My advice about using AI is simple: use AI as an assistant, not an expert, and use it judiciously. Some people will object, “but AI can be wrong!” Yes, and so can the internet in general, but no one now recommends avoiding online resources because they can be wrong. They recommend taking it all with a grain of salt and being careful. That’s what you should do with AI help as well.

— Ned Batchelder, Horseless intelligence

Tags: ai, ned-batchelder

Recently, the editor in chief of The Atlantic found himself in a group chat on Signal, in which president Trump's national security team discussed a military operation in Yemen. This immediately became SignalGate.

Here I present the secure government equipment and networks that Trump's team should have used instead of Signal on their personal smartphones. It will also become clear why the Trump team prefers using Signal.





The Houthi PC small group

On March 11, 2025, president Trump's national security adviser Michael Waltz initiated a group chat on the open-source encrypted messaging app Signal to discuss planning for airstrikes on Houthi rebels in Yemen.

The chatgroup was named "Houthi PC small group", with PC apparently referring to Principals Committee, a term typically used for a gathering of senior national-security officials. This group had a total of 19 participants:



This list shows that the members of the "Houthi PC small group" were from many different government departments and agencies and that some lower-ranking officials participated as well.

This is probably one of the reasons why they used Signal: given the variety of positions, they would probably not have access to the same equipment to have a properly secured conversation.

The major US government departments and intelligence agencies have their own computer networks, usually one for unclassified and one or two for classified information:




Secure computer networks

The networks of the Department of Defense (DoD) and most widely used and therefore most suitable for interagency communications. There are DoD networks for different classification levels:



Besides the unclassified network, the classified ones also offer email (in the Signal groupchat mentioned as "high side inboxes"), messaging and other collaboration tools, but they can be used for VoIP phone calls and secure video teleconferencing as well.






Secure telephone networks

The DoD also operates a secure telephone network for classified conversations, called the Defense Red Switch Network (DRSN), also known as the Multilevel Secure Voice service. The DRSN connects the White House, all military command centers, intelligence agencies, government departments and NATO allies.

The DRSN has some special features and uses custom made telephone sets (currently the IST-2 made by Telecore), which can be used for both secure and non-secure phone calls. These phones also have the distinctive four red buttons for Multilevel Precedence and Preemption (MLPP).

During the attacks of September 11, 2001, the DRSN didn't function as intended and therefore a new Crisis Management System (CMS) was established. This is a dedicated Voice over IP network that connects the President, the National Security Council, Cabinet members, the Joint Chiefs of Staff, intelligence agency watch centers, and others.

The CMS uses high-end Cisco IP phones with a bright yellow bezel, which indicates that it can be used for conversations up to the level of Top Secret/Sensitive Compartmented Information (TS/SCI).




Most senior members of the "Houthi PC small group" have a phone for the CMS in their office, but their deputies, advisers and staff members usually not. So when they have to be involved in a secure phone call, that often means they have to be in the same room as their principal listening to the conversation via the speakerphone.

Also noteworthy is that not included in the Signal chatgroup were Michael E. Kurilla, commander of the US Central Command, and local commanders who led the military action in Yemen. They were likely in contact with defense secretary Hegseth via the proper channels, which would be SIPRnet or the DRSN.




Securing mobile phones

All the equipment for secure communications discussed so far are fixed/landline devices that sit on someone's desk. That's fine when working in office, but nowadays people are used to do almost everything on their smartphone.

Securing mobile communications has long been a challenge. In the first place because outside, conversations can easily be overheard. For a long time, encryption devices were large and heavy, until in 2002 the Sectéra Secure Wireless Phone was introduced, which enabled encrypted phone calls and SMS/text messages over public networks.


Around 2010, cell phones of the GSM generation were rapidly replaced by smartphones, which became so complex that it's very difficult, if not impossible to prevent the device from being compromised by malware and/or backdoors.

Under its Commercial Solutions for Classified (CSfC) program, the NSA tried to solve this problem by securing commercially available devices with multiple layers of protection and encryption. This resulted in the DoD Enterprise Mobility program, which encompasses three different classification levels:





The Secret version (DMCC-S) became operational in 2015 and offers secure phone calls via the CellCrypt app, access to SIPRNet email via the Outlook Web Application (OWA) and some other pre-approved apps on a Samsung smartphone or a Samsung tablet.

The DMCC-S solution has further restrictions, because in case the phone can also store classified information (data-at-rest) it may only be used in physically protected environments. On social media it was said that a conversation like in the Signal groupchat should only take place in a Sensitive Compartmented Information Facility (SCIF), but a SCIF is only mandatory for information classified Top Secret/SCI.


The White House provides its employees with Apple iPhones without access to the iOS App Store and with all text messaging capabilities disabled - only a few staffers in the press office had the ability to text on a limited basis.

Especially Signal's option for "disappearing messages" isn't compliant with the Presidential Records Act (PRA), which requires that all communications by and among White House staff members has to be archived.



Trump's shift to Signal

As we have seen, there are various highly secure communication channels that Trump's national security team could have used. Those who were working in their office had access to secure computer networks and a secure phone, those who were traveling (like Gabbard and Witkoff) had the option of using a DMCC-S smartphone.

However, the transition team that prepared Trump's take-over of the presidency in January 2025, deliberately refused to use government facilities and IT systems. This was in part to avoid the mandatory record-keeping that comes with using official resources.

Instead, Trump's staffers and incoming government officials communicated via their personal devices, often using the Signal app, and this continued after Donald J. Trump had been inaugurated as the 47th president of the United States.

Last February, political appointees at the DoD ordered that Signal had to be installed on government phones for newly installed senior military officials: "they all use Signal and need it to communicate with the White House" - even though in the same month, the NSA had warned against vulnerabilities in using Signal.

During a House Intelligence Committee hearing a few days ago, Trump's CIA director John Ratcliffe said that Signal is now widely used by officials and staff at his agency's headquarters: "One of the first things that happened when I was confirmed as CIA director was Signal was loaded onto my computer at the CIA as it is for most CIA officers."





Links and sources
- The Independent: Previous administrations were wary of the messaging app Signal. Trumpworld has embraced it (March 27, 2025)
- The Atlantic: Here Are the Attack Plans That Trump’s Advisers Shared on Signal (March 26, 2025)
- The Atlantic: The Trump Administration Accidentally Texted Me Its War Plans (March 24, 2025)
- TWZ: C-17’s ‘Silver Bullet’ Airstream Trailer Pod Used By Secretary Of Defense Hegseth On First Overseas Trip (February 12, 2025)

A prominent computer scientist who has spent 20 years publishing academic papers on cryptography, privacy, and cybersecurity has gone incommunicado, had his professor profile, email account, and phone number removed by his employer Indiana University, and had his homes raided by the FBI. No one knows why.

Xiaofeng Wang has a long list of prestigious titles. He was the associate dean for research at Indiana University's Luddy School of Informatics, Computing and Engineering, a fellow at the Institute of Electrical and Electronics Engineers and the American Association for the Advancement of Science, and a tenured professor at Indiana University at Bloomington. According to his employer, he has served as principal investigator on research projects totaling nearly $23 million over his 21 years there.

He has also co-authored scores of academic papers on a diverse range of research fields, including cryptography, systems security, and data privacy, including the protection of human genomic data. I have personally spoken to him on three occasions for articles here, here, and here.

"None of this is in any way normal"

In recent weeks, Wang's email account, phone number, and profile page at the Luddy School were quietly erased by his employer. Over the same time, Indiana University also removed a profile for his wife, Nianli Ma, who was listed as a Lead Systems Analyst and Programmer at the university's Library Technologies division.

According to the Herald-Times in Bloomington, a small fleet of unmarked cars driven by government agents descended on the Bloomington home of Wang and Ma on Friday. They spent most of the day going in and out of the house and occasionally transferred boxes from their vehicles. TV station WTHR, meanwhile, reported that a second home owned by Wang and Ma and located in Carmel, Indiana, was also searched. The station said that both a resident and an attorney for the resident were on scene during at least part of the search.

Attempts to locate Wang and Ma have so far been unsuccessful. An Indiana University spokesman didn't answer emailed questions asking if the couple was still employed by the university and why their profile pages, email addresses and phone numbers had been removed. The spokesman provided the contact information for a spokeswoman at the FBI's field office in Indianapolis. In an email, the spokeswoman wrote: "The FBI conducted court authorized law enforcement activity at homes in Bloomington and Carmel Friday. We have no further comment at this time."

Searches of federal court dockets turned up no documents related to Wang, Ma, or any searches of their residences. The FBI spokeswoman didn't answer questions seeking which US district court issued the warrant and when, and whether either Wang or Ma is being detained by authorities. Justice Department representatives didn't return an email seeking the same information. An email sent to a personal email address belonging to Wang went unanswered at the time this post went live. Their resident status (e.g. US citizens or green card holders) is currently unknown.

Fellow researchers took to social media over the weekend to register their concern over the series of events.

"None of this is in any way normal," Matthew Green, a professor specializing in cryptography at Johns Hopkins University, wrote on Mastodon. He continued: "Has anyone been in contact? I hear he’s been missing for two weeks and his students can’t reach him. How does this not get noticed for two weeks???"

In the same thread, Matt Blaze, a McDevitt Professor of Computer Science and Law at Georgetown University said: "It's hard to imagine what reason there could be for the university to scrub its website as if he never worked there. And while there's a process for removing tenured faculty, it takes more than an afternoon to do it."

Local news outlets reported the agents spent several hours moving boxes in an out of the residences. WTHR provided the following details about the raid on the Carmel home:

Neighbors say the agents announced "FBI, come out!" over a megaphone.

A woman came out of the house holding a phone. A video from a neighbor shows an agent taking that phone from her. She was then questioned in the driveway before agents began searching the home, collecting evidence and taking photos.

A car was pulled out of the garage slightly to allow investigators to access the attic.

The woman left the house before 13News arrived. She returned just after noon accompanied by a lawyer. The group of ten or so investigators left a few minutes later.

The FBI would not say what they were looking for or who is under investigation. A bureau spokesperson issued a statement: “I can confirm we conducted court-authorized activity at the address in Carmel today. We have no further comment at this time.”

Investigators were at the house for about four hours before leaving with several boxes of evidence. 13News rang the doorbell when the agents were gone. A lawyer representing the family who answered the door told us they're not sure yet what the investigation is about.

This post will be updated if new details become available. Anyone with first-hand knowledge of events involving Wang, Ma, or the investigation into either is encouraged to contact me, preferably over Signal at DanArs.82. The email address is: dan.goodin@arstechnica.com.

Read full article

Comments

This is a truly fascinating paper: “Trusted Machine Learning Models Unlock Private Inference for Problems Currently Infeasible with Cryptography.” The basic idea is that AIs can act as trusted third parties:

Abstract: We often interact with untrusted parties. Prioritization of privacy can limit the effectiveness of these interactions, as achieving certain goals necessitates sharing private data. Traditionally, addressing this challenge has involved either seeking trusted intermediaries or constructing cryptographic protocols that restrict how much data is revealed, such as multi-party computations or zero-knowledge proofs. While significant advances have been made in scaling cryptographic approaches, they remain limited in terms of the size and complexity of applications they can be used for. In this paper, we argue that capable machine learning models can fulfill the role of a trusted third party, thus enabling secure computations for applications that were previously infeasible. In particular, we describe Trusted Capable Model Environments (TCMEs) as an alternative approach for scaling secure computation, where capable machine learning model(s) interact under input/output constraints, with explicit information flow control and explicit statelessness. This approach aims to achieve a balance between privacy and computational efficiency, enabling private inference where classical cryptographic solutions are currently infeasible. We describe a number of use cases that are enabled by TCME, and show that even some simple classic cryptographic problems can already be solved with TCME. Finally, we outline current limitations and discuss the path forward in implementing them.

When I was writing Applied Cryptography way back in 1993, I talked about human trusted third parties (TTPs). This research postulates that someday AIs could fulfill the role of a human TTP, with added benefits like (1) being able to audit their processing, and (2) being able to delete it and erase their knowledge when their work is done. And the possibilities are vast.

Here’s a TTP problem. Alice and Bob want to know whose income is greater, but don’t want to reveal their income to the other. (Assume that both Alice and Bob want the true answer, so neither has an incentive to lie.) A human TTP can solve that easily: Alice and Bob whisper their income to the TTP, who announces the answer. But now the human knows the data. There are cryptographic protocols that can solve this. But we can easily imagine more complicated questions that cryptography can’t solve. “Which of these two novel manuscripts has more sex scenes?” “Which of these two business plans is a riskier investment?” If Alice and Bob can agree on an AI model they both trust, they can feed the model the data, ask the question, get the answer, and then delete the model afterwards. And it’s reasonable for Alice and Bob to trust a model with questions like this. They can take the model into their own lab and test it a gazillion times until they are satisfied that it is fair, accurate, or whatever other properties they want.

The paper contains several examples where an AI TTP provides real value. This is still mostly science fiction today, but it’s a fascinating thought experiment.

Egg (luxury good)
Egg (fine art investment)
Egg (timekeeping device)
Egg (weapons component)
Egg (arcane object from the beforetimes)
Egg (an intensive body, crossed with several zig-zagging lines of vibration, changing its shape as it develops without being compartmentalized through organs)
Egg (platonic)
Egg (linkedin stratagem)
Egg (institution within the EU)
Egg (egg 2)
Egg (theatrical prop)
Egg (de-escalation technique)
Egg (award)
Egg (void)
Egg (inflation driving device)
Egg (controversial SCRUM variant)
Egg (vehicle capable of attaining escape velocity)
Egg (panacea)
Egg (quantum strings made of dark matter)
Egg (library classification system)
Egg (video game controller)
Egg (severance package)
Egg (bro magnet)
Egg (noble house)
Egg (notification)
Egg (tool of international diplomacy)
Egg (contraband)
Egg (phone phobia therapy)
Egg (apocalyptic disco musical)
Egg (dark UI)
Egg (moon)
Egg (green card equivalent)
Egg (malicious compliance)
Egg (GNU/Egg)
Egg (2525 cameo)
Egg (vaccine ingredient)
Egg (acapella vocal edit)
Egg (entry fee)
Egg (egg)