"With proper opsec" is doing a lot of work here, and I would presume one very fundamental piece is it is only to be used for non-sensitive conversations. Unless you are going to argue sharing attack plans ahead of the attack on a personal device is okay, which seems absurd on its face in a post-Pegasus world.

Did you read the transcripts?

Yes, i am referring to Hegseth’s texts specifically

The beginning of the transcript is relevant. What do you think is happening there?

Does "proper opsec" include adding random journalists to your chat, and sharing classified intel with your friends?

Did you read the transcripts?

If you're talking about the chat messages published by the Atlantic, yes, I did.

Okay. What's happening at the very beginning, in the first screenshots/messages?

Mike waltz adds Jeff Goldberg without verifying anything, then sends a message explaining the purpose of the group and asking for everyone to provide a point of contact from their staff. Everyone then shares the name of their staff member.

What's your point? is something in there supposed to be "opsec"? Did you read the transcript?

here's a gift link if you want to refresh your memory: https://www.theatlantic.com/politics/archive/2025/03/signal-...

My point is that the point of contact listed at the beginning of the room is almost certainly the one reading out and dictating messages on the device, where the titled cabinet member is keeping the screen out of their hands and attention on the moment. That is proper opsec so long as the PoC is trusted, so there was a break in the trust chain.

The point being: Far from being an issue of improper use of a personal device, a piece of application software, or anything the commentariat suddenly believes they're absolutely an expert in, this is much more an issue of trust breach in the chain of command and staff in the given offices. Hence why Waltz was fired: This scenario is functionally equivalent to a leak.

>2) You cannot govern exclusively from a SCIF, hence 1.

If you have the resources available to the SecDef, you frankly should be able to. Mobile SCIFs are something private companies can provide off the shelf for a few hundred thousand dollars. That's a drop in the bucket.

Obviously, nobody can or should spend all their time in one unless you're some kind of watch officer, but when handling TS/SCI material, there really is no reason for a principal to not have access to a SCIF within a moment's notice if they make it a priority. And there's no reason to be sharing TS/SCI with anyone that is not themselves in a SCIF. We have a declassification/reclassification process if information needs to be more widely disseminated.

This is nonsense. The government simply could not function if all classified data had to be born in SCIFs and kept in SCIFs.

More likely the government would simply stop classifying information.

> 2) You cannot govern exclusively from a SCIF, hence 1.

(1) doesn't have to be Signal. It should be some "enterprise" solution that DoD can own and operate, and it should federate with the same thing used in other executive agencies, and the WH itself. And it should have military grade authorization (meaning labeled, multi-level security).

That said, (2) is quite right: you cannot govern from a SCIF. SCIFs are mainly tools of control to access to long-ago classified information. New classified information cannot be born in a SCIF for the simple reason that SCIFs cannot scale to the needs of those who govern.

Exactly. Signal and Wickr are widely used, and default installed in some orgs.