Here’s a disturbing fact: All White House e-mail containing staffers’ personal business (or partisan politics) passes through an unencrypted ISP based in Chattanooga, Tenn. And another: Some five million White House e-mails sent between 2003 and 2005 went missing.
According to David Gewirtz, author of Where Have All the Emails Gone?, these are just two holes in the White House’s “broken” IT system. The result, he says, isn’t just patchy presidential archives or—if you’re a democrat—proof of the current administration’s opacity, but a serious threat to national security. We caught up with Gewirtz to learn more about what’s at stake.
What do you mean when you say e-mail at the White House is “broken”?
We found a problem with how the Hatch Act affects e-mail security. This is a law that was put into place in 1939, initially designed to protect people from using government resources to support communism. Now it’s being used to prevent any federal employee from using government resources for a political purpose.
If a White House staffer needs to send an e-mail about a campaign event, by law that person is not allowed to use the White House e-mail system or any government resources to do that. Then what resources are they using? This administration is using an ISP down in Chattanooga, Tennessee. Hundreds of millions of e-mails from the White House are coming through an unprotected, wide-open Internet. You know that if you send an e-mail to me, that’s not a secure thing. If you sent a credit card number to me, that could be intercepted. Imagine you’re sending something of strategic importance to the American government and ask if you’d want anyone to see that information. That’s when you get paranoid.
And what do you mean when you say “missing e-mails?” Let’s clarify that. The White House has never directly admitted that there are any messages missing. They have stated at one point that there might be as many as five—than they said ten—million missing. At another time they said dates were missing, and then they said they weren’t missing at all.
The White House has not come out and said e-mails were missing, but they’ve raised a pile of questions. These are messages they cannot deliver to the national archives. There are days the vice president’s office shows no e-mails in its Inbox. Days where there are no messages at all raise questions. We don’t know if they’ve been backed up. The White House says the computers the messages are on have been destroyed, but they don’t keep track of which ones stay at the White House. So, if they don’t know which computer is which, how do they know which ones have been destroyed? What happens to the hard drives? There are still a lot of questions.
What are some of the other national security problems associated with the White House’s e-mail system? There was testimony—there’s a pile of lawsuits going back and forth to make sure the White House doesn’t destroy e-mail records of this administration—[that] this has happened with every administration since e-mail [became the norm]. Federal record requires that presidential records be preserved. What came out of this was a set of hearings with the House Committee on Oversight and Government Reform and also through what are called interrogatories of the White House Information Office.
One of the things that came out—in a footnote—was that the White House has no mechanism for keeping track of portable media. Also no mechanism for keeping track of computers. They don’t track where laptops are, for example. In the White House, there’s no tracking for any of this portable media. On a 2GB thumb drive, which NewEgg is selling for ten bucks, you can fit 890 bibles of the King James Bible. You’re talking about a 1,110-page book. How many American secrets could you stick on a 2GB thumb drive?
Have there been any movements to repeal the Hatch Act? Not for the purposes of e-mail. There are occasional attacks against it for other purposes. I haven’t tracked them too deeply because they haven’t tracked what I’m looking at. The Hatch Act hasn’t even been thought of in its implications as far as security. How transparent has the current administration been about gaps in its e-mails and its policies regarding data disposal? They have been somewhat opaque and also very inconsistent. The issue here is that they’ve given answers, then denied that those answers were accurate. Then gave answers and said the people giving the answers didn’t have the right to give answers and said those were inaccurate as well. It’s difficult to get a beat on what’s actually going on. Most of the people being asked the questions now weren’t in the White House at the time. You start a job in 2006, you’re being asked about what happened in 2003, you might not know either. Is there any evidence that these information gaps have contributed to breaches in national security? No, but there are certainly questions. One of the big questions I ask is if a crippled e-mail system could have led to strategic mistakes in Iraq. Think about what might have been lost in e-mails. It’s tough to tell. But certainly the potential for those failings is there. What recommendations do you have for better protecting e-mail and portable data security? The Hatch Act needs to be redefined because it’s in conflict with White House security, and needs to be amended to allow White House staffers to use secure government systems for all communication, political or otherwise. If a junior staffer sends an e-mail over AOL to his girlfriend saying, “Gotta stay late—the president is traveling,” and no one knows the president is traveling, that’s a problem.
My next major recommendation is the establishment of what I call the Electronic Communications Protection Detail. The White House needs to be managed by a dedicated IT team that lives across administrations. It would have a procedural base similar to the Secret Service detail. Put it under the auspices of the Secret Service because they already have most of those [structures] in place.
My third recommendation is that political [partisan] e-mail for incumbents needs to be managed by the same protections as government e-mail. Right now, political e-mail is managed by a twelve-person ISP in Chattanooga. My next recommendation is that archiving needs to be managed by the same team and the whole library needs to be checked and migrated as file formats changed.
The fifth one is, we need a better understanding of BlackBerry, phone, and portable device use. Anything that can move around, because these things can get lost. These devices should be managed by the division of the Secret Service that I recommend.
There’s evidence that Karl Rove has lost his BlackBerry on numerous occasions. Who else at the White House has lost their BlackBerrys, and what’s on them? Create an emergency response if someone strategic has lost one of these. The final recommendation is that, although it’s not directly an e-mail issue, there’s something called Executive Order 12233, which was put in place to counter some of the Presidential Records Act. For all intents and purposes these things are in conflict. It says presidential records don’t have to be kept, whereas the Presidential Records Act says records do have to be kept. This conflict needs to be explored and resolved.