Trump’s Mar-a-Lago Has a Secure Room? Great! Then Use It
Credit to Author: Brian Barrett| Date: Tue, 14 Feb 2017 00:55:11 +0000
Saturday evening, North Korea launched a ballistic missile that traveled over 300 miles before crashing into the Sea of Japan—far enough to hint at the ability to drop a nuke on one of the US’ closest allies.
Naturally, President Trump discussed the matter with Japanese Prime Minister Shinzo Abe, who was visiting the US, and National Security Adviser Michael Flynn. But here’s the problem: He did so in full view of guests at Trump’s Mar-a-Lago resort in Florida, with smartphone cameras and flashlights pointed at presumably sensitive material.
On Monday, White House press secretary Sean Spicer said that “no classified material” was shared at dinner, and that the president had received an intelligence briefing beforehand in an on-site Sensitive Compartmented Information Facility, a specially outfitted room with one purpose: Keep out the spies.
Whatever comfort that reassurance affords, it doesn’t change the reality that a high-level diplomatic conversation took place that night in full view of waitstaff and nearby diners—at least one of whom posted about the show on social media.
“It was fascinating to watch the flurry of activity at dinner when the news came that North Korea had launched a missile in the direction of Japan,” wrote Richard DeAgazio in his now-private Facebook caption. A briefing may have happened in the SCIF, but plenty of discussion happened outside of it to. The documents in Trump’s hands may not have been classified, but Flynn and White House adviser Stephen Bannon deemed them important enough to huddle over.
If the bulk of the president’s security discussions took place in a SCIF, great. If even a small portion of them didn’t, Trump and his team took an inexcusable risk with national security.
SCIF It Good
Neither Mar-a-Lago nor the White House responded to inquiries as to whether the resort has a dedicated SCIF room, but Spicer indicated that it does. That tracks with how security officials have treated Trump’s other properties; a Trump Tower conference room got a SCIF upgrade ahead of his inauguration.
A SCIF designation doesn’t connote a specific product or design. Rather, means a space that lives up to hefty requirements the Department of Defense imposes. They can be portable, as was the tent-like version President Obama traveled with, or built into existing structures; the Clintons had one in each of their two homes during her tenure as Secretary of State.
SCIFs are more than just secluded spaces. Contracted companies construct them to comply with the NSA’s TEMPEST spec, essentially a field guide to prevent radio or electrical signals, sounds, or vibrations from inadvertently giving away information to snoops. (Many TEMPEST specifics are still classified, and those that aren’t involve a lot of detailed placement of wires and such.) Some even function as inhabitable Faraday cages.
However different they may look from the outside or in, SCIFs all require self-contained power, data, and security systems. They’re subject to regular, unannounced security inspections. Visitors require high-level clearances. And, perhaps most pertinently in this case, in most cases no electronic devices are allowed inside. Leave them with aides back in the restaurant.
All of which makes a Mar-a-Lago SCIF the ideal place to discuss North Korean saber-rattling. And the polar opposite of the crowded dining area where at least some high-level conversation took place.
Security Lapses
Discussing sensitive information within earshot of, well, anyone is grossly irresponsible. But the photo DeAgazio posted to Facebook had even more bad news: staffers huddled behind Abe and Trump, holding up smartphones with flashlights on to illuminate documents. As CNN first reported, the politicians and their aides placed calls to officials in Washington and Tokyo in plain sight of the well-heeled resort crowd.
While short of a full briefing, it remains terrifying. Assuming the smartphones staffers held aloft were consumer devices, they’re basically bugs waiting for someone to activate them. Android phones are notoriously insecure outside of the most recent update, and even then aren’t guaranteed safe. And while iOS devices generally fare better against hackers, a report from Citizen Lab last fall showed that the going rate for an iOS “zero day” hack—one unknown to the vendor, and therefore highly exploitable—was a million bucks. That’s well within the budget of a nation-state looking for intel. “The idea that somebody could target these phones is not science-fiction,” says Matthew Green, cryptographer at Johns Hopkins University. “It’s actually a pretty standard, well-understood threat.”
Once compromised, a smartphone can cough up whatever information you could imagine. “That’s the screen, the keyboard, the camera, the microphone,” says Green. In this case, that means listening in on sensitive international security discussions, or snapping illicit photos of private documents.
And that’s before you consider the fact of Trump’s own Android phone, from which, as the Washington Post notes, he had tweeted just a few hours before his dinner with Abe. It would be more surprising, at this point, if Trump’s phone somehow weren’t compromised than if it were.
“We had this big election where one of the issues was the security of handling classified information, and at the same time we have this cavalier attitude,” says Green. “Do these people really not believe that they are targets?”
If they did, they never would have left the SCIF.