Suppose you were a spy for a hostile foreign power, trying to figure out how to steal America's secrets.
In years past, you might have tried to flip an FBI agent working on counterintelligence or planted a bug in the U.S. Embassy. Or maybe you would have tasked a team of hackers with gaining access to the emails of members of the Democratic National Committee.
These days, the question would be what you wouldn't do. Donald Trump’s first administration was so sloppy and uncaring about basic security protocols that a spy hoping to penetrate the U.S. government faced an embarrassment of riches from Mar-a-Lago to the Oval Office. His second administration, barely two months old, is already worse.
The most recent — and perhaps most egregious — example became public Monday when Jeffrey Goldberg, the editor-in-chief of The Atlantic magazine, revealed that late last week he was inadvertently added to a group chat planning military strikes in Yemen involving accounts that appeared to be those of Vice President JD Vance, Defense Secretary Pete Hegseth, national security adviser Mike Waltz and other top officials.
The breach was so egregious that Goldberg at first figured it was the kind of stunt that conservative activists have used to pull to try to trick journalists. But he changed his mind (and exited the group) after details from the discussion matched U.S. strikes in Yemen on Saturday. The chat's authenticity was subsequently confirmed by a spokesman for the National Security Council, who spun it as "a demonstration of the deep and thoughtful coordination between senior officials." (Asked by reporters about the breach at a White House event, Trump said he knew "nothing about it.")
This kind of conversation about an upcoming military operation is normally conducted through a secure government channel or in what's known as a "sensitive compartmented information facility." A SCIF is so secure that you're not even allowed to take your cellphone into it. It follows logically that you shouldn't be holding those same conversations on a cellphone, either, much less using commercial software such as Signal.
If hacking Signal is too difficult, perhaps a foreign spy might find it easier to hack Starlink, the satellite internet service run by Elon Musk's SpaceX. Starlink has been installed around the White House, as well as the General Services Administration and other federal agencies, according to a recent New York Times article. In 2022, a Belgian researcher demonstrated a method to hack Starlink terminals using off-the-shelf equipment that cost around $25.
Or maybe an intelligence agency could recruit one of the tens of thousands of former federal workers forced out of their jobs by Musk's so-called Department of Government Efficiency. "National security and intelligence experts" recently told The Associated Press that the more former employees who are fired, the likelier it is that one or a handful reach out to another country, whether out of anger or simply to pay the bills.
It can be hard to flip federal workers, though, as they are rigorously screened before hiring and typically serve the government out of a patriotic sense of duty. Maybe you'd find it easier as a spy to just rent an apartment in Trump Tower and get a membership at one of Trump's golf clubs so you could set up a meeting with him, as a Chinese fugitive with ties to organized crime did during Trump's first term, according to a ProPublica investigation.
If you bought a membership to Trump's Mar-a-Lago club, you might even come across a few hundred classified documents while looking for a bathroom or walking through a gilded ballroom, as detailed in an indictment for a since-scuttled case against Trump.
Or you could hang out in high-end D.C. restaurants, where during Trump's first term his lawyers were overheard by a New York Times reporter discussing details of several investigations into the administration. Or just wait for one of Trump's lawyers to inadvertently butt-dial your phone and listen in to his conversation — as Rudy Giuliani managed to do not once but twice in Trump's first term.
Every administration has its share of snafus, security failures and oversights. But the Trump administration's errors are on an entirely different level.
Every administration has its share of snafus, security failures and oversights. Secretary of State Hillary Clinton, as we were endlessly reminded in the 2016 campaign, had her own private email server installed at her house, which ended up handling a number of emails that included classified information. Her campaign chairman, John Podesta, was hacked by a simple "change your password" phishing email. Former President Joe Biden, among others, also had some classified documents at his house.
But the Trump administration's errors in this area are on an entirely different level. The sheer scale and scope of its transgressions against standard operational security are mind-boggling.
Some of this may be due to Trump's love of hiring outsiders without much government experience. Some of it may be due to disrespect for recordkeeping laws. But the most straightforward answer is that Trump and the people he hires believe the rules don't apply to them, even if those rules were designed to protect their secrets — and ours.
