National Security Council adds Gmail to its list of bad decisions

The Washington Post reports that members of the White House's National Security Council have used personal Gmail accounts to conduct government business. National security advisor Michael Waltz and a senior aide of his both used their own accounts to discuss sensitive information with colleagues, according to the Post's review and interviews with government officials who spoke to the newspaper anonymously.

Email is not the best approach for sharing information meant to be kept private. That covers sensitive data for individuals such as social security numbers or passwords, much less confidential or classified government documents. It simply has too many potential paths for a bad actor to access information they shouldn't. Government departments typically use business-grade email services, rather than relying on consumer email services. The federal government also has its own internal communications systems with additional layers of security, making it all the more baffling that current officials are being so cavalier with how they handle important information.

“Unless you are using GPG, email is not end-to-end encrypted, and the contents of a message can be intercepted and read at many points, including on Google’s email servers," Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation told the Post.

Additionally, there are regulations requiring that certain official government communications be preserved and archived. Using a personal account could allow some messages to slip through the cracks, accidentally or intentionally.

This latest instance of dubious software use from the executive branch follows the discovery that several high-ranking national security leaders used Signal to discuss planned military actions in Yemen, then added a journalist from The Atlantic to the group chat. And while Signal is a more secure option than a public email client, even the encrypted messaging platform can be exploited, as the Pentagon warned its own team last week.

As with last week's Signal debacle, there have been no repercussions thus far for any federal employees taking risky data privacy actions. NSC spokesman Brian Hughes told the Post he hasn't seen evidence of Waltz using a personal account for government correspondence.

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/national-security-council-adds-gmail-to-its-list-of-bad-decisions-222648613.html?src=rss https://www.engadget.com/cybersecurity/national-security-council-adds-gmail-to-its-list-of-bad-decisions-222648613.html?src=rss
Établi 25d | 2 avr. 2025, 00:10:21


Connectez-vous pour ajouter un commentaire

Autres messages de ce groupe

How to watch LlamaCon 2025, Meta's first generative AI developer conference

After a couple years of having its open-source Llama AI model be just a part of its Connect conferences, Meta is breaking things out and hosting an entirely generative AI-focused developer conferen

25 avr. 2025, 22:50:14 | Engadget
Boox's new Go 7 E Ink tablets support handwriting with a $46 stylus

Boox, a company that makes E Ink gear ranging from

25 avr. 2025, 20:30:23 | Engadget
“It feels alive”: The Legend of Ochi director on the power of puppets

The Legend of Ochi feels like a film that shouldn't exist today. It's an original story, not an adaptation of an already popular book or comic. It's filled with complex puppetry and practi

25 avr. 2025, 20:30:22 | Engadget
Infinity Nikki is coming to Steam and getting a co-op mode

The fashion-forward adventure Infinity Nikki is finally coming to Steam on April 29, compl

25 avr. 2025, 20:30:21 | Engadget