Donald Trump, of course, fueled his election through his Twitter account. Consequently, there's some discussion over whether he'll be able to keep a very out-of-date Samsung Galaxy S3 Android phone from 2012. I'll discuss that in a moment.
In my book Where Have All The Emails Gone?, I extended the discussion to include the issue of private emails traversing the open internet over SMTP. The difference is, I focused on that as a security risk and a presidential record-keeping issue. At the time, I estimated that 103.6 million email messages traveled over the internet via the hosting provider, SMARTech, located in Chattanooga.
There's a law, called the Hatch Act of 1939, that has been interpreted in modern times as compelling government officials to use private servers to conduct non-government business. Essentially, the Hatch Act says you're not supposed to spend government money, or use government resources, to campaign. When the legislation was enacted, it was intended to prevent government officials from using stamps and staff paid for through taxes for political purposes. In the digital era, it's been extended to digital resources.
In any case, the issue of the rnchq.org domain, operated by SMARTech (during the Bush administration as well as now), is a non-story, despite the irony of the situation. There's no law against having your own technology and using it.
The issue with Hillary Clinton was that she used the private server for government business, did not properly comply with Federal Records Act regulations, ignored all of her own State Department rules for appropriate email use, and as the FBI director called it, practiced "extreme carelessness" in terms of managing classified information. For more details, you can read my two special reports about the FRA violations and the systemic disregard for required security practice.
Private servers don't mismanage classified information. People do.
Because of the Hatch Act, it's expected and, in fact, required that Trump administration personnel use a private server for anything other than government communications. They just need to be sure they don't do anything as careless and dangerous as sending classified information over a non-government system.
There are Twitter apps for just about everything. Given that the secured phone provided to the president is most likely a Windows device of some sort (possibly CE), there are existing Twitter clients available. Even if the device is based on Windows Phone, Twitter itself offers a client.
These were the biggest hacks, leaks and data breaches of 2016
But here comes the bad. Let's break this down in two parts: the Android bad and the Twitter bad.
First, the Android: Android is a malware magnet. It's not just that President Trump may be using an incredibly out-of-date model of the Galaxy line, which probably can't run an Android version much later than Jelly Bean or KitKat. KitKat was released in 2014. In Android-malware time, that's ancient.
So what if the President gets some malware on his phone? What's the worst that can happen?
A lot. There is software out there (I'm not going to link to it, sorry), that can be installed on an Android phone and run in the background undetected. It takes about 20 seconds to install. Once installed, it can send copies of every message and voice conversation to a spy server. It can also record conversations -- and even covertly record video.
This isn't super-duper spy stuff. This is software built mainly because spouses and lovers want to spy on each other, which created a market for sneaky software. But can you imagine the harm that can be done if the President of the United States is being spied on at all times?
If not, let me refer you to the first three chapters of my book. It's a free download, and after you read those first three chapters, and think about our president being p0wn3d, you won't sleep for a week. Here's a short summary: It would be bad. Very bad. As in, causing dead people bad.
To be honest, in terms of email, I agree far more with George W. Bush than either Barack Obama or Donald Trump. If I were President of the US, I'd take, as one of my perks, the ability to not have to look at email for the duration of my presidency. That's what Bush The Younger did, and it kept him, personally, out of email trouble. It's almost worth running for president simply to be able to avoid email for four to eight years.
It is deeply dangerous for President Trump to keep using an old Android phone. Whether he's a maverick with new ideas, or just a stubborn billionaire, he will put himself physically at risk if he keeps using that old phone. He'll also put his family, his administration, and the government at risk. He must give up his out-of-date phone.
But there's also a problem with Twitter itself. Let's be clear: There's no harm (from a cybersecurity perspective anyway) in actually sending tweets. But someone needs to be sure that the president never, ever clicks on any links in any of the tweets he reads. Twitter shortlinks can be used to transmit malware.
Trump would certainly be the ultimate phishing target. If a malware vector got inside a secured phone, it would have a reasonably good chance of traversing from the phone to the government networks. To be fair to White House IT folk, the secured networks have strong segmentation and other internal protections -- but still, it's a scary thought.
My advice to the Trump administration
Here's what I would advise the Trump administration: When it comes to Hatch Act compliance, it's fine to use RNC servers. Just make sure your people are clearly trained on what's required for federal and presidential record keeping. Make darned sure everyone understands to never, ever send classified information (or even questionably classified information) outside of a government secured network.
Second, I strongly recommend supporting President Trump's use of Twitter. We've never had the opportunity for a president to speak, unfiltered, to the American people at will, and this could be an amazing experiment in democracy (and a source of never-ending good material for us pundits).
But, with the use of Twitter, you must make sure the president is not using an easy-to-compromise phone like an old S3. Give him the ability to send tweets, but first, completely eliminate the ability to click on embedded links.
If the president wants to see where a link goes, set him up with a machine that's completely air-gapped from anything classified, and secure it as completely as possible. Put that machine behind a firewall that can dynamically scan for malware inside https encrypted packets.
Then, once you're sure the White House and President Trump are secure from obvious cyberattack vectors, let Trump be Trump. It's sure to be a heck of a show.
Do you pass off your security responsibility to others?