By now, you’ve likely read about the Signal thread with the Vice President, the Secretary of Defense, and others coordinating airstrikes against Houthi rebels in Yemen – unaware that Jeffrey Goldberg, the editor-in-chief of The Atlantic, was in the conversation.? 

It was a lapse of operational security at the highest levels of government – and a reminder that in today’s hyper-connected world, a national security breach doesn’t always require hostile actors. Sometimes, all it takes is a finger slip.? 

The app at the center of this controversy, Signal, has become a go-to for encrypted communication. It’s open-source (meaning its underlying technology is publicly available), end-to-end encrypted (meaning only the sender and the recipient can read the messages), and doesn’t store metadata – in layman’s terms, it’s much more airtight than basic text messaging. Agencies like the Cybersecurity and Infrastructure Security Agency (CISA) recommend it for use in certain sensitive – but not classified – contexts.?? 

But there’s a big difference between secure and suitable. There are no safeguards to prevent someone from being added to a group by mistake. And most importantly, your Signal messages can potentially be viewed by anyone with access to your phone. As one anonymous former White House official told POLITICO, “Their personal phones are all hackable, and it’s highly likely that foreign intelligence services are sitting on their phones watching them type the shit out.”? 

For military operations or discussions involving classified information, the U.S. government already has purpose-built systems: SIPRNet, the Secret Internet Protocol Router Network, is designed specifically for transmitting classified data securely. It exists within the broader Defense Information Systems Network (DISN), which provides encrypted voice, data, and video services tailored for operational demands. These systems use Advanced Encryption Standard protocols (the gold standard of encryption for sensitive, classified government information) and are subject to strict communication security (COMSEC) rules, chain-of-command access, and audit trails. In short: they are structured, monitored, and built to prevent exactly the kind of slip-up that happened here.? 

So why didn’t the Trump officials use them? It isn’t yet clear. In Australia, government officials are now facing scrutiny for using Signal to communicate on official business.? 

Ultimately, this wasn’t a breach caused by Russian hackers or other malicious actors. It was nothing more than a tap on the wrong contact. And that’s what makes it worrying.??