Market Data 
Blame is being passed around and served on a platter after US officials mistakenly added a journalist to a Signal group chat about war plans — and Okta CEO Todd McKinnon has some thoughts on the fiasco.
In an interview with Business Insider, McKinnon said the Signal military group chat debacle is more of a usability issue than a cyberinfrastructure failure. In other words, it comes down to how easily users can navigate the app.
McKinnon said Signal could add or tweak some features to make it easier to use — like displaying more than just a contact’s initials as an icon. The CEO said “there’s many JGs,” referencing the initials of Atlantic editor in chief Jeffrey Goldberg, who was mistakenly added to the group chat. McKinnon said the platform could also somehow try to show who the person was so they wouldn’t accidentally land on the CCd list.
The reality is that encrypted messaging platforms like Signal can still be undermined by usability challenges — and when people send messages quickly, “that leads to mistakes,” he said. McKinnon added that when companies get hacked, it’s often “the simple stuff” that leads to it.
“There’s some account that’s left open or has the default password, or some account doesn’t have multi-factor authentication,” McKinnon said.
Signal wrote in an X post on Tuesday that there has been “misinfo flying around” that could deter users. The company cited an NPR report that said it obtained a Pentagon warning on March 18 about a potential vulnerability on Signal. Signal said in the post that the “vulnerability” didn’t have anything to do with Signal’s “core tech” and was a warning for phishing scams targeting the app’s users.
“Signal is open source, so our code is regularly scrutinized in addition to regular formal audits,” the company added in the post.
McKinnon added that an app like Signal has to run on a phone or computer, and if that device isn’t secure, the messaging app can’t fully be either. McKinnon said that’s often the issue in cyber-related incidents.
“Ultimately, an end-to-end encrypted messaging app is only as secure as the endpoints that are hosting it,” McKinnon, who runs the leading cloud-based identity verification platform, said.
The CEO also said while Signal may be encrypted, there’s challenges around deciding “how accessible a piece of information should be.” McKinnon said companies often make things too accessible and struggle to decide what data should be narrowly or broadly accessible.
McKinnon said the “one size fits all” approach usually doesn’t work out either, because that would probably mean no one, or very few people, can access anything — which means people will likely end up going around it.
McKinnon’s comments come after Goldberg was accidentally added to a Signal group chat called “Houthi PC small group.” The chat was primarily made up of senior US officials, and its participants, including Vice President JD Vance and Secretary of State Marco Rubio, were discussing strikes on Yemen’s Houthi rebels.
Signal did not respond to a request for comment from Business Insider.
