Washington, D.C. – National Security Adviser Mike Waltz and Defense Secretary Pete Hegseth are facing intense scrutiny following revelations that they used the encrypted messaging app Signal to coordinate potential military strikes on Houthi targets in Yemen—raising alarm across the U.S. national security and cybersecurity communities.
The Pentagon’s Office of Inspector General has launched an investigation into the matter, which was first exposed by journalist Jeffrey Goldberg. According to the report, the Signal communications involved not only Waltz and Hegseth but also other senior administration officials, including Director of National Intelligence Tulsi Gabbard.
Though use of encrypted apps among federal officials isn’t new, experts say the nature of the discussions—reportedly involving sensitive operational planning—may have violated protocols for handling classified information and federal recordkeeping laws.
Encrypted Apps in Federal Agencies: A Patchwork of Policies
Most U.S. agencies have strict guidelines on using third-party communication apps. The Interior Department, NASA, EPA, and Nuclear Regulatory Commission (NRC) prohibit or tightly restrict platforms like Signal and WhatsApp, requiring special approval and full compliance with federal records laws.
“Encrypted messaging apps like Signal and WhatsApp are restricted and may only be used by exception,” an Interior Department spokesperson told FedScoop, noting these exceptions still require compliance with federal recordkeeping standards.
The State Department, with its global communications demands, allows limited use of encrypted apps, but only in specific cases—such as humanitarian coordination or emergency public alerts. Even then, officials must archive all communications by forwarding them to a state.gov email within 20 days and deleting them from the platform.
The Department of Energy, whose remit includes sensitive nuclear information, enforces a strict ban on Signal unless an official exception is granted. One former DOE official said discussing classified nuclear matters on Signal would be grounds for “jail.”
Device Use Abroad Raises Further Concerns
The investigation also sheds light on concerns about government officials traveling internationally with devices that may store sensitive information. Several agencies, including the National Science Foundation, EPA, and DOE, provide employees with loaner devices with limited functionality when traveling to high-risk countries. Use of regular government-issued phones or personal devices is prohibited or heavily restricted.
According to the former DOE official, Tulsi Gabbard’s presence in Russia with a personal or standard government device would likely violate security protocols—unless she had been issued a special secure phone, which are rare and only authorized for limited personnel.
Larger Implications for National Security and Accountability
The unfolding controversy underscores longstanding challenges around cybersecurity compliance, classified communication, and accountability within senior ranks of government. The use of Signal and other encrypted apps—even when justified for speed or discretion—runs afoul of federal requirements unless communications are properly captured and archived.
As the Pentagon investigation proceeds, questions remain about whether federal laws or security protocols were violated—and whether top officials may face disciplinary action or even criminal charges.
This incident comes amid broader concerns about the Trump administration’s approach to communications security and its disregard for established federal IT policies.
