How to not accidentally give away national security secrets to the editor of a major magazine
Encryption only keeps out the people you haven't invited into the group chat.
Looks like not everyone’s been reading our blogs.
At Psst, we talk a lot about how to protect yourself while sharing sensitive information. There are a few basic rules we like to hammer home: consult a lawyer before you do anything (you can talk to one of ours!); use a secure encrypted messaging app for any online communications; and make sure you are careful about who you talk to. But today’s major headline is a lesson in: you’re only as secure as you behave, no matter how great you think you are at opsec.
On Monday, Atlantic editor in chief Jeffrey Goldberg published a story about how one of President Trump’s top national security advisers accidentally added him to a Signal group chat about… the administration’s plans to bomb Yemen. Yes, that’s correct. It appears that national security adviser Michael Waltz added Goldberg, a journalist, to a group chat that included the Vice President, the Secretary of State, the Director of National Intelligence, the Defense Secretary and other top-level officials. THEN, these officials started sharing the administration’s plans to bomb Yemen. Again, this is all on the group chat. (I don’t know about you, but this is not what my group chats look like.)
It’s not an ideal scenario—for Waltz or, dare we say, the country? For one thing, if these conversations are happening on Signal it means there are almost certainly no records being kept of them—if you’re not aware, every Signal message can be “burned,” or automatically deleted, if you enable disappearing messages. And presumably we want our government to keep records of decisions like bombing people.
But some broader lessons can be gleaned from this debacle.
First and foremost, while Signal is very secure, it’s ultimately only as secure as the person who’s using it. The person with whom you’re sharing information can still do what they want with it. So be careful about who and what you add to your chats!
Once you’ve discerned that this person isn’t going to betray you or you are not revealing classified information, make sure you are actually adding that person. Goldberg notes that he shows up as “JG” in a group chat. Maybe Waltz meant to add… a different JG? (I mean, going through my own rolodex, turns out I also know a lot of JGs.) Everyone should be double-checking which contacts they’re adding to the Signal group before letting loose with the classified information!*
Unless…. Waltz himself was trying to blow the whistle on the U.S.’s plans to bomb Yemen by adding a national security journalist to the chat? (Improbable? Yes.) In which case, still do not add a random journalist to a group chat in which state secrets are being discussed. It’s not just that everyone in the chat can see that you’re there—though that is a pretty good reason. There are also just better and more secure ways to get your information to a journalist.
There’s a lesson in this for all of us, even those without national security clearance: be careful, very careful, about digital communications. Sharing a remark about your in-laws to the wrong group chat could be just as embarrassing to your life as this story could be to the people in this story. And keep your online identity as safe as possible from hacking (strong passwords, two-step authentication, encrypted messaging and email). If you’re using Signal on a computer and have been hacked, encryption won’t save you there.
It would almost be funny if it weren’t all so high-stakes and scary. Sigh. Remember the halcyon days of 2009, when President Obama got in trouble for using a Blackberry? To be so young and innocent again…
*Also, you probably should not be using Signal to plan a war.
*Also, try to avoid using emojis when planning a war.