Kushner and Other Senior Trump Officials Used WhatsApp to Conduct Official Business
Lock them up.
One of the dangers we were warned about early and often after Donald Trump was elected President was that we would soon “normalize” outrageous conduct. That has certainly come to pass and I’ve been guilty of it myself. While I’m continued to decry violations of longstanding norms, I’ve long since tired of blogging about them because it’s become very much a sense of same stuff, different day. Since I have very little that regulars haven’t already heard many times to add, a couple of tweets tends to slake whatever enthusiasm I have left.
So it went with a story that broke yesterday. In reaction to learning that several top White House officials, including the President’s daughter and son-in-law, violated security rules, I shot off a snarky tweet:
Lock them up https://t.co/0diSrQIvpg
— James Joyner (@DrJJoyner) March 21, 2019
And later re-tweeted a fellow former Republican national security professional:
This makes Clinton’s email server look like a SCIF https://t.co/VNYUnE2iy1
— Tom Nichols (@RadioFreeTom) March 21, 2019
That this is not only outrageous but particularly galling coming from an administration that came to office partly by stoking outrage over Hillary Clinton’s disregard for the rules of handling sensitive communications while Secretary of State goes without saying. But, again, it didn’t surprise me one bit. Indeed, I’ve just assumed this was kind of baked in. We’ve had similar reports going back to at least September 2017.
In fairness, I’m not the only one. In preparing to write this post, I scanned the front pages of both the New York Times and Washington Post websites. Neither had this story on the home page—even though it only broke yesterday afternoon. Less than a day after the story broke, it’s literally yesterday’s news.
The only story referencing the issue at all was a WaPo analysis piece by Joseph Marks titled “The Cybersecurity 202: Kushner’s WhatsApp habit raises security concerns” that required considerable scrolling to find.
A top government official is using personal accounts for government business and Congress is worried hackers could spy on sensitive or classified communications.
This time, it’s presidential adviser and son-in-law Jared Kushner who’s in Congress’s crosshairs for using the messaging tool WhatsApp – including, possibly, communicating with world leaders on the app — according to a Thursday letter to the White House from House Oversight Committee Chairman Elijah Cummings (D-Md.).
And Kushner isn’t the only one creating a security headache by using insecure tools for communications — first daughter and presidential adviser Ivanka Trump uses and continues to use her personal email account for official business, the letter states. Oversight has also obtained documents showing that then-deputy national security adviser K.T. McFarland and then- White House strategist Steve Bannon used personal email accounts during their time in office, the letter states.
The committee is asking the White House for a full accounting of all official business conducted on personal accounts by April 4 – and threatening subpoenas if it doesn’t get it.
The controversy highlights how cybersecurity precautions that are perfectly sufficient for average citizens can still fall short when it comes to highly sensitive information held by top government officials.
WhatsApp, for example, is widely viewed as one of the most secure commercial messaging systems because it uses end-to-end encryption by default – that means the messages are scrambled into gibberish during the journey between the sender and the recipient and no one can unscramble them, including the company itself.
But no company’s security is perfect, and top hackers could discover an unknown bug that allows them to get around the WhatsApp encryption system. Indeed, on Thursday, cybersecurity reporter Brian Krebs revealed a security flaw at WhatsApp parent Facebook that left hundreds of millions of user passwords exposed to Facebook employees.
There are also other ways a highly sophisticated hacking group could spy on Kushner’s WhatsApp messaging.
For instance, if hackers compromised his phone through another channel, they could install a tool that recorded everything he typed into it. That would make hacking into the app itself unnecessary, Tom Suder, a specialist in government mobile technology and president of the Advanced Technology Academic Research Center, a government-industry partnership, told me.
Or, someone could steal the device itself. If Kushner is using WhatsApp on a personal device, that would make it unlikely that security officials could remotely wipe its contents to ensure thieves didn’t get access to sensitive information contained within, Nabil Hannan, managing principal for financial services at the software firm Synopsys, told me.
“Tools like WhatsApp can be pretty effective for providing solid and secure end-to-end encryption for private citizens,” Richard Ford, chief scientist at the cybersecurity company Forcepoint, told me. “However, the people we’re talking about here are not your average Joes, but face a very different threat profile.”
The security concerns are the same as when Secretary of State Hillary Clinton used a personal email server while in office, experts told me. President Trump made Clinton’s private email server a persistent theme of his 2016 campaign, calling for an investigation and prompting supporters to yell “Lock her Up!” at the former first lady. [highlighting in original]
Which, obviously, was the inspiration for my snarky Twitter reaction.
Like Tom Nichols, I both found Clinton’s handling of her official communications outrageous and yet still thought her more fit for the presidency than Donald Trump. And, like him, I think the use of WhatsApp by senior Trump officials here was actually far worse than Clinton’s transgressions.
First off, while some later-classified materials may have wound up being forwarded by her because of her lax practices, I have no doubt that she at least intended to safeguard sensitive communications. Second, she was actually deemed qualified to access classified materials; Kushner had to be personally waived by the President.
Beyond that, it’s rather clear that Kushner and others were communicating with hostile foreign governments using other than official channels. That’s far more egregious than being lazy about one’s internal communications with trusted staffers.