President Trump’s reported refusal to give up his personal iPhone demonstrates the complications of keeping government officials secure at a time when they are increasingly tied to their phones by the time they take office.

AD

Democrats are calling for an investigation following a New York Times report that said China and Russia are listening in to Trump's conversations over unsecured lines. Trump reportedly uses three phones -- two secured by the National Security Agency and one personal iPhone that the report says is "no different from hundreds of millions of iPhones in use around the world."

AD

But this problem may not be unique to Trump -- and instead highlights a long-lasting security challenge likely to face future presidents, too. After all, smartphones have now been in Americans’ pockets for more than a decade — and they’re a tough habit to break.

The 72-year-old President Trump — who reportedly does not use email — has never been viewed as a techie. But he is the president who won the White House at the peak of the smartphone age, and he was already known for being “amazingly accessible” over the phone. And he’s been active on Twitter since joining the social network in 2009.

AD

Security officials in any future White House are likely to contend with even more smartphone-addicted presidents. As a new crop of younger, tech-savvy candidates eyes the White House in 2020, Trump may have set a dangerous precedent by clinging to his preferred phone. Think about it: If one of those younger candidates is inaugurated in 2021, they'll be under pressure to give up tweeting, texting and selfies after up to almost 15 years of the smartphone’s reign. And it's difficult to predict what technology anyone elected in 2024 would need to give up.

AD

For his part, Trump has denied the Times report, saying on Twitter that he only uses government phones and that the reporting is “sooo wrong.” The Times said it stands by its reporting.

My colleagues Ellen Nakashima and John Wagner reported the intelligence community has long been concerned about Trump’s personal phone use. “This was not a secret,” one former senior White House official told my colleagues. “There were lots of people who were worried about this.”

AD

The stakes are high for presidents -- the highest value targets. The Times reports that China is gleaning intelligence from the calls, such as what arguments tend to persuade him, in an attempt to influence trade discussions. But Trump's bond to his phone is apparently so strong he is willing to ignore warnings from officials that spies are listening.

AD

Yet even before Trump, former president Barack Obama resisted giving up his personal personal phone, saying before his inauguration that they would have to “pry it out” of his hands, according to a 2009 report. At the time, smartphones were less sophisticated. The iPhone was less than two years old and third-party apps only launched in 2008. The 47-year-old president didn't even own one.

“I was this cool, high tech guy when I got there, right?” Obama said in a 2016 interview with comedian Jimmy Fallon. “I was the first president to own a Blackberry.”

It was the result of a tough fight. Obama waged “a vigorous battle with his handlers” and reached a compromise that allowed him to have a secure Blackberry that he used to stay in touch with a small circle of close friends and aides, according to a New York Times report at the time. In his second term, he got his first iPhone, but it could not make calls and it had no camera or microphone. App downloads were limited and texting was prohibited.

AD

AD

“So basically it's like, does your 3-year-old have one of those play phones?” Obama said in the same interview.

If presidents will end up using versions of technology available to consumers, Matthew Green, a Johns Hopkins professor, said the story shows there’s an incentive to improve security across the board:

Cybersecurity researcher Matt Blaze agreed:

PINGED, PATCHED, PWNED

PINGED: The United States needs a cybersecurity equivalent of volunteer firefighters or the Civil Air Patrol, according to a report from the think tank New America. “There is a clear need to expand US government and military capacity in protecting cyberspace,” Natasha Cohen, a cybersecurity policy fellow at New America, and Peter W. Singer, a strategist and senior fellow for the think tank, said in the report. “But part of this need could be met more efficiently and effectively by leveraging the citizen talent that already exists outside of the military and government.”

The report says that such an initiative, which the authors call U.S. Cyber Civilian Corps and envision as an auxiliary of the Department of Homeland Security, would help address a cybersecurity labor shortage. “There is simply not enough trained talent to go around for the military, civilian agencies, and private sector, which means we must both expand the pipeline feeding into the cybersecurity workforce and find ways to allow people already in the field to cross train and work across roles wherever possible,” Cohen and Singer write. The Cyber Civilian Corps ought to be “nationally run and funded but operationally worked on a state and local basis,” according to the report. The Cyber Civilian Corps's functions would include cybersecurity education, testing and incident response.

PATCHED: Sen. Mark R. Warner (D-Va.) wants the Federal Trade Commission to take a close look at digital advertisement fraud after BuzzFeed News published an exposé of a massive fraudulent scheme involving more than 125 Android apps and websites. “Google’s inattention to misconduct within its app store has been a growing concern,” Warner said Thursday in a letter to FTC Chairman Joseph J. Simons.

AD

AD

BuzzFeed News's Craig Silverman reported Tuesday that the scheme stole potentially hundreds of millions of dollars and involved shell companies in multiple countries. In his letter to Simons, Warner said he is preoccupied with “the inaction of major industry stakeholders” in the face of digital ad fraud. “While there is no evidence Google had direct knowledge, Google’s ad network and ad exchanges were also implicated in these schemes,” Warner said. “At the very least, it seems that across a number of its products Google may have engaged in willful blindness, all while profiting from this fraudulent activity.”

Warner, who serves as vice chairman of the Senate Intelligence Committee, also said that the panel's investigation into Russian interference in the 2016 election has exposed how tech services can be exploited for malicious purposes. “In the same way that bots, trolls, click-farms, fake pages and groups, ads, and algorithm-gaming can be used to propagate political disinformation, these same tools can – and have – been used to assist financial frauds such as stock-pumping schemes, click fraud in digital advertising markets, schemes to sell counterfeit prescription drugs, and efforts to convince large numbers of users to download malicious apps on their phones,” Warner said.

PWNED: Training poll workers and developing national guidelines to secure voting machines would go a long way to protect American elections, a security researcher at Symantec wrote Thursday in an opinion piece for Wired. “For starters, we can institute lifecycle management of the components that make up the election system,” wrote Brian Varner, a special projects researcher on Symantec's Cyber Security Services team. “By simply regulating and monitoring the sale of used voting machines more closely, we would create a huge barrier to bad actors.”

AD

AD

Varner said he was surprised by how easy it was to manipulate two direct-recording electronic voting machines after he bought them on eBay in 2016. “Since the machines were not wiped after they were used in the 2012 presidential election, I got a great deal of insight into how the machines store the votes that were cast on them,” he wrote. “Within hours, I was able to change the candidates' names to be that of anyone I wanted.” Varner, a former tactical analyst at the National Security Agency, said the results were equally concerning when he bought two more machines this year. “To my dismay, I discovered that the newer model machines — those that were used in the 2016 election — are running Windows CE and have USB ports, along with other components, that make them even easier to exploit than the older ones,” he wrote.

PUBLIC KEY

— “Two members of Congress are seeking a formal investigation into claims that the bidding process for a contentious $10 billion Pentagon contract was rigged in favor of Amazon,” Wired's Paris Martineau reported Thursday. “The contract in question would give one company full reign over the Defense Department’s Joint Enterprise Defense Initiative, or JEDI Cloud — a program that the Pentagon has described as ‘truly about increasing the lethality of our department.’ ”

Reps. Tom Cole (R-Okla.) and Steve Womack (R-Ark.), who both sit on the House Appropriations Committee, “did not specify the contractor, but it is clear that their comments were a reference to Amazon” in a letter Monday to the Defense Department's inspector general, Martineau reported. (Amazon.com founder and chief executive Jeffrey P. Bezos owns The Washington Post.)

AD

AD

— “Special counsel Robert Mueller's office has obtained communications suggesting that a right-wing conspiracy theorist might have had advance knowledge that the emails of Hillary Clinton's campaign chairman had been stolen and handed to WikiLeaks, a source familiar with the investigation told NBC News,” NBC News's Ken Dilanian and Anna Schecter reported Thursday. “Mueller's team has spent months investigating whether the conspiracy theorist, Jerome Corsi, learned before the public did that WikiLeaks had obtained emails hacked by Russian intelligence officers — and whether he passed information about the stolen emails to Donald Trump associate Roger Stone, multiple sources said.”

— TechCrunch's Zack Whittaker reported Thursday that two hackers behind the 2016 Uber data breach face separate charges related to a breach of the online learning platform Lynda. “Vasile Mereacre, a Canadian citizen living in Toronto, and Brandon Glover, a Florida resident, were indicted earlier this month in Florida on federal hacking and extortion charges for stealing data on 55,000 Lynda users’ accounts,” Whittaker wrote.

— More cybersecurity news from the public sector:

AD

AD

PRIVATE KEY

SECURITY FAILS

— International Airlines Group, parent of British Airways, said a data breach disclosed last month is worse than initially thought, the Wall Street Journal's Robert Wall and Adam Clark reported Thursday. “IAG said 185,000 more British Airways passenger records were potentially stolen in an attack that took place between August 21 and Sept. 5,” Wall and Clark wrote. “The figure is on top of the 380,000 credit-card records British Airways previously said may have been exposed when its website and app were breached.”

THE NEW WILD WEST

ZERO DAYBOOK

Coming soon

CyberCon 2018 organized by Fifth Domain on Nov. 1 in Arlington, Va.

The National Institute of Standards and Technology hosts the 2018 Cybersecurity Risk Management Conference on Nov. 7 through Nov. 9 in Baltimore.

EASTER EGGS

How preexisting conditions became a central issue ahead of the 2018 midterm elections:

Megyn Kelly's rocky two years at NBC: