Ben Yellen (11:37)

Foreign.

Dave Bittner (11:43)

Looking for a career where innovation meets impact? Vanguard's technology team is shaping the future of financial services by solving complex challenges with cutting edge solutions. Whether you're passionate about AI, cybersecurity or cloud computing, Vanguard offers a dynamic and collaborative environment where your ideas drive change. With career growth opportunities and a focus on work life balance, you'll have the flexibility to thrive both professionally and personally. Explore open cybersecurity and technology roles today@vanguard jobs.com and it is always my pleasure to welcome back to the show Ben Yellen. He is from the University of Maryland center for Health and Homeland Security and also my co host over on the Caveat podcast. Ben, welcome back.

Ben Yellen (12:39)

Good to be with you again, Dave.

Dave Bittner (12:41)

So earlier on today's Cyberwire, we were talking about this amazing story from the Atlantic about the Trump administration accidentally texting one of the Atlantic reporters war plans. Your initial hot take on this when you saw this story come across the wire?

Ben Yellen (13:00)

Well, first my jaw dropped, right? And then my jaw dropped even further when I saw people who have security clearance or are involved in national security seeing their reaction and basically all of them saying, if I did this, I would have been fired, for starters. There could have been more severe consequences. So my first reaction is to look at the potential legal liability of the principals here. The person who accidentally included Jeffrey Goldberg, the journalist at the Atlantic, in this group chat about the attack on the Houthis in Yemen was Michael Waltz. And that potentially could be a violation of the Espionage act if he was reckless in discussing classified military information that could have caused harm to our troops and could have aided and abetted our enemies. That's the essence of the Espionage Act, Right. I don't think President Trump or his Justice Department would prosecute. Just this morning, as we're recording, the president reiterated that he has confidence in Michael Waltz, the national security advisor. And I take him at his word that there aren't gonna be consequences. That's just not the nature of this president or this Justice Department.

Dave Bittner (14:11)

Right.

Ben Yellen (14:12)

In terms of the merits of the case, I do think it's complicated. We saw this with the Hillary Clinton email case where the former FBI Director James Comey said that she had been extremely careless with her classified communications when she used a private email server. But he declined to prosecute, saying that when they've prosecuted these types of cases, there Usually has to be some type of clear intent that's evident. And it seems to me that this was just a very unfortunate accident. I don't know why Michael Waltz would have intended to have Jeffrey Goldberg involved in this conversation. I do think it was extreme recklessness, which, if you look at the letter of the law, you could be charged for extreme recklessness. But just the history of it, there generally has to be some intention. Like there was in the case of David Petraeus, former war general, when he discussed classified information with his mistress, who was writing a book and was prosecuted, although I think he agreed to a plea deal to avoid prison time. So that's one element of it. And then there's the Presidential Records Act. These communications are of the type that need to be preserved under the Presidential Records act to be housed in the National Archives. And Waltz himself put this group chat on the setting where the communications automatically would have been deleted after seven days. So technically that's illegal under the Presidential Records Act. Again, I do not think he's going to be subject to prosecution, just based on the nature of this President and this Justice Department and their lack of willingness to press charges against whom they consider their people. And I think they have the support of the Republican Party in this. Just looking at interviews I've seen with Republican senators and Republican Congressmen, many of them are saying this was a huge screw up, but we have to move on from it. Hopefully they've learned their lesson. And that seems to be the attitude that the party is taking right now.

Dave Bittner (16:14)

The fact that, or I suppose more fairly stated, the assumption that if they're using signal, they're doing so on their personal devices, which are not secure devices, to be having these kinds of conversations. Is this a slap on the wrist kind of thing? Hey, don't do that anymore.

Ben Yellen (16:32)

One would think so. There are ways to hold these types of communications. If you're in person, you do so in a scif, in a secure facility. If you're not, there are communications channels available for these types of conversations. There are going to be imminent foreign policy matters that come up when the National Security Advisor, the Director of National Intelligence, the Secretary of State, the Secretary of Defense are in different physical locations, and they do need a method to communicate candidly, but it should not be on their personal devices and it should not be on the signal application. So I think the lesson going forward for them is obviously, next time use a secure communications method, because this was extremely dangerous. Luckily, the person included in the conversation is a responsible journalist. He chose not to publish the Content that seemed to be the specific war plans for attacking the Houthis, like the time of the attack and the potential targets. He was responsible in withholding that information. But they might not be so lucky in the future. It could be another journalist who's more willing to share that information publicly, or it could be with an adversary of the United States and somebody who wishes to do us harm. So, yeah, that seems to me to be the obvious lesson going forward, to put it mildly.

Dave Bittner (17:54)

Yeah, this seems to me to be so representative of where we are in this particular moment where you have something like this happen, that under any other circumstances, under any other administration, the folks involved would likely be fired or have to resign. And you have the folks from the opposing party, the Democrats, up in arms about this. And I think anyone concerned about, or anyone who studies national security, anyone who's ever had a security clearance, their jaws hit the floor and they're shouting from the rooftops about how serious this is. And yet on the other side, it's as if there's nothing to see here. Oh, we made a mistake. Let's move on. We promise we won't do it again. And the gulf between those two things, to me is really, again, representative of where we find ourselves. And it makes it so hard to navigate. I think. Do you think I'm on the money with that?

Ben Yellen (19:07)

I think you're right about it. I mean, naturally, it should be the Democrats who are making a big stink about this publicly. They do not have agenda setting power. They can't schedule hearings in the House or the Senate because they're in the minority. Now, by coincidence, there happens to be a hearing about emerging national security threats, and many of the principals involved in the story are testifying. And it seems that they are using that hearing as an opportunity to ask some of these representatives what, what happened here. They do get, they do have the right to ask questions if these people happen to be at a hearing. But beyond that, I mean, they can demand an investigation, but they don't have any actual power to compel it. So I think they're in a weak political position. As long as members of the Republican Party in Congress stick together and stand by the president and say that this was an unfortunate accident, it doesn't merit further investigation. They've learned their lesson, which, at least at this early stage, seems to be the line. I think regardless of your political views, at the very least there should be some type of investigation here. I think if this were a different administration, you might see the Attorney General appoint a special counsel to investigate this, Somebody who isn't directly involved in the administration, who could draft a nonpartisan report, just giving the straight facts about what happened in the scenario and outlining some recommendations, but I don't anticipate that happening here.

Dave Bittner (20:36)

Yeah. All right, well, if you would like to hear a more detailed discussion of this, do check out this week's Caveat podcast where Ben and I spend some more time on this topic. You can find that wherever you get your podcasts. In the meantime, Ben Yellen, thank you so much for dropping in with us here today. Always time well spent.

Ben Yellen (20:58)

Always good to be with you, Dave. Thanks.

Dave Bittner (21:16)

Is your AppSec program actually reducing risk? Developers and AppSec teams drown in critical alerts, yet 95% of fixes don't reduce real risk. Why? Traditional tools use generic prioritization and lack the ability to filter real threats from noise. High impact threats slip through and surface in production, costing 10 times more to fix. OX Security helps you focus on the 5% of issues that truly matter before they reach the cloud. Find out what risks deserve your attention in 2025. Download the application Security Benchmark from Aux Security. And finally, imagine taking a serious online survey, only to be asked forks or no. That's exactly what happened in a Pew Research center online poll, thanks to a wonderfully weird bug. Turns out a glitch triggered Google Chrome's Auto Translate, mistaking the English language survey for Spanish. Chrome then helpfully translated the word yes to Forks. This culinary chaos stemmed from a bizarre Google Translate quirk where yes in Spanish oddly becomes forks in English. Pew traced the issue, squashed some bugs with some HTML wizardry, and double checked that their data remained deliciously intact. Only 0.2% of users reported seeing the error, and no measurable impact was found on the results. Bonus weirdness. Chrome also thought Lean meant Red. Pew's now got safeguards in place so future surveys don't serve up accidental utensils. So yes, it was a strange ride, but no data or forks were harmed in the making of this research. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher. And I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Hey, everybody. Dave here. Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers. So I decided to try Deleteme. I have to say, delete me is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data privacy is protected. Deleteme's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Deleteme now at a special discount for our listeners today. Get 20% off your DeleteMe plan when you go to JoinDeleteMe.com n2k and use promo code n2k at checkout. The only way to get 20% off is to go to JoinDeleteMe.com N2K and enter code N2K at checkout. That's JoinDeleteMe.com N2k code N2K.