The Trump White House is refusing to implement a Dept. of Homeland Security mandatory directive that requires its email domains to implement an important security protocol. The White House operates 26 domains, like whitehouse.gov, and yet only one is in compliance.
“The security advocacy group Global Cyber Alliance tested the 26 email domains managed by the Executive Office of the President (EOP) and found that only one fully implements a security protocol that verifies the emails as genuinely from the White House,” Axios reports. “Of the 26 domains, 18 are not in compliance with a Department of Homeland Security directive to implement that protocol.”
The potential implications are massive. In theory, anyone could pose as a presidential aide and send fraudulent information masquerading as, for example, a national security directive. Or someone could pose as a White House aide and send a phishing email that could be used to obtain a password.
President Trump campaigned on ceaseless attacks against Hillary Clinton’s use of a private email server and her handling of emails. The refusal to secure his own White House email systems seems to fly in the face of those attacks.
This is far from the first example. Last September The New York Times reported at least six of President Trump’s closest aides use personal or private – not government – email accounts to conduct government business. That could be a violation of the Presidential Records Act.
Image by Kjetil Korslien via Flickr and a CC license