Signal, a widely used public messaging application, has attracted attention following an incident where a journalist was included in a group chat involving U.S. national security officials who were discussing operations aimed at targeting Houthi positions in Yemen.

President Donald Trump has dismissed the leak as a “technical error,” whereas Director of National Intelligence Tulsi Gabbard states that no sensitive classified intelligence data was disclosed.

Jeffrey Goldberg, the editor-in-chief at The Atlantic who was accidentally included in the conversation, later released additional messages highlighting the sensitive nature of the disclosed information.

In those communications, Defense Secretary Pete Hegseth outlines comprehensive strategies for attacking Houthi positions in Yemen, specifying both the timing and the weaponry involved.

Mike Waltz, the national security adviser, stated that he accepts complete accountability for the error. The Atlantic shared screenshots indicating that Waltz was the individual who included Goldberg in the conversation.

The debacle has raised questions over why a commercial app was used to discuss potentially compromising information, and how a journalist was added to the chat, seemingly by mistake.

What is Signal?

Signal stands out as a highly secure messaging application available today. This app supports individual messages, group conversations, along with voice and video calls.

A non-profit organization named Signal Foundation owns it, stating their aim is to “facilitate secure worldwide communication via open-source privacy tech.”

Approximately 70 million people used it globally in 2024.

according to

The non-profit Lawfare platform is less popular compared to rivals like WhatsApp and Apple’s iMessage.

User accounts are created and maintained through their mobile phone numbers, which is the sole personal information that Signal retains.

This indicates that when new members are added to a group chat—such as was presumably done by Michael Waltz or someone from his team—the list displays the mobile contacts who have an active Signal account.

It is believed that in Waltz’s situation, this roster might have encompassed Goldberg, even though Waltz told Fox News on Wednesday, “I can assure you 100 percent that I don’t know this person.”

How secure is it?

Signal employs an advanced version of end-to-end encryption (E2EE) that surpasses what its rivals offer.

Encryption ensures that, theoretically, any communication transmitted from one user to another cannot be intercepted en route by outside parties, including the platform itself.

To put it simply, only the sender and recipient of a message possess the key needed to decrypt it.

On Signal, encryption is automatically enabled as a standard feature rather than being optional. In contrast, this differs from platforms like Telegram, where End-to-End Encryption (E2EE) isn’t activated in numerous widely-used functionalities.

The encryption protocol used by Signal is also openly available for anyone to review, allowing researchers and cyber security professionals to examine the code and confirm it meets stringent industry benchmarks.

Bart Preneel, a cryptographer and professor at Belgium’s KU Leuven, described Signal as ‘the best option available’ for journalists and activists when speaking with Euronews. He referred to it as ‘undoubtedly one of the top choices.’

“However, the most vulnerable aspect is the device itself,” Preneel pointed out.

One can surmise that nation-states possess the capability to infiltrate mobile devices, thereby gaining entry into these communication channels. For this reason, government officials typically utilize specialized equipment for their needs.

Was the group chat possibly compromised?

Preneel likewise characterized the U.S. officials’ Signal fiasco as a “significant setback.”

He remarked, ‘These individuals ought to have been aware not to utilize non-dedicated equipment.’

Based on flight tracking data analyzed by CBS News, Steve Witkoff, who served as Trump’s Ukraine and Middle East envoy, was probably in Moscow at the time he appeared in the group chat.

On March 13th, Witkoff traveled to Russia with the intention of meeting Russian President Vladimir Putin as part of an effort to secure a ceasefire agreement in Ukraine. Based on CBS investigations, his addition to the discussion occurred approximately 12 hours following his arrival in Moscow.

Euronews sought input from cryptographer Bart Preneel regarding whether Witkoff’s presence in Russia might have heightened the security risks.

“There is definitely more risk in Russia as the government controls the network connection. It is very well known that if you travel there, your device can be hacked over the network,” he said.

Preneel mentioned that another “far-fetched but not impossible” technique for a foreign state to obtain such communications involves secretly utilizing electromagnetic radiation with an antenna to intercept signals from a device. This process enables them to effectively capture everything happening on the device’s display.

What makes Signal so popular, and are governments known to utilize it?

The messaging application is favored by many reporters. For instance, Euronews correspondents utilize it to reduce potential security threats while interacting with their informants.

It’s likewise preferred by dissenters aiming to evade any governmental surveillance.

At the beginning of 2020, the European Commission recommended that its employees should

start using Signal

as part of an initiative to enhance security.

In a report released

last yea

r
The U.S.’s Cybersecurity and Infrastructure Security Agency advised government officials to transition to end-to-end encrypted communication applications like Signal.

The Associated Press recently discovered that over 1,100 governmental personnel spanning all 50 states were involved in this issue.

use Signal

.

However, earlier this month, the Pentagon cautioned its employees about using the messaging application for sharing any type of information, including unclassified data, as stated in an internal memorandum.

seen by NPR

.

The memo from March 18 states that a “weakness has been discovered in the Signal Messenger App,” and also notes that “Russian advanced hacker teams are using the ‘linked devices’ feature to eavesdrop on secure communications.”

A 2023 document from the Department of Defense (DoD) likewise categorizes Signal as an “unmanaged” application.

not authorised

to retrieve, send, or handle confidential Department of Defense data.

Have officials violated US public records legislation?

A further issue is whether the high-ranking U.S. officials involved in the Signal chats violated American laws regarding the preservation of public records.

According to Goldberg’s account, the conversation thread utilized Signal’s “vanishing messages” feature to erase certain communications seven days post-send.

Preneel informed Euronews that unlike WhatsApp, where users can recover deleted messages if they have enabled a backup system, vanished messages on Signal cannot be restored.

A previous employee from the U.S. government’s security department, requesting anonymity,

with Fortune

indicated that the form of communication used in the chat ought to be maintained as per U.S. record-keeping regulations.