> According to the White House, the number was erroneously saved during a “contact suggestion update” by Waltz’s iPhone, which one person described as the function where an iPhone algorithm adds a previously unknown number to an existing contact that it detects may be related.
Politics aside, these auto-suggestions are a landmine in business contexts and should be disabled by IT where possible. Sometimes I'll be sending emails including both my client and internal team and the lawyers for the other side. The phone will decade that these email addresses are related in some way. So next time I want to send an internal strategy email to my client and the team, the app will helpfully suggest copying opposing counsel. Not great.
I think in the very best case we _might_ see Apple/G adding an option into the OS to disable contact autosuggestion, but I wouldn't hold my breath.
When a feature is mildly useful 95% of the time and an awkward footgun 5%, I think it still remains a good addition, but one that can be turned off if necessary.
Double checking the recipients in a chat discussing national security is a super low bar and the parties involved are rightfully embarrassed by this one. I'm not letting them blame it on the product managers
> According to the White House, the number was erroneously saved during a “contact suggestion update” by Waltz’s iPhone, which one person described as the function where an iPhone algorithm adds a previously unknown number to an existing contact that it detects may be related.
It's interesting that this was the cause. I'm sure we all have our own stories of how UI/UX niggles (regardless of platform or app) have led to unintended behavior.
While I understand automatic suggestions can be helpful at times, when the UX doesn't clearly identify the cues that lead to the suggestion, with a way for a human to confirm it, this type of error is a likely result.
I have not followed the case too closely, but it seems like the timeline was roughly:
- deny anything wrong happened - Atlantic is a liar
- the leak might have happened, but nothing secret was shared
- ok fine, secret military information was shared
- here is an analysis that says it was the phone at fault, not human error
I have trouble believing anything except butt covering at play. When you are repeatedly caught lying, I do not immediately believe the latest story iteration, even if it is plausible.
I think the most accurate thing Trump has said so far in 47th Presidency was "everything's computer" about the Tesla dash.
Almost everything else out of his mouth, at least towards the media, has existed somewhere on the scale between 'large clump of BS wrapped around a tiny nugget of truth' and 'bald-faced lie'.
And when fairly obvious lies are repeated, the rest of what is said by himself and the rest of his administration retains the stink of the same taint.
> here is an analysis that says it was the phone at fault, not human error
> I have trouble believing anything except butt covering at play.
No, I did not cheat. We just happened to be hanging around without undergarments, and, you know, we had been eating bananas, and somehow some banana peel fell on the floor, and then I slipped, and grabbed the first thing I could hold on to, and that's how we both accidentally fell on the couch, and then the dog got excited and jumped on us to play, and that's how I unvoluntarily got jump-humped into this unfortunate event..
It’s a real feature in first party apps (messages, mail, etc), but it’s not fully automatic. When it thinks that a number/address/etc is related to an existing contact, it’ll prompt the user to confirm or deny, and upon confirmation the info is added. Ultimately it’s up to the user.
I don't know when they added it to iOS, but my iPhone does this. I get a text from some new number and the message includes (e.g.) "Hey this is Tom." and a notice right in Messages says it "found" a contact that this may be and asks if I want to add the number to that contact. I could imagine having this happen correctly a few times in a row might make one trust that it knows what it's doing.
The iPhone contacts app is an absolute cluster of an app in terms of how it manages adding contacts (or allows other apps to add contacts).
Years ago I had my nicely arranges contacts in place, then added Gmail and it upload contacts so now they were all duplicated. Then when I dug into it, I realize you have have folders of different contacts, but depending on the view they are shown as combined.
Then add on top Gmail keeps asking me if I want to update someone's contacts from an email they sent me. I click yes, but it keeps coming up even though their contact info doesn't change (what?).
Then if I try to copy a message from iMessage, it will randomly assume a number is someone's phone number and ask me if I want to create a new contact (what?). If my fingers were fatter it would be easier to click "yes" and end up with a non-phone number added to some person's contacts.
I only trust the contacts that I add manually, everything else is suspect.
> According to the White House, the number was erroneously saved during a “contact suggestion update” by Waltz’s iPhone, which one person described as the function where an iPhone algorithm adds a previously unknown number to an existing contact that it detects may be related.
I'm sorry, how is that knowable? Is there a log of iPhone users interactions that shows this?
Or is it the case that investigators pointed to the wrong number being saved in Waltz' phone and Waltz replied: "Oh, the only explanation is that I must have misclicked when my phone asked me to update my contacts."
Sure, but the use case of Signal isn't for secret communications, so the stakes of adding the wrong person should be a lot lower in normal use.
If it was intended as a secure communications platform for government use, they wouldn't be using phone numbers and an address book that can have incorrect information.
I did read Signal was being used in the military etc, but only as a notification system that they should check their actually secure communications thing.
Cause SIPR, JWICS, GIANT etc… are nearly impossible to access - to the extent where for SCI info (which is arguably the level of data they were passing) they constrain you to having to communicate in a certified SCIF
The SecDef has a bunch of SCIFs but even NSC staff don’t to the same degree.
People pass TS/SCI data outside of the system regularly - congress is notorious for this and I have personally had multi year operations shut down because a congressman talked about it at a hearing.
I know of plenty of parking lot “SCIF” and sneakernet SCI conversations because time was an issue
The reality is this admin doesn’t care about the structures that the national security community is statuatorily mandated to use, but there’s nobody that is going to do anything to them about deviating.
Classified networks suck to use, anyone who can get around it does. The fact that its the secdef and nsc and they got busted just demonstrates that they view their behavior as more important than the system.
Left to the viewer to determine if thats a good tradoff
The thing is, it's up to the official classification officer to decide on how far is too far for classification down and this administration loves to short man everything so likely they decided it wasn't an issue, but it is, and someone should be blamed in my opinion since that is that official's job.
You can go around legally too just ask what is and isn't considered classified by derivative.
SIPR is easy to access, there are terminals all over. We had SIPR laptops in cabinets no one ever used. TS/SCI not so much, but there are still SCIFs on every military base and there are a lot of those. Not having access to proper facilities is a bad excuse for the people who work with the president.
SCIF (Wikipedia): A sensitive compartmented information facility (SCIF /skɪf/), in United States military, national security/national defense and intelligence parlance, is an enclosed area within a building that is used to process sensitive compartmented information (SCI) types of classified information.
I doubt FOIA is even a concern considering this is classified information. I think they're more worried about investigations by a future DOJ or by a future Congress since they can look at this information (if it's not deleted, that is)
Lack of oversight, too much power, failing checks and balances.
It's not unique either; the former prime minister of the Netherlands, Rutte, insists on using a Nokia phone and plain text messages, refusing to divulge what is in those messages and deleting them as there's limited space, thus not adhering to any archival requirements.
My guess that the actual secure government messaging services are a pain to use vs. Signal that's on your phone in your pocket, and these people don't really value security over their own convenience. They did share some of the details over actual secure systems ("you should have a statement of conclusions with taskings per the Presidents guidance this morning in your high side inboxes"), but I guess when the attacks were starting, it was easier to just blast them on Signal.
You can joke about Microsoft Teams not being a real messaging platform, but running it on a network that's physically separated from the Internet is quite effective at keeping random journalists out of your chat groups.
That only explains that Signal was considered safe and allowed on their phones not that it was an authorized medium for sharing confidential information.
Genuine question: I get that there’s usually an expected/different process, and (obvs) the ability to add the wrong person is a problem (!) but is there a fundamental practical reason that their using Signal is/was a problem?
The reason that there's an "expected" process is because the people who were hired to think deeply about security got together and, for a bunch of reasons including "(obvs) the ability to add the wrong person is a problem", decided that the process should be something other than Signal. I'm not sure if we know all of the reasons they made that decision, but I think we can infer a few:
- all communication must be stored for legal purposes
- all communication must be on secure government hardware
- the entire security infrastructure must be operated by the government
Signal is end-to-end encrypted. One end is the Signal app on your phone. The other end is the Signal app on their phone. The Signal app is developed by people, using computers. Both of those things can be compromised, neither of them are under the perview of the U.S. security agencies.
I would put the market value of a backdoor into all Senior White House communications as certainly >$10B, and probably >$100B, limited only by how long the buyer believed it would be a reliable source of intel. (it may be better to offer it as a subscription service.)
At that point everything should be assumed to be compromised until demonstrated to a reasonable degree of confidence that it's probably safe. A random install from an app store is not that.
According to the article: “ the White House had authorized the use of Signal, largely because there is no alternative platform to text in real time across different agencies, two people familiar with the matter said.”
Because now _this_ party is in power and controls the systems and information, but in 4/8/12 years _that_ party will be in power and a good-willing-mistake-making-bureaucrat may leak these 'by accident/mistake/etc' if they are properly recorded on a gov-controlled system.
But the auto-delete-after-1-week messages from Signal would never be recovered (unless someone is logging all that data and in the future will be able to crack it).
“… after he mistakenly saved his number months before under the contact of someone else he intended to add.”
This is precisely why the government has its own very inconvenient devices and network, which cannot possibly fall victim to the same completely understandable human error. Had the team been using secure devices on the secure network, no journalist would ever have been accidentally added to the chat.
That these people are in charge of national security is beyond ridiculous. It speaks volumes about the unprecedented political setup we find ourselves in that such frankly inexperienced and naive people are in charge after Senate confirmations that were intended to protect us all from such a mistake.
When not being a Florida politician, Mike Waltz has had this role since the early 2000s (for Cheney) and believes contact fields “get sucked” through invisible series of tubes. He’s never seen a Senate confirmation and I bet never will.
There's absolutely a secure system that crosses agencies - they even refer to it in the Signal chat (see the comment about sending details to your "high side inboxes"). But you can't use that system on your personal phone, and it doesn't let you avoid record-keeping requirements by setting messages to auto-delete.
The US has been perfectly capable of executing complicated military operations for decades prior without needing to use Signal to coordinate messaging amongst heads of staff.
This is blatantly incorrect though. The NSA actually set up the DMCC phone system specifically for this purpose. They are phones with 100% of the infrastructure already set up for communicating classified or sensitive information even while abroad and they are hardened enough that they are generally considered unclassified when powered down. They come in a DMCC-S (secret) and DMCC-TS (top secret) flavor. Any somewhat senior member at any agency or department that regularly interacts with classified information could request one of these devices. They provide cross agency encrypted call, text, and other capabilities at all security levels.
"From the group of 30,000 e-mails returned to the State Department, 110 e-mails in 52 e-mail chains have been determined by the owning agency to contain classified information at the time they were sent or received."
Nothing in my comment implies that what Clinton did was any more lawful. But since you raised the point, I’ll just note that it is quite interesting that Clinton’s circumstance was thoroughly investigated by the FBI, whereas in the Signal debacle, it seems Trump’s administration is going to let it go.
This is a great explanation for why they should be keeping these conversations on systems that are designed for handling classified information and have controls to prevent adding a random person to the conversation.
I think the easy answer is that current systems are subject to FOIA and they are doing their best to avoid FOIA because whatever they are doing is very illegal.
I'm completely unfamiliar with what systems exist, but here's what the article states:
> the White House had authorized the use of Signal, largely because there is no alternative platform to text in real time across different agencies, two people familiar with the matter said.
> Previous administrations, including the Biden White House, did not develop an alternative platform to Signal, one of the people said.
Are you saying these sources are dissembling? Wouldn't surprise me at this point, but just making sure I understand what you're saying.
> White House had authorized the use of Signal, largely because there is no alternative platform to text in real time across different agencies, two people familiar with the matter said.
It's interesting and funny from a tech perspective that auto-suggestions on iPhone got him.
It's also proof that 1) security processes are important for a reason and 2) don't discuss information you don't want getting out on a consumer device (or really on any internet connected device) and 3) these guys' plan of using signal to avoid record keeping was foolish and stupid, more than just because of their silly fear that Democrats would release their records (that would require Democrats growing a spine).
> these guys' plan of using signal to avoid record keeping was foolish and stupid, more than just because of their silly fear that Democrats would release their records (that would require Democrats growing a spine).
s/was/is. As in -- they're going to keep using Signal.
And yeah it is all for naught because as you say, there is no sign the dems as a group will grow a spine.
Even if the democrats received a sudden vertebrae infusion, they hold no levers of power. One might ask where the spines are of the Republicans who are in a position to apply pressure from the inside. Trumpism may die due to pressure from the outside, but it seems far more likely that it will be taken down from the inside, eg internecine billionaire arguments, or a congressional palace coup.
For one thing, as far as I know, the iphone doesn’t attach phone numbers to contacts automatically, it just asks. The article claims the iphone did it, but I think Waltz must have.
Also, this why you don’t use a random group chat app for national security conversations. Your general app is designed for engagement which includes building out the social network. Of course it’s going to err on the side of inclusion, when here you want to err on the side of exclusion.
For national security, contact info would be vetted, verified, and strictly up-to-date. There would be multiple guards that would prevent a thoughtless tap months earlier from leading to the wrong person being given national security information.
It sure is frightening that these bozos are in charge of things that have high stakes.
It was Hegseth, not Waltz, that suddenly started dropping classified operations details (without promoting) into a group chat that was just set up for the purpose of planning for a future meeting. He's the one who really fucked up here.
It seems reasonably likely they were using signal to avoid records keeping requirements and public scrutiny. If you found a group of employees using signal with disappearing messages to talk about work outside of your normal work chat (slack etc.) you'd be pretty suspicious, let alone if they were working in public office!
Hegseth's messages were the worst but not the only ones. E.g., Waltz goes on to share details of targets hit.
And no one ever says, "Don't share operational details in this chat," either before Hegseth's details message or after. It's perfectly clear that was normal and expected.
The chat starts with pulling together the group, continues with high-level agreement to proceed, then the details start dropping... You know... exactly the way work-related chats go. I've had innumerable work chats like this.
Hegseth's own severe incompetence doesn't somehow absolve Waltz of his. I used "bozo" in the plural for a reason.
You don't have to carry water for these idiots. They may nominally be on your "side", but they aren't holding up their end of it. They are making huge mistakes which have real consequences for us all. Time to start calling them out on it, not trying to defend them with technicalities, false dichotomies, and misdirection.
I don’t like Waltz but I think this is the better take that has no really taken hold well in the media. Why was Hegseth posting information that should be in a need to know basis and to folks that have no benefit know before hand. This is the primary issue and I believe a disqualification for being SECDEF. Others would get immediately fired and a healthy chance of being prosecuted.
The other issue is having this chat outside of formal means. I am not as well educated but having civilians that serve at the pleasure of the president I would assume must follow some rules around formal and recorded communications.
None of them seemed at all surprised though, and a bunch of them responded positively. The group didn’t act like the chat was just for setting up a meeting.
Hegseth's posts were the most egregious, but there was a lot of sensitive information that could have been inferred from the rest of it -- basically that the U.S. was planning some sort of attack against the Houthis, they debated whether to do it or not and chose to go ahead, and the approximate timing of the attack is implied by the timing of meetings and decision windows.
It’s an interesting point, but are they even allowed to communicate on these devices with this app? I feel that has to be a question with an answer and i would assume it’s no?
They wanted to send a message to the recipients without going through an official channels. What is a better way than adding a journalist to the "secret" group to "leak" it?
I have been reading spy thrillers recently and my pet toy theory was that this was an attempt to unmask a mole. Leak information and see who publishes it.
Politicians regularly intentionally leak information they want leaked, and politicians also encounter leaks that they don't want leaked. Perhaps Goldberg did the only thing he could - he identified the trap.
Readit News
Politics aside, these auto-suggestions are a landmine in business contexts and should be disabled by IT where possible. Sometimes I'll be sending emails including both my client and internal team and the lawyers for the other side. The phone will decade that these email addresses are related in some way. So next time I want to send an internal strategy email to my client and the team, the app will helpfully suggest copying opposing counsel. Not great.
Then again if they had been ended by now, we might never have heard of this SNAFU.
When a feature is mildly useful 95% of the time and an awkward footgun 5%, I think it still remains a good addition, but one that can be turned off if necessary.
Double checking the recipients in a chat discussing national security is a super low bar and the parties involved are rightfully embarrassed by this one. I'm not letting them blame it on the product managers
It's interesting that this was the cause. I'm sure we all have our own stories of how UI/UX niggles (regardless of platform or app) have led to unintended behavior.
While I understand automatic suggestions can be helpful at times, when the UX doesn't clearly identify the cues that lead to the suggestion, with a way for a human to confirm it, this type of error is a likely result.
- deny anything wrong happened - Atlantic is a liar
- the leak might have happened, but nothing secret was shared
- ok fine, secret military information was shared
- here is an analysis that says it was the phone at fault, not human error
I have trouble believing anything except butt covering at play. When you are repeatedly caught lying, I do not immediately believe the latest story iteration, even if it is plausible.
Almost everything else out of his mouth, at least towards the media, has existed somewhere on the scale between 'large clump of BS wrapped around a tiny nugget of truth' and 'bald-faced lie'.
And when fairly obvious lies are repeated, the rest of what is said by himself and the rest of his administration retains the stink of the same taint.
> I have trouble believing anything except butt covering at play.
No, I did not cheat. We just happened to be hanging around without undergarments, and, you know, we had been eating bananas, and somehow some banana peel fell on the floor, and then I slipped, and grabbed the first thing I could hold on to, and that's how we both accidentally fell on the couch, and then the dog got excited and jumped on us to play, and that's how I unvoluntarily got jump-humped into this unfortunate event..
They must have different iPhones to me, because mine doesn't do that. If I were cynical I would say they made this up.
Years ago I had my nicely arranges contacts in place, then added Gmail and it upload contacts so now they were all duplicated. Then when I dug into it, I realize you have have folders of different contacts, but depending on the view they are shown as combined.
Then add on top Gmail keeps asking me if I want to update someone's contacts from an email they sent me. I click yes, but it keeps coming up even though their contact info doesn't change (what?).
Then if I try to copy a message from iMessage, it will randomly assume a number is someone's phone number and ask me if I want to create a new contact (what?). If my fingers were fatter it would be easier to click "yes" and end up with a non-phone number added to some person's contacts.
I only trust the contacts that I add manually, everything else is suspect.
Dead Comment
I'm sorry, how is that knowable? Is there a log of iPhone users interactions that shows this?
Or is it the case that investigators pointed to the wrong number being saved in Waltz' phone and Waltz replied: "Oh, the only explanation is that I must have misclicked when my phone asked me to update my contacts."
If it was intended as a secure communications platform for government use, they wouldn't be using phone numbers and an address book that can have incorrect information.
I did read Signal was being used in the military etc, but only as a notification system that they should check their actually secure communications thing.
What?
Cause SIPR, JWICS, GIANT etc… are nearly impossible to access - to the extent where for SCI info (which is arguably the level of data they were passing) they constrain you to having to communicate in a certified SCIF
The SecDef has a bunch of SCIFs but even NSC staff don’t to the same degree.
People pass TS/SCI data outside of the system regularly - congress is notorious for this and I have personally had multi year operations shut down because a congressman talked about it at a hearing.
I know of plenty of parking lot “SCIF” and sneakernet SCI conversations because time was an issue
The reality is this admin doesn’t care about the structures that the national security community is statuatorily mandated to use, but there’s nobody that is going to do anything to them about deviating.
Classified networks suck to use, anyone who can get around it does. The fact that its the secdef and nsc and they got busted just demonstrates that they view their behavior as more important than the system.
Left to the viewer to determine if thats a good tradoff
You can go around legally too just ask what is and isn't considered classified by derivative.
Well, Chinese intelligence, but probably not anyone else, right?
Dead Comment
It's not unique either; the former prime minister of the Netherlands, Rutte, insists on using a Nokia phone and plain text messages, refusing to divulge what is in those messages and deleting them as there's limited space, thus not adhering to any archival requirements.
Still not an excuse, because the people with the power to fix it are using Signal instead.
https://www.bleepingcomputer.com/news/security/cisa-urges-sw...
- all communication must be stored for legal purposes
- all communication must be on secure government hardware
- the entire security infrastructure must be operated by the government
Which of these aren't fundamental and practical?
I would put the market value of a backdoor into all Senior White House communications as certainly >$10B, and probably >$100B, limited only by how long the buyer believed it would be a reliable source of intel. (it may be better to offer it as a subscription service.)
At that point everything should be assumed to be compromised until demonstrated to a reasonable degree of confidence that it's probably safe. A random install from an app store is not that.
But the auto-delete-after-1-week messages from Signal would never be recovered (unless someone is logging all that data and in the future will be able to crack it).
https://en.wikipedia.org/wiki/Utah_Data_Center
https://www.snopes.com/fact-check/signal-project-2025/
This is precisely why the government has its own very inconvenient devices and network, which cannot possibly fall victim to the same completely understandable human error. Had the team been using secure devices on the secure network, no journalist would ever have been accidentally added to the chat.
That these people are in charge of national security is beyond ridiculous. It speaks volumes about the unprecedented political setup we find ourselves in that such frankly inexperienced and naive people are in charge after Senate confirmations that were intended to protect us all from such a mistake.
It also tries to blame past administrations for this (which includes Trump last time).
https://www.disa.mil/-/media/Files/DISA/Fact-Sheets/DMCC-TS-...
Indeed, like this:
https://www.fbi.gov/news/press-releases/statement-by-fbi-dir...
"From the group of 30,000 e-mails returned to the State Department, 110 e-mails in 52 e-mail chains have been determined by the owning agency to contain classified information at the time they were sent or received."
Why the double standard?
> the White House had authorized the use of Signal, largely because there is no alternative platform to text in real time across different agencies, two people familiar with the matter said.
> Previous administrations, including the Biden White House, did not develop an alternative platform to Signal, one of the people said.
Are you saying these sources are dissembling? Wouldn't surprise me at this point, but just making sure I understand what you're saying.
> White House had authorized the use of Signal, largely because there is no alternative platform to text in real time across different agencies, two people familiar with the matter said.
It's also proof that 1) security processes are important for a reason and 2) don't discuss information you don't want getting out on a consumer device (or really on any internet connected device) and 3) these guys' plan of using signal to avoid record keeping was foolish and stupid, more than just because of their silly fear that Democrats would release their records (that would require Democrats growing a spine).
s/was/is. As in -- they're going to keep using Signal.
And yeah it is all for naught because as you say, there is no sign the dems as a group will grow a spine.
If that does turn out to be the case then I am certain this won't be the last time they inadvertently share information.
For one thing, as far as I know, the iphone doesn’t attach phone numbers to contacts automatically, it just asks. The article claims the iphone did it, but I think Waltz must have.
Also, this why you don’t use a random group chat app for national security conversations. Your general app is designed for engagement which includes building out the social network. Of course it’s going to err on the side of inclusion, when here you want to err on the side of exclusion.
For national security, contact info would be vetted, verified, and strictly up-to-date. There would be multiple guards that would prevent a thoughtless tap months earlier from leading to the wrong person being given national security information.
It sure is frightening that these bozos are in charge of things that have high stakes.
And no one ever says, "Don't share operational details in this chat," either before Hegseth's details message or after. It's perfectly clear that was normal and expected.
The chat starts with pulling together the group, continues with high-level agreement to proceed, then the details start dropping... You know... exactly the way work-related chats go. I've had innumerable work chats like this.
Hegseth's own severe incompetence doesn't somehow absolve Waltz of his. I used "bozo" in the plural for a reason.
You don't have to carry water for these idiots. They may nominally be on your "side", but they aren't holding up their end of it. They are making huge mistakes which have real consequences for us all. Time to start calling them out on it, not trying to defend them with technicalities, false dichotomies, and misdirection.
The other issue is having this chat outside of formal means. I am not as well educated but having civilians that serve at the pleasure of the president I would assume must follow some rules around formal and recorded communications.
Including Waltz.
They deserve punishment at the Executive level.
I want a President who follows laws.
https://www.cnn.com/interactive/2025/03/politics/yemen-war-p...
They wanted to send a message to the recipients without going through an official channels. What is a better way than adding a journalist to the "secret" group to "leak" it?
Politicians regularly intentionally leak information they want leaked, and politicians also encounter leaks that they don't want leaked. Perhaps Goldberg did the only thing he could - he identified the trap.