Last week, a fuss arose around a private Signal group in which U.S. officials discussed military action against Houthi targets in Yemen. The reason: among the participants was a journalist from The Atlantic, who apparently had access to the conversations without the knowledge of all participants. Moreover, it turned out that the group settings were configured so that all messages were automatically deleted after four weeks.

Although the conversations took place over a platform with end-to-end encryption, this incident exposes a number of structural issues surrounding the use of public apps like Signal in a government context. It shows how convenience, technical encryption and informal communication culture can clash with fundamental requirements around information security, transparency and archiving.

End-to-end encryption is not enough

Signal is known for its strong end-to-end encryption, meaning messages are readable only by the sender and receiver. But security and confidentiality go far beyond encryption during transmission.

Confidential or secret communications in government contexts also require:

• Manageable access (who can read what);

• Visibility of participants (who is in the group?);

• Logging (who said what when?);

• Oversight and accountability (can it be reconstructed?).

In a Signal group, participants can be added relatively easily without everyone else knowing about it. This also happened in this case. The fact that a journalist could participate unnoticed in a conversation about military deployment is in itself a serious security failure.

Temporary retention = structural risk

What makes this incident even more serious is that group settings were set to automatically delete messages after four weeks. That means all communications - including potentially confidential or policy-relevant information - disappear automatically, without central control or archiving.

That violates fundamental principles of government archiving and governance. In virtually all modern government environments, rules such as:

• Information with policy or administrative relevance must be archived;

• Decision making must be traceable;

• Official communications must be accessible for oversight and accountability.

Therefore, deliberately instituting automatic deletion - especially without alternative storage or archival facilities - is a direct violation of these principles. It undermines an organisation's (and society's) ability to later reconstruct, review or verify decisions.

“We'll put it somewhere afterwards” is insufficient

Some users defend the use of apps like Signal by arguing that important decisions will be recorded in formal systems, such as a document management system or archive, later anyway. But that is a simplification of reality. In practice:

• many crucial considerations, agreements and context are shared via messages - often more important than the final decision itself;

• it is difficult to reconstruct exactly what was discussed when messages are deleted;

• it is unrealistic to expect all users to archive on their own, especially in informal group chats.

Moreover, for confidential and classified information, there is an absolute ban on the use of unmanaged public platforms, regardless of whether archiving is done afterwards. This is not only a technical directive, but a legal requirement.

Use what is already there: internal, secure systems

Governments do have systems in place that do accommodate confidential communications. These offer:

• Strong authentication and access based on function or authority;

Integration with archive systems;

• Managed environment with logging and monitoring;

• Capabilities for secure collaboration without messages automatically disappearing.

Thus, there is no practical need to use Signal for government business. Rather, its use indicates laziness or a poor internal culture around information security.

Confidentiality requires more than encryption

What this incident makes clear is that confidentiality, governance and archiving are not an afterthought. They are part of the core of professional government functioning. Confidentiality requires not only technical security, but also:

• Clear agreements;

• Active control of communication channels;

• Supervision of archiving;

• And above all: user awareness.

A public app with encryption offers no solution if there is no grip on who is reading along, who is storing information, or how that information can be accounted for later.

Conclusion: security and transparency require discipline

The Signal incident underscores the need for tighter boundaries around the use of public apps for government communications. Just because messages are encrypted does not mean they are secure. And just because something is “practical” does not make it responsible.

• Confidential information does not belong on Signal, Whatsapp or other public messaging apps.

• Group settings that automatically delete messages undermine archiving obligations.

• Unverifiable participation in conversations is unacceptable in contexts where integrity, confidentiality and public accountability are crucial.

Public messaging apps may serve fine for personal or informal interactions, but are fundamentally inappropriate for affairs of state. Especially when it comes to military operations, international relations or national security, we should not settle for “safe enough.” Only formally approved systems with full control and accountability are acceptable.