For US government, use of unapproved communications tools during foreign travel isn’t a new issue
National security adviser Mike Waltz and Defense Secretary Pete Hegseth are facing major backlash over their use of Signal, the encrypted messaging app that the top government officials and other Trump administration leaders used to discuss attack plans aimed at Houthi targets in Yemen.
The Pentagon’s Office of Inspector General has launched an investigation into the incident, which was uncovered by journalist Jeffrey Goldberg and has sparked significant national security concerns. Still, questions surrounding the use of Signal by top officials — as well as traveling with devices used for federal business abroad — aren’t new issues for the government.
In fact, policies set by chief information officers of federal agencies often explicitly spell out which platforms are approved for use — and IT departments often whitelist or blacklist specific apps. Some U.S. government entities, particularly ones with extensive work abroad, will also explicate when and how devices provided by the government can be brought abroad.
Those policies can also differ from agency to agency, according to a recent FedScoop review.
NASA told FedScoop that it has no plans to approve new encrypted messaging tools like Signal and WhatsApp, and that third-party apps aren’t permitted unless they’re officially allowed by the space agency’s CIO. NASA also has specific rules about sharing agency information while traveling abroad, though FedScoop has reported on ongoing issues with employees taking devices overseas without authorization.
The Interior Department said it has “strict internal policies” to ensure that its employees are meeting cybersecurity standards and protecting federal records. Instant messaging apps are limited, too.
“Encrypted messaging apps like Signal and WhatsApp are restricted and may only be used by exception, with appropriate approvals and adherence to federal recordkeeping requirements,” an agency spokesperson said. “These policies apply equally to both career and political employees across the Department.”
At the State Department, whose global diplomatic mission can necessitate flexibility in communications, use of messaging platforms is permitted but only in certain instances and with specific record retention policies.
The State Department didn’t respond to a FedScoop request for comment, but some information about its messaging app policies is available online.
According to the Foreign Affairs Manual, which is essentially the State Department’s employee handbook, officials generally aren’t allowed to conduct official business on a messaging application “that does not allow communications to be archived by, for example, use of an ‘export’ feature for messages or chains of messages or copying and pasting text onto a state.gov email.”
But use of non-official messaging tools that have an archive or export function is allowed when it’s the only or primary method of communication used by a partner during something like a negotiation or when “engagement is greatly enhanced by” the use of one of those platforms. That includes activities like communicating with volunteers or hospitals, conducting public engagement, and communicating during emergencies.
Whenever those applications are being used, however, officials must follow procedures to capture the records, according to the FAM. That includes copying those communications to their “state.gov account at the time of transmission or within 20 calendar days of creation or receipt” and then deleting those records from the platform. The FAM cites a document titled “Records Management Guidance for eMessaging” for officials to reference for platform-specific instructions, but that document doesn’t appear to be public.
One former State Department official who was granted anonymity to speak more freely told FedScoop some of the agency’s business overseas is conducted using WhatsApp, as that’s the preferred application for many interlocutors. While the source had heard of people using Signal at the department, it wasn’t for classified conversations. Handling classified information is something people take very seriously, they said.
A couple of embassies have information on their websites about using the Meta-owned WhatsApp as a channel for sending public alerts to U.S. citizens in that country. On the Bureau of Diplomatic Security’s webpage, WhatsApp, Signal and Telegram, another messaging platform, are listed as methods of communicating about national security threats.
The U.S. Agency for International Development, which the Trump administration is currently dismantling, recently changed information technology policies to allow the use of Signal and WhatsApp, FedScoop reported last year. Those rules also involved processes for preserving records in order to comply with the Freedom of Information Act.
One source said the agency had discussed allowing WhatsApp in some circumstances because it would help communicating with partners.
The Nuclear Regulatory Commission said in a statement that it “takes IT security seriously and directs employees who travel abroad to carry separate international specific devices, not their usual laptops and/or phones. We do not authorize the use of third-party communications apps for official business.”
The Environmental Protection Agency currently provides “specially-configured devices” to employees traveling to countries identified as high-risk by the State Department, a spokesperson told FedScoop. Safeguard procedures for the devices are otherwise managed by an internal directive for the agency. Signal is not currently available for use or download on agency devices.
At the National Science Foundation, staff are not allowed to take government devices abroad unless they’re on official travel, a spokesperson for the agency said, and employees cannot bring NSF devices to high-risk countries.
“Additionally, staff are required to have a security scan of their equipment before they depart for official travel and upon their return before they connect to the NSF network or access NSF IT systems and services,” a spokesperson said. “If there is a justifiable business need, NSF staff on official travel to ‘high-risk’ countries are provided with loaner equipment that has limited functionality. “
A former Department of Energy official told FedScoop that the agency prohibited Signal’s presence on devices unless an employee was given an exception with justification. The app would be automatically removed if an individual didn’t have an exception.
“Phones are not an appropriate way to discuss [classified nuclear information]. That will get you thrown in jail. All those people should be in jail,” the former official said, referring to the Trump officials’ messaging on attack plans.
The official said conversations between DOE employees and representatives from other countries about unclassified or formerly classified nuclear information would be done with tools provisioned by the agency, like Microsoft Office.
“Signal would only be used with non-U.S. persons with a need to know,” they said.
DOE’s policy on traveling abroad with both government and personal devices was dependent on the risk of the destination, according to the former official. Individuals traveling would either have their regular government device or a loaner device.
The official said Tulsi Gabbard, the director of national intelligence who was included in the Waltz-Hegseth chat, “should not have had any personal device or her regular government device in Russia.”
There are, however, special secure phones that an agency can give to an official before they travel abroad that “very few people have.” The secure phones are different than the loaner phones, the official clarified.
