"We are currently clean on OPSEC": Why JD Can't Encrypt

TL;DR

This paper analyzes the 2025 Signalgate leak, revealing how cryptography alone cannot ensure security due to socio-technical factors and human behavior, especially among non-expert users.

Contribution

It formally models security failures using applied pi-calculus and highlights socio-technical vulnerabilities in cryptographic practices within high-level operations.

Findings

Cryptography can create a false sense of security leading to oversharing.

Power imbalances influence cryptographic security and operational confidentiality.

Even advanced cryptographic tools are insufficient for average users to guarantee message security.

Abstract

We analyse the 2025 Signalgate leak of sensitive US military information by the Trump administration, addressing why confidentiality was violated (messages leaked to the press) in spite of encryption (Signal), to deepen the socio-technical considerations when designing and deploying encryption. First, we use applied pi-calculus to formally model the boutique secure facility setup requested by the US Defence Secretary, to prove that a leak would not be prevented. We then examine how using a secure channel might still not give overall information security, as, in this case, power imbalances between personnel and officials led to the application of cryptography that compromised their operational security. We look at how cryptographic tools may have instilled a false sense of security, and led officials to "overshare". We then apply this analysis to the Trump administration's general desire to burn through political, legal, and now technical process, and demonstrate geopolitical harms that may arise from such ineffective use of cryptography in a brief use case. We conclude that, even with advancements in usability of cryptographic tools, genuine message security is still out of reach of the "average user".