In a story that reads like a scene from a political satire, The Atlantic’s editor-in-chief Jeffrey Goldberg revealed that he had been inadvertently added to a Signal group chat involving what appeared to be some of the most senior officials in the U.S. government. The group—titled “Houthi PC small group”—included individuals identified as National Security Adviser Mike Waltz, Vice President JD Vance, Secretary of State Marco Rubio, Secretary of Defence Pete Hegseth, and other senior figures. The subject matter? Live coordination and decision-making around upcoming U.S. airstrikes on Houthi targets in Yemen.
Goldberg remained in the group for nearly two days, silently observing as messages were exchanged. At first, he didn’t believe what he was seeing. Goldberg assumed it was some kind of prank, a hoax or a disinformation campaign. “I could not believe that the national-security leadership of the United States would communicate on Signal about imminent war plans,” he later wrote. It wasn’t until the strikes occurred at precisely the time and location described in the chat that he realised: this was no spoof. It was real. He immediately left the group.
For context, Signal is an encrypted messaging app with a reputation for strong privacy protections. It’s widely used by journalists, activists, and privacy-conscious professionals. Its messages are end-to-end encrypted, meaning only the sender and the recipient can read them. But encryption does nothing to stop human error, like adding the wrong person to a conversation. Nor does it prevent someone from forwarding a message, taking a screenshot, or leaking information through other means.
To be clear, I’m not commenting here on the legality of this episode. That’s for U.S. legal scholars and national security officials to determine. But from a civil service standpoint—having once worked within that framework—the idea of discussing live operational plans in a consumer messaging app is unfathomable. In most public sector environments, this would not just raise eyebrows; it would trigger formal inquiries and result in disciplinary action.
What makes this situation so relevant to the rest of us is that the officials involved weren’t interns—they were seasoned leaders —people who should understand the stakes and the channels. And yet they fell into a trap that’s increasingly common across many industries: mistaking encryption for discretion, and informality for safety.
In our line of work, we sometimes hear stories where professionals choose to use messaging apps like Signal, WhatsApp, or Telegram instead of email. Sometimes it’s about convenience—group chats are quick, informal, and feel more responsive than a drawn-out email thread. But often, it’s also about avoiding an “email trail”—the assumption being that text conversations are more ephemeral, less official, and somehow safer or harder to trace back.
But that logic is flawed. People often mistakenly treat informal chats—Signal, WhatsApp, DMs—as “off the record” spaces, where they can say things they wouldn’t ordinarily dare put in an email. But, if it’s written down, it can be saved, forwarded, or screenshotted. Informal platforms may feel private, but they carry their own risks—and those risks are often underestimated.
There’s a reason secure channels exist. Operational communications—particularly those involving crisis response or live deployments—can’t afford missteps. You think you’re in control of the message until someone forwards a screenshot. Or worse, adds the wrong recipient.
Some apps like Signal offer features like screen security to block screenshots, but they’re optional and easily bypassed. And while end-to-end encryption sounds reassuring, it doesn’t stop someone from mistakenly adding a journalist—or anyone else who shouldn’t be there—to your group. In other words, security tools can’t protect you from carelessness.
Unlike emails, which often demand subject lines, clearer formatting, and more deliberate phrasing, messaging apps encourage shorthand, speed, and informality. That tone can lower people’s guard. But in sensitive environments—be it national security, maritime operations, or corporate crisis response—that informality can have real consequences.
So what can we learn from this?
First, treat every form of digital communication as potentially permanent. If you wouldn’t want it read aloud in a meeting don’t type it.
Second, don’t confuse “encrypted” for “secure”. Signal has strong privacy protection, but no app can defend against human mistakes, leaks, or screenshots. Security is not just technical—it’s behavioural.
Third, review your internal communications policies. If there’s no clear guidance on what kind of information should (or should never) be shared over chat platforms, now’s the time to establish it. Informal channels can be efficient, but they’re no excuse for sloppy or risky practices.
Finally, culture matters. Create a work environment where people feel comfortable pausing before they send. Where checking who’s in the group chat or email chain is a habit. Where formal channels are respected not because someone says so, but because everyone understands the stakes.
The “Signal Gate” saga may seem absurd on the surface. But it’s a powerful reminder that even the most encrypted systems can’t prevent lapses in judgment. And in crisis comms—whether in government, maritime, or high-stakes corporate environments—how we communicate is just as important as what we communicate.
