Does the Trump administration understand computer security at all? This is not a rhetorical question. Trump uses an unsecured Android phone, an intelligence agency’s security nightmare, because he can’t let go of his Twitter feed. Multiple administration Twitter feeds didn’t even bother with two-factor identification, making the private emails tied to them simple to discover. And now we learn Sean Spicer, press secretary, public figure, and password Tweeter left his Venmo account public.
Venmo, if you’re unfamiliar, is an app that allows you to request payment from, or send payment to, anybody you’ve added as a friend. It’s generally used to split checks, cover small sums, and other costs. If an account is public, that means anyone can do this, so guess what happened to Spicer?
https://twitter.com/Ice_Brig/status/828827730364026880
https://twitter.com/britswitz/status/828801295775567876
LOL: pic.twitter.com/zJhQeQszH2
— JOSH SISK (@joshsisk) February 7, 2017
New York Magazine noted that the account’s both being buried under insulting donations and, of course, people demanding he pay up for various insults to the American public. It’s not entirely clear that the account is legit, and it appears that Spicer isn’t exactly a power user if it is, although that he has a lobbyist on his Venmo is either hilarious or unnerving depending on your perspective. But it’s also a symptom of a potential national security disaster.
It’s difficult, at this point, to determine whether the Trump administration is simply ignorant of basic information security or actively contemptuous of even the basic rules of protecting data or federal records. You can make a case either way, depending on how you interpret the current White House staff struggling to work the light switches. Not to mention how Trump’s staff deletes and replaces his tweets despite it potentially being a violation of federal records law.
This is not a political issue; Obama took information security so seriously, he lived with a phone that couldn’t text for eight years, and Bush drafted a cybersecurity initiative largely used by Obama’s administration. Any Presidential administration needs to keep a tight digital ship as the President and his staff have access to and must consult on a host of classified data points, ranging from the President’s day to day schedule to military data to classified signals intelligence. Things are not improving: Rudy Guiliani, Trump’s cybersecurity czar, can’t even secure his company’s own website.
That members of the Trump administration can’t even think to take social media accounts private forces us to ask what other common sense security protocols are being ignored in the White House. Making an account private, especially one tied to your credit cards, is just common sense even if you’re not on television every single week. The Trump administration needs to start taking cybersecurity seriously, or it may be putting Americans at risk.