The stunning revelation that The Atlantic’s editor-in-chief was inadvertently added to a group chat detailing recent airstrikes in Yemen has called into question the U.S. government’s ability to safeguard sensitive information and has exposed a potentially big legal problem.
President Donald Trump said it was “not a serious glitch” that Jeffery Goldberg was inadvertently added to a Signal chat group with national security adviser Mike Waltz, Defense Secretary Pete Hegseth, Secretary of State Marco Rubio and Vice President JD Vance, where they discussed sensitive military operations.
The White House claimed no classified information was shared in the chat, a position reinforced by Tulsi Gabbard at Tuesday’s Senate hearing into the fiasco.
Despite what the White House says, the blunder could have serious legal implications for the Trump administration, legal experts and lawmakers said.
“Their behavior blatantly violated security regulations designed to prevent exactly this kind of leak, which would trigger administrative punishments,” attorney Mitch Jackson wrote on his Substack, citing the Espionage Act, the Federal Records and Presidential Records Acts, among others.
Jackson’s assertion is backed by Democratic senators Elizabeth Warren and Elissa Slotkin. “This is blatantly illegal and dangerous beyond belief,” Warren furiously posted on X in response when the story broke Monday.
“Laws like the Espionage Act, the Presidential Records Act and the Federal Records Act lay out clear rules for how you can handle classified information,” Slotkin added. “And those laws apply to every one of the people on that text chain.”
Here is a look at the federal law violations that have potentially occurred from the incident:
The Espionage Act
The World War I–era law makes it a crime to mishandle any information about national defense and is specifically written to protect military and defense intelligence.
“The question for lawyers will be whether the use of an unclassified cell phone and commercially available communications application constitutes a reasonable belief that the information could be obtained by an adversary and used against the U.S.,” global security and cyber expert Nicholas Reese, an adjunct instructor at NYU’s School of Professional Studies Center for Global Affairs, told The Independent.
Jackson wrote on his Substack said that prosecutors can argue the leak meets certain criteria of the Espionage Act.
“The operational strike plans for Yemen meet the definition of national defense information – they were high-level military plans and intelligence details regarding an ongoing operation,” Jackson said. “By using an unsecured Signal chat, they effectively transmitted war plan details to an unauthorized person (journalist Goldberg) who had no security clearance.”
The lawyer added that even if officials did not intend for the journalist to see the plans, they demonstrated “at least gross negligence” in containing the information. “This unauthorized disclosure of war plans to someone not entitled to receive them appears to satisfy the Espionage Act’s criteria,” Jackson said.
Slotkin also cited the Espionage Act in a post on X. “If these were regular soldiers or a civilian CIA officer like I was, they would be reprimanded, likely fired, prosecuted and possibly jailed,” Slotkin said. “But this Administration believes they are above the law — and seemingly don’t care what U.S. forces and U.S. operations they put at risk.”
The Presidential Records and the Federal Records Act
There are strict laws in place when it comes to handling and preserving government records. Goldberg claims some of the messages in the group chat were set to disappear after one week. Official communications from the government are to be archived automatically or those involved are meant to preserve the messages.
There is no evidence so far that anyone in the group preserved the messages. “It’s an attempt to avoid accountability under the Official Records Act,” said General Barry McCaffrey.
“Records retention is not just for accountability,” Illinois Rep. Sean Casten added in a post on X. “If our adversaries can breach your unsecure comms and you don't archive your end, it's effectively impossible to triage how much damage you caused. They are covering their own asses while risking all of ours.”
Jackson said that the Signal chat used by the group outside of official channels was “exactly” the kind of communication that falls under the definition of an official record.
“If the officials willfully used Signal specifically to avoid creating a record (for instance, to keep the discussions off the books), that could be viewed as the unlawful removal or concealment of records,” Jackson said.
“By instead confining deliberations to an encrypted app and excluding the normal archival systems, they effectively concealed official records from the government.”
“Should evidence show an intent to evade record keeping, 18 U.S.C. § 2071 could be invoked,” the attorney added.
In addition to potentially violating these laws, NYU’s Reese noted that U.S. allies will be questioning the extent to which classified information they can share with American intelligence officials.
“Sharing time sensitive military operational details over a commercial communications application shows a shocking level of disregard for the sensitivity of classified information at the top of the U.S. security establishment,” Reese said. “Its disregard for good security practice in this case will certainly be noticed by foreign partners and adversaries alike.”
Signal not approved for discussing military ops
Signal uses end-to-end encryption and is widely regarded as one of the most secure messaging platforms for the public. It prevents any third-party from viewing conversation content or listening in on calls.
Messages and calls sent on Signal are scrambled and only the sender and recipient at each end will have the key to decipher them. Signal's encryption protocol is open source, meaning anyone that it's freely available for anyone to inspect, use or modify.
But it is not approved for discussing military operations, experts said.
“If a state or other malicious state actor broke Signal's encryption, they would not exactly hold a press conference to announce it,” NYU’s Reese told The Independent. “Just because we are not aware of a breach in Signal's security does not mean there isn't one. The highly secure nature of Signal makes it an enticing target for malicious cyber actors because they assume that people will share more sensitive data there. We should be worried about the breaches we have not heard of yet in this case.”
Hegseth’s own department has referred to Signal as an “unmanaged” messaging app previously, and the platform was not authorized to transmit “non-public DOD information,” according to a Department of Defense 2023 memo.
“Unmanaged 'messaging apps,' including any app with a chat feature, regardless of the primary function, are NOT authorized to access, transmit, process non-public DoD information. This includes but is not limited to messaging, gaming, and social media apps. (i.e., iMessage, WhatsApps, Signal),” the memo said.
One former senior Defense Department official told the Washington Post that she and her colleagues did use Signal on occasion but never to discuss sensitive information. “I would worry deeply about the ability of a foreign nation to be able to penetrate any of our unclassified tech,” she told the newspaper. “This is not how you conduct national security.”
Jasmine Crockett under fire for mocking Texas governor’s wheelchair
Gunman who killed 23 in racist attack at Texas Walmart offered plea deal to avoid death penalty
Why Pete Hegseth could end up being Trump’s scapegoat
White House digs in amid fallout from Signal chat scandal
Trump to pause family-planning funding as it reviews whether it’s being used for DEI
Professor lawsuit claims Trump deporting activists creates ‘climate of repression’
