Federal law requiring agencies to preserve electronic messages—and a lawsuit in the wake of the infamous group chat about strikes in Yemen—have officials with Defense, Justice, and Homeland Security reaching out to at least one company about its chat-archiving services.
Whiterock Technologies has fielded inquiries from all three agencies about preserving chats conducted over encrypted messaging apps on work devices, fueled by a lawsuit filed last week and a consequent judicial order that directed messages from the Signalgate chat to be preserved, according to people familiar with the discussions.
In the past week, some two dozen conversations with the company were facilitated by staff across those agencies which included legal counsel, chiefs of staff and chief information officers, said the people, who spoke on the condition of anonymity to be candid about the scope and scale of the government’s interest in the company’s archiving service.
Judge James Boasberg ruled Thursday that agencies involved in the Yemen-strike discussion should preserve the contents of the chat from March 11, when The Atlantic’s Jeffrey Goldberg was mistakenly added to the group chat, to March 15, when the bombings against the Iran-backed Houthis commenced. Vice President JD Vance, Defense Secretary Pete Hegseth, Director of National Intelligence Tulsi Gabbard, and CIA Director John Ratcliffe, among others, were present in the encrypted messaging exchange.
Screenshots published by The Atlantic show that National Security Advisor Mike Waltz added Goldberg and initially set messages to auto-delete after one week before later setting them to delete after four weeks. The initial lawsuit that prompted Boasberg’s ruling was filed by American Oversight, a left-leaning advocacy group, arguing that the Signal chat violated the Federal Records Act because the exchange involved official agency communications that require full preservation.
Encrypted communications, for federal employees, fall under the Freedom of Information Act and other open-records laws. The National Archives and Records Administration requires that encrypted electronic communications be transmitted to the agency for archiving in a decrypted form. Because encrypted messages can’t be read without specific decryption keys, an intercepted message would be unintelligible unless the proper keys are provided.
In light of the increased focus on federal records retention, Whiterock’s Apostle-X A2 archiving product has been getting government attention, the company acknowledged.
“There has been a significant uptick in government and corporate clients reaching out to our team for A2 support. The recent Signal discussions have shed much needed light on this issue and we welcome that focus,” Whiterock CEO Dave Richardson said in an email. “Encrypted applications are the way forward, we just want to ensure folks are secure, legal and safe when using them for work purposes.”
A product fact sheet from Whiterock obtained by Nextgov/FCW says government employees’ use of encrypted messaging apps without official permission “exposes organizations to significant risks of non-compliance with the Federal Records Act, agency regulations, [Freedom of Information Act] requirements and possible civil lawsuits and penalties.”
The paper adds that the product “provides an easy-to-use real time database of ALL encrypted messaging app traffic allowing for immediate response to ediscovery, FOIA requests, compliance and regulatory inquiries. Additionally, the database can alert compliance and or legal departments of any sensitive matters that employees are communicating about on encrypted messaging apps.”
The claim implies that the tool would be able to record and preserve all messages exchanged over an encrypted medium, even if those messages are programmed by users to self-delete after a set time.
Two company directors who spoke to Nextgov/FCW on the condition of anonymity declined to publicly describe the inner workings of the product because a related version offered by Whiterock is already being used by law enforcement and the intelligence community for other applications, but they noted the tool doesn’t require a separate app to be installed on devices to archive encrypted chats.
Spokespeople in the DOD, DOJ and DHS did not respond to requests for comment.
The company’s board of advisors is made up of former FBI, DHS and DOD officials. In recent days, Whiterock has publicly weighed in on the fallout from the infamous Signal chat — which has become arguably the largest national security scandal of President Donald Trump’s second term — acknowledging the convenience and security of such applications while also noting that government traffic “must by law be fully captured, preserved and available on request.”
The Atlantic published the Signal conversation in two stories, initially withholding certain contents until several Trump officials publicly denied the chat contained classified information.
Current and former officials have said that the strike plans sent by Hegseth, which included attack times and strike capabilities like F-18 jets and MQ-9 Reaper drones, were classified, and should have been communicated through secure mediums instead of an encrypted messaging app that allows messages to auto-disappear.
“The conversation was candid and sensitive, but as the president [and] national security adviser stated, no classified information was shared,” Gabbard said in a House Intelligence Committee hearing last week after the Atlantic released the additional message transcripts. “This was a standard update to the National Security Cabinet that was provided alongside updates that were given to foreign partners in the region. The Signal message app comes pre-installed on government devices.”
Gabbard’s statement that the Signal app comes “pre-installed” is inaccurate, people familiar with government mobile device policies told Nextgov/FCW last week. Waltz created and hosted several other sensitive national security discussions over Signal with cabinet members, The Wall Street Journal reported Sunday. The same day, Sen. James Lankford, R-Okla., said on CNN’s “State of the Union” that an independent investigation into the Signal incident is “entirely appropriate.”
“Two questions: One is, obviously, how did a reporter get into this thread in the conversation? And the second part of the conversation is, when individuals from the administration are not sitting at their desk in a classified setting on a classified computer, how do they communicate to each other?” Lankford said.
White House spokesperson Anna Kelly said last week the Trump administration “has and will continue to comply with all applicable record-keeping laws.” A status report on the chat’s preservation efforts is expected to be filed in court Monday.
In a Thursday filing, a U.S. attorney representing the national security officials in the lawsuit argued the order was not needed because the defendant agencies “are already taking steps to locate and preserve the Signal chat at issue, and at least one agency has already located, preserved, and copied into a federal record keeping system a partial version of the chat.” That specific agency is not named.
Jesus Christ is King
Comments are closed.