Remember Mike Waltz? The National Security Advisor who’s spent the last few weeks demonstrating his profound inability to handle basic security? First, there was the illegal Signal chat where he accidentally added a journalist while discussing potential war crimes. Then we learned about his completely exposed Venmo contacts and leaked passwords. And now, in a twist that would be too on-the-nose for fiction, it turns out the same official who previously demanded DOJ action over private email use… has been conducting government business through Gmail.
Ah, but her emails.
All this seems less than great for the top “security” official in the administration.
Members of President Donald Trump’s National Security Council, including White House national security adviser Michael Waltz, have conducted government business over personal Gmail accounts, according to documents reviewed by The Washington Post and interviews with three U.S. officials.
The use of Gmail, a far less secure method of communication than the encrypted messaging app Signal, is the latest example of questionable data security practices by top national security officials already under fire for the mistaken inclusion of a journalist in a group chat about high-level planning for military operations in Yemen.
A senior Waltz aide used the commercial email service for highly technical conversations with colleagues at other government agencies involving sensitive military positions and powerful weapons systems relating to an ongoing conflict, according to emails reviewed by The Post. While the NSC official used his Gmail account, his interagency colleagues used government-issued accounts, headers from the email correspondence show.
This is, needless to say, pretty fucking bad. First, there’s the basic security incompetence: the National Security Advisor conducting sensitive government business through a commercial email service. Even if Gmail has robust security, it’s completely inappropriate for handling government communications — giving Google potential access to sensitive national security discussions that should never leave secured government systems.
But more concerning is what this reveals about Waltz’s (lack of) judgment. As National Security Advisor, he’s one of the highest-value targets for foreign intelligence services. Every personal account, every commercial service he uses represents another potential vulnerability for adversaries to exploit. And given his demonstrated pattern of security failures — from exposed Venmo contacts to leaked passwords — it’s clear he’s making their job easier.
The National Security Council’s response is a masterclass in missing the point (or, more accurately, misdirecting from the point). When pressed about “sensitive military matters” being discussed over Gmail, their spokesperson offered this gem:
Hughes said NSC staff have guidance about using “only secure platforms for classified information.”
This attempt at reassurance actually reveals the depth of the problem. The distinction isn’t just between classified and unclassified information — it’s about maintaining basic operational security for all sensitive government communications.
And as if to underscore how little they grasp this, we learned from a WSJ article that Waltz’s infamous Signal chat wasn’t a one-off mistake.
Two U.S. officials also said that Waltz has created and hosted multiple other sensitive national security conversations on Signal with cabinet members, including separate threads on how to broker peace between Russia and Ukraine as well as military operations
The scale of security failures here should be absolutely disqualifying for any administration official, let alone America’s top national security advisor. But what makes this situation particularly galling is Waltz’s own history of grandstanding about private email use. Here he is in a tweet that remains up from less than two years ago:
Yes, that’s the same Mike Waltz demanding DOJ action over private email use by a previous National Security Advisor. The hypocrisy would be merely annoying if the stakes weren’t so high. But this isn’t just about scoring political points — it’s about the fundamental security of our nation’s most sensitive communications.
By Waltz’s own standard, articulated in that still-visible tweet, the DOJ should be investigating his wanton use of private commercial messaging services. But more importantly, someone needs to ask: if this is how carelessly our National Security Advisor handles basic operational security, what other vulnerabilities has he created that we don’t yet know about?
Look, I know you’ve probably already seen yesterday’s absolutely stunning story from Jeffrey Goldberg at The Atlantic. The one where Trump administration officials somehow managed to add a journalist to their Signal group chat while planning out their bombing of the Houthi rebels in Yemen. The one that reads like a plot point rejected from VEEP for being too unrealistic.
But having spent 24 hours watching various hot takes and attempts to minimize just how catastrophically bad this security breach was, we need to talk about why this is even worse than most people realize.
First, just look at the casual way these officials discuss highly classified military operations. This isn’t just a quick “oops wrong number” text – this is an extended conversation about bombing plans happening on an unauthorized platform. And the deeper you read, the worse it gets:
At 8:05 a.m. on Friday, March 14, “Michael Waltz” texted the group: “Team, you should have a statement of conclusions with taskings per the Presidents guidance this morning in your high side inboxes.” (High side, in government parlance, refers to classified computer and communications systems.) “State and DOD, we developed suggested notification lists for regional Allies and partners. Joint Staff is sending this am a more specific sequence of events in the coming days and we will work w DOD to ensure COS, OVP and POTUS are briefed.”
At this point, a fascinating policy discussion commenced. The account labeled “JD Vance” responded at 8:16: “Team, I am out for the day doing an economic event in Michigan. But I think we are making a mistake.” (Vance was indeed in Michigan that day.) The Vance account goes on to state, “3 percent of US trade runs through the suez. 40 percent of European trade does. There is a real risk that the public doesn’t understand this or why it’s necessary. The strongest reason to do this is, as POTUS said, to send a message.”
The Vance account then goes on to make a noteworthy statement, considering that the vice president has not deviated publicly from Trump’s position on virtually any issue. “I am not sure the president is aware how inconsistent this is with his message on Europe right now. There’s a further risk that we see a moderate to severe spike in oil prices. I am willing to support the consensus of the team and keep these concerns to myself. But there is a strong argument for delaying this a month, doing the messaging work on why this matters, seeing where the economy is, etc.”
A person identified in Signal as “Joe Kent” (Trump’s nominee to run the National Counterterrorism Center is named Joe Kent) wrote at 8:22, “There is nothing time sensitive driving the time line. We’ll have the exact same options in a month.”
Then, at 8:26 a.m., a message landed in my Signal app from the user “John Ratcliffe.” The message contained information that might be interpreted as related to actual and current intelligence operations.
At 8:27, a message arrived from the “Pete Hegseth” account. “VP: I understand your concerns – and fully support you raising w/ POTUS. Important considerations, most of which are tough to know how they play out (economy, Ukraine peace, Gaza, etc). I think messaging is going to be tough no matter what – nobody knows who the Houthis are – which is why we would need to stay focused on: 1) Biden failed & 2) Iran funded.”
The Hegseth message goes on to state, “Waiting a few weeks or a month does not fundamentally change the calculus. 2 immediate risks on waiting: 1) this leaks, and we look indecisive; 2) Israel takes an action first – or Gaza cease fire falls apart – and we don’t get to start this on our own terms. We can manage both. We are prepared to execute, and if I had final go or no go vote, I believe we should. This [is] not about the Houthis. I see it as two things: 1) Restoring Freedom of Navigation, a core national interest; and 2) Reestablish deterrence, which Biden cratered. But, we can easily pause. And if we do, I will do all we can to enforce 100% OPSEC”—operations security. “I welcome other thoughts.”
100% OPSEC indeed. Remember, this is the Secretary of Defense (who we all knew was unqualified for the job) literally promising perfect operational security while inadvertently sharing war plans with a journalist over a non-governmental communications system.
And remember — this is just what Goldberg was comfortable sharing publicly. He notes that some messages were too sensitive to publish, containing operational details that “could conceivably have been used to harm American military and intelligence personnel.” Think about that for a moment: these top officials were casually texting information so sensitive that even after the fact, a journalist felt publishing it would endanger lives.
This isn’t just incompetence — though it certainly demonstrates how the rank amateurs Trump put into power are catastrophically unqualified for their jobs. This is criminal negligence with national security implications.
Under 18 USC 793, “gross negligence” in handling defense information carries up to ten years in prison. And this case goes way beyond mere negligence — they deliberately chose to conduct classified military planning on an unauthorized platform, then accidentally broadcast it to a journalist. That’s before we even get to the numerous other laws likely violated here.
While some members of Congress, including a few Republicans, are appropriately alarmed by this breach, the GOP leadership is desperately trying to minimize it. Take Rep. Don Bacon, an Armed Services Committee member and former Air Force brigadier general, who actually told Axios: “I’ve accidentally sent the wrong person a text. We all have.”
This kind of false equivalence is both dangerous and stupid. This wasn’t a misdirected happy birthday text, you dipshit. This was classified military planning conducted over a third-party messaging app. Yes, Signal’s encryption is excellent — but that’s completely beside the point. There’s a reason the government has specific secured communications systems, SCIFs, and strict protocols for handling classified information.
Even more concerning than Bacon’s clueless response is House Speaker Mike Johnson’s attempt to downplay this massive security breach: “They’re gonna track that down and make sure that doesn’t happen again…. Clearly, I think the administration has acknowledged it was a mistake and they’ll tighten up.”
This wasn’t some minor technical slip-up that just needs a policy reminder. This was top officials deliberately choosing to conduct classified military planning on unauthorized systems. The fact that they accidentally included a journalist just exposed what they were doing — but the underlying violation was using Signal in the first place.
And here’s what should really keep you up at night: we only know about this because they happened to add a journalist who went public about this single chat. How many other sensitive conversations are happening on Signal or other unauthorized platforms? How many other “accidental” additions might have gone unnoticed? How many foreign intelligence services are already exploiting this administration’s casual approach to operational security?
Let’s put this in perspective: this is the same Trump team that turned “but her emails” into a movement over Hillary Clinton’s private email server. We were critical of Clinton’s server too — it was a legitimately bad security practice. But what we’re seeing here makes Clinton’s server look like amateur hour.
Clinton used a private server for mostly unclassified State Department business, with a handful of retroactively classified emails found in the mix. These guys are literally planning military strikes over Signal, complete with operational details so sensitive that journalists won’t even publish them. And they’re doing it specifically to dodge both security protocols and federal records laws.
The private server versus Signal distinction matters too. Clinton’s setup, while improper, was at least a dedicated system. These officials are just using a consumer app, making it virtually impossible to properly archive communications as required by law. They’re not just mishandling classified info — they’re deliberately choosing tools that help them hide their tracks.
And, yes, pretty much all of the officials in the chat are on record screaming about supposed security failures during Democratic administrations. CNN put together an incredible supercut of a bunch of these dipshits screaming about security breaches from Democrats:
CNN put together a collection of clips of various Trump officials who were on the signal chat criticizing Hillary Clinton’s email server
Though, my favorite may be this tweet from Director of National Intelligence Tulsi Gabbard (a member of the group chat) from just ten days ago saying “any unauthorized release of classified information is a violation of the law and will be treated as such.”
Huh, maybe someone should get on responding to this lawbreaking that you were a part of then.
And then there’s Donald Trump’s telling response to this security nightmare. After first trying to dismiss the story by attacking The Atlantic (“a magazine that is going out of business”), Trump pivots to what he thinks is the only relevant point: “Well, it couldn’t have been very effective, because the attack was very effective.”
Think about that for a moment. The man who led “lock her up” chants over Clinton’s email server — who insisted the mere existence of a private server was disqualifying regardless of any actual harm — is now arguing that leaking classified military plans is fine as long as the operation still succeeded.
This is the same Trump who once claimed Clinton’s email practices were “bigger than Watergate.” The same Trump who said anyone mishandling classified information should be disqualified from public service. Now he’s shrugging off his own officials literally texting war plans to random journalists because hey, the bombing worked out okay in the end.
Some Trump defenders are trying to minimize this by claiming the published excerpts only show policy debate among senior officials. But Goldberg’s reporting makes clear just how dangerous this breach was:
At 11:44 a.m., the account labeled “Pete Hegseth” posted in Signal a “TEAM UPDATE.” I will not quote from this update, or from certain other subsequent texts.The information contained in them, if they had been read by an adversary of the United States, could conceivably have been used to harm American military and intelligence personnel, particularly in the broader Middle East, Central Command’s area of responsibility. What I will say, in order to illustrate the shocking recklessness of this Signal conversation, is that theHegseth post contained operational details of forthcoming strikes on Yemen, including information about targets, weapons the U.S. would be deploying, and attack sequencing.
Let that sink in. These weren’t just policy discussions — these were detailed military plans so sensitive that publishing them could endanger American lives. And they were being casually shared on Signal, where any “accidental” addition could have accessed them.
Remember Benghazi? Republicans spent years investigating Obama administration officials over that attack. They held endless hearings, demanded countless documents, and threw around accusations of criminal negligence and security failures. Now imagine if they’d discovered Obama officials were planning military operations over WhatsApp and accidentally adding journalists to the chat.
In any functioning administration, this would be a career-ending scandal. Multiple officials would be fired. Security protocols would be completely overhauled. Criminal investigations would be launched. Instead, we’re watching Republicans try to wave this away as a simple mistake — just an errant text, no big deal since the bombing worked out fine.
This isn’t just covering up incompetence anymore. This is actively endangering national security by normalizing absolutely reckless handling of classified military operations. Anyone claiming otherwise is either lying or has completely abandoned any pretense of caring about operational security when their team is in charge.
There’s usually only one reason government officials use personal email accounts: to dodge FOIA requests. The excuses offered by those caught doing it are never credible. And those who do opt for personal email — especially at the federal level — are putting themselves in peril. There are also practical security reasons for using government email addresses.
A lot of Donald Trump’s first presidential campaign focused on his opponent’s use of a personal email server to handle official State Department business. The FBI even looked into this before deciding (twice!) Hillary Clinton’s personal email server was careless and stupid, but probably not criminal.
When Trump first took office, he shamelessly did the same thing. Many members of his staff continued to use personal email addresses to conduct government business, both increasing their chances of being compromised by foreign hackers and decreasing the chances that the public could gain access to these communications via FOIA requests.
The trend continues with Trump’s second term. No lessons have been learned during his four years away from the office of president. Or, perhaps, the only lessons Trump and his team desired to learn — that using private email is a pretty good opacity option — have been taken to heart.
Unfortunately for those having to (also unfortunately) welcome him back to office, he and his team’s insistence on using personal email accounts has created security risks that can’t be mitigated without pretty much forgoing electronic communications altogether, as Alice Ollstein reports for Politico:
Federal officials say they’re worried about sharing documents via email with Donald Trump’s transition team because the incoming officials are eschewing government devices, email addresses and cybersecurity support, raising fears that they could potentially expose sensitive government data.
The private emails have agency employees considering insisting on in-person meetings and document exchanges that they otherwise would have conducted electronically, according to two federal officials granted anonymity to discuss a sensitive situation. Their anxiety is particularly high in light of recent hacking attempts from China and Iran that targeted Trump, Vice President-elect JD Vance and other top officials.
If nothing else, this is going to slow down the transition. But more than that, it shows Trump and his hand-picked team are still unwilling to abide by the normal transfer-of-power flow that had pretty much gone uninterrupted until Donald Trump refused to accept the results of the previous election.
Granted, Trump is not officially president yet and his staffers are not yet official government employees. But for the sake of the nation, it would make sense to operate within the normally accepted confines, if for no other reason than doing so decreases the attack surface that can be exploited by hostile nations and their state-sanctioned hacking attempts.
Proving yet again he only cares about anti-Biden optics and maintaining as much direct control of his sycophants, Trump and his team have decided to handle this transition by utilizing an all-you-can-eat buffet of easily-compromised accounts and devices.
Trump — who attacked his then-opponent Hillary Clinton over her use of a private email server for official business during his first presidential run — is overseeing a fully privatized transition that communicates from an array of @transition47.com, @trumpvancetransition.com and @djtfp24.com accounts rather than anything ending in .gov, and uses private servers, laptops and cell phones instead of government-issued devices.
All hail the returning Commander-in-Chief, a man so self-absorbed he’s willing to threaten the security of the nation during his transition back into public office. Not that any of this will matter to him, his team, or his millions of supporters. If nothing else, they’ll present this as another form of “owning the libs” and nail themselves to the nearest cross the moment malicious hackers access anything they’ve deliberately left unprotected. It’s win-win for Trump. But it’s an undeniable loss for the nation and an insult to the long-held expectation that people assuming the office of Leader of the Free World will act respectfully and responsibly when being handed this exorbitant amount of power.
