BOTTOM LINE UP FRONT — When the heads of the intelligence community (IC) came to Capitol Hill Tuesday to present the Annual Threat Assessment, they were met by questions about something else: the leak of a Signal group chat, in which U.S. military attack plans had been under review, and to which an editor for the Atlantic had been inadvertently invited.
CIA director John Ratcliffe and Tulsi Gabbard, head of the Office of the Director of National Intelligence (ODNI), told the Senate Select Committee on Intelligence that while the chat had included the nation’s top national security officials, and the subject was a pending military strike against the Houthis in Yemen, no classified information had been shared. Ratcliffe maintained that the use of the Signal app had been appropriate for the discussions.
They repeated those claims in testimony to the House Select Committee on Intelligence Wednesday, after Jeffrey Goldberg, the Atlantic editor who had been in the chat, published more excerpts from the exchanges. Initially Goldberg had chosen not to share what he had seen, but The Atlantic’s latest article cited “a clear public interest in disclosing the sort of information that Trump advisers included in nonsecure communication channels, especially because senior administration figures are attempting to downplay the significance of the messages that were shared.”
While some members of Congress have called for the resignations of National Security Advisor Mike Waltz, who invited Goldberg to the Signal chat, and Defense Secretary Pete Hegseth, who oversaw the discussions, President Trump said he accepted Waltz’s apology, telling NBC News that Waltz “has learned a lesson, and he’s a good man.”
Cipher Brief experts who weighed in on the matter said the concerns run deeper than Goldberg‘s inclusion in the Signal chat. Former Deputy Director of National Intelligence at the ODNI Beth Sanner, who was the preparer of the Presidential Daily Brief during the first Trump administration, said the more glaring problem was that such a conversation among national security principals had been conducted via the Signal app. “This is not how serious government conversations [occur], how you work out whether you should be going to war with another non-state actor or country," she said. "And I worry that this isn't a one-off."
THE CONTEXT
- The U.S. launched wide-ranging airstrikes on Houthi targets in Yemen on March 15.
- On March 24, Jeffrey Goldberg, editor-in-chief at The Atlantic, published a report revealing his accidental invitation to a Signal group chat that included top Trump administration officials discussing plans to hit Houthi targets. Goldberg was added by National Security Advisor Mike Waltz.
- On March 25, Director of National Intelligence Tulsi Gabbard and CIA Director John Ratcliffe — who were both in the Signal chat — said no classified information was discussed in the message thread.
- On March 26, The Atlantic released a follow-on piece with more excerpts from the Signal chat, which showed Defense Secretary Pete Hegseth discussing the timing of the attacks and specific military systems to be used.
- Several Trump administration officials continued to maintain that no classified information was shared in the chat.
- The Pentagon recently issued a department-wide email warning that “Russian professional hacking groups” are attempting to spy on encrypted communications on Signal.
- A 2023 Department of Defense memo warned against the use of Signal for any nonpublic official information and “controlled unclassified information.”
THE EXPERTS
On Wednesday, Cipher Brief Managing Editor Tom Nagorski spoke with Sanner and two other Cipher Brief experts – former acting CIA Director John Mclaughlin and retired Rear Admiral Mark Montgomery, former Executive Director of the Cyberspace Solarium Commission.
Their conversations have been edited for length and clarity.
The Cipher Brief: CIA Director Ratcliffe and ODNI leader Gabbard claim the material in the chat wasn’t classified. Your reaction?
McLaughlin: I don't know what they mean. I really don't. They're very new in their jobs, and the most charitable interpretation you could make would be that they are somewhat uncertain about what's classified, or confused about what's classified, or haven't yet developed their own standard for what's classified.
There are a lot of legally-worded documents that define what's classified and not classified. I would say a common-sense standard applies here. The material that's since been released would by any common-sense standard be classified, because it is deliberative material among national security officials, which at a minimum would be classified secret. And once you start talking about weapons systems, delivery times, battle damage assessment — all of those things were included in the latest details to come out — by any definition, that is classified material at a very high level because it is certainly top-secret.
It's a pretty simple standard. It's not material that you want to be shared with an adversary that can interrupt your planning and possibly thwart your planning, nor do you want adversaries to see your deliberative process, how you make decisions. In any combat, international affairs, competition, or negotiation, secrecy and ambiguity are your weapons. So you don't want them out there.
This is not rocket science. Don't tell the enemy what you're going to do, and certainly don't give them details about it. It's just common sense. I don't know why they would say it's unclassified, except that they're also not very experienced in dealing with harsh congressional testimony, even though a couple of them have been in the position of dealing it out.
Sanner: [Watching the IC hearing], it was like I was watching the impeachment hearing of President Clinton, when he was trying to define what sex was. They were really parsing these words – “I'm not talking about DOD classified, I'm talking about CIA classified.” Really? Whether there was technically CIA- or ODNI-classified information on this chat is not a core question.That's not the point. Talking about a strike on a foreign country before that strike happens is classified. It just is. It was secret. It was something that they would not want publicly released.
But let's talk about the other things here that matter. One is that this shows that they don't have a policy process. You should not be having a disagreement about the timing of a strike after the president has signed off on it. Where is your policy process?
Secondly, why are you having a policy process via text? That is not a policy process, with the emojis and other things. This is not how serious government conversations [occur], how you work out whether you should be going to war with another non-state actor or country. And I worry that this isn't a one-off.
Montgomery: I was surprised at that answer [that it was not classified], mostly because I think both the Director of National Intelligence and the Director of the CIA know what was in the text chain. And what we now know – because the Atlantic revealed additional information – was that stuff that we would consider ongoing military activity was being discussed, and at a level of detail that I think would normally be classified, and not considered unclassified or controlled unclassified information.
The information was what I would consider ongoing operational activities. It can be classified, it probably was classified, and it's wholly inappropriate that [Goldberg] was included in any kind of information exchange group with that. The journalist was exposed to ongoing operation activity. And with the second dump of information, it's pretty clear that this was ongoing operational activity and was, in my opinion, likely classified material at the time.
The Cipher Brief: Was this an appropriate use of the Signal app?
McLaughlin: My gut reaction was astonishment that they would be discussing these kinds of details on an app like Signal. Signal is more secure than most apps, but there have been warnings from our own government and also from foreign governments about the danger of foreign intelligence services seeking to break into Signal. Russians in particular.
The problem is that you can't be sure that platform is secure. The encryption is good, but on the other hand, it's absolutely certain that foreign intelligence services are seeking access to the instruments, to the phones themselves. Once they're in your phone with malware, then the app is no longer secure because they don't have to break the encryption. They simply have to read what you are saying on your phone. And if one phone in a group of say eight or nine or 10 is compromised, they all are compromised.
So even though it is an app that many of us use for secure communication, it’s not for classified matters or matters of military planning. And it's astonishing to me that that would be used, thinking back to my own time in government, knowing you can hardly go anywhere as a senior official without having at your hand some means of secure communication — secure phones, encrypted email, and so forth.
My hunch is that it's the kind of platform a CIA officer might use, say, to make an appointment for lunch with someone when they don't necessarily want their identity floating around in open communications. Or maybe if a CIA officer was authorized to speak with someone in the media, they might do it on that platform about issues that are unclassified.
Sanner: As Senator Mark Kelly pointed out, Signal is not supposed to be used even for sensitive but unclassified information. You shouldn't be talking about anything that you don't want public on the Signal chat. That is a regulation. Anytime you have discussions about a strike — I don't care whether there's a target or not a target – there's just no way that this wasn't sensitive enough that they shouldn't have been doing it there.
Signal might be pretty secure – it is – but the implement that you are using may or may not be. And there’s the fact that [Trump Administration special envoy Steve] Witkoff was in Moscow, and warnings have gone out about the [Russians] trying to penetrate Signal — but also they have been trying to break into phones. We know that China got into administration phones prior to the election — President Trump’s. So how do we know that the mobile device itself, which can then look at your keystrokes, know what you're typing, maybe in a hostile environment where lots of things can then be put on your phone – was secure? That's a disaster.
Montgomery: I consider Signal a good platform for you and I to have a conversation, or me and my accountant to have a conversation, because I don't believe a nation state is intentionally targeting that kind of conversation. On the other hand, I think it's completely inadequate for the potential discussion or actual discussion of classified information. And I think everyone involved knows that. If they didn't know beforehand, they know it now.
In my mind, the key issue is the passing of any potentially classified information on the Signal platform. In fact I would say the inadvertent sharing with the journalist is just a side effect of the core problem, which is having this conversation on the wrong platform. If they had been having this conversation on a separate, secret base platform or a top secret JWICS (Joint Worldwide Intelligence Communications System) base platform, you couldn't have invited the journalist. So it is in fact at its core a process problem, where a platform not intended for government classified information exchange was used, potentially, for government classified information exchange.
The Cipher Brief: What comes next?
McLaughlin: I'm assuming that Signal will now be off the table, for one thing. I'm sure they all wish they could take this back.
Another looming question here, which the administration has to deal with, is that by their own statements prior to the inauguration and prior to their confirmations, many of them – including the FBI director and the Attorney General – made a great deal of their conviction that classified information needed to be protected and that those who violated that, or put it at risk, need to be prosecuted. There need to be consequences. So the next difficult question for them to work through is, are they going to act on that or not? And to some degree, when you say it's not classified, it's in the category that we often see from the administration, which is the category of, what you saw with your own eyes did not happen. What you heard with your own ears did not take place.
It's a new administration caught in a controversy. One could only hope they will learn from it and take appropriate action. I've been in positions in the government where we made mistakes. And your best strategy is always to just acknowledge it. It's a basic principle of crisis management. When you make a mistake, stop it. Don't dig the hole deeper. Stop it by saying it was a mistake. We understand what went wrong. We will correct it. It will never happen again.
Montgomery: From my point of view, Mike Waltz did the right thing, took responsibility for it. And from my perspective, he's done what he needed to do. And that should end it for him. The president told him he was disappointed. The president told him how to act in the future. He's acknowledged it. That's enough. I wish that our senior national security personnel over the last eight years would just acknowledge when they make a mistake, so that we can learn from it, and move on. But the vast majority of the time they don't. They obfuscate, deny, make counter accusations.
I would contrast national security advisor Waltz with Secretary of Defense Hegseth. I don't think he's been nearly as open in embracing that he might have made an error, whereas Waltz has been very clear that this was a mistake and he was responsible for it.
Finally, I don't think the Houthis are on our networks – I don't think they've penetrated the Signal chat of any of the people involved in this. But I think the Chinese could and may well have, as well as the Russians. The Russians and Chinese both might have penetrated the system. And therefore, the lesson going forward is to knock it off. Get on classified systems.
Sanner: There has been this pattern of not understanding or caring about rules, including classification. From DOGE plugging in an unclassified computer or network into a classified system, to sending down two years’ worth of CIA new hires’ names, even though it's only first name and last initial — please tell me in the world of AI, that the AI DOGE people understand how you could use that to figure out who these people are. So there's this overarching thing here that is showing a lack of understanding and seriousness about the reason we have these rules and processes and laws that appear to have been broken here. And they need to fix that.
I'm less about pointing fingers, accountability, or firing people. I want to make sure that U.S. processes, systems and policymaking and the protection of intelligence is working. And they need to use this, instead of as a cover-up for who made mistakes and who added the journalist's name, they need to say, we are going to not do this anymore, and we are going to do it this way because all of these things matter.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief
