National Security Council adds Gmail to its list of bad decisions

The Washington Post reports that members of the White House's National Security Council have used personal Gmail accounts to conduct government business. National security advisor Michael Waltz and a senior aide of his both used their own accounts to discuss sensitive information with colleagues, according to the Post's review and interviews with government officials who spoke to the newspaper anonymously.

Email is not the best approach for sharing information meant to be kept private. That covers sensitive data for individuals such as social security numbers or passwords, much less confidential or classified government documents. It simply has too many potential paths for a bad actor to access information they shouldn't. Government departments typically use business-grade email services, rather than relying on consumer email services. The federal government also has its own internal communications systems with additional layers of security, making it all the more baffling that current officials are being so cavalier with how they handle important information.

“Unless you are using GPG, email is not end-to-end encrypted, and the contents of a message can be intercepted and read at many points, including on Google’s email servers," Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation told the Post.

Additionally, there are regulations requiring that certain official government communications be preserved and archived. Using a personal account could allow some messages to slip through the cracks, accidentally or intentionally.

This latest instance of dubious software use from the executive branch follows the discovery that several high-ranking national security leaders used Signal to discuss planned military actions in Yemen, then added a journalist from The Atlantic to the group chat. And while Signal is a more secure option than a public email client, even the encrypted messaging platform can be exploited, as the Pentagon warned its own team last week.

As with last week's Signal debacle, there have been no repercussions thus far for any federal employees taking risky data privacy actions. NSC spokesman Brian Hughes told the Post he hasn't seen evidence of Waltz using a personal account for government correspondence.

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/national-security-council-adds-gmail-to-its-list-of-bad-decisions-222648613.html?src=rss https://www.engadget.com/cybersecurity/national-security-council-adds-gmail-to-its-list-of-bad-decisions-222648613.html?src=rss
Created 23d | Apr 2, 2025, 12:10:21 AM


Login to add comment

Other posts in this group

Nintendo Switch 2 pre-orders: Sold out at most retailers including GameStop, Walmart, Target, Best Buy and others

Nintendo Switch 2 pre-orders are now officially open in North America. After (what felt like) a long delay after the original April 9 pre-order date, Nintendo finally opened up pre-orders in the US

Apr 24, 2025, 9:20:17 PM | Engadget
Bowers & Wilkins new Px7 S3 wireless headphones feature updated ANC tech

Bowers & Wilkins is back with another pair of

Apr 24, 2025, 7:10:28 PM | Engadget
Meta finally acknowledges that Facebook has a major spam problem

Meta is finally acknowledging that Facebook’s feed is filled with too many spammy posts. In

Apr 24, 2025, 7:10:25 PM | Engadget
Can I offer you a nice image of the Sun in these trying times?

The joint ESA and NASA Solar Orbiter mission has delivered

Apr 24, 2025, 7:10:24 PM | Engadget
Razer has a vertical mouse now

Razer has unveiled two new iterations of its Pro Click mouse with an eye toward comfort. The

Apr 24, 2025, 7:10:23 PM | Engadget