Mike Waltz Accidentally Reveals App Govt Uses to Archive Signal Messages
404media.co>>> overnment agencies have paid for versions of encrypted messaging apps that also have archive abilities before. In 2021, Customs and Border Protection (CBP) paid encrypted app company Wickr $700,000.
This seems like a perfect use case to support Signal. Have large, corporate or govt entities, pay for a custom fork of the app, built by the app developers themselves.
Why is telemessage getting the money ? Does the Signal Foundation not make it easy to do paid fork implementations ?
If Signal becomes financially dependent on government contracts, the govt gains a lot of leverage over the app. I'm not sure that's a great position for this particular platform to be in.
This is a good point - but at some point we have to trust someone. I feel that the Signal folks are worth trusting. Plus it's open source, so the more technie among us can meaningfully audit what's going on. That's not foolproof, but it does seem better than most alternatives.
Certainly it's better for the gov't to pay Signal than to try to do it themselves.
> I feel that the Signal folks are worth trusting.
The MobileCoin integration and the long standing refusal to support a way to use the messenger without using a phone number (or a smartphone at all) make me wary. To me they sit pretty much on the same level of trust as Meta's WhatsApp, which is a sad thing to have to conclude.
This. Session does desktop and mobile cheerfully without leaving metadata enabling government real-time location tracking.
And cheerfuly does bunch of other things https://soatok.blog/2025/01/14/dont-use-session-signal-fork/
Wickr is owned by AWS, and only has a government/enterprise product now. The personal version has been discontinued.
Pardon my ignorance here, does this mean that governments approach Wickr and buy licences to use their encrypted messenger? If so, what does Wickr do better than other encrypted messenger apps?
In short, paperwork.
Government has a ton of policy requirements around data retention, audit logging, where their data is stored, who can access it etc, as well as technical requirements for things like encryption algorithms. They also have a requirement to operate on isolated networks.
It is difficult for an ordinary consumer messaging app to meet these requirements. Matrix is really the only competitor.
90% of the work is probably compliance and gov contract hoop jumping, not the code.
that seems optimistic tbh. I'd guess 70/30 lobbying/compliance.
Maybe Signal needs to devote all their resources to develping the main app, which is their mission - secure communications for the general public.
They have ‘interesting’ priorities.
MobileCoin is prioritised ahead of allowing an iPad-like secondary device experience on Android tablets, for example.
What makes you say that? I would guess they would do both if it was worthwhile. Android tablets and iPads have different capabilities under the hood - maybe the requirements aren't possible on Android tablets?
In any case, saying their priorities are misaligned because they don't scratch your particular itch is making a mountain of a molehill.
It has nothing to do with device capabilities or technical effort, and there are client forks which support it. Signal have simply made a conscious choice to disallow it.
https://community.signalusers.org/t/android-tablet-support/5...
The link seems unrelated to our discussion? What evidence do you have of Signal's decision and reasoning?
Katherine Maher, the CEO of NPR, chairs the board of the Signal Foundation.
> TM SGNL appears to refer to a piece of software from a company called TeleMessage which makes clones of popular messaging apps but adds an archiving capability to each of them
Crikey that's terrifying. Not even a US company either.
TeleMessage is an Israeli software company based in Petah Tikva, Israel. Founded in 1999 by Guy Levit and Gil Shapira, it provides secure enterprise messaging, mobile communications archiving and high-volume text messaging services. https://en.wikipedia.org/wiki/TeleMessage
Even though Israel is our "Ally" -- we really shouldn't trust a foreign company with our sensitive messaging.
If you're in the government, you should treat Hegseth and anyone who uses Signal and TMSIGNL as compromised.
It's not like Israel would ever spy on the US right?
I'm pretty sure that the US is a high priority intelligence target for Israel. But then any of the big nations should be. Russia, US, China, etc.
US spy agencies are world famous weak and heavy relayed on UK and Israel communications.
Or the US spy on Israel.
Please tell that to European governments too. The Netherlands military police was using Whatsapp (e.g., https://www.defensie.nl/actueel/nieuws/2022/06/15/maatregele...). Only Germany has the BwMessenger (Matrix) as far as I know. It makes me wonder what the other militaries are using.
This is misleading bordering on rage bait. There were 11 dutch military police who created a WhatsApp group. This was not allowed and is also not sanctioned or any form of official Military Police communications channel.
The leader of those 11 was fired because of it.
It says it right there in the article. Stop making drama.
I do not get the feeling that using WhatsApp was the source of the disciplinary measures here, but rather the racist contents they shared there. So to be fair to GP, this could be much more prevalent.
The matrix development is carried by France a lot for their secure communication. The German affair hopped onto that.
I thought DekkoSecure was a standard for encrypted govt/military messaging? Why bother with this COTS consumer crap?
trust me that's a feature not a bug
FTA, fwiw: "404 Media found numerous U.S. government contracts that mention TeleMessage specifically. One for around $90,000 from December 2024 says “Telemessage (a Smarsh Co.) Licenses for Text Message Archiving, & WhatsApp and Signal Licenses.”"
Telemessage got bought out by Smarsh a couple years ago. (Which several other commenters are saying is a US company) Their service has gone way downhill since.
Source: use them for several of my clients.
What is the point of using Signal if you are going to let a (foreign) company intercept your communications? I guess they wanted the UX of a commercial product instead of whatever clunky app that's approved for government. Does anyone know what the alternative was?
It makes a lot more sense if you don't assume from the start these people have one iota of intellectual horsepower.
Signal is approved for government uses, just not non-public DOD information. They're supposed to use Signal for something like "hey, get to a SCIF so we can discuss details," then they discuss the details in a secure environment.
> They're supposed to use Signal for something like "hey, get to a SCIF so we can discuss details," then they discuss the details in a secure environment.
Sort of like the drug dealers from The Wire
> Signal is approved for government use
[Ref. needed]
Approved for government use: https://www.cisa.gov/sites/default/files/2024-12/guidance-mo...
Not approved for non-public DOD information: https://dodcio.defense.gov/Portals/0/Documents/Library/Memo-...
Guidance from CISA (an agency within the Department of Homeland Security) does not translate to an Approval for DOD.
The DOD memo does not supersede other DOD instructions referenced by the memo requiring RMF and NIAP things.
We're saying the same thing, It's "use Signal for everything you'd use Whatsapp or SMS for, and use the standard secure channels for anything you'd typically need a secure channel for."
From last year after Salt Typhoon became public:
> Adopt a free messaging application for secure communications that guarantees end-to-end encryption, such as Signal or similar apps. CISA recommends an end-to-end encrypted messaging app that is compatible with both iPhone and Android operating systems, allowing for text message interoperability across platforms.
https://www.cisa.gov/sites/default/files/2024-12/guidance-mo...
As Dev_VR said, that is a recommendation from CISA to private sector users, not an approval for DOD users.
That’s only partially true: I know for a fact that people in government agencies were given permission to use Signal during the Salt Typhoon attacks. You might not be able to use Signal for certain DOD purposes, but non-DOD agencies do permit Signal.
Traditionally you would use the plain old telephone system to communicate non-classified information. All of the major telcos services (voice and text) are no longer considered secure per CISA. CISA also recommended to instead use e2e encrypted services (specifically calling out Signal).
https://investigations.cooley.com/2025/01/15/federal-law-enf...
The alternative is not installing Signal on a phone with spy software on it. They aren't "intercepting" as in man-in-the-middle. They are intercepting by spying on the personal phone where signal is. signal is just another app on your phone. If you're using it for secrets comms you'd best have minimal or no software on the phone you're using and protect it every way you know how with passwords and encryption
They need to let their foreign handlers know what they're doing... It is probably in the contract somewhere.
I don't get it. Why risk secuity vulnerabilities to archive when you can just ask israel and pegasus for the archives anyway.
Wait this is israeli. Lol.
As some details:
TeleMessage is/was an Israeli company [1], but was acquired last year by Smarsh [2], itself a subsidiary of K1 Investment Management, both US companies. It me whether the company moved. While not necessarily related at all, their terms of service also seem to explain specific arrangements for messaging in China that appear to involve disclosures to the Chinese government.
It's unclear to me how the app works. It appears to be advertised as a fork of the Signal client which uploads all content to a remote server, thus, of course, breaking the E2E encryption, unless the archive is considered an end and the connection to it is secure. It also appears to be advertised as being the same interface as Signal.
However, both the iOS and Android Signal clients are AGPLv3. I can't find any indication that the TeleMessage clients are anything other than proprietary. So are they going the route of giving the software and source only to paying customers under AGPLv3 (with those customers then free to distribute it)? Did they completely reimplement the client? Or are they an illegal proprietary fork?
The first option seems unlikely, and the latter two seem rather ominous for the security of the app.
[1]: https://en.wikipedia.org/wiki/TeleMessage [2]: https://en.wikipedia.org/wiki/Smarsh
Smarsh is apparently a big deal in the compliance space. They're not randos. That doesn't take away the hilarity of using a Signal clone that defeats the whole purpose of Signal, though.
Additional hilarity provided by their name being one letter different from the latinisation of a Soviet spy agency / Bond supervillain organization.
It looks like it was originally meant as a reference to the username of the founder (Stephen Marsh).
Lousy smarsh weather
Seems like an odd choice of name from an apparently low attack surface, cybersecurity aware company...
> breaking the E2E encryption
E2E doesn't mean what I think you think it means; specifically, it has nothing to do with what the intended recipient (or their software) does with the message.
That very much depends on who is running the archive system, and how it is implemented.
But more generally, your point is why I mentioned "unless the archive is considered an end and the connection to it is secure."
The point of E2E is only to make sure that Alice is talking to Bob and nobody else can pretend to be either of them or eavesdrop. There is no reason whatsoever to include where else the message may be sent, encrypted or not.
Consider E2E protected email service. You send me the final designs over this encrypted channel. Then I put the designs onto a USB drive and give them to my printer to print. Then I hang them as billboards all over town. This is a valid use case for E2E. Yet the contents of the message ends up visible from the freeway.
You are confusing Snapchat mechanics for encryption.
>You are confusing Snapchat mechanics for encryption.
I think we're talking about this from two different perspectives. You're considering a user in someone's conversation with a modified, archiving client. Yes, you obviously can't prevent that from a technical side, and it doesn't break Signal's E2E. It would be even simpler to do this with the unmodified Android Signal client, which essentially allows message exports.
I was assuming (possibly incorrectly) that TM's client was being used as an overall messaging system by the government groups involved here, which is how TM seems to advertise it: not a single user running their client, but every (or every internal) user communicating with each other using their client. In that case each user's client would be sending each message to some recipients by Signal Protocol and other recipients by, if other comments and some parts of TM's advertising are correct, SMTP. Yes, some sender-recipient pairs are E2E in that case, but that seems a bit besides the point, as there are others that aren't, and those could be vulnerable to eavesdropping and modification.
I do realize that what I wrote in the initial comment could easily be read as something other than what I meant (it isn't E2E for the messages through Signal that is broken, but separate likely non-E2E messages); I suppose I should have expected here that doing so would result in replies focusing on that interpretation.
Yeah I mean clients that auto-delete messages are a very useful tool in communicating between people. It’s that they aren’t really meant for anything actually sensitive because (regardless of if they have E2E or not) they can’t guarantee that someone isn’t archiving or exporting the messages. It is the wrong mechanic for anything sensitive.
If you want to make sure nothing is ever archived, there is no software-only solution. If you control the hardware, in theory you can mandate that everything from the OS level-up is a reproducible build and you know for a fact that the messaging client does not allow any export feature. But also, you still have the problem of someone taking a picture of the screen. The real way to do this would be to control the software, hardware, and environment, aka a SCIF. If you want me to see classified war plans, confiscate all my electronics then show me what I need to see in a controlled environment where I can’t make copies. Messaging apps just simply can’t do any of that.
Precisely. The security of a message endpoint ends at the point that the opposite party's leverage runs out.
If I care more about my snapchat account than I do about saving your disappearing message minus your ability to leverage snapchat into banning my account or apply outside social pressure, then your disappearing message may actually disappear. As the stakes go up, so does the leverage required for “endpoint security” to be a meaningful security boundary.
Is there a term for any application which offers full control of your messages then, ie, I send you messages on Signal, but I can make them self destruct and you cannot screenshot them? (Pretty sure Signal allows this?). Nothing stopping a user from taking photos of the screen using another device, of course. Or running their own fork of Signal (which, when run from the open source for Android at least, runs on production).
Taking photos of your phone screen is the main loophole and is completely undetectable. Exactly what happened to Waltz and what caused TFA.
If you really need to, you can combine this with a rig that holds the phone and the camera just right, controls the lighting, and interacts with the phone via a hotdog mounted on a gantry. Come to think of it, any 3D printer can be adapted to archive Signal/Snapchat/etc. messages in a completely undetectable way. Could even reply if you rig up another phone to talk to your hot dog finger + camera robot.
Dunno. Like I said, there's no way to do this effectively without some form of leverage over the counter-party. This sort of thing is why SCIF's exist, and is an example of the more extreme ends of leverage, but it still ultimately comes down to leverage: they can make you delete the message and will throw you in jail if you figure out a way to evade it.
One-time secret, maybe?
How can this exist?
While I'm sympathetic, the possibility of existence is not a prerequisite for having a name of it.
Just wondering... if you work for a company and your employer provides you with modified GPL software, it's not considered distributed to you in ways that GPL would apply (so you are not free to further distribute it). At least that's how GPLv2 used to be explained as as business friendly--"private" modifications remain private and employees are not considered exterbal distribution. I'm not familiar with AGPL though.
AGPL is essentially GPL but over the network, if you can reach the service (be it website, or any other protocol) you should be able to receive a copy of the source code. TruthSocial was based on AGPL'd code, they had to comply.
if your company itself modified the GPL software, you can't demand the modified source code from your boss. if your company purchased modified GPL software from a third party vendor, your company's legal department could force the vendor to cough up the source code.
The realpolitik here is that you can get fired if you leak the code, legal or not.
> Or are they an illegal proprietary fork?
As long as their clients can redistribute it, its not illegal, especially if their clients have 0 interest in leaking the source code, the real trick is, has anyone who is NOT using that client hit any of the AGPL relay servers?
For context, I worked for an employer that sold a custom software solution, which used GPL'd software, client was in the military space, so I guess DOD, anyway, for over a decade nobody asked for any of the code, till some years back. I am guessing they just wanted to have it evaluated, but it was a workhorse of many many things, good luck trying to fork it, LOTS of moving pieces involved.
Nothing illegal unless someone who touches a TM SGNL server (somehow) requests the source and they reject you from having it.
Yes, that's what I meant by the possibility of them only offering source under AGPL to paying customers. Oddly enough, I'm familiar with that in the completely different context of davisr's reMarkable Connection Utility, and the model can work reasonably.
But from their website, which has terms of service for each app, it really seems that they are presenting them as standard proprietary closed-source offerings.
> unless the archive is considered an end and the connection to it is secure
LMAO NO! I have quite a few clients using Telemeasage, and most of them use Global Relay on the backend. It's a little terrifying actually, as Global Relay just ingests everything via SMTP. I haven't checked if they have DNSSEC or MTA-STS set up, but with how Global Relay operates I would be surprised if they did. I suspect a well-placed proxy or DNS poisoning could siphon off a good chunk of sensitive emails being sent to Global Relay.
Looks like the app is this one?
https://www.telemessage.com/how-to-install-and-register-sign...
Christ. Install it using an App Centre distribution
Would love to know what the message from JD means: "I have confirmation from my counterpart it's turned off."
OMG. He turned off the Pope!
So wait…
They are using a Signal clone that is run by a group of Israeli intelligence officers??
I don’t think that part of the story has broken yet properly. When you go to google maps for the address listed for that company you actually get a company called “Cyberint” which seems extremely not good.
https://maps.app.goo.gl/L7vVHw5x4VdgS8859?g_st=com.google.ma...
Worse.. when you take a look at the bios for the company on their website I see that it’s filled with supposedly “ex” Israeli intelligence officers including the CEO among others. https://www.telemessage.com/team/
That seems like a MUCH MUCH bigger deal than they currently known story.
Like several orders of magnitude bigger than the original signalgate story.
The implication here is that a bunch of Israeli intelligence officers have maybe the best access of anyone in the world right now in that they have a real time feed of every conversation that the US national security advisor is a part of.
Wouldn’t it be more effective for the government to develop a highly secure communication app, known only to individuals in top-level positions? This app would be discreetly installed upon appointment to a senior government role and automatically removed upon departure from office.
That's ... that's the communication network they're avoiding? Because the problem is not _which_ app, it's that it's _an_ app, on standard hardware, on the public internet?
Only, made by an Israeli company that presumably doesn’t make their version of Signal open source
Yes and no.
No, not for classified comms. They already have secure comms and SCIFs but they're not using them. This is what they should be using. And they should be following sterile opsec so they don't carry tracking and listening devices into classified meetings or strategy discussions with decision makers.
They do need better opsec for unclassified and personal comms. It would be nice™ for them to have a Signal-like app controlled by the NSA because depending on Signal or WhatsApp is vulnerable to a malicious insider. Few Meta employees have security clearances, while I don't know about Signal.
A lot more legal too.
“On Thursday Reuters published a photograph of Waltz checking his mobile phone during a cabinet meeting held by Donald Trump. The screen appears to show messages from various top level government officials, including JD Vance, Tulsi Gabbard, and Marco Rubio.”
Head of NatSec, ladies and gentlemen. Once the domain of Kissinger, Brzezinski, Powell and Rice. Now with the opsec of a brain-damaged cocaine dealer.
Pin is 1234.
"That's amazing! I've got the same combination on my luggage!"
Looks at each other disapprovingly.
(It was 1-2-3-4-5.)
They are shuffling him off to be UN ambassador per recent reporting. Better late than never, I suppose.
I'm sure his replacement will be so much better. /s
Kissinger and Rice are war criminals who should have gone to jail for the rest of their respective lives. Trump’s guy can’t even manage that level of evil.
War criminals or not, you can’t deny they were smart. Unlike current administration.
Intelligence isn't a respectable quality in the face of illegal (allegedly), unethical, and/or immoral behavior.
Kissinger shared culpability for what happened in Cambodia, Laos, and Vietnam.
Rice shares culpability for what happened in Afghanistan and Iraq.
Hegseth may still participate in war crimes regardless of being a dim bulb. One can only hope his disability makes him less effective in causing harm deliberately, but he still may cause great harm inadvertently as well.
America needs to acknowledge that it has a multitiered system of selective criminal prosecution where some people get away with crimes because of who they are.
At least this takes care of the open records issues, no?
So is signal safe or not?
Signal is fine, what's not fine is using it for top secret messages on your average everyday phone which is apt to get hacked by state actors and their mercenaries if you're important enough to be on their radar.
Also it's not secure to share info in Signal chats with people who lack clearance.
There's nothing to suggest Signal is compromised. Once you are passing your Signal data through a third party...who knows?
> 404 Media found numerous U.S. government contracts that mention TeleMessage specifically. One for around $90,000 from December 2024 says “Telemessage (a Smarsh Co.) Licenses for Text Message Archiving, & WhatsApp and Signal Licenses.”
A blatant AGPL violation, no? Were they using Signal in the Biden admin or do these contracts get setup in prep for the new team?
It’s possible Mike Waltz didn’t think the archiving capability was reliable enough, so he added a journalist to the group chat.
That’s like in the old days when you needed to get married and grabbed a random nearby person to be the witness.
I doubt that’s happened more than twice in the history of marriage
I was the random person asked once before, didn't work though as my state requires a 72hour wait from filling out marriage application before you can be legally married. (Couple was eloping from another state and wanted to get married same day, were told it would have to be a different state)
My parents got married in 1975 in this way.
It's happened more than once to me!
"He's just joking"
Clown car.
It seems reasonable enough that the government may have built a forked version of signal with message archiving that meets documentation requirements.
If its an app they wanted kept under wraps, it will make the while Hegseth situation seem a lot more benign.
I use Molly Messenger on a secondary phone that doesn't have a SIM, its a fork of Signal with a few differences related to encryption at rest. It still works with normal signal users just fine, on the other end you can't tell I have a different client. If the government has a similarly forked version you could likely still accidentally invite the wrong user in from their normal Signal app and they wouldn't know you're on a forked version with government archiving features.
It was not built by the government and it's not some secret software, it's off the shelf software by an Israeli company.
I didn't catch this in the article here. Is that well known elsewhere?
> But the message is slightly different: it asks Waltz to verify his “TM SGNL PIN.” This is not the message that is displayed on an official version of Signal.
> Instead TM SGNL appears to refer to a piece of software from a company called TeleMessage which makes clones of popular messaging apps but adds an archiving capability to each of them.
Acquired by a US company, Smarsh, according to other comments
It's not only reasonable the US government should be archiving communications between officials, it should be compulsory. We've already had problems with this re: agents of government agencies like CBP and big bankers using E2EE messaging apps to skirt regulatory requirements.
That said, whether this makes the situation better or worse depends on who can actually see these archives. "Smarsh" is a US-based company, but they acquired TeleMessage, which was (is?) based in Israel.
Some of the top US government IT contractors are British, Canadian, and Italian owned companies. Running servers in the US for a government contract isn’t a big deal at a technical level.
> If the government has a similarly forked version you could likely still accidentally invite the wrong user in from their normal Signal app and they wouldn't know you're on a forked version with government archiving features.
Is there no way Signal can prevent this in the official app?
Molly is great; I use it for the same purpose.
I find the Signal devs' attitude so frustrating; they deliberately disable the ability to use Signal in secondary device mode for phone-sized-devices, because they know the Correct Way To Use Signal™ is to only use it on one phone-sized-device.
6 days ago there was the Hegseth article regarding this being hotly debated in here and it’s a great example of not having all the facts before jumping to conclusions. Part of the debate was regarding archiving of messages which now apparently there is a way to archive Signal messages automatically. Huh who would have figured
Great motivated thinking, but wrong.
It would appear they're using this app now, post-incident, because they got in trouble. (And having messages with Vance, Gabbard, etc. be visible to the press pool camera is... not a great look for the guy who accidentally added a reporter.)
https://www.nytimes.com/2025/04/15/us/politics/cia-director-...
> All of the messages from a leaked group chat have been deleted from the phone of John Ratcliffe, the C.I.A. director, the agency said in a court filing.
Those are just accusations from a 3rd party agency. They have no way of knowing if Ratcliffe archived the messages before deleting. Signal has been approved since the Biden admin. It was most likely already distributed with the Telemessage feature.
“the agency said in a court filing”
The agency is the CIA, to a court, saying the messages are gone.
> Signal has been approved since the Biden admin. It was most likely already distributed with the Telemessage feature.
How do you know this? Also I would not consider this a “feature”. We should assume they’re different apps, insofar as Telemessage can add whatever they please to the source
"One of the things I was briefed on very early … was by the CIA records management folks about the use of Signal as a permissible work use," Ratcliffe said during a March 25 Senate Intelligence Committee hearing (see 45:05). "It is. That is a practice that preceded the current administration to the Biden administration."
https://www.c-span.org/program/senate-committee/dni-director...
Exhaling air through flappy mouth and throat parts is also permissible in the CIA.
That doesn’t mean you won’t get in trouble if you flap them in a way that says “we bomb x at y o’clock” where uncleared people can hear.
Sure, but that’s the point-Signal is permitted; it’s the content that matters, not the medium. Ratcliffe's testimony confirms it’s been standard practice across administrations. It’s already approved in IC circles despite your claims it harms national security.