Despite the widespread adoption of end-to-end encrypted messaging systems such as Signal, the 2025 Signalgate incident revealed their inability to ensure holistic information security in real-world contexts. This study integrates formal methods with socio-technical analysis, employing applied pi-calculus for the first time to model secure communication within high-stakes political settings. It introduces the concept of “illusory security” to elucidate how power asymmetries, tool misuse, and procedural circumvention undermine operational security. Through formal verification, case studies, and geopolitical impact assessment, the work demonstrates that even with improved usability of encryption tools, ordinary users’ message confidentiality remains inadequately protected. The findings further caution that ineffective encryption practices may precipitate severe geopolitical consequences.

We analyse the 2025 Signalgate leak of sensitive US military information by the Trump administration, addressing why confidentiality was violated (messages leaked to the press) in spite of encryption (Signal), to deepen the socio-technical considerations when designing and deploying encryption. First, we use applied pi-calculus to formally model the boutique secure facility setup requested by the US Defence Secretary, to prove that a leak would not be prevented. We then examine how using a secure channel might still not give overall information security, as, in this case, power imbalances between personnel and officials led to the application of cryptography that compromised their operational security. We look at how cryptographic tools may have instilled a false sense of security, and led officials to "overshare". We then apply this analysis to the Trump administration's general desire to burn through political, legal, and now technical process, and demonstrate geopolitical harms that may arise from such ineffective use of cryptography in a brief use case. We conclude that, even with advancements in usability of cryptographic tools, genuine message security is still out of reach of the "average user".