US support, it is possible that Russia would have relished the opportunity to also use a proxy to harm US forces.
In this scenario, if Goldberg had published the strike information in advance or if hostile intelligence services were able to penetrate the chat, the worst-case scenario would be that warning could have been given to the Houthis, which might have given them time to develop countermeasures. Such operational information could have allowed Houthi militants to reorient or recalibrate defensive systems that might have put US pilots at risk during the operation. Perhaps, after the pilots had returned safely, it would have been safe and even beneficial to declassify and release some of the details. For example, the details of operations to kill former al-Qa’ida leader Osama Bin Laden and former ISIS leader Abu Bakr al-Baghdadi were very tightly held before the raids and then immediately declassified after. The Trump administration and its allies have encouraged observers to focus on the success of the strike and the safe return of the pilots to claim there was no breach of protocol. However, such a claim is irrelevant because even though no harm resulted in this case, that is no guarantee that a future lapse of this magnitude would not have consequences - or be tolerated if committed by a member of the rank-and-file.
A second problem with communicating outside of classified systems is that unauthorized or unknown parties may obtain access. If the “PC Houthi small group” had been convened, per established protocol, within classified systems, the mistake of adding Goldberg to the group would have been impossible. Thankfully Goldberg exercised remarkable circumspection by not printing the name of the CIA officer assigned to the group (and continued to do so after CIA asked for this). Journalists have not always employed such discretion - just ask former CIA officer Valerie Plame, whose identity was revealed by a journalist in 2006. CIA Director John Ratcliffe stated in testimony that his Chief of Staff was “not operating undercover”. However, “operating” is a misdirection here. Under Agency protocols, this person is either a covered employee or not. If the former, the officer’s identity is classified.
What are the future implications of Signal-gate?
Beyond the error of inappropriate use of Signal to transmit classified information, it is worth noting the demoralizing effects of a clear double standard within the military ranks. Hegseth and others have claimed that no classified information was divulged about the Houthi strike and no harm was done. This is beside the point. It is like claiming that successfully driving home while drunk is proof that you did nothing wrong. Regardless of the outcome, the mistakes made by using Signal for this kind of communication demonstrated extremely poor judgement. If a lower-level staff member or military officer had done this, their clearance would have been immediately suspended, and pending an investigation, would almost certainly be fired or even prosecuted. Cabinet officials and agency directors should be leading by example in this regard, not ignoring the established controls and then denying fundamental errors were committed.
Accountability is important for those who serve at the top of the US national security apparatus. Leaders should set the standard and example for the agencies and departments they lead. If Signal-gate blows over without repercussions, it will set a bad precedent. Future leakers could argue that whatever they leak is not classified based on this new interpretation presented by Hegseth et al. How will leakers like this be held accountable in the future? Furthermore, Waltz set the Signal messages for auto-delete, which breaks federal archiving rules. Again, future accountability will be damaged by a precedent like this.
As of writing, the national security principals involved have claimed no wrongdoing and have disparaged the media in their denials. Instead of shifting blame for this major OPSEC lapse, the leaders involved should express gratitude that no US service members were hurt and should acknowledge the gravity of these errors, perhaps by offering to resign, even with the understanding the President would not accept it. The mistakes made in this incident were of a fundamental nature and simply should not have been committed by these top officials.
After some question over whether or not this breach would be investigated, the Pentagon’s Inspector General announced a review of Hegseth’s use of the Signal chat for conformance to Department of Defense protocols, but it appears likely the Attorney General will sweep it under the rug. We are not optimistic this will produce any substantive penalties, based on previous cases of mishandling classified information by former senior officials like David Petraeus, Hillary Clinton, former President Biden, and President Trump. However, perhaps it will serve as a wake-up call for this group of national security leaders to tighten their approach to the fundamental principles of OPSEC.
Written by:
