Signal App In Spotlight Amid Secret Chat Controversy Of US Officials

The Signal messaging app is at the centre of a media storm this week, after a senior journalist was added to a top secret chat of senior White House officials.

The editor-in-chief of the Atlantic, Jeffrey Goldberg, was inadvertently added to the group where plans for a strike against the Houthi group in Yemen were discussed.

The US National Security Council has said the text chain “appears to be authentic” and according to the Associated Press it is looking into how a journalist’s number was added to the chain.

Security concerns

The fact that senior US national security officials, which included US Vice President JD Vance, US Secretary of State Marco Rubio, and Tulsi Gabbard, Trump’s director of national intelligence, chose to utilise a commercial messaging app to discuss secret military plans, and not an approved US government communication service or platform, has naturally triggered security concerns from experts.

And on the political side, Democrat Senate leader Chuck Schumer has called it “one of the most stunning” military intelligence leaks in history and has called for an investigation.

The material in the Signal text chain reportedly “contained operational details of forthcoming strikes on Iran-backed Houthi-rebels in Yemen, including information about targets, weapons the US would be deploying, and attack sequencing,” according to Atlantic editor-in-chief Jeffrey Goldberg.

It is not clear if the specifics of the military operation were classified, but such plans often are classified. Goldberg did not disclose specifics of the text chain that he felt would endanger US national security or risk the lives of US personnel.

Goldberg reportedly received the details of the attack on 15 March in the Signal chat, two hours before the US began launching a series of airstrikes against Houthi targets in Yemen.

The UK reportedly provided aerial refuelling for US jets during the Yemen airstrikes.

The US and UK have been conducting airstrikes against the Houthis since the militant group backed by Iran began targeting commercial and military vessels in the Red Sea in November 2023.

What is Signal?

The Signal app was created by Matthew Rosenfeld – who is better known by the pseudonym Moxie Marlinspike.

Signal itself if owned by the Signal Foundation, a US-based non-profit, which relies on donations rather than ad revenue.

Moxie Marlinspike joked on X that “there are so many great reasons to be on Signal. Now including the opportunity for the vice president of the United States of America to randomly add you to a group chat for coordination of sensitive military operations.”

Signal is used by an estimated 40-70 million monthly users, making it much smaller compared to the likes of WhatsApp, Telegram or Messenger.

Signal uses end-to-end encryption for its messaging and calling services, which means that messages and calls sent on Signal are scrambled, and only the sender and recipient at each end of the chat have the key to decipher them.

Even Signal itself cannot access them, but Signal’s encryption protocol is open source, meaning that it is freely available for anyone to inspect, use or modify.

The encryption protocol is also used by Meta’s WhatsApp platform.

Despite the encryption, the use of the Signal app does not address the prospect of a user’s actual mobile phone being compromised by other means (i.e. malware).

End-to-end encryption

It should be noted that encryption on Signal is turned on by default, and the app makes no secret of its privacy stance. Indeed, Signal’s head defended the app’s security practices on Tuesday.

“Signal is the gold standard in private comms,” tweeted its boss Meredith Whittaker in a post on X, external after the US national security story became public.

But there have been concerns. Back in 2020 mobile forensics firm Cellebrite had raised eyebrows when it claimed it had cracked Signal’s encryption.

But Cellebrite’s claim was quickly dismissed by Moxie Marlinspike in a tweet on X, who noted that Cellebrite had allegedly altered its original blog post.

Cellebrite was the firm that was reportedly hired by the FBI in 2016 to help access the locked iPhone belonging to the San Bernardino terriorist Syed Rizwan Farook.