It’s happened again: a leak seemingly from inside the White House has got official Washington in a lather.
This time, it’s about a notation in briefing materials for President Trump. According to CNN and the Washington Post, information forwarded to Trump about this week’s election in Russia contained the warning “DO NOT CONGRATULATE.” Trump’s staff, in other words, was warning him not to call Putin in a precipitate manner to offer congratulations for Putin’s predictable win (in an election we need have no doubt was tilted unfairly in Putin’s favor, in every possible way).
Only a small group of staffers would have access to those briefing materials and would have known what his advisers would suggest before the phone call to Putin on Tuesday morning, CNN reported.
The network, citing an unnamed source, reported that the president was asking allies and outside advisers who they thought was responsible for the leak.
Who indeed? I admit, I am decreasingly convinced about the validity of the media’s patchwork narrative on a “White House in chaos.” So, with that caveat up front, you will understand that I’m taking the whole report here with a 10-pound bag of salt.
There probably was a “DO NOT CONGRATULATE” warning included in the president’s briefing materials. That piece of information seems to have been leaked. Everything else in this story is dubious, as far as I am concerned, at least in terms of the construction being put on it. (Regarding the policy substance, of course, the pearl-clutching over Trump congratulating Putin is absurd, considering Obama did the same thing in 2012.)
I don’t intend to draw conclusions from the list of curious things in this post. But the apparent leak of the “DO NOT CONGRATULATE” notation and the president’s phone call with Putin highlights a handful of matters that remain unresolved, and seem potentially related. Here are four.
1. Attorney General Jeff Sessions has been investigating leaks from the Executive Office of the President (and potentially from top cabinet posts) for months now, and has come up with very little.
The simplest assumption is the one Steven Nelson’s article seems to go with: that Sessions isn’t trying very hard.
Maybe he’s not. That would be a pretty typical read on Sessions, certainly. Since the “leaks,” such as they are, apparently continue, it’s an interesting thought exercise to account for how the leaker(s) escape detection, with reportedly 27 different leak probes ongoing as of December 2017.
2. But curious thing number two comes into play at this point. Is person-to-person leaking, directly from someone in the EOP to a media contact, with some sort of detectable exchange involved (e.g., a text or a phone call, even if it’s just to arrange a meeting), the only way to move the freight?
The answer is actually no. The answer has been no since the U.S. government began migrating computer operations to cloud services, and thus allowed much of its information to be hosted on commercially managed cloud servers.
The CIA and the larger intelligence community, in particular, have had highly classified information being hosted by Amazon Web Services (AWS) at a data facility in northern Virginia since as early as 2014 (see here and here as well).
Anything that is stored in the intelligence community’s secure cloud – managed by AWS and accessible to IT system users inside the White House, as well as in the NSC offices in the Eisenhower Executive Office Building next door – can conceivably be retrieved without any detectable contact being made between a person in the EOP (e.g., on the National Security Council staff) and a media reporter.
Such an arrangement would require bad faith and the breaking of oaths on the part of workers in the EOP and at the AWS facility. We can make no assumption that any such thing is happening.
But it could. White House staffers making dates to spill beans directly to reporters isn’t a necessary step in generating a “leak” today.
The persistence of “leaks,” while the 27 leak investigations reported in December have apparently turned up nothing, suggests to me that all avenues for information leakage should be investigated.
3. Pondering this point brings us to curious thing number three. It’s a little-remembered but probably significant event from the first weeks of the Trump administration. On 2 February 2017, an Obama appointee was escorted from the White House after being summarily relieved of his position. (See also here.) The appointee was White House Chief Information Security Officer – CISO – Cory Louie.
Louie was the CISO for the White House Office, which serves the president and vice president (and their immediate staffs), along with a very few others. The position of White House CISO had been created by Obama in 2015. (Cory Louie assumed it in August 2015.) Prior to a major reorganization of White House IT arrangements under Obama, there had been no such position.
In fact, the IT situation in the White House was a legacy mishmash of government-agency providers, including the NSC and the Secret Service as well as the White House Communications Agency and the EOP. Obama made significant changes to that, putting a White House organization in placeand chartering it to get rid of a lot of old infrastructure and bring in new computers, phones, and connectivity. Although public reporting has been short on details, there is plenty of residual implication that data storage and record-keeping have been modernized as well.
A key example is mentioned in a New York Times article from 2016, which reports that the phone system was digitized. This certainly seems like a natural development, given that by 2016, digital phone operations were widespread and standard across America and around the globe.
But it’s evidence that what it meant to make and keep records of phone calls in the White House, including the Oval Office, changed from 2014 to 2016. Thus, what it would take to secure the records of phone calls against leakage or “hacking” changed too.
So that’s an interesting point to ponder, in relation to Cory Louie’s abrupt dismissal on 2 February 2017. Alert readers may remember that that date fell a few days after the first media leaks on Trump’s phone calls with Mexican President Enrique Peña Nieto, and Australia’s Prime Minister Malcolm Turnbull at the end of January: startling leaks, apparently, about the contents of the president’s phone communications.
At the time, Trump’s critics assumed (rather fatuously) that Mr. Louie got cross-ways of Trump by advising him to stop using his insecure old Android smart phone. I’m inclined to think it was probably for another reason – although I stress that I see no reason to suspect Louie himself of being involved in a scheme to exploit phone-based leakage from the Oval Office.
No fallout appears to have come back on Louie since that date, which indicates to me that he wasn’t under suspicion of wrongdoing, per se. But my guess is he was fired for failing to prevent the phone-centered leaks that blew up at the end of January 2017.
Interestingly, Louie – a cybersecurity professional with a legitimate and respected background, who had arguably just held the most privileged cybersecurity post on the planet – has kept an extraordinarily low profile since his departure. Worried well-wishers have spoken of him as all but disappearing in the months since. He certainly hasn’t been capitalizing on his White House resume in public, and unlike the other veterans of Obama’s White House IT organization, he didn’t head for either Silicon Valley or a D.C. consulting firm. He is now apparently the CISO for Planned Parenthood.
That tells me there was something indeed unusual and freighted in his expulsion from the White House. We still don’t know what it was. But the likelihood is high that it was related to the phone-call leaks that hit the new Trump administration in the face. (A week after Louie was fired, another leak purported to reveal the contents of Trump’s first presidential phone call with Vladimir Putin, which took place on 28 January 2017.)
And frankly, the possibility is greater than zero that those “leaks” occurred because of something Obama’s specially organized White House IT team put in place between March 2015 and January 2017.
Interestingly, no one has been formally named to the White House CISO position since Louie’s departure.*
4. This leads, through the date of Louie’s firing, to our final curious thing. It’s hard to know what to do with this, but it is awful darn peculiar as a coincidence. Its remarkable peculiarity is a reminder of how many answers we still don’t have.
There’s something else that happened on 2 February 2017. That was the day the Capitol Police kicked the Awans out of the U.S. Capitol complex due to the family’s various criminal investigations and indictments. As of that date, the dozens of House Democrats who at various times had employed the Awans were on notice that members of the family were involved in highly questionable activity.
In an absolutely inexplicable series of follow-on developments, it took some key Democrats, like Debbie Wasserman-Schultz, weeks or even months to cut ties with the Awans. Imran Awan was still entering the House Democrats’ IT system months later using members’ credentials. There is no need to go into the entire history here; see Luke Rosiak’s Daily Caller News Foundation series on the extremely bizarre parade of revelations and episodes, which include attempts to flee the country and move money out of the country illegally; instances of extortion and intimidation; and links to a suspect car dealership and a Hezbollah-connected character that fit the profile of a massive terrorist money-laundering scheme uncovered separately by the DEA in the first years of the Obama administration.
What stands out in all of these curious things is the centrality of information-system opportunities for security vulnerability – and the glaring fact that we have no assurance that those vulnerabilities were not exploited, or assurance that they have at least been probed and certified to be addressed.
As a long-time analyst of threat vectors and probabilities, that interests me. A lot.
* However, in another little-remarked move, Trump did make an exceptionally important IT appointment in early March 2017. The first public announcement of it was on 15 March. Trump named Robert Joyce as his Special Assistant to the President, Cybersecurity Coordinator, or “cybersecurity czar.” The cybersecurity czar sits atop the apparatus for strategizing the U.S. government’s overall approach to cybersecurity. Michael Daniel had held the post under Obama, but left at the end of the previous administration.
We can’t be certain when the selection of Joyce was solidified. His appointment was first announced about a month after the ouster of Michael Flynn, with its drama over the illegal leak of electronic monitoring information. The first mention of the appointment, on 15 March was a few days before Devin Nunes first briefed his discoveries about the numerous “unmaskings” of Americans done from the NSC and the intel community.
Who is Rob Joyce? He’s the former chief of the Office of Tailored Access Operations at NSA; that is, the “offensive” hacking division. That’s a big gun to mount and train on cybersecurity. It’s an indication Trump is serious about the discipline as a whole. And to my eye, it looks like he doesn’t plan to take prisoners when it comes to straightening out whatever may be going on inside the federal government.
I don’t think Trump intends to waste Robert Joyce’s time. (Joyce gained new responsibility with an additional Homeland Security portfolio in October 2017.) From out here, we can’t see everything that’s going on.