A United States Inspector General report publicly released today found that Secretary of Defense Pete Hegseth could have put US troops and military operations at risk by using the consumer messaging service Signal to share sensitive, real-time details in March about a planned attack on Houthi rebels in Yemen. The IG first shared the classified report with Congress on Tuesday.
The report contains only one direct recommendation: that the chief of US Central Command’s Special Security Office “review the command’s classification procedures for compliance” with Department of Defense regulations “and issue additional procedures, as necessary, to ensure proper portion marking of classified information.” The report also references another IG publication about use of “non–DOD-controlled electronic messaging systems” and points to its recommendations that DOD “improve training for senior DOD officials on the proper use of electronic devices.”
The incident the inspector general was investigating has been called Signalgate, because top US officials were using the mainstream platform for communications that would typically occur through secure government channels. Crucially, then-US national security adviser Michael Waltz accidentally invited journalist Jeffrey Goldberg, The Atlantic’s top editor, to the Signal chat as well. Goldberg subsequently publicized the existence of the chat and his mistaken inclusion—illustrating in real time some of the dangers of using a consumer app for highly secret government and military business. Meanwhile, in addition to extremely specific information about the strike, including details like the timing of bomb drops, Hegseth messaged the chat at one point, “We are currently clean on opsec,” referring to operations security.
The IG report notes that Hegseth is the “head original classification authority in the DOD” and therefore decides what information needs to be classified and whether to declassify information.
“We concluded that the Secretary sent sensitive, nonpublic, operational information that he determined did not require classification over the Signal chat on his personal cell phone,” the IG wrote in the report. “However, because the Secretary indicated that he used the Signal application on his personal cell phone to send nonpublic DOD information, we concluded that the Secretary’s actions did not comply with DOD Instruction 8170.01, which prohibits using a personal device for official business and using a nonapproved commercially available messaging application to send nonpublic DOD information.”
The report states that Hegseth “declined to be interviewed” for the inspector general’s report and instead submitted a written statement about the Signalgate events. The Defense Department did not immediately respond to WIRED’s request for comment.
Signal is the gold standard secure messaging app for consumer use. It end-to-end encrypts messages and calls so only the sender and recipients can access them—not outside eavesdroppers or even Signal itself. And Signal also collects very minimal metadata, so the company knows almost nothing about its users and has nothing to turn over if it receives law enforcement requests. No matter how excellent Signal is, though, the “threat model” and use case of individual consumers is very different than that of high-ranking government and military officials.
