The Washington Post has reported that members of the White House’s National Security Council utilized personal Gmail accounts for conducting government business. According to the Post‘s investigation and interviews with anonymous government officials, national security advisor Michael Waltz and a senior aide both used their personal accounts to discuss sensitive information with colleagues.
Using email to share information intended for privacy is not optimal. This includes sensitive personal data like social security numbers or passwords, let alone confidential or classified government documents. The potential for unauthorized access to such information is significantly high. Typically, government departments opt for business-grade email services over consumer options. The federal government also employs its own internal communication systems, which come with added security measures, making it perplexing that current officials are so casual with handling crucial information.
“Unless you are using GPG, email is not end-to-end encrypted, and the contents of a message can be intercepted and read at many points, including on Google’s email servers,” stated Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation, in her conversation with the Post.
Additionally, regulations stipulate that certain official government communications must be preserved and archived. The use of a personal account could potentially lead to some messages being overlooked, either accidentally or on purpose.
This recent case of questionable software usage within the executive branch follows the revelation that multiple high-ranking national security officials employed Signal to discuss planned military actions in Yemen, subsequently adding a journalist from The Atlantic to the group chat. While Signal is a more secure alternative to public email clients, the encrypted messaging platform is not immune to exploitation, as highlighted by its own team last week.
Much like the Signal situation from last week, there have been no repercussions thus far for any federal employees engaging in risky data privacy behaviors. NSC spokesman Brian Hughes informed the Post that he has not seen evidence of Waltz using a personal account for government correspondence.
This article originally appeared on Engadget at this link.
