Imagine a scenario in which you meet up with an old friend at a bar one evening. After a great night of laughs, reminiscing, and, admittedly, a bit too much to drink as you relive the old days, you get into an Uber and go home. The next morning, as you get up and immediately remember you aren’t in college anymore, you message your friend to make sure he also got home okay. “No problem,” he replies. “I drove home right after you left.” You’re surprised—your friend was pretty inebriated by the end of the night.
“You drove? In your condition?” you ask.
“Sure,” he replies. “What’s the problem? I got home without hitting anything or getting pulled over. It all worked out.”
The flawed thinking here is obvious. The result (arriving home without incident) is taken as some kind of blanket justification for the risky decisions leading up to it. Yet this is exactly the kind of post hoc justification many in the Trump administration are relying on in the aftermath of The Atlantic’s release of senior administration officials’ communications and deliberation via unclassified networks. President Donald Trump said the unsecured communications had “no impact at all” on the success of the operation against the Houthis. National Security Adviser Mike Waltz called the operation “an incredible strike” that “took out people the Biden team never could.”
These arguments are being made by the same individuals who, having been placed in positions of trust, are supposed to assess and anticipate risk and use proper judgment to mitigate against that risk—not just in terms of known dangers, but on the likelihood of future ones. National security leaders are not supposed to merely look back and chronicle what did happen, they are meant to look forward to what might happen.
Several people in the Houthi PC group chat hold positions that were created in the aftermath of 9/11, to combat a future “failure of imagination.” They are supposed to be leading the way on setting and updating our national security policies based on their assessment of capabilities, threats, and emerging technology. They have been granted access to the best possible information about the capabilities and intents of adversary actors, and they are intended to have the imagination to head off the next unforeseen event.
They should also be able to make mature discernments as to what information should be protected. And any of them should have understood that pre-execution policy discussions, especially ones that demonstrate disagreement and dissent, would be exactly the kind of information adversary states would value insight into and, therefore, should be handled as classified. Multiple classification guides, including from CENTCOM and the Office of the Director of National Intelligence (DNI), have clearly stated timelines or notification of an imminent attack are classified.
The minimum standard we should expect from the leaders of our national security apparatus would be to adhere to established security practices, many of them refined and updated over decades of hard lessons learned. Each of them would have received training and acknowledged proper procedures for communicating and handling classified and sensitive material, none of which would allow for the use of unclassified or unsecure devices. Waltz, DNI Tulsi Gabbard, and Joe Kent—who has been nominated but not confirmed to lead the National Counterterrorism Center—were all serving in the military in 2008 when a malware attack led to one of the largest technical infiltrations by adversary actors and created a massive change in handling requirements across the Department of Defense in the form of Operation BUCKSHOT YANKEE. They all should have considered the vulnerability of devices on the unclassified network.
Having not taken any common-sense precautionary measures, those involved have not expressed contrition since their carelessness was exposed. Instead we’ve seen them shrug their shoulders and gesture vaguely to nameless others who “allowed” these practices. CIA Director John Ratcliffe testified that the CIA allows for the use of Signal and that the app was already loaded on his device. He seems to have forgotten that he leads the CIA and, therefore, is ultimately responsible for the decisions and policies that agency enacts. Waltz, in an incredible act of double speak, suggested that he would need Elon Musk’s technical expertise to determine what happened in the same interview where he claimed to take “full responsibility.”
Finally, the biggest problem with claiming that the communications were justified because there were no ill effects is that we don’t actually know that there were no ill effects. Despite the (thankfully) successful operation against the Houthis—which was justified and long overdue—we cannot yet know what damage may have been done by the loose handling of classified and sensitive conversation. Adversary intelligence services that may have gained access to or were monitoring the unclassified devices of the members of this chat group (all of whom are no doubt high priority targets for technical monitoring by the Russians, Chinese, Iranians, and other nefarious actors) are unlikely to suddenly announce or telegraph that they gained access (the Germans’ savage Blitz bombing of Coventry did not mean the U.K. had not cracked Enigma). Further, we do not know how often principals committee conversations have taken place virtually, although recent reporting from the Wall Street Journal suggests this was a common practice by Waltz. And, had Atlantic editor in chief Jeffrey Goldberg not inadvertently been added to the Houthi PC chat, it seems likely that such communications would have continued unbeknown to the American people—but possibly with the awareness of foreign intelligence services.
The fact that nobody in the chat felt compelled to raise an objection or point to the security risk speaks poorly for their ability to anticipate and mitigate greater dangers, including ones where U.S. lives would be on the line. Right now, the only reflection or admission of fault pertains to adding Goldberg to the chat, not to the fact it took place on unsecure devices and networks in the first place. Such reluctance to admit the problem does not augur well for American security as we enter into more challenging years ahead. Justifying poor decisions rather than exercising good judgment is a fool’s game, one we’re bound to lose.
