Troops on active duty have had the book thrown at them for security breaches far less severe than texting strike plans to a journalist.
Jeffrey Goldberg, editor-in-chief of The Atlantic, has reported that he was inadvertently invited to join a group chat on the Signal messaging app by Michael Waltz, President Donald Trump’s national security advisor, in which Defense Secretary Pete Hegseth shared detailed operational information about planned strikes in Yemen two hours before they happened.
“If this was someone on active duty, their career would be completely over and they would be facing jail time most likely just because of the nature of this, of using the inappropriate system, never mind the fact that it demonstrates recklessness,” said retired Air Force Lt. Col. Rachel VanLandingham, a former military attorney. “Individuals get administrative punishment at the minimum for leaving classified information on their desk.”
After news of the Signal chat broke, a National Security Council spokesman initially said “The message thread that was reported appears to be authentic.” However, over the last day, Hegseth and others on the chat have denied that the chat broke any rules. Hegseth told reporters on Monday that “nobody was texting war plans” and Director of National Intelligence Tulsi Gabbard told lawmakers on Tuesday that no “classified information” was shared in the chat group.
It was unclear Tuesday if the detailed operational information Goldberg said he received — including times of strikes, identities of targets, and intelligence that indicated its method of collection — was unclassified prior to the strikes, but similar information was almost universally classified during the two decades of post-9/11 wars.
A former Air Force lawyer and judge said the high-level leak on Signal would likely face harsh punishment in a military courtroom.
“If I were a sergeant or a captain and I called up the Washington Post and I worked in the Pentagon in the J2 [intelligence branch] or the J3 [operations branch] and I said ‘hey I got a hot tip for you, we’re gonna attack the Houthis,’ Oh, I’d be court-martialed for that,” said Josh Kastenburg, who tried disclosure cases under the Uniform Code of Military Justice both as a judge and lawyer.
Kastenburg recalled two cases he oversaw involving the mishandling of classified documents by service members. One case involved Air Force Staff Sgt. Daniel Chin, who took a hard drive of classified materials home. He received a bad conduct discharge and was reduced to the rank of private. The other case involved an airmen who showed documents on weapons of mass destruction to someone without the proper security clearance.
“Neither person deliberately spilled national security,” Kastenburg. “They just failed to safeguard it like they brought work home with them and they shouldn’t have done it or they showed their spouse, ‘hey, look at the cool stuff I’m working on,’ and in both instances, they got punitive discharges that deprived them of their [veteran] benefits and they went to jail.”
Military justice cases involving classified information leaks or disclosures are typically “treated with such level of care and severity,” regardless of rank, VanLandingham told Task & Purpose.
“The higher ranking you are, ….the less chances are you’re gonna do something accidentally,” she said. “Our J3 and our J2 and our commander and our deputy commander at the U.S. Central Command, they had SCIFs in their houses on base.”
SCIFs, or Sensitive Compartmented Information Facilities, are electronically and physically ‘hardened’ rooms and offices that are nearly always the only authorized location for classified information to be stored, viewed, printed, or communicated in government buildings. At least one of the officials on the chat, negotiator Steve Witkoff, was reported to have participated in the chat while in Moscow.
‘There’s nothing that is 100% secure’
Signal is a mobile messaging application that brands itself as “encrypted.” What that really means is that the content of messages sent from one user to another cannot be read as they travel over a mobile network, but the kind of message they are is still visible. For example, a network operator eavesdropping on a Signal conversation can tell if the two people in it are exchanging texts or a video, but won’t be able to see or read those messages, said Kevin Kane, a former Army JAG paralegal and current CEO of American Binary, a company focused on internet security and post-quantum encryption.
“There’s nothing that is 100% secure,” Kane said. “In this particular one, the use case is within the United States, over American-owned and operated telecom networks, under U.S. law for data collection rights and surveillance, so in that context, one might say it might be safe to use Signal messenger for some things that are commercial. Signal messenger is absolutely not a supplement for or equivalent to a national security network.”
Like other messenger apps, internet sleuths and hackers have discovered security weaknesses in Signal over the years. The Signal desktop app for Mac computers previously used an encryption key as a plain text document, meaning that a hacker with malware could potentially extract data, including Signal messages and even “send messages on your behalf and pretend to be you,” Kane said.
“No one would know who is not technical enough to evaluate what happened. Using Signal messenger, any messenger, there’s no such thing as secure,” Kane said. “Now, Signal has since fixed that mess, that problem, but guess what? It was not fixed for years and there will be more things discovered that are not fixed for years in every application,” he said.
The use of Signal and other mobile messaging apps by Defense Department officials has garnered the attention of federal watchdog agencies like the Inspector General which put out an advisory notice in February 2023. The IG noted that the Pentagon does not have a “comprehensive mobile device and application policy” that addresses the risks of using third-party mobile applications. For American personnel abroad, they are required to use government-approved platforms “to the fullest extent possible,” according to State Department guidance. But exceptions are still carved for apps like Signal in order to communicate during emergency or contingency operations, something U.S. Embassy Kyiv personnel were allowed to do.
Accidental leaks still get big punishments
There are many examples of military members of all ranks losing careers and even their freedom after relatively small, and even good-intentioned, disclosures of classified information.
Marine Maj. Jason Brezler used his personal email address in 2012 to send classified information to Marines in Afghanistan, warning them about a local police chief who was accused of sexually abusing young boys. His email contained a classified file that listed the threats posed by the Afghan police chief. Shortly afterward, a boy working for the police chief killed three Marines in an insider attack at FOB Delhi.
Brezler later notified his commanding officer that he had sent classified information from his personal email account. He was also accused of bringing classified documents home from Afghanistan so he could write a book. Brezler was eventually relieved of command, given an unfavorable fitness report, and he faced a 7-year legal battle before a board of inquiry recommended in 2019 that he be retained in the Corps. By that time, Brezler was serving in the Individual Ready Reserve.
Another case is that of Navy Petty Officer First Class Kristian Saucier, who was sentenced to a year in prison in 2016 for taking pictures with his cell phone inside classified spaces of a Los Angeles-class attack submarine seven years earlier.
Investigators began questioning Saucier in 2012 after this cell phone was found in a waste transfer station. After the first interview, he destroyed a laptop computer, a personal camera, and the camera’s memory card, according to the Justice Department. Saucier ultimately pleaded guilty to one count of unauthorized possession and retention of national defense information.
President Donald Trump pardoned Saucier in 2018. Trump had argued during his first presidential campaign that Saucier had been treated much more harshly than former Secretary of State Hillary Clinton, who used a private email server while in office.
‘Gamer’ leaks often mean trouble for leaders
Since the dawn of the internet, a steady stream of troops have been punished for leaking classified military documents and information through spy networks and by uploading them to public forums.
Perhaps the most notorious online leaks have come up in gaming forums. Forums around the game War Thunder, a multiplayer combat simulation video game, have seen classified manuals on U.S. and foreign military equipment posted. Over the years, gamers have quoted from technical manuals and shared other sensitive information on the forums about the F-117 Nighthawk, AH-64D Longbow, and M2A2 Bradley fighting vehicles.
A total of 15 airmen ranging in rank from staff sergeant to colonel were ultimately disciplined for security lapses in another case of a gamer releasing information, that of Airman 1st Class Jack Teixeira. Teixeira was sentenced to 15 years in prison in November for sharing classified information on private Discord servers to impress an online gaming community. The airmen posted classified documents on U.S. intelligence provided to Ukraine and documents involving South Korea and Israel.
Teixeira’s wing commander Air Force Col. Sean Riley, received administrative action and was relieved of command.