Just in:
Sunshine’s Debut Features Leave Tech World Scratching Its Head // Sharjah Chamber Breaks Ground on Final Expansion with New HQ Pact // German Job Market Resilience Bodes Well for Economic Recovery // Infineon and HD Korea Shipbuilding & Offshore Engineering jointly develop ship electrification technology // Emirates Post Speeds Up Deliveries for GCC with Special Day // Konica Minolta is named ASEAN 2023 Market Leader in Colour Light and Mid Digital Production Printers // Sharpening the Focus: Sharjah Health Department Refines Evaluation Criteria for “Healthy Schools Programme” // First-Ever Fortune Innovation Forum Draws Top Global Leaders to Hong Kong, Promoting Agendas On Collective Cross-Sector Advancement // Ingdan Announces 2023 Annual Results // Experience Ultimate Shopping Freedom at 4.4 Shopee Spree: Don’t Worry, Shop Shopee! // Lisboeta Macau’s world first LINE FRIENDS PRESENTS CASA DE AMIGO and BROWN & FRIENDS CAFE & BISTRO has officially opened // U.S. Compliance Takes Center Stage at OKX Following Industry Jitters // Emirati Aid Reaches Ukraine as Food Shortages Bite // Samsung Partners National Heritage Board to Bring a Slice of Singapore’s Cultural Heritage to Samsung The Frame TV // Andertoons by Mark Anderson for Thu, 28 Mar 2024 // Arvind Kejriwal Was Used By BJP In 2011 Movement To Take On The Congress // French Leaders Gather for Interfaith Iftar Dinner // US reiterates concern over Kejriwal arrest, Cong accounts // Global Audience to Witness Thrill of Dubai World Cup // Universal Language for Healthcare: General Authority Embraces Global Coding System //
HomeBiz TechMy advice to President Trump: Keep the private email servers, ditch the Android phone, and Tweet on!

My advice to President Trump: Keep the private email servers, ditch the Android phone, and Tweet on!

1485536174 donald trump close

donald-trump-close.jpg

Credit: Michael Vadon Attribution 2.0 Generic (CC BY 2.0)

Now that President Trump is in the White House, there are some breathless stories going around about the technology his administration is adopting.

When Barack Obama came into the White House, he was the most connected president ever, an active user of an actual BlackBerry, before that concept became so terribly quaint. At the time, I covered the initial furor over whether he’d be allowed to keep his personal phone, and the eventual adoption of a military-grade communications device.

ADVERTISEMENT

special feature


Cyberwar and the Future of Cybersecurity

Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.

Donald Trump, of course, fueled his election through his Twitter account. Consequently, there’s some discussion over whether he’ll be able to keep a very out-of-date Samsung Galaxy S3 Android phone from 2012. I’ll discuss that in a moment.

ADVERTISEMENT

Private email servers

The second tech story to get some traction is “Trump White House senior staff have private RNC email accounts” from Newsweek reporter Nina Burleigh.

The basic appeal of this story is the irony. After all, Trump and the GOP went after Hillary Clinton, even to go so far as chant “Lock her up,” because of her operation of a private email server.

Also: Trump aides’ use of encrypted messaging may violate records law | If President Trump is still using his old Android phone, is that a bad call? | Trump’s attorney general nominee in favor of encryption backdoors

The Newsweek story focuses on a Republican National Committee server which, according to current whois records, appears to be operated on the same domain, and by the same hosting provider, as it was when I investigated it during the Bush administration. (Back then, I was investigating what happened to millions of email messages about the firing of US Attorneys.)

According to the Newsweek story, “The system (rnchq.org) is the same one the George W. Bush administration was accused of using to evade transparency rules after claiming to have ‘lost’ 22 million emails.”

This is not true. The government (as well as Democratic-leaning advocacy groups) focused nearly all their attention on the fact that the Bush administration email records were lost from the Executive Office of the President’s government-operated email infrastructure.

The Bush administration converted from a Notes-based email environment to an Exchange-based one, right at the lead up to the Iraq war. This was all internal to the White House. None of the emails considered “missing” or “lost” were ever conflated with the email on the RNC’s servers.

Private servers don’t mismanage classified information. People do.

In my book Where Have All The Emails Gone?, I extended the discussion to include the issue of private emails traversing the open internet over SMTP. The difference is, I focused on that as a security risk and a presidential record-keeping issue. At the time, I estimated that 103.6 million email messages traveled over the internet via the hosting provider, SMARTech, located in Chattanooga.

There’s a law, called the Hatch Act of 1939, that has been interpreted in modern times as compelling government officials to use private servers to conduct non-government business. Essentially, the Hatch Act says you’re not supposed to spend government money, or use government resources, to campaign. When the legislation was enacted, it was intended to prevent government officials from using stamps and staff paid for through taxes for political purposes. In the digital era, it’s been extended to digital resources.

In any case, the issue of the rnchq.org domain, operated by SMARTech (during the Bush administration as well as now), is a non-story, despite the irony of the situation. There’s no law against having your own technology and using it.

The issue with Hillary Clinton was that she used the private server for government business, did not properly comply with Federal Records Act regulations, ignored all of her own State Department rules for appropriate email use, and as the FBI director called it, practiced “extreme carelessness” in terms of managing classified information. For more details, you can read my two special reports about the FRA violations and the systemic disregard for required security practice.

Private servers don’t mismanage classified information. People do.

Because of the Hatch Act, it’s expected and, in fact, required that Trump administration personnel use a private server for anything other than government communications. They just need to be sure they don’t do anything as careless and dangerous as sending classified information over a non-government system.

President Trump’s phone

Speaking of dangerous, let’s get back to the topic of President Trump’s Android phone. There have been conflicting reports about whether he’s giving it up for a more secured device.

There are Twitter apps for just about everything. Given that the secured phone provided to the president is most likely a Windows device of some sort (possibly CE), there are existing Twitter clients available. Even if the device is based on Windows Phone, Twitter itself offers a client.

But here comes the bad. Let’s break this down in two parts: the Android bad and the Twitter bad.

First, the Android: Android is a malware magnet. It’s not just that President Trump may be using an incredibly out-of-date model of the Galaxy line, which probably can’t run an Android version much later than Jelly Bean or KitKat. KitKat was released in 2014. In Android-malware time, that’s ancient.

So what if the President gets some malware on his phone? What’s the worst that can happen?

A lot. There is software out there (I’m not going to link to it, sorry), that can be installed on an Android phone and run in the background undetected. It takes about 20 seconds to install. Once installed, it can send copies of every message and voice conversation to a spy server. It can also record conversations — and even covertly record video.

This isn’t super-duper spy stuff. This is software built mainly because spouses and lovers want to spy on each other, which created a market for sneaky software. But can you imagine the harm that can be done if the President of the United States is being spied on at all times?

If not, let me refer you to the first three chapters of my book. It’s a free download, and after you read those first three chapters, and think about our president being p0wn3d, you won’t sleep for a week. Here’s a short summary: It would be bad. Very bad. As in, causing dead people bad.

To be honest, in terms of email, I agree far more with George W. Bush than either Barack Obama or Donald Trump. If I were President of the US, I’d take, as one of my perks, the ability to not have to look at email for the duration of my presidency. That’s what Bush The Younger did, and it kept him, personally, out of email trouble. It’s almost worth running for president simply to be able to avoid email for four to eight years.

It is deeply dangerous for President Trump to keep using an old Android phone. Whether he’s a maverick with new ideas, or just a stubborn billionaire, he will put himself physically at risk if he keeps using that old phone. He’ll also put his family, his administration, and the government at risk. He must give up his out-of-date phone.

But there’s also a problem with Twitter itself. Let’s be clear: There’s no harm (from a cybersecurity perspective anyway) in actually sending tweets. But someone needs to be sure that the president never, ever clicks on any links in any of the tweets he reads. Twitter shortlinks can be used to transmit malware.

Trump would certainly be the ultimate phishing target. If a malware vector got inside a secured phone, it would have a reasonably good chance of traversing from the phone to the government networks. To be fair to White House IT folk, the secured networks have strong segmentation and other internal protections — but still, it’s a scary thought.

My advice to the Trump administration

Here’s what I would advise the Trump administration: When it comes to Hatch Act compliance, it’s fine to use RNC servers. Just make sure your people are clearly trained on what’s required for federal and presidential record keeping. Make darned sure everyone understands to never, ever send classified information (or even questionably classified information) outside of a government secured network.

Second, I strongly recommend supporting President Trump’s use of Twitter. We’ve never had the opportunity for a president to speak, unfiltered, to the American people at will, and this could be an amazing experiment in democracy (and a source of never-ending good material for us pundits).

But, with the use of Twitter, you must make sure the president is not using an easy-to-compromise phone like an old S3. Give him the ability to send tweets, but first, completely eliminate the ability to click on embedded links.

If the president wants to see where a link goes, set him up with a machine that’s completely air-gapped from anything classified, and secure it as completely as possible. Put that machine behind a firewall that can dynamically scan for malware inside https encrypted packets.

Then, once you’re sure the White House and President Trump are secure from obvious cyberattack vectors, let Trump be Trump. It’s sure to be a heck of a show.

Do you pass off your security responsibility to others?

You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.

(via PCMag)

ADVERTISEMENT

ADVERTISEMENT
Just in:
Infineon and HD Korea Shipbuilding & Offshore Engineering jointly develop ship electrification technology // Experience Ultimate Shopping Freedom at 4.4 Shopee Spree: Don’t Worry, Shop Shopee! // Ingdan Announces 2023 Annual Results // Ajman Celebrates Conclusion of Ramadan Activities with Grand Ceremony // French Leaders Gather for Interfaith Iftar Dinner // Sharpening the Focus: Sharjah Health Department Refines Evaluation Criteria for “Healthy Schools Programme” // Sharjah Chamber Breaks Ground on Final Expansion with New HQ Pact // German Job Market Resilience Bodes Well for Economic Recovery // Emirati Aid Reaches Ukraine as Food Shortages Bite // Samsung Partners National Heritage Board to Bring a Slice of Singapore’s Cultural Heritage to Samsung The Frame TV // Lisboeta Macau’s world first LINE FRIENDS PRESENTS CASA DE AMIGO and BROWN & FRIENDS CAFE & BISTRO has officially opened // 2024 Lok Sabha Elections Will Be The Costliest One Till Now In The Whole World // Andertoons by Mark Anderson for Thu, 28 Mar 2024 // Melco Style Presents “SANRIO CHARACTERS STUDIO CITY CARNIVAL” – Explore a SANRIO World of Unlimited Love and Cuteness // Hope for Respite as UAE Endorses UN Plea for Gaza Truce // New Nylon Constant Torque Hinge From Southco Provides Position Control In A Compact Package // AIA Hong Kong Wins More Than 20 Accolades at MPF Ratings MPF Awards, BENCHMARK MPF of The Year Awards and Bloomberg Businessweek Top Fund Awards // TUMI Hosts Global Launch Event in Singapore to Unveil Women’s Asra Collection and Announce Global Ambassador, Mun Ka Young // US reiterates concern over Kejriwal arrest, Cong accounts // Global Audience to Witness Thrill of Dubai World Cup //