The Australian government’s use of encrypted messaging applications has come under renewed scrutiny following a major security breach in the United States, where senior officials accidentally shared classified military strike plans with a journalist through Signal. Documents obtained through freedom of information laws reveal that Australia’s Home Affairs Department began authorizing Signal use during the COVID-19 pandemic in 2020, even providing staff instructions on how to activate disappearing messages.
This revelation raises questions about information security practices and record-keeping obligations within Australian government agencies, particularly as the US grapples with what media outlets have dubbed “Signalgate”—a scandal involving Defense Secretary Pete Hegseth and other top officials who inadvertently included The Atlantic’s editor-in-chief Jeffrey Goldberg in sensitive military discussions about strikes against Houthi rebels in Yemen.
COVID-Era Policy Changes Enable Encrypted Messaging
The Home Affairs Department’s adoption of Signal messaging began in April 2020 as Australian government agencies adapted to remote work requirements during COVID-19 lockdowns. Internal policy documents show that while Signal received official approval for staff use, the department established specific guidelines requiring that “official decisions made on this platform must be documented and saved to the records management system.”
Notably, the policy documentation highlighted Signal’s disappearing message capability as a beneficial feature, describing how messages could be sent with expiry times “after which the messages are deleted from the sender and recipient devices.” Staff received explicit instructions on activating these disappearing messages as part of “additional security advice,” while being directed not to enable chat backup functionality.
The department’s approach reflects a balance between operational flexibility and security requirements, though critics question whether disappearing messages can truly coexist with proper record-keeping obligations.
Senior Officials Defend Signal Usage Practices
Home Affairs Secretary Stephanie Foster publicly acknowledged using Signal’s disappearing message feature during Senate estimates hearings in March 2025. Foster explained that she employs messaging applications “for purposes that one might typically use a phone call for,” such as scheduling meetings or checking availability.
When questioned about compliance with record-keeping requirements, Foster maintained that she understood her obligations and knew how to retain messages when necessary. The department’s Chief Operating Officer, Charlotte Tressler, confirmed that Signal had been accredited for use through work accounts on work phones, handling information up to the ‘Protected’ security classification level.
Australian Security Intelligence Organisation Director-General Mike Burgess also confirmed using Signal for work purposes, though he emphasized that ASIO policies restricted the app to carrying only ‘Sensitive’ level information, not classified materials.
Record-Keeping Challenges and Regulatory Oversight
The Office of the Australian Information Commissioner and the National Archives of Australia investigated government agencies’ encrypted app usage, revealing significant policy gaps. Of 22 surveyed agencies, 16 permitted staff to use messaging apps for work, but only eight had established governing policies.
A Home Affairs spokesperson clarified that Signal messages “may be records of the Commonwealth, depending on the content,” indicating that record retention requirements could extend beyond just official decisions to include relevant discussions. The National Archives confirmed that disappearing messages could be used alongside proper records management, allowing agencies to destroy “certain types of low-value and short-term information in the normal course of business.”
However, this approach places responsibility on individual staff members to determine which communications require preservation, potentially creating compliance vulnerabilities.
International Security Implications
The Australian revelations coincide with ongoing fallout from the US “Signalgate” scandal, where Defense Secretary Pete Hegseth shared detailed military strike information through Signal group chats. The incident involved precise attack timelines, aircraft specifications, and target details being discussed in chats that included Hegseth’s wife, brother, and personal lawyer.
American Oversight, a government accountability organization, filed lawsuits arguing that using disappearing message applications violates federal records laws. A federal judge granted a preliminary injunction requiring officials to inform the National Archives about potentially deleted messages, though the court declined to order recovery of already-deleted communications.
The Pentagon Inspector General launched an investigation into Hegseth’s Signal usage, examining compliance with policies governing commercial messaging applications for official business. Reports indicate Hegseth participated in at least 12 different Signal group chats related to Pentagon business, raising broader questions about encrypted messaging protocols in sensitive government operations.
These international developments highlight the ongoing tension between operational security needs and transparency requirements, as governments worldwide grapple with balancing secure communications against public accountability obligations.