It is not very clever to bring a cellphone into a Sensitive Compartmented Information Facility, or a SCIF. Doing so risks allowing hostile actors to collect sensitive information from safeguarded national security information networks.

I note this in light of the Republican congressmen who stormed into a congressional SCIF on Wednesday. Led by Matt Gaetz, they sought to draw attention to the unusually secretive manner in which Democrats are conducting their impeachment inquiry into President Trump. Republicans were successful in shining a light on the secrecy.

But they seem to have made a big mistake.

A good number of Gaetz's group apparently brought their cellphones with them into the SCIF's secured area, beyond the SCIF's control lobby. That is a cardinal breach of SCIF security procedures.

Framed under exhaustive Intelligence Community protocols, SCIFs are designed and organized to operate in a manner that prevents sensitive discussions and activity from being collected by unauthorized persons. Under the National Security Agency's TEMPEST emanations control framework, cellphones and other uncontrolled external collection devices are strictly prohibited from entering SCIFs.

There are good reasons for this.

First off, any member of Congress is a target for hostile intelligence services. Out of the Republican group on Wednesday, those closest to Trump, such as Gaetz, and those on the Foreign Affairs, Homeland Security, Intelligence, and Armed Services committees would be particularly juicy targets. Targeting of their cellphones would feature front and center here.

For the most capable hostile intelligence services operating in Washington (China and Russia), and the most capable allied-but-spying-on-America intelligence services (France and Israel), it's not that hard to get inside a member of Congress' phone. All these services need to do is locate a phone's unique identification data or get physical proximity to the phone. They can send their officers and agents to patrol Capitol Hill or simply pay a visit to an event where the targeted member is scheduled to speak. The spies can then load up the phone with malware that can transmit the phone's stored content (messages, photos, etc.) and active content (cellphone conversations) back to a control station.

That brings us back to the SCIFs.

While SCIFs are designed to prevent emanations of any kind and sensors would likely have triggered alarms the moment the Republican cellphones entered the secured room, SCIFs are not foolproof. Considering Chinese advancements in quantum communications, the risks here are only growing.

The risk, then, is that any Republicans who might have preexisting malware on their phones would have thus carried spying devices into a facility designed specifically to prevent spying. That leads to two further concerns.

First, that any malware would have collected any emanations from the SCIF and stored it on the cellphones to then be relayed to the spy's control station once the Republicans left the SCIF.

Second, that if there were any secured computers or other electronic devices in the SCIF, any malware on the cellphones could feasibly have entered those devices. That malware could then travel throughout the connected network, stealing more information and rerouting it back to the hostile intelligence device. Crucially, some intelligence service malware does not require continuing communication with its original delivery system (the cellphone) in order to reconnect with its operator (hostile intelligence service). It can find a different route back to the intelligence service control station.

As I say, Republicans would do well to remember SCIF procedures next time.