Lily Jamali & Max Matza & Kayla Epstein
BBC News
Watch: Mike Johnson defends Trump administration after Yemen group chat mishap
The leak of classified information by President Donald Trump’s national security team on an unsecured chat app may have broken three basic rules, according to analysts.
Atlantic editor-in-chief Jeffrey Goldberg reported that he was accidentally included in the 18-member Signal group and saw details of imminent American strikes on Houthi rebels in Yemen.
The White House has acknowledged the messages reported by the Atlantic appear to be authentic.
Use of unsecured messaging apps is restricted
Signal has gone from a platform favoured by dissidents to the unofficial whisper network of Washington officialdom.
Privacy and tech experts say the popular end-to-end encrypted platform is more secure than conventional texting.
The app is open-source, meaning its code is available for independent experts to scour for vulnerabilities.
But like any messaging app with high-value targets, state-backed hackers try to find a way into Signal chats. Google Threat Intelligence Group has noticed increasing efforts to compromise the platform by individuals of interest to Russia’s intelligence services.
The app is not banned outright by the US government. Under President Joe Biden, some officials were allowed to download Signal on their White House-issued phones.
But they were instructed to use the app sparingly and never to share classified information on it, former national security officials who served in the Democratic administration told US media.
Pentagon regulations state that messaging apps “are NOT authorized to access, transmit, process non-public DoD information”, reports CNN.
Signal is used for communications by militaries around the world, the app’s president Meredith Whittaker told BBC News in December.
But a cybersecurity expert tells the BBC that using Signal to communicate sensitive communications of this nature is risky.
“The channels that are generally used for communications within government systems are monitored and well-secured from a usage standpoint,” said John Wheeler of Wheelhouse Advisors, a cybersecurity consultancy.
With outside tools, he said, it appears there may be no authorisation protocols in place.
“Something of this sensitive nature should really require some very strict protocols in terms of communications,” Wheelhouse told the BBC. “I was very surprised that they would be using this sort of solution.”
He added that this incident might make US partners abroad think twice before communicating sensitive information to American officials.
Don’t share classified info
Using a Signal chat to share highly classified information and accidentally including a reporter on the discussion could raise the possibility of violations of federal laws such as the Espionage Act.
It can be a crime to mishandle, misuse or abuse classified information, though it is unclear whether such provisions might have been breached in this case.
Mara Karlin, who served under six secretaries of state and was assistant secretary of defence, told the BBC the leak is “stunning” and “not normal”.
Karlin said these types of conversations should take place in a secure space, in the Pentagon or in the Situation Room in the White House, not in a Signal group chat.
Sensitive government communications are required to take place in a sealed-off room called a Sensitive Compartmentalised Information Facility (Scif), where mobile phones are generally forbidden.
The US government has other systems in place to communicate classified information, including the Joint Worldwide Intelligence Communications System (JWICS) and the Secret Internet Protocol Router (SIPR) network, which top government officials can access via specifically configured laptops and phones.
Karlin says she expects both allies and adversaries to pay attention to this, saying they will ask: “Can the US government keep sensitive information in a secure manner?”
Inspector general investigations and congressional investigations will be carried out, Karlin predicts. “This is historic,” she adds.
Samar Ali, a professor of politics and law at Vanderbilt University who worked on counter-terrorism with the homeland security department in the Obama administration, said of the leak: “It’s baffling. It’s shocking. It’s dangerous.”
The text chain shows “a clear violation of our national security laws”, she told the BBC.
Prof Ali wonders what accountability the Trump team might face, and notes that she would have lost her job and security clearance if she committed any of these violations.
Watch: Former defence adviser Mara Karlin says group chat mishap ‘not normal’
Keep proper records
Some of the Signal messages National Security Adviser Michael Waltz sent to the chat were set to disappear after one week, Jeffrey Goldberg reported in his article for the Atlantic.
If confirmed, that would raise questions about two federal laws that require the preservation of government records: the Presidential Records Act and the Federal Records Act.
“The law requires that electronic messages that take place on a non-official account are preserved, in some fashion, on an official electronic record keeping system,” said Jason R Baron, a former director of litigation at the National Archives and Records Administration.
Such regulations would cover Signal, he said.
Official government communications are supposed to be either automatically archived, or the individuals involved are supposed to forward, copy or preserve the messages.
“The open question here is whether these communications were automatically archived,” Baron told the BBC. “It’s not clear whether that occurred.”
It was also unclear whether the individuals in the chat had taken other steps to preserve the records.
“We should all be concerned about the use of these electronic messaging apps to evade federal record keeping requirements,” Baron said.
