The Signal Chat Leak Makes the NSA's Job Harder

When it comes to secure messaging services, one name often comes up: Signal. Now, thanks to a recent group chat leak involving top US officials, including National Security Advisor Mike Waltz and Vice President J.D. Vance, the very same service is facing scrutiny from those who seek to exploit its vulnerabilities.

Waltz, along with other high-ranking officials, started the now-infamous group chat on March 15, coordinating a US attack against Yemen-based Houthis. In an interview with Fox News, Waltz expressed his surprise that Atlantic editor-in-chief Jeffrey Goldberg was not present in the group chat, suggesting that Goldberg may have hacked into the group.

However, there's more to the story than meets the eye. Last month, the US National Security Agency (NSA) sent out a bulletin to its employees warning them about a security vulnerability identified in Signal. But what really went down behind closed doors? Was it true that Waltz and his colleagues were using Signal for operational US military traffic?

The NSA's mission is complex: breaking into foreign networks, conducting warrantless taps on domestic communications (a practice later ruled illegal by several district courts), and protecting US communications from others who want to spy on them. This dual responsibility creates a tension.

With everyone using the same technology, security vulnerabilities are amplified. The recent group chat leak has swung the balance of power in favor of weakened smartphone security, with senior government officials now demanding full disclosure about Signal's vulnerabilities.

This shift is significant for Americans who want to communicate without fear of eavesdropping. With Signal's security bolstered, bad actors like drug cartels may feel safer using the service, their secrets protected by US government knowledge of their vulnerabilities.

As a defense technologist and lecturer at the Harvard Kennedy School, I've long advocated for a "defense dominant" cybersecurity strategy. This means ensuring that smartphones used by government officials, police officers, judges, CEOs, and nuclear power plant operators are as secure as possible – no government-mandated backdoors.

Given the recent breach of Signal's security, it's crucial to prioritize this approach. With other governments potentially exploiting this knowledge, the US has urgent incentives to protect its own smartphones and communications. The implications of this scandal go beyond just cybersecurity: they speak to a broader shift in information warfare between nations.

The Trump administration's group chat breach has highlighted the challenges of information security in the digital age. As we move forward, it's essential to prioritize defense over offense in our approach to cybersecurity – ensuring that our own vulnerabilities are not exploited by those who seek to harm us.