Biden-era memo advises ‘highly targeted’ officials to use Signal for communications

A Biden-era memo reveals that the federal office responsible for overseeing cybersecurity across all levels of government recommended using the encrypted messaging app Signal as a "best practice" for "highly targeted" government officials in the wake of Chinese hacks of U.S. telecommunications infrastructure.

The December 2024 “Mobile Communications Best Practice Guidance” from the Cybersecurity and Infrastructure Security Agency released in the waning days of the Biden administration strongly urged “highly targeted individuals” to adopt apps with end-to-end encryption, “such as Signal or similar apps” to prevent exploitation by China or other actors.

“Highly targeted individuals should assume that all communications between mobile devices—including government and personal devices—and internet services are at risk of interception or manipulation,” CISA warned. “While no single solution eliminates all risks, implementing these best practices significantly enhances protection of sensitive communications against government-affiliated and other malicious cyber actors.”

“Highly targeted individuals” are those “in senior government or senior political positions and likely to possess information of interest” to “threat actors,” the memo says.

The memo does not specifically address whether classified information should be sent over these apps, including Signal.

You can read the memo below:

Last year, hackers believed to be affiliated with China used access to the United States’ commercial telecommunications networks to target personal devices of then-candidate Donald Trump, his vice presidential nominee JD Vance, and individuals affiliated with then-Vice President Kamala Harris’ Democratic presidential campaign.

Sen. Tom Cotton, R-Ark., chairman of the Senate Permanent Select Committee on Intelligence, said Tuesday that he believes the Biden administration authorized the encrypted app for communication of government business.

“It is my understanding that the Biden administration authorized Signal as a means of communication that was consistent with presidential record-keeping requirements for its administration, and that continued into the Trump administration,” Cotton told “Fox & Friends” on Tuesday morning.

It is not clear if Cotton was referencing this guidance.

Trump administration national security officials have faced scrutiny after it was revealed they used the Signal app to conduct a conversation about U.S. airstrikes on a Yemen-based terror group after a journalist was accidentally added to the thread.

The Atlantic’s editor-in-chief Jeffrey Goldberg reported earlier this week that several messages were accidentally sent to him on the Signal app after an account bearing the name of National Security Advisor Mike Waltz inadvertently included his account in a group chat of 18 senior officials, such as Vance, Secretary of Defense Pete Hegseth, Secretary of State Marco Rubio and Director of National Intelligence Tulsi Gabbard. 

Several administration officials involved in the chat have insisted that none of the information sent in the group chat was classified.

"It is permissible to use to communicate and coordinate for work purposes provided, provided, senator, that any decisions made are also recorded through formal channels,” CIA Director John Ratcliffe testified to a hearing of Cotton’s Senate committee on Tuesday. "My communications, to be clear, in a single message group were entirely permissible and lawful and did not include classified information.”

Director of National Intelligence Tulsi Gabbard, also said no classified information was revealed on the chat.