Federal law actually requires private email server use. White House email expert David Gewirtz sets the record straight and details the true risks of the president’s use of Android and Twitter.
Now that President Trump is in the White House, there are some breathless stories going around about the technology his administration is adopting.
When Barack Obama came into the White House, he was the most connected president ever, an active user of an actual BlackBerry, before that concept became so terribly quaint. At the time, I covered the initial furor over whether he’d be allowed to keep his personal phone, and the eventual adoption of a military-grade communications device.
Donald Trump, of course, fueled his election through his Twitter account. Consequently, there’s some discussion over whether he’ll be able to keep a very out-of-date Samsung Galaxy S3 Android phone from 2012. I’ll discuss that in a moment.
Private email servers
The second tech story to get some traction is “Trump White House senior staff have private RNC email accounts” from Newsweek reporter Nina Burleigh.
The basic appeal of this story is the irony. After all, Trump and the GOP went after Hillary Clinton, even to go so far as chant “Lock her up,” because of her operation of a private email server.
Also: Trump aides’ use of encrypted messaging may violate records law | If President Trump is still using his old Android phone, is that a bad call? | Trump’s attorney general nominee in favor of encryption backdoors
The Newsweek story focuses on a Republican National Committee server which, according to current whois records, appears to be operated on the same domain, and by the same hosting provider, as it was when I investigated it during the Bush administration. (Back then, I was investigating what happened to millions of email messages about the firing of US Attorneys.)
According to the Newsweek story, “The system (rnchq.org) is the same one the George W. Bush administration was accused of using to evade transparency rules after claiming to have ‘lost’ 22 million emails.”
This is not true. The government (as well as Democratic-leaning advocacy groups) focused nearly all their attention on the fact that the Bush administration email records were lost from the Executive Office of the President’s government-operated email infrastructure.
The Bush administration converted from a Notes-based email environment to an Exchange-based one, right at the lead up to the Iraq war. This was all internal to the White House. None of the emails considered “missing” or “lost” were ever conflated with the email on the RNC’s servers.
Private servers don’t mismanage classified information. People do.
In my book Where Have All The Emails Gone?, I extended the discussion to include the issue of private emails traversing the open internet over SMTP. The difference is, I focused on that as a security risk and a presidential record-keeping issue. At the time, I estimated that 103.6 million email messages traveled over the internet via the hosting provider, SMARTech, located in Chattanooga.
There’s a law, called the Hatch Act of 1939, that has been interpreted in modern times as compelling government officials to use private servers to conduct non-government business. Essentially, the Hatch Act says you’re not supposed to spend government money, or use government resources, to campaign. When the legislation was enacted, it was intended to prevent government officials from using stamps and staff paid for through taxes for political purposes. In the digital era, it’s been extended to digital resources.
In any case, the issue of the rnchq.org domain, operated by SMARTech (during the Bush administration as well as now), is a non-story, despite the irony of the situation. There’s no law against having your own technology and using it.
The issue with Hillary Clinton was that she used the private server for government business, did not properly comply with Federal Records Act regulations, ignored all of her own State Department rules for appropriate email use, and as the FBI director called it, practiced “extreme carelessness” in terms of managing classified information. For more details, you can read my two special reports about the FRA violations and the systemic disregard for required security practice.
Private servers don’t mismanage classified information. People do.
Because of the Hatch Act, it’s expected and, in fact, required that Trump administration personnel use a private server for anything other than government communications. They just need to be sure they don’t do anything as careless and dangerous as sending classified information over a non-government system.
President Trump’s phone
Speaking of dangerous, let’s get back to the topic of President Trump’s Android phone. There have been conflicting reports about whether he’s giving it up for a more secured device.
There are Twitter apps for just about everything. Given that the secured phone provided to the president is most likely a Windows device of some sort (possibly CE), there are existing Twitter clients available. Even if the device is based on Windows Phone, Twitter itself offers a client.
But here comes the bad. Let’s break this down in two parts: the Android bad and the Twitter bad.
First, the Android: Android is a malware magnet. It’s not just that President Trump may be using an incredibly out-of-date model of the Galaxy line, which probably can’t run an Android version much later than Jelly Bean or KitKat. KitKat was released in 2014. In Android-malware time, that’s ancient.
So what if the President gets some malware on his phone? What’s the worst that can happen?
A lot. There is software out there (I’m not going to link to it, sorry), that can be installed on an Android phone and run in the background undetected. It takes about 20 seconds to install. Once installed, it can send copies of every message and voice conversation to a spy server. It can also record conversations — and even covertly record video.
This isn’t super-duper spy stuff. This is software built mainly because spouses and lovers want to spy on each other, which created a market for sneaky software. But can you imagine the harm that can be done if the President of the United States is being spied on at all times?
If not, let me refer you to the first three chapters of my book. It’s a free download, and after you read those first three chapters, and think about our president being p0wn3d, you won’t sleep for a week. Here’s a short summary: It would be bad. Very bad. As in, causing dead people bad.
To be honest, in terms of email, I agree far more with George W. Bush than either Barack Obama or Donald Trump. If I were President of the US, I’d take, as one of my perks, the ability to not have to look at email for the duration of my presidency. That’s what Bush The Younger did, and it kept him, personally, out of email trouble. It’s almost worth running for president simply to be able to avoid email for four to eight years.
It is deeply dangerous for President Trump to keep using an old Android phone. Whether he’s a maverick with new ideas, or just a stubborn billionaire, he will put himself physically at risk if he keeps using that old phone. He’ll also put his family, his administration, and the government at risk. He must give up his out-of-date phone.
But there’s also a problem with Twitter itself. Let’s be clear: There’s no harm (from a cybersecurity perspective anyway) in actually sending tweets. But someone needs to be sure that the president never, ever clicks on any links in any of the tweets he reads. Twitter shortlinks can be used to transmit malware.
Trump would certainly be the ultimate phishing target. If a malware vector got inside a secured phone, it would have a reasonably good chance of traversing from the phone to the government networks. To be fair to White House IT folk, the secured networks have strong segmentation and other internal protections — but still, it’s a scary thought.
My advice to the Trump administration
Here’s what I would advise the Trump administration: When it comes to Hatch Act compliance, it’s fine to use RNC servers. Just make sure your people are clearly trained on what’s required for federal and presidential record keeping. Make darned sure everyone understands to never, ever send classified information (or even questionably classified information) outside of a government secured network.
Second, I strongly recommend supporting President Trump’s use of Twitter. We’ve never had the opportunity for a president to speak, unfiltered, to the American people at will, and this could be an amazing experiment in democracy (and a source of never-ending good material for us pundits).
But, with the use of Twitter, you must make sure the president is not using an easy-to-compromise phone like an old S3. Give him the ability to send tweets, but first, completely eliminate the ability to click on embedded links.
If the president wants to see where a link goes, set him up with a machine that’s completely air-gapped from anything classified, and secure it as completely as possible. Put that machine behind a firewall that can dynamically scan for malware inside https encrypted packets.
Then, once you’re sure the White House and President Trump are secure from obvious cyberattack vectors, let Trump be Trump. It’s sure to be a heck of a show.