@Mark Ollig
Signal is a free, open-source app for secure messaging.
Users can chat and send encrypted messages, photos, documents, videos, voice notes, and other files.
Signal includes a “disappearing messages” feature that allows users to set a timer for automatic message deletion from seconds to weeks. Once the timer expires, messages are removed from all devices.
Most of us are aware of recent news reports of senior US officials using the Signal app to discuss sensitive military strikes, which has raised controversy and prompted investigations into security protocols and communication practices.
Leaked Signal chats exposed vital military information, including the identity of a Houthi missile expert and details about weapon systems like F-18 jets and attack drones.
Jeffrey Goldberg, editor-in-chief of the Atlantic, was inadvertently included in the chat. Later, the full transcript, which contained sensitive information about US military strikes against Houthi positions, was published.
The Signal transcript showed Defense Secretary Pete Hegseth disclosed the exact timings of warplane launches and bomb drops before the attacks on Yemen’s Houthis.
Major news outlets, including the New York Times, the Washington Post, the Atlantic, AP, CNN, Fox News, and PBS, have reported on the unauthorized disclosure of Signal chats involving senior US officials and sensitive military information.
POLITICO, an often-cited source for news on politics, reported April 2 of this year that “a dozen current and former officials confirmed” Signal is used across government agencies, even though there are “warnings about its security vulnerabilities” and “no clear oversight” of how it’s used.
The AP (Associated Press), on March 24 of this year, found Signal accounts for government officials “in nearly every state, including many legislators and their staff,” with some accounts registered to “government cellphone numbers” and others to “personal numbers.”
The AP notes that encrypted apps like Signal “often skirt open records laws,” and that “without special archiving software, the messages frequently aren’t returned under public information requests.”
The media has called this “The Signal Saga,” “Signal Scandal,” and “Signalgate.”
“Signalgate” reminds me of the Watergate Senate hearings, which were nationally televised from May to November 1973 – and yes, I do remember watching them.
Signal: a public messaging app
Signal is an open-source messaging app that offers end-to-end encryption.
It is operated by the Signal Technology Foundation, a non-profit organization founded in 2018 by Moxie Marlinspike and Brian Acton.
Signal maintains global accessibility by using cloud infrastructure from providers like Amazon Web Services (AWS), Google Compute Engine, and Microsoft Azure.
Signal offers strong end-to-end encryption, but its use of centralized public cloud servers presents security risks, particularly when dealing with sensitive government information.
The encryption itself is not compromised, but using infrastructure outside direct government control increases the risk of unauthorized access or exploitation, making Signal unacceptable for US government-classified communications.
Signal’s source code is available on GitHub at https://github.com/signalapp , and its official website is at, https://signal.org.
NPR (National Public Radio) reported March 25 of this year, “The Pentagon issued a department-wide advisory March 18, 2025, warning against using Signal even for unclassified information.”
It highlighted the dangers of using third-party messaging apps for official communications due to vulnerabilities that foreign adversaries could exploit.
The Pentagon clarified that third-party messaging apps like Signal may be used for unclassified accountability or recall exercises, but are not authorized to process or store non-public unclassified data.
SIPRNet: secure communications infrastructure:
The US government’s SIPRNet (Secret Internet Protocol Router Network) was founded in the early 1980s with the launch of Defense Secure Network 1 (DSNET 1) under the Defense Data Network (DDN) initiative.
While SIPRNet was not formally named until the 1990s, its operational roots trace back to this classified communications effort, which aimed to create a secure infrastructure for classified communications across various levels of sensitivity.
SIPRNet, obtained from DSNET 1, became operational by 1997 and serves as the Department of Defense’s classified network for secret-level information.
SIPRNet is used for secure communication between military branches, government agencies, and international partners.
It handles classified information up to the secret level and employs government-approved encryption.
SIPRNet enables real-time data sharing that is secured by strict encryption and multi-factor authentication (MFA).
It operates on a physically isolated infrastructure, separate from both NIPRNet (Non-classified Internet Protocol Router Network) and the public internet, which is the Department of Defense’s global network for unclassified data.
Its security is reinforced through host-based security systems, continuous compliance monitoring, and tools like HBSS (Host-Based Security System) and ACAS (Assured Compliance Assessment Solution).
The US Department of Defense enforces strict rules to protect data integrity, including strong password policies, separate admin accounts, and the banning of unauthorized software or hardware.
Regular audits and Cyber Command Readiness:
Cyber Command Readiness Inspection (CCRI) ensures that security measures are continuously maintained and that any weaknesses are promptly addressed.
Unlike Signal, which uses commercial infrastructure, SIPRNet uses specialized defense-in-depth systems to provide a secure environment for classified communications.
SIPRNet protects sensitive data and national security by using a physically isolated network, strong encryption, and multi-factor authentication with hardware tokens.
Why Signal is not suitable for classified communications:
Signal is suitable for personal secure messaging but does not meet US military standards for classified communications. It is not fit for sensitive government information due to its reliance on third-party cloud services and the public internet, unlike SIPRNet, which has stronger security.
Signalgate has brought to our attention the importance of secure communication protocols for safeguarding our nation’s sensitive information and, most of all, maintaining the public’s trust.
 |
| Created using Imagen-3 on Gemini Advanced AI |
