While Tamara and John covered Congressman Gaetz’s and his colleagues’ stupidity earlier today, I wanted to focus a little more on just why exactly this wasn’t just a stupid stunt, but was very, very, very bad in terms of Information Security (INFOSEC). It has now been reported that Congressman Gaetz gave the House Minority Leader, Congressman Kevin McCarthy (R-CA), a heads up about what he had planned.
NEW — House Minority Leader McCarthy’s office was told in advance that its rebel members would storm the SCIF today. They support it. https://t.co/hthVNifnAG
— Sam Stein (@samstein) October 23, 2019
We don’t know if this was done verbally face to face, by text, or by phone call. My guess is either verbally face to face or phone call. But these chuckleheads seem to be enamored of WhatsApp, which is notoriously insecure despite claiming to be a secure method of texting and calling, so they may have used that.
We also now know that this was coordinated with the President.
NEW: Trump had advance knowledge and supported a protest by Republicans who told him they planned to barge into a secure hearing room on Capitol Hill where Democrats are holding impeachment testimonies, according to four people familiar with the matter.https://t.co/FD93uj4HNW
— Kevin Whitelaw (@KevinWhitelaw1) October 23, 2019
In this case, because it was reported, we know it was done by face to face communication.
And this is where the Information Security issues really come into play. If you recall from my posts from May 2018 and September 2019 we know from reporting in Wired and Politico that the President calls, texts, and tweets from a pair of unsecured smart phones and that allied, peer competitor, and hostile foreign countries have set up mobile wireless interception devices near the White House to intercept these electronic communications. Congressman Gaetz has publicly bragged of his relationship with the President. Congressman McCarthy’s has been reported on as well, especially involving red and pink Starbursts candies. If you were an allied, partnered, peer competitor, or hostile foreign power and wanted to try to gain access to the President’s communications, one way to do it would be to try to hack either Gaetz’s or McCarthy’s cell phones. Or those of any number of the other 30 Republican members of Congress and their staffers who pulled this stupid stunt today.
These morons, in an attempt to create a spectacle that will take over the news cycle about impeachment so that the majority of the public that isn’t paying close attention at all times just throws its hands up in disgust, didn’t just force entry into the House of Representatives’ Secure Compartmented Information Facility (SCIF), they brought their unsecured cell phones with them. Moreover, they then took imagery with those phones – pictures and/or videos – of classified spaces and, potentially, any classified information that had been taken out in advance of the deposition and was in public view for those members of the House, Republicans and Democrats alike, who actually had the need to know to access it today. And then they started texting and tweeting and emailing that out. On unsecured devices and unsecured and non-governmental networks! This required, as was reported, the SCIF to be closed once they finished their pizza, Chick Fil-A, their stunt and finally gave up and left, so it could be swept and resecured before the delayed deposition could finally take place. What Congressman Gaetz, Congressman Scalise who is the #2 Republican in the House/Republican House Caucus, and their 28 or so colleagues did wasn’t just a stupid stunt, it was a major security violation.
How major? Off the top of my head the number of Federal felonies committed by Gaetz and his colleagues is:
- Forced entry into a SCIF
- Criminal trespass in a SCIF
- Bringing unsecured electronic devices into a SCIF
- Taking imagery – pictures and video – of classified spaces and materials on unsecured devices
- Transmitting imagery – pictures and video – of classified spaces and materials on unsecured devices to unsecured devices through a variety of unsecured platforms (texting, tweeting, emailing, etc)
It has now been reported that Congressman Thompson (D-MS), the chair of the House Homeland Security Committee has asked the House Sergeant of Arms to take action agains Gaetz and his colleagues.
JUST IN: House Homeland Security Committee Chairman asks sergeant at arms to “take action” against Republicans who charged into the SCIF. Doesn’t explain what action he wants: pic.twitter.com/nBT5qgUOsF
— Kyle Cheney (@kyledcheney) October 23, 2019
I don’t know what exactly Congressman Thompson has in mind, as he doesn’t specify in his letter, but here’s what should happen at a minimum.
- Each of the cell phones, smart phones, tablets, and/or any other electronic devices that these 30 Republican members of the House and their staffers brought with them into the House SCIF need to be confiscated by the House’s Special Security Officer (SSO).
- Each of these devices then needs to be forensically checked for any hacking and/or malware and the results of those checks passed to the appropriate counterintelligence officials for follow up.
- Each of these devices should, at a minimum, be completely wiped before being returned to their owners. The appropriate action is to actually destroy them.
- The staffers who accompanied these House Republicans should have their access immediately terminated, their clearances suspended pending a completed counterintelligence investigation, and they should be suspended from duties and barred from returning to work until that investigation is completed. While I won’t prejudge the outcomes of such an investigation, frankly, they should be terminated and their files flagged at the Defense Security and Counterintelligence Agency (DSCA), which is now in charge of overseeing all clearances, to prevent them from every obtaining a clearance again.
- While I doubt it will happen because they are Constitutional Officers of the United States, because they are elected members of the House of Representatives and will claim their actions today are covered under the Speech and Debate Clause, the 30 or so Republican members of the House should also have their access immediately terminated, their clearances suspended pending a completed counterintelligence investigation, and they should be suspended from duties and barred from returning to work until that investigation is completed. Here too their files should be flagged at the Defense Security and Counterintelligence Agency (DSCA) to prevent them from every obtaining a clearance again.
I expect that while Congressman Gaetz and the 29 or so other Republican members of the House that committed multiple felonies with him this morning are unlikely to face any really serious repercussions, that their staffers will not be so lucky. Those men and women, who based on the video being televised all appeared to be in their 20s and 30s, are likely to have their professional lives ruined by this as they don’t have the same protections that members of the House do. Especially, since Congressman Gaetz has already thrown the staffer that accompanied him to the wolves.
**Tweet from Staff**
— Rep. Matt Gaetz (@RepMattGaetz) October 23, 2019
Lest Congressman Gaetz get away with that, here’s the picture of him taking video on his unsecured smart phone when he illegally entered the House’s SCIF. Kind of hard to miss the sign!
I would like to think that Speaker Pelosi has had a long, serious talk with Congressman McCarthy about the behavior of his caucus members, what is and is not appropriate behavior, and what will and will not be tolerated going forward. If she is as good as reported and as many of us believe she is, then nuts will be cut over this, even if public examples are not made.
Regardless, if you were a foreign actor – allied, partner, peer competitor, or hostile – and you’ve been trying to collect Signals Intelligence on what the US is doing, what Congressman Gaetz and his Republican colleagues and their staffers did today was unearned profit.