The Washington Post reports that members of the White House's National Security Council have used personal Gmail accounts to conduct government business. National security advisor Michael Waltz and a senior aide of his both used their own accounts to discuss sensitive information with colleagues, according to the Post's review and interviews with government officials who spoke to the newspaper anonymously.
Email is not the best approach for sharing information meant to be kept private. That covers sensitive data for individuals such as social security numbers or passwords, much less confidential or classified government documents. It simply has too many potential paths for a bad actor to access information they shouldn't. Government departments typically use business-grade email services, rather than relying on consumer email services. The federal government also has its own internal communications systems with additional layers of security, making it all the more baffling that current officials are being so cavalier with how they handle important information.
“Unless you are using GPG, email is not end-to-end encrypted, and the contents of a message can be intercepted and read at many points, including on Google’s email servers," Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation told the Post.
Additionally, there are regulations requiring that certain official government communications be preserved and archived. Using a personal account could allow some messages to slip through the cracks, accidentally or intentionally.
This latest instance of dubious software use from the executive branch follows the discovery that several high-ranking national security leaders used Signal to discuss planned military actions in Yemen, then added a journalist from The Atlantic to the group chat. And while Signal is a more secure option than a public email client, even the encrypted messaging platform can be exploited, as the Pentagon warned its own team last week.
As with last week's Signal debacle, there have been no repercussions thus far for any federal employees taking risky data privacy actions. NSC spokesman Brian Hughes told the Post he hasn't seen evidence of Waltz using a personal account for government correspondence.
This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/national-security-council-adds-gmail-to-its-list-of-bad-decisions-222648613.html?src=rss https://www.engadget.com/cybersecurity/national-security-council-adds-gmail-to-its-list-of-bad-decisions-222648613.html?src=rssConnectez-vous pour ajouter un commentaire
Autres messages de ce groupe

After a couple years of having its open-source Llama AI model be just a part of its Connect conferences, Meta is breaking things out and hosting an entirely generative AI-focused developer conferen


The Legend of Ochi feels like a film that shouldn't exist today. It's an original story, not an adaptation of an already popular book or comic. It's filled with complex puppetry and practi

The fashion-forward adventure Infinity Nikki is finally coming to Steam on April 29, compl


Almost a year since Microsoft announced its contr