Beata Zawrzel/NurPhoto via Getty Images
Signalgate spurs government interest in chat-archiving services
Top staffers across the government have reached out to Whiterock Technologies about its electronic communications preservation service amid a court ruling tied to last week’s Signal chat with top administration officials that accidentally included The Atlantic’s Jeffrey Goldberg.
Requirements for agencies to maintain internal communications under the Federal Records Act have come to the forefront of staff discussions in the days following bombshell reporting from The Atlantic’s top editor that showed he was inadvertently added to a Signal group with top government officials discussing airstrikes against the Houthis in Yemen.
Several agencies have moved swiftly to ensure their communications meet those legal standards for government records preservation, and a little-known tech provider has been getting significant attention.
Offices in the departments of Defense, Justice and Homeland Security are querying Whiterock Technologies to help them preserve records of chats conducted over encrypted messaging apps used on work devices, fueled by a lawsuit filed last week and a subsequent judicial order that directed messages from the infamous Signal chat to be preserved, according to people familiar with the discussions.
In the past week, some two dozen conversations with the company were facilitated by staff across those agencies which included legal counsel, chiefs of staff and chief information officers, said the people, who spoke on the condition of anonymity to be candid about the scope and scale of the government’s interest in the company’s archiving service.
Judge James Boasberg ruled Thursday that all relevant agencies involved in the Signal discussion should preserve the contents of the chat from March 11 to March 15 — the timeframe from when the Atlantic’s Jeffrey Goldberg was mistakenly added to the group chat to when the bombings against the Iran-backed Houthis commenced. Vice President JD Vance, Defense Secretary Pete Hegseth, Director of National Intelligence Tulsi Gabbard and CIA Director John Ratcliffe, among others, were present in the encrypted messaging exchange.
Signal screenshots published by The Atlantic show National Security Advisor Mike Waltz added Goldberg and initially set messages to auto-delete after one week before later setting them to delete after four weeks. The initial lawsuit that prompted Boasberg’s ruling was filed by American Oversight, a left-leaning advocacy group, arguing the Signal chat violates the Federal Records Act because the exchange involved official agency communications that require full preservation.
Encrypted communications, for federal employees, fall under the Freedom of Information Act and other open-records laws. The National Archives and Records Administration requires that encrypted electronic communications be transmitted to the agency for archiving in a decrypted form. Because encrypted messages can’t be read without specific decryption keys, an intercepted message would be unintelligible unless the proper keys are provided.
In light of the increased focus on federal records retention, Whiterock’s Apostle-X A2 archiving product has been getting government attention, the company acknowledged.
“There has been a significant uptick in government and corporate clients reaching out to our team for A2 support. The recent Signal discussions have shed much needed light on this issue and we welcome that focus,” Whiterock CEO Dave Richardson said in an email. “Encrypted applications are the way forward, we just want to ensure folks are secure, legal and safe when using them for work purposes.”
A product fact sheet from Whiterock obtained by Nextgov/FCW says government employees' use of encrypted messaging apps without official permission “exposes organizations to significant risks of non-compliance with the Federal Records Act, agency regulations, [Freedom of Information Act] requirements and possible civil lawsuits and penalties.”
The paper adds that the product “provides an easy-to-use real time database of ALL encrypted messaging app traffic allowing for immediate response to ediscovery, FOIA requests, compliance and regulatory inquiries. Additionally, the database can alert compliance and or legal departments of any sensitive matters that employees are communicating about on encrypted messaging apps.”
The claim implies that the tool would be able to record and preserve all messages exchanged over an encrypted medium, even if those messages are programmed by users to self-delete after a set time.
Two company directors who spoke to Nextgov/FCW on the condition of anonymity declined to publicly describe the inner workings of the product because a related version offered by Whiterock is already being used by law enforcement and the intelligence community for other applications, but they noted the tool doesn’t require a separate app to be installed on devices to archive encrypted chats.
Spokespeople in the DOD, DOJ and DHS did not respond to requests for comment.
The company’s board of advisors is made up of former FBI, DHS and DOD officials. In recent days, Whiterock has publicly weighed in on the fallout from the infamous Signal chat — which has become arguably the largest national security scandal of President Donald Trump’s second term — acknowledging the convenience and security of such applications while also noting that government traffic “must by law be fully captured, preserved and available on request.”
The Atlantic published the Signal conversation in two stories, initially withholding certain contents until several Trump officials publicly denied the chat contained classified information.
Current and former officials have said that the strike plans sent by Hegseth, which included attack times and strike capabilities like F-18 jets and MQ-9 Reaper drones, were classified, and should have been communicated through secure mediums instead of an encrypted messaging app that allows messages to auto-disappear.
“The conversation was candid and sensitive, but as the president [and] national security adviser stated, no classified information was shared,” Gabbard said in a House Intelligence Committee hearing last week after the Atlantic released the additional message transcripts. “This was a standard update to the National Security Cabinet that was provided alongside updates that were given to foreign partners in the region. The Signal message app comes pre-installed on government devices.”
Gabbard’s statement that the Signal app comes “pre-installed” is inaccurate, people familiar with government mobile device policies told Nextgov/FCW last week. Waltz created and hosted several other sensitive national security discussions over Signal with cabinet members, The Wall Street Journal reported Sunday. The same day, Sen. James Lankford, R-Okla., said on CNN’s “State of the Union” that an independent investigation into the Signal incident is “entirely appropriate.”
“Two questions: One is, obviously, how did a reporter get into this thread in the conversation? And the second part of the conversation is, when individuals from the administration are not sitting at their desk in a classified setting on a classified computer, how do they communicate to each other?” Lankford said.
White House spokesperson Anna Kelly said last week the Trump administration “has and will continue to comply with all applicable record-keeping laws.” A status report on the chat’s preservation efforts is expected to be filed in court Monday.
In a Thursday filing, a U.S. attorney representing the national security officials in the lawsuit argued the order was not needed because the defendant agencies “are already taking steps to locate and preserve the Signal chat at issue, and at least one agency has already located, preserved, and copied into a federal record keeping system a partial version of the chat.” That specific agency is not named.