Before Trump admin’s Signal controversy, US diplomats in Kyiv scolded for using app

WASHINGTON — Weeks before Secretary of Defense Pete Hegseth and other senior American officials were revealed to have used the encrypted commercial messaging app Signal to discuss bombing Houthi targets, a government watchdog broadly criticized a different set of US officials at a key American outpost for similarly employing the non-governmental app for government work.

On Monday, The Atlantic magazine published an explosive story saying its editor-in-chief was accidentally invited into a private Signal chat between Hegseth and several other cabinet-level officials, including the director of national intelligence and the CIA as well as the secretary of state, as the group discussed the pros and cons of striking Houthi rebels in Yemen.

The conversation, confirmed as authentic by the White House, also reportedly included detailed plans about how a specific strike would be carried out, shared hours before the operation itself took place. (A National Security Council spokesperson defended the discussion as a “demonstration of the deep and thoughtful policy coordination between senior officials” and said the success of the strike was evidence that there was no threat to US national security from the leak.)

The revelation prompted a deluge of criticism from Democrats and national security experts, who lambasted the group for discussing such sensitive military matters over a commercial messaging system and not, as many discussions like that take place, in the secure confines of the White House Situation Room or another Sensitive Compartmented Information Facility, popularly known as a SCIF.

Sen. Mark Warner, the ranking member of the Senate Intelligence Committee, was visibly frustrated at the opening of a hearing today on worldwide threats, which included as witnesses DNI Tulsi Gabbard and CIA Director John Ratcliffe.

“Putting aside for the moment that classified information should never been discussed on an unclassified system, it is mindboggling to me that nobody bothered to check” who was on the chat, Warner said.

Gabbard said in the hearing that — at least from an intelligence perspective — no classified information was discussed in that chat or any other group chats, and she and Ratcliffe suggested they were unaware of any operational details revealed. They referred further questions about sensitive information to the Pentagon.

But there is also the matter of legal obligations to maintain federal records, as The Atlantic reported the Signal chat was set to automatically delete messages after a certain amount of time. And that criticism actually has basis from the State Department’s internal watchdog agency.

In January the State Department’s Office of Inspector General (OIG) published its review of the inner workings at the US Embassy in Kyiv, Ukraine, as part of the IG’s rotating “inspections” of US missions abroad [PDF]. In the report, officials in Kyiv described Signal as critical to their work and safety since the embassy reopened in May 2022 following Russia’s invasion.

“One Embassy Kyiv official stressed that Embassy Kyiv continues to use Signal on the recommendation of U.S. government entities, including DS [State Department’s Bureau of Diplomatic Security], concerned with ensuring secure, rapid, and easily accessible communications in a high-threat environment,” the report reads. “Signal remains an important platform for Embassy Kyiv operations because it is used for critical embassy security communications, including tracking personnel movements and announcing air raid instructions.”

There’s no accusation in the report that the officials discussed classified information over the chat app, but the IG emphasizes — as vocal critics of the Hegseth group chat are now emphasizing — that government workers are generally not supposed to use Signal or other non-authorized apps for official communications, except in specific circumstances and only alongside other record-keeping protocols. (During the worldwide threat hearing today, Ratcliffe reiterated that Signal has long been permitted for government use as long as those other record-keeping measures are taken — protocols he said at least his staff followed.)

In Kyiv, the embassy sent out a memo in April 2024 reminding its staff of its record-keeping requirements, the IG report says, but it appeared to have little effect.

“OIG found that Embassy Kyiv did not implement adequate measures to preserve federal records created using eMessaging platforms,” the report says, adding that “it did not institute additional measures to ensure staff preserved records created or received using eMessaging applications.

“Moreover, OIG found that many Embassy Kyiv personnel reported using Signal to conduct official Department business but did not consistently preserve correspondence from the platform in accordance with federal records retention requirements,” the report says.

State Department and embassy officials reportedly complained that “established procedures for preserving Signal messages are burdensome and do not fully address the technical limitations and information security vulnerabilities that personnel encounter when they attempt to preserve messages.”

State Department administrative officials said they were not empowered to ban the use of Signal, so instead its use is generally “permitted but discouraged.” Those officials stated that they “ultimately defer to the needs of users at post, including regarding the use of whichever eMessaging platform is optimal for conducting Department business in any given country.” A brief search of State IG report archive shows no other mention of the use of Signal at other embassies, at least in unclassified embassy inspections.

In response to the IG report, US Ambassador to Ukraine Bridget Brink said she agreed with three IG recommendations to improve record keeping, from the installation of a new records coordinator as well as clearer policies and internal controls.

“My first and foremost priority is the safety of my personnel and the security of my mission. The Emergency Action Committee, which advises Department leadership on the security situation in Ukraine, has recommended Signal as the eMessaging platform best suited for our current needs, because of its protection in the current counterintelligence environment in Ukraine,” Brink wrote in a letter included in the report.

“I have accepted its recommendation to incorporate Signal as part of our overarching risk mitigation strategy, which includes dynamic phone applications, movement restrictions, and other security protocols designed and implemented to ensure the safety and efficacy of all USG personnel serving in Ukraine,” she said.