Just days after President Donald Trump and Japan's Prime Minister Shinzo Abe were seen huddled around the dinner table in the middle of Trump's Mar-a-Lago restaurant discussing North Korea's missile test in full view of other patrons – and using cell phone flashlights to illuminate documents in the dimly lit room – Rep. Jason Chaffetz (R-Utah), chairman of the House Oversight Committee, is probing the security of what is being referred to as an impromptu “open-air situation room.”
After hammering rival Hillary Clinton on the campaign trail for using a private email server while Secretary of State and potentially mishandling classified data, Trump is now the focus of a probe into the handling of sensitive information.
In a letter to the White House, Chaffetz asked for an accounting of the security measures in place at the Florida resort. “Accounts and photographs from other diners seem to indicate these communications occurred in the presence of other guests,” Chaffetz wrote to Chief of Staff Reince Priebus. “Reportedly, documents were provided by what appeared to be White House staff for the President's review while the dinner proceeded.”
As reports of the missile test rippled out to Mar-a-Lago where Trump and Abe were dining, tweets and photos from patrons in the club showed the two men and their compatriots openly discussing the situation and using cell phone flashlights to view documents, raising a number of security concerns, among them whether the phones used were secure.
While the level of connectivity brought about by the proliferation of smart devices on the Internet of Things (IoT) can improve quality of life, user experience, innovation and efficiencies, cell phones or other devices, if not properly secured, can become an entry point for hackers.
Flashlight apps and mobile phone cameras in the past have been used to spread malware and to spy on users. Trump, too, has been known to still use his unsecured personal phone.
"There have been reports that President Trump is still using an unsecured phone, and if these documents were being viewed on an unsecured device, there is definitely some cause for concern from a national security perspective,” Nathan Wenzler, chief security strategist at AsTech, said in comments emailed to SC Media.
“There are many avenues where this can go wrong, whether by user error (i.e., Trump inadvertently forwards the document on to another email account somewhere), or potentially from a malicious attacker getting malware installed on the phone, especially if he's using an Android phone, as there are many known malware and exploit kits that are tailored for Android targets,” Wenzler said. “Additionally, if using Wi-Fi at Mar-a-Lago, it's possible that the traffic could be intercepted during transmission to the access point and compromised that way."
The White House has until Feb. 28 to provide the following information, Chaffetz wrote:
- An explanation of whether proper security protocols were followed with regard to discussions at Mar-a-Lago, as well as who set those protocols;
- Identify the documents reviewed at the dinner table and other common areas at Mar-a-Lago, and whether any of those documents were classified or otherwise sensitive, and if so, what classification level and handling caveats applied;
- An explanation of whether any classified information was discussed in common areas at Mar-a-Lago, including while any individuals were speaking or recording on cellular telephones;
- An explanation about whether and how the guests, employees, and residents at Mar-a-Lago are vetted in order to ensure that they are not foreign agents or spies on behalf of a foreign government; and
- In addition to the SCIF [Sensitive Compartmented Information Facility] at Mar-a-Lago, what other security protocols are in place to protect sensitive information at Mar-a-Lago.