There’s a Solution for the Trump Administration’s Record-Keeping Failures — And It’s Not TeleMessage

Earlier this month, a Reuters photograph circulated of former National Security Adviser Mike Waltz using an app called TeleMessage during a Cabinet meeting. The photo was taken the day before Waltz was ousted from his position amid a growing cloud of controversy over the Trump administration’s widespread use of the auto-deleting Signal messaging app for official work, not just because of the security implications but also because of the potential for official government records to be destroyed. 

Concerns about the administration’s reliance on non-official communication channels were amplified by the revelations about Waltz’s use of TeleMessage, which can be used to archive Signal messages but has major security vulnerabilities. While TeleMessage might on the surface seem like a way for officials to comply with their legal record-preservation obligations (the photograph was taken just days after American Oversight had sought a preliminary injunction in its lawsuit against top officials for Federal Records Act violations) its use actually introduces new problems rather than solving the existing ones.

Despite TeleMessage’s purported archiving functions, ensuring proper record preservation remains a central concern. On top of that, the security risks are even greater than Signal’s — yet another indication of the Trump administration’s disdain for the rules and protocols designed to keep the country safe and hold our leaders accountable.

Security Issues

TeleMessage can be used in conjunction with Signal to store messages, but in the process users appear to lose Signal’s end-to-end encryption capabilities. The platform is vulnerable to hackers and had not been evaluated by the National Archives for its functionality or compliance with record-keeping requirements.

Signal messages are encrypted on the device they are sent from and can only be decrypted by the intended recipient’s device. TeleMessage claims to uphold this end-to-end encryption, but experts have doubts. According to a security researcher who worked with 404 Media and spoke with Wired, TeleMessage archives Signal messages by first saving them to a local database on a user’s device, then transferring that information to an external archive server — seemingly as plain, unencrypted text.

When government officials use the insecure platform, the risk that sensitive government data could be exposed is heightened. In the photo of Waltz using TeleMessage, he appears to be communicating with other top officials, including Vice President J.D. Vance, Director of National Intelligence Tulsi Gabbard, and Secretary of State Marco Rubio, raising the stakes of the kind of communications that are vulnerable. Concerns were compounded when, days after the photo circulated, TeleMessage suspended its services, citing multiple breaches of its system. Hackers were able to access data from Customs and Border Protection and various financial institutions, 404 Media reported.​​

American Oversight immediately moved to urge the National Archives and Records Administration (NARA), the Cybersecurity and Infrastructure Security Agency (CISA), and the General Services Administration’s Technology Transformation Services (TTS) to investigate the Trump administration’s use of TeleMessage in conjunction with Signal. Days later, CISA added TeleMessage to its Known Exploited Vulnerabilities catalog, noting that the platform’s archiving system “holds cleartext copies of messages … which is different functionality than described” in its marketing.

“Taking a secure messaging application and changing a core functionality such as backing up messages essentially breaks the security model,” one security expert told CNBC. “This creates a security risk for users of the application as their sensitive information could be, and has been, compromised.”

Record Preservation Problems Remain

American Oversight’s letter to NARA, CISA, and TTS also calls on NARA to assign staff to examine whether Telemessage is being used in compliance with federal record-keeping laws. Those laws, specifically the Federal Records Act (FRA), require government officials to retain official records, including communications about official business, and to transfer copies of communications that were shared in non-official channels, like personal emails or private text messages, to a federal record-keeping system.

Of course, it’s extremely difficult to ensure that officials are following agency guidelines and are properly forwarding messages from unofficial channels to official ones. Moreover, we already have ample reason to question the Trump administration’s compliance with rules about preserving records. Recent declarations from the government in our Signal lawsuit detail some of the agencies’ existing policies for using the platform, which we know have been violated by the Trump officials who participated in the “Houthi PC small group” Signalgate chat. In amended declarations filed by the government last month, we learned that several of the messages from that chat had been deleted, in violation of the FRA’s preservation requirements, and that no messages from the chat had been saved on the phone of Central Intelligence Agency Director John Ratcliffe.

It is unclear whether Waltz was using TeleMessage to address the records preservation concerns at the heart of our ongoing lawsuit challenging top Trump administration officials’ use of Signal, but TeleMessage is not the solution for proper records retention and cannot fill the role of federal record-keeping systems — especially within an administration that has shown a cavalier attitude to those requirements to begin with.

Conclusion

The Trump administration’s repeated failures of transparency and its history of noncompliance with records-retention requirements further intensifies concerns about its use of vulnerable messaging systems like TeleMessage. Officials’ use of TeleMessage is only the latest in a series of instances following the Signalgate scandal and its fallout (including the Pentagon inspector general’s investigation of Secretary Pete Hegseth’s Signal use) in which administration officials have eschewed best practices and turned to unofficial communication platforms. This includes revelations about Waltz’s use of personal Gmail for government correspondence and the use of Google Docs for official work by the Department of Government Efficiency, which has attempted to evade transparency by claiming it is not subject to certain laws.

All of these alarming failures of accountability — from the deletion of government records to the inadvertent addition of a journalist to a chat about highly sensitive military operations — would have been avoided if officials complied with federal records laws and their own agencies’ policies surrounding their use of non-official messaging platforms. To put it simply: Just follow the rules.