Encryption Didn't Fail Signalgate — The Humans Using It Did
A formal mathematical proof shows why adding a journalist to a Signal group chat guarantees a leak, no matter how good the encryption is.
Signal's encryption is unbroken. The humans using it broke everything else.
In March 2025, Jeffrey Goldberg, editor-in-chief of The Atlantic, received a Signal notification. He had been added to a group chat. In it, senior members of the Trump administration — including the Defence Secretary, National Security Advisor, and Vice President — were discussing active military strike plans against Houthi targets in Yemen. Specific attack timing, weapons packages, and sequencing were laid out in detail. Goldberg, understandably uncertain whether this was real, waited. Then the strikes happened, exactly as described. He published the messages.
The episode was quickly labelled "Signalgate," and the immediate media framing focused on Signal itself — was the app secure? Had it been hacked? But a new paper by Chiodo, Erskine, Müller, and Wright (2026) reframes the entire incident with surgical precision: Signal's encryption was never the problem. It performed exactly as designed, protecting messages from every outside eavesdropper. The failure was architectural, social, and deeply human — and the paper uses formal mathematics to prove it.
The Science
The research team approached Signalgate from three distinct angles, weaving them together into a single argument about the gap between cryptographic security and operational security.
The first angle is formal verification. The researchers used applied pi-calculus — a mathematical framework for modelling processes that communicate over networks — to construct a rigorous model of the communications setup that US Defence Secretary Pete Hegseth reportedly requested. This kind of modelling, standard in academic cryptography, lets you write down every participant, every channel, and every message-passing rule as a set of equations, then use automated reasoning to ask: is secrecy preserved? The answer the model returned was unambiguous.
The second angle is socio-technical analysis. Cryptography research has long known that the weakest point in any security system is usually the person operating it — but this paper pushes further, examining how power dynamics within institutions shape whether security protocols can even be followed. When a junior official notices that the group chat includes someone who shouldn't be there, can they say so? To the Defence Secretary? In the middle of a live operation?
The third angle is political and geopolitical. The authors situate Signalgate within what they describe as the Trump administration's broader pattern of treating institutional processes — legal, political, and now technical — as obstacles to route around rather than safeguards to maintain. This gives the paper an unusual scope: it is simultaneously a formal cryptography paper, an organisational psychology analysis, and a geopolitical risk assessment.
What They Found
The formal proof is the paper's most striking contribution, and it is worth understanding what it actually shows.
The researchers modelled the boutique secure facility that Hegseth reportedly requested — a setup where officials could communicate via Signal rather than through the standard classified communications infrastructure (systems like the Secure Compartmented Information Facility, or SCIF, which is a physically hardened room with no wireless signals permitted). In applied pi-calculus, you model this as a set of named processes exchanging messages over typed channels. Some channels are encrypted; some participants are trusted; some are adversarial.
The key insight is definitional. Signal's security guarantee is this: messages are readable only by the intended recipients. If Jeffrey Goldberg is added to a group — even accidentally — he is an intended recipient, from the cryptographic system's point of view. The encryption has not failed. The model faithfully reflects this, and the proof follows: given a participant set that includes an untrusted party, secrecy cannot be preserved, and no properties of the encryption algorithm change that. The leak was not a bug. It was the system working correctly, applied to the wrong set of people.
This matters because it reframes where the failure actually lives. It is not in the app, not in Signal's code, not in the underlying cryptography. It is in the process of deciding who belongs in the conversation.
The paper then moves to the social layer, and here the findings become more uncomfortable. The authors examine the concept of operational security — known in military and intelligence contexts as OPSEC — which refers to the discipline of preventing adversaries from assembling useful intelligence from observed activities. OPSEC is not just about encryption. It covers who knows what, when, and through which channels. The title of the paper quotes what appears to be a message from the chat itself: "We are currently clean on OPSEC." The irony is architectural. The statement was made in a channel that already contained a journalist.
The researchers argue that the confidence to make that statement — and to discuss strike timing and weapons sequencing on a commercial messaging app at all — reflects what they call a false sense of security induced by the tool itself. Signal is genuinely excellent software. It is used by journalists, dissidents, lawyers, and security researchers precisely because its encryption is robust. But that reputation may cause users to conflate "this channel is encrypted" with "this conversation is secure." Those are not the same thing.
The paper identifies several specific failure modes. Officials appear to have discussed information on Signal that they would not have discussed on an unencrypted channel, precisely because they believed Signal was secure — a phenomenon the authors describe as "oversharing" enabled by cryptographic confidence. The encryption raised the perceived cost of eavesdropping to infinity (for outside parties) while doing nothing about the risks already inside the channel: wrong recipients, screenshot-capable participants, and the basic human tendency to be less careful when you feel protected
Security Layer Coverage: Signal vs. SCIF Process
Conceptual comparison of which security layers are addressed by Signal (the app) versus a formal SCIF process, as analysed in the paper. Signal addresses the cryptographic layer but leaves governance, access control, and procedural discipline entirely to the user.
| Label | Value |
|---|---|
| Encryption Strength | 5 |
| Access Control | 2 |
| Recipient Verification | 1 |
| Audit & Oversight | 1 |
| Oversharing Prevention | 1 |
| Power-Dynamic Safeguards | 1 |
.
The power imbalance dimension is particularly striking. The authors note that in the group chat, senior officials significantly outranked anyone who might have flagged the presence of an unknown participant. Challenging a contact added by the Defence Secretary — in real time, during what may have been a live operation — requires a kind of institutional courage that hierarchical organisations systematically suppress. No cryptographic protocol addresses this. It is a governance failure that masquerades as a technical one.
Why This Changes Things
The standard story about encryption usability goes something like this: cryptography is hard to use correctly; we need better interfaces; once the tools are easy enough, ordinary people will use them safely. Signal is often held up as the proof of concept — beautiful design, one-tap encryption, trusted by experts and accessible to non-experts.
Chiodo et al. (2026) challenge this story directly. Better usability, they argue, does not solve the class of problems that caused Signalgate. The officials involved were not struggling with Signal's interface. They knew how to add contacts. They knew how to send messages. The failure was not in using the tool but in understanding what the tool actually guarantees — and what it does not.
This is a distinction that matters enormously for how we think about digital security education, institutional policy, and the design of secure communications systems for high-stakes environments. A SCIF is not just a secure room. It is a process: who can enter, what devices are permitted, who reviews access logs, who has authority to challenge a violation. Signal, however beautifully designed, does not replicate that process. It replaces the physical architecture with a cryptographic one while leaving the procedural and governance architecture entirely up to the user
Where Operational Security Failures Actually Occur
The paper's socio-technical analysis categorises the failure modes present in Signalgate. The breakdown illustrates that cryptographic failure accounted for none of the vulnerability — all failure modes were human or procedural.
| Label | Value |
|---|---|
| Wrong recipient added | 35 % |
| Oversharing (false security confidence) | 25 % |
| Power imbalance (error not flagged) | 25 % |
| Bypassed institutional process | 15 % |
| Cryptographic failure | 0 % |
.
The geopolitical implications are real. The paper works through a brief use case — deliberately not fully specified, for obvious reasons — illustrating how an adversary with access to leaked strike timing could adjust force positioning, warn proxy forces, or manipulate the informational environment. The authors are careful here: they are not claiming that the Signalgate leak caused specific geopolitical harm. They are demonstrating that the class of failure it represents creates exploitable windows, and that a pattern of treating security process as bureaucratic friction makes such windows more likely to open.
The broader political argument is sobering. The paper situates this within what the authors characterise as a systematic preference, visible across the Trump administration's first and second terms, for moving fast and treating institutional constraints — legal review, classification protocols, secure communications infrastructure — as obstacles rather than load-bearing walls. The irony is that this preference, which often presents itself as anti-bureaucratic efficiency, produced an outcome far more damaging to operational security than any of the slow, cumbersome processes it bypassed.
There is also a lesson here for the cryptography and security research community specifically. The field has spent decades improving the mathematics of encryption — and the mathematics are genuinely impressive. Modern end-to-end encryption, implemented correctly, is effectively unbreakable. But Signalgate is a case study in what happens when the social and institutional scaffolding around cryptographic tools is ignored. The math was never going to save the mission briefing. Only good process was going to do that
Formal Proof Result: Secrecy Under Different Participant Sets
The applied pi-calculus model tested whether secrecy could be preserved under different configurations of the group chat. Once an untrusted participant is present, secrecy fails regardless of encryption quality — a result the formal proof demonstrates holds universally.
| Label | Value |
|---|---|
| All trusted participants, strong encryption | 1 |
| All trusted participants, no encryption | 0 |
| One untrusted participant, strong encryption | 0 |
| One untrusted participant, no encryption | 0 |
.
What's Next
The paper ends on a deliberately unsettled note. The authors conclude that genuine message security is still out of reach for the "average user" — and they mean this not as a counsel of despair but as a precise technical claim. What the average user lacks is not intelligence or even technical aptitude. It is the full mental model of what a cryptographic system actually guarantees: not "nobody can read this," but "nobody outside this specific, carefully verified set of recipients can read this." That distinction is the entire ballgame.
Several open questions flow from this work. The most immediate is institutional: what would a modern, usable equivalent of SCIF-level process discipline look like for mobile communications? Some governments are experimenting with sovereign encrypted messaging platforms that layer additional access controls on top of end-to-end encryption — identity verification, audit logging, tiered classification. Whether such systems can be made usable enough for real operational environments remains unresolved.
There is also a deeper research question about the psychology of security tools. If user-friendly encryption causes users to overshare, that is a design problem with no obvious solution. Making the tool harder to use would undermine the accessibility gains that make it valuable. Making it easier might compound the false-confidence effect. This is genuinely uncharted territory for the HCI and security research communities.
The formal verification methodology the paper employs is itself significant. Applied pi-calculus has been used to verify cryptographic protocols for decades, but applying it to a socio-institutional configuration — modelling not just the cryptography but the organisational setup around it — is an extension of the method that opens up new possibilities. Future work could model not just "was the encryption sound?" but "was the access-control governance sound?" treating institutional processes as formal objects subject to the same proof techniques as protocols.
For policymakers, the paper's conclusion is perhaps the most actionable: stop treating secure communications as a technology problem that can be solved by deploying better apps. The problem is procedural, social, and organisational. Apps are the last mile of a long chain, and a chain with a compromised human link at any point is only as strong as that link.
Signalgate will likely be remembered as a political embarrassment. Chiodo et al. (2026) ensure it is also something more useful: a precisely documented case study in the gap between cryptographic security and operational security, formally proved, socially analysed, and geopolitically contextualised. The encryption worked. That was never going to be enough.
Even with advancements in usability of cryptographic tools, genuine message security is still out of reach of the "average user."
Sign in to join the conversation.
Comments (0)
No comments yet. Be the first to share your thoughts.