For individuals seeking a secure way to send messages, Signal is an excellent choice. However, for government officials engaged in sensitive conversations, its security could be questionable.

This became evident recently when officials from the Trump administration were found using Signal for discussions about classified military strategies. This was highlighted when Jeffrey Goldberg, editor of The Atlantic, was inadvertently included in a Signal chat by former National Security Advisor Mike Waltz. Following this incident, Waltz was dismissed and subsequently nominated for a U.N. ambassador position.

The administration’s reliance on Signal for sensitive communications raises numerous concerns, and the issues extend beyond accidental inclusions. A photograph shared by Reuters from a cabinet meeting revealed Waltz using an iPhone displaying a conversation with notable officials, including Tulsi Gabbard and Marco Rubio, which included a message from Signal regarding PIN verification.

However, it turned out that this wasn’t typical Signal messaging. Instead, the authentication notice read “TM SGNL PIN,” indicating the use of TeleMessage—a service that claims to safely archive Signal communications. Despite its promises, 404 Media uncovered that TeleMessage suffers from several security flaws.

The precariousness of this setup was soon apparent. On Sunday, 404 Media reported a breach in TeleMessage’s systems, with hackers accessing customer data, including private messages and group discussions. Though confidential information from Waltz and other officials remained intact, the hack exposed names and credentials, along with evidence suggesting the service may be used by various government branches.

Among the extracted messages were discussions about garnering votes for a cryptocurrency bill, hinting at confidential conversations that were not meant for public disclosure.

Understanding the vulnerability of TeleMessage is crucial to comprehend why it is unwise for a governmental entity to use it for classified dialogues. Signal employs end-to-end encryption, ensuring that only the sender and recipient have access to the messages exchanged. Once sent, a message remains coded during transit and is only decrypted upon arrival at the designated device. An interception would yield incomprehensible data.

This architecture means Signal cannot access user messages; there is no way for any authority to pressure Signal into revealing contents, as the decryption key resides solely on the users’ devices. Even a successful breach of Signal’s servers would yield no decipherable information.

Contrastingly, TeleMessage disrupts this security framework by intercepting and archiving messages as regular text. The company’s assertions of security do not hold up against the evidence of hackers accessing personal messages, indicating that data was captured for “debugging purposes,” thus revealing decrypted content. While they may encrypt archived messages, handling decrypted information in such an insecure manner leaves the door open for compromises.

Prior to the security breach, 404 Media raised doubts regarding TeleMessage’s reliability, as it aimed to archive “end-to-end encrypted” messages on Gmail—a platform notorious for lacking robust encryption. The service also underscored that Signal cannot guarantee the safety of unofficial app versions.

Signal: Suitable for Personal Use, Not for Classified Matters

Signal and similar end-to-end encrypted platforms offer excellent personal security. Messages remain inaccessible unless someone possesses physical access to the involved devices, significantly enhancing digital privacy.

However, encryption alone does not eliminate threats. Vulnerabilities and points of failure still lurk in all forms of digital communication, encryption included.

Cybercriminals are fully aware that messages are only decryptable through the corresponding devices. Thus, one effective approach to undermining security is by penetrating the devices themselves. Malware such as Pegasus can stealthily infiltrate a target’s device, allowing access to private information—even encrypted data.

High-profile individuals frequently find themselves as targets for such malware. Indeed, Apple regularly alerts users about potential breaches. Waltz, according to Mike Casey, a former director of National Counterintelligence, is “one of the top five most prominent figures likely targeted for espionage” in the world.

Moreover, one must consider the security of the other party in a conversation. If the individual on the other side of an encrypted chat has a compromised device, your own security becomes irrelevant. A simple lapse, such as leaving a phone unattended, poses significant risks. In group discussions—like that of the Trump officials—the potential for compromised security increases exponentially.

Every form of digital communication carries inherent risks. It is essential to evaluate the sensitivity of the information being transmitted. For everyday chats, platforms like Signal suffice. However, for discussions involving crucial or life-threatening information, considering a SCIF may be the most prudent choice.