You can build the most secure app and install it on the most secure hardware, but if people simply instead use their private phone to chat with other people on their private phone using a random app from the App Store, then it just doesn't matter.
You can then write as many rules as you like about how you're not allowed to that, but if you don't follow up and enforce those rules then people will keep doing it. Bottom line, no one cares about security enough to compromise convenience, and unless you start to literally throw people in jail they never will.
I suggest getting to ground on how OPSEC works (or doesn’t) for the White House, NSC, and others. To what degree are various intel agencies proactively versus retroactively involved? This is probably very complicated. Common sense guesses or understandings are unlikely to reflect reality. My guess is that proactive OPSEC for private phones is patchy at best.
For anyone who studies this in detail, I suggest passing the information to credible investigative journalists exclusively. This may be a dumpster fire. (If not exclusively, then on embargo.)
The initial message from Hughes to Waltz happened during the campaign, so neither was a government official and they were both using their personal phones. The problem is that they continued to use their personal phones after they became government officials.
There's a limit to what security officials can do when top-level people are deliberately circumventing the controls.
The point of the article is that he accidentally updated his contact on his personal phone (from the campaign, when he was not a government official and did not have a government-issued phone) with the wrong number because he clicked on an iOS suggested contact update generated by receiving a text message. Then, he imported that contact into Signal and then added it to the group chat.
So there are three explanations:
1. Everything happened on his personal phone
2. He was logged into Signal on his personal phone to update the contact, and was also logged into the same Signal account on his government-issued phone. He imported the contact on his personal phone and then added it to the chat on his government-issued phone. From an infosec standpoint, this is not much better than #1 because he still has an unsecured device logged into the same Signal account that he's using for secure comms.
3. He was only logged into Signal on his government-issued phone and then manually copied the number into his government phone from his personal phone, not noticing that it was the wrong number. For anyone who has worked with users, this doesn't seem realistic. These guys have huge numbers of contacts, are very busy, and they do the most convenient thing possible for them. They do not sit around for hours copying information from one phone to another.
Let's assume that Waltz only used Signal from his government-issued phone and manually copied the number from his personal phone. He thought that the number he was copying was from Hughes' personal phone - it was in his personal contacts and he had been using it before either of them were in government. So even if Waltz himself was using a government-issued phone, which seems unlikely, he was simultaneously assuming that his subordinate was using a personal phone.
Even if you take the most generous interpretations you end up with the conclusion that NSC personnel were routinely using personal devices and accounts for secure comms.
The whole point of the Senate testimony from the DNI was that Signal was an approved application that comes pre installed on Government issued devices - and yes indeed, for secure comms.
Even Teams flags external participants to a chat. How was a phone number not known to be within the government perimeter allowed to be added with no alarm to a chat thread in an app pre installed and approved by the agency ?
There are more questions than answers here and its clearly suspicious to say the least that a prominent threat vector such as a mistaken phone number could go unnoticed and not trip a single flag. We're not talking about compromised sim cards or anything, a simple fat finger could expose a secure messaging app thread to an external participant and this is approved by the department for years? How many "Mistakes" over the years have gone unreported ?
Waltz or anyone on that thread isn't responsible for IT, so who ultimately didn't secure this vector?
You're making an assumption that the professional career civil servants are in charge. The whole theme of this administration is that they are dismantling the administrative state and the civil service. The political echelon has made it extremely clear that if they want something, the civil service cannot stop them from getting it, regardless of tradition or legality. So when DOGE says they want probationary employees fired, but the law says that probationary employees can only be fired for performance or conduct reasons, then OPM directs the agencies to fire probationary employees for performance, and the agency carries out that directive. Does it matter that nobody has actually assessed the performance of these employees? Or that OPM has no authority to direct an agency to fire anyone? No. You see this pattern again and again - agencies giving DOGE root access to systems, the administration ignoring statutes that say they have to notify congress or provide a reason before firing someone, etc. Dismantling agencies despite statutes that explicitly state that only Congress can do that.
There are absolutely no institutional guardrails. If Mike Waltz says he wants to put his personal contacts into Signal, nobody is going to stop him from doing that because they know from numerous examples that the administration does not care about laws or civil service protections an is happy to fire anyone who stands in their way.
