Remember Mike Waltz? The National Security Advisor who’s spent the last few weeks demonstrating his profound inability to handle basic security? First, there was the illegal Signal chat where he accidentally added a journalist while discussing potential war crimes. Then we learned about his completely exposed Venmo contacts and leaked passwords. And now, in a twist that would be too on-the-nose for fiction, it turns out the same official who previously demanded DOJ action over private email use… has been conducting government business through Gmail.
Ah, but her emails.
All this seems less than great for the top “security” official in the administration.
Members of President Donald Trump’s National Security Council, including White House national security adviser Michael Waltz, have conducted government business over personal Gmail accounts, according to documents reviewed by The Washington Post and interviews with three U.S. officials.
The use of Gmail, a far less secure method of communication than the encrypted messaging app Signal, is the latest example of questionable data security practices by top national security officials already under fire for the mistaken inclusion of a journalist in a group chat about high-level planning for military operations in Yemen.
A senior Waltz aide used the commercial email service for highly technical conversations with colleagues at other government agencies involving sensitive military positions and powerful weapons systems relating to an ongoing conflict, according to emails reviewed by The Post. While the NSC official used his Gmail account, his interagency colleagues used government-issued accounts, headers from the email correspondence show.
This is, needless to say, pretty fucking bad. First, there’s the basic security incompetence: the National Security Advisor conducting sensitive government business through a commercial email service. Even if Gmail has robust security, it’s completely inappropriate for handling government communications — giving Google potential access to sensitive national security discussions that should never leave secured government systems.
But more concerning is what this reveals about Waltz’s (lack of) judgment. As National Security Advisor, he’s one of the highest-value targets for foreign intelligence services. Every personal account, every commercial service he uses represents another potential vulnerability for adversaries to exploit. And given his demonstrated pattern of security failures — from exposed Venmo contacts to leaked passwords — it’s clear he’s making their job easier.
The National Security Council’s response is a masterclass in missing the point (or, more accurately, misdirecting from the point). When pressed about “sensitive military matters” being discussed over Gmail, their spokesperson offered this gem:
Hughes said NSC staff have guidance about using “only secure platforms for classified information.”
This attempt at reassurance actually reveals the depth of the problem. The distinction isn’t just between classified and unclassified information — it’s about maintaining basic operational security for all sensitive government communications.
And as if to underscore how little they grasp this, we learned from a WSJ article that Waltz’s infamous Signal chat wasn’t a one-off mistake.
Two U.S. officials also said that Waltz has created and hosted multiple other sensitive national security conversations on Signal with cabinet members, including separate threads on how to broker peace between Russia and Ukraine as well as military operations
The scale of security failures here should be absolutely disqualifying for any administration official, let alone America’s top national security advisor. But what makes this situation particularly galling is Waltz’s own history of grandstanding about private email use. Here he is in a tweet that remains up from less than two years ago:
Yes, that’s the same Mike Waltz demanding DOJ action over private email use by a previous National Security Advisor. The hypocrisy would be merely annoying if the stakes weren’t so high. But this isn’t just about scoring political points — it’s about the fundamental security of our nation’s most sensitive communications.
By Waltz’s own standard, articulated in that still-visible tweet, the DOJ should be investigating his wanton use of private commercial messaging services. But more importantly, someone needs to ask: if this is how carelessly our National Security Advisor handles basic operational security, what other vulnerabilities has he created that we don’t yet know about?