What Signal Is, and Why It Was Never Built for War Rooms

Secretary of War Pete Hegseth speaks at a troop rally for the 250th U.S. Marine Corps Anniversary Celebration in Del Mar, Ca., Oct. 18, 2025. (DoW photo by U.S. Air Force Staff Sgt. Madelyn Keech)

Military.com | By Chad Hultz

Published December 05, 2025 at 8:55am ET

The Pentagon’s latest report makes one thing clear: Signal protects conversations, but it was never designed to safeguard U.S. war plans — and using it that way carried real risk for American forces. This is a deeper look at the app at the center of the Pentagon’s “Signalgate” investigation and what the watchdog says went wrong.

What Signal Actually Does

Signal is one of the world’s most widely used encrypted messaging apps, favored by journalists, activists, aid workers, and privacy-conscious users. Its features include:

End-to-end encryption for calls, messages, video, and attachments
Minimal metadata retention, meaning Signal does not store message content on its servers
Open-source cryptography, allowing independent auditing
A nonprofit business model, without ads or data harvesting

For civilians, it’s a strong privacy tool. Organizations such as the Freedom of the Press Foundation and Mozilla’s “Privacy Not Included” program consistently rate Signal as one of the most secure communication apps available to the general public.

But that does not make Signal a military-grade communications system, and the gap between what Signal is built for and what the Pentagon requires is what fueled the controversy around Defense Secretary Pete Hegseth’s use of the app.

The Advanced Extremely High Frequency, or AEHF, system is a joint service satellite communications system that provides survivable, global, secure, protected and jam-resistant communications for high-priority military ground, sea and air assets. Advanced EHF allows the National Security Council and unified combatant commanders to control tactical and strategic forces at all levels of conflict through general nuclear war and supports the attainment of information superiority. U.S. Air Force photo

What Signal Is Not Designed For: Military OPSEC

The core misunderstanding in the public conversation is assuming “encrypted” equals “authorized for mission planning.” DoD communications rules say otherwise.

Signal’s leadership has been explicit that the app is not meant for classified operations.

In a 2023 interview with Wired, Signal CEO Meredith Whittaker made this point directly:

“Signal is designed as a privacy tool for the public. It’s not a specialized platform for classified or government use.”

That distinction matters. Signal was engineered to protect civilian conversations from corporate and criminal surveillance, not to meet the Pentagon’s layered requirements for operational security, classified transmission, or records retention.

Official DoD rules reinforce this gap

Several binding regulations apply:

DoDI 8100.04 (DoD Unified Capabilities): Requires that only DoD-approved, DoD-managed communication systems be used to transmit DoD information. Commercial apps like Signal are not approved systems.
DoDI 5200.48 (Controlled Unclassified Information): Prohibits transmitting CUI, which includes non-public operational details, on unapproved systems.
DoD CIO mobile-application guidance: Warns that commercial apps “may result in unauthorized disclosure of CUI or non-public DoD information,” even if encrypted.
Federal Records Act: Requires official communications to be preserved. Signal’s auto-deletion features prevent compliant record retention unless the user manually captures messages.

In plain language: Using a personal phone and a commercial app, even an encrypted one, violates the communication requirements for sensitive military operations. This is the policy basis behind the inspector general’s findings.

How “Signalgate” Started

The controversy dates back to March 2025, when top Trump administration national security officials coordinated aspects of U.S. strikes on Houthi forces in Yemen through a Signal group chat.

According to publicly released screenshots and reporting referenced by the inspector general:

The group included senior officials and, by mistake, a journalist who was added to the chat.
The conversation contained specific operational details: aircraft numbers, strike timing, and other sensitive information.
A full transcript was later published publicly, providing foreign observers insight into real-time U.S. war planning.

Military.com previously reported that defense officials privately described the practice as reckless, and that lower-ranking troops would face severe punishment for handling operational information this way.

These warning signs would later be validated by the Pentagon watchdog.

What the New Watchdog Report Concludes

The Department of Defense inspector general released its final report on December 3, 2025. It confirms that:

1. Hegseth transmitted non-public operational information on his personal phone using Signal.

The information originated from a classified “SECRET/NOFORN” communication distributed by U.S. Central Command. Hegseth then shared portions of it in a personal group chat.

2. Signal was not an authorized system for this material.

The IG cites DoD communication policy and mobile-device rules that prohibit sharing non-public operational details via non-DoD systems.

3. His actions “created a risk to U.S. personnel and missions.”

Unauthorized transmission of timing and force-package details could have compromised the mission or endangered pilots.

4. Required records were not preserved.

Because the chats were off DoD systems and some messages were auto-deleted, investigators could not obtain a complete record.

5. Hegseth declined to provide his personal device.

Investigators relied heavily on public transcripts and screenshots.

Why Signal Is Secure, But Still Wrong for Military Ops

It’s important to separate the two truths:

Truth #1: Signal is extremely secure for civilian use.

It uses trusted encryption, retains very little user information, and is commonly chosen by people who need a reliable private-messaging tool.

Truth #2: Military OPSEC requires more than encryption.

It requires:

Controlled servers
DoD managed networks
Auditing and retention
Classified channels
Device-level protection
Chain-of-custody guarantees

Signal offers none of those by design and isn’t supposed to.

The IG’s findings underscore this: The problem was not Signal as a tool, but the decision to use a personal, commercial messaging app for DoD operational communication.

A pair of Alaska National Guardsmen use their phones to video Command Sgt. Maj. Michael Grunst parachute into his retirement ceremony July 21, 2023, at Camp Carroll on Joint Base Elmendorf-Richardson. Grunst joined the Alaska Army National Guard in 1989 and finished his 34-year career as the operations sergeant major for the AKARNG. (Alaska National Guard photo by Robert DeBerry)

Why This Matters for Service Members and Families

This case reinforces rules that every service member already lives under:

If information is operational or sensitive, it cannot be sent on personal devices or commercial apps.
“Encrypted” does not mean “authorized.”
Personal phones remain a major vulnerability exploited by adversaries.
Troops have been punished for far less severe mishandling of information.

While the IG did not recommend disciplinary action for Hegseth, the report sends a clear institutional message: OPSEC rules apply at the top of the chain as much as they do at the bottom.

Sources

Associated Press
Defense News
Reuters
Breaking Defense
Axios

Story Continues

Related Topics: Pete Hegseth Military Headlines

By Chad Hultz

About Chad Hultz

Chad Hultz is a writer and editor for Military.com, where he covers technology, including artificial intelligence and cybersecurity, alongside veterans’ issues and the outdoors. His reporting focuses on how emerging tools and policies shape the lives of service members, veterans, and their families, while also exploring the restorative role of the natural world in military culture.

Read Full Bio

© Copyright 2025 Military.com. All rights reserved. This article may not be republished, rebroadcast, rewritten or otherwise distributed without written permission. To reprint or license this article or any content from Military.com, please submit your request here.