LAMAR 3 SMITH Texas EDDIE BERNICE JOHNSON Texas CHAIRMAN RANKING MEMBER of the cIamtul 0%tatrs House of Rwrrarntatiurs COMMITTEE ON SCIENCE SPACE AND TECHNOLOGY 2321 RAYBUFIN HOUSE OFFICE BUILDING WASHINGTON DC 20515 6301 202 225 6371 February 9 2017 The Honorable Lamar Smith Chairman Committee on Science Space and Technology 2321 Rayburn House Of ce Building Washington DC 20515 The Honorable Darin LaHood Chairman Subcommittee on Oversight Committee on Science Space and Technology 2321 Rayburn House Of ce Building Washington DC 20515 The Honorable Barbara Comstock Chairwoman Subcommittee on Research and Technology Committee on Science Space and Technology 2321 Rayburn House Of ce Building Washington DC 20515 Dear Chairs Smith LaHood and Comstock In the 2016 Presidential campaign private e mail server management proved to be an important issue covered widely in the press and mentioned extensively on the campaign trail Last Congress this Committee took a keen interest in private email server management and Wider issues of cybersecurity in the Executive Branch We are writing to inform the Committee of further opportunities to investigate Executive Branch cybersecurity issues that have been of intense interest to you in the past We believe next week s Research and Technology Subcommittee hearing on cybersecurity presents an excellent opportunity to examine these issues and focus on these potential national security threats In the past two Congresses under your leadership the Science Committee opened an investigation into the alleged use of personal e-mail by the former Secretary of Energy and former Administrator of the Environmental Protection Agency EPA In 2016 this Committee in conjunction with the Senate Committee on Homeland Security and Governmental Affairs opened a separate investigation of former Secretary of State Hillary Clinton s private e-mail server used during her time with the Department of State Citing numerous security concerns and the possibility that hostile actors gained access to Secretary Clinton s email account this Committee subpoenaed the Federal Bureau of Investigation FBI and private companies for documents Additionally the Committee requested transcribed interviews with employees of one of the private companiesl Though Secretary Clinton left government service in 2013 the Science Committee stated that its oversight of the National Institute of Standards and Technology N 1ST still compelled an investigation of Secretary Clinton s email practices The Committee sought to investigate the level of security that existed on her servers and possible records vulnerabilities that needed mitigation 2 However the Science Committee quickly dropped this investigation after the November 2016 Presidential election The current Administration in its short time in office has shown a shocking disregard for cybersecurity practices Given your previous investigations of cybersecurity practices at multiple Federal agencies including the Federal Deposit Insurance Corporation FDIC and Federal Reserve Board and with respect to former Secretary Clinton s private email server we trust you will be equally concerned with any and all careless cybersecurity practices of the Trump Administration Although we are just weeks into the new Administration already serious cybersecurity issues affecting the of ce of the President have arisen Below are possible areas for review E-mail Server Management According to various press reports as of the end of last month Senior Trump administrative staffers had active accounts on a Republican National Committee RNC email server 3 During the Bush 43 administration officials used this same RNC email server to circumvent the Presidential Records Act of l978 resulting in the erasure of more than 22 million relevant emails 4 Additionally according to US Intelligence sources Russian Intelligence Services hacked the Republican National Committee RNC email servers during the 2016 campaign Letters and Correspondence Regarding Clinton Server Subpoenas maintained by Democratic staff of the House Committee on Science Space Technology 2 Id - 3 Nina Burleigh Trump White House Senior Staff Have Private RNC Email Accounts Newsweek January 25 2017 accessed at Nicole Rojas White House senior staffers linked to private RNC email accounts International Business Times January 26 2017 accessed at 1603148 4 Many of the emails were later eventually recovered through the laborious efforts of the Obama administration Dan Eggen Groups Announce Settlement in Missing Bush Emails Case Washington Post December 14 2009 accessed at Nina Burleigh The George W Bush White House Lost 22 Million Emails Newsweek September 12 2016 accessed at http wwnewsweekcom 20 73 html also see Nicole Rojas White House senior staffers linked to private RNC email accounts International Business Times January 26 2017 accessed at accounts-1603148 retrieving older RN emails from an older RNC server 5 While there is no indication that any of the senior Trump staffers had their accounts hacked their use of a private email server so soon after the 2016 campaign and foreign intelligence service hacks is quite dismaying Poor Securitv on Administration Twitter Accounts An even bigger cybersecurity issue is the President s use of his Twitter account A President s words have the power to move markets imperil diplomatic relationships or put militaries 0n high alert President Trump has demonstrated this through his Twitter account as his tweets have caused a drop in Toyota stock 6 caused the Mexican peso to tumble and caused the Mexican President to scuttle a planned diplomatic trip to the United States 8 Based on this power the President s Twitter account should have strong cybersecurity safeguards Unfortunately this has not been the case A well-known computer hacker known by his Twitter handle @WauchulaGhost revealed that the twitter account was linked to an unsecured Gmail account 9 This reportedly opened an easy route to hacking the President s Twitter account l request a password reset from Twitter for the account 2 hack into the linked unsecured Gmail account and 3 simply wait for the new password for to arrive in the Gmail inbox 10 This vulnerability remained for days after @WauchulaGhost s tweet not just on the account but the President s personal account @realDonaldTrump11 and the @PressSec account of Press Secretary Sean Spicer 12 which were both linked to unsecured Gmail accounts 5 Nicole Gaouette FBl s Comey Republicans also hacked by Russia CNN com January 10 2017 accessed at see Assessing Russian Activities and Intentions in Recent US Elections Intelligence Community Assessment January 6 2017 accessed at 6 Toyota stock fell about 2% more than $1 billion in market value after then President-elect Trump threatened a border tax for Toyota because of the manufacturer s plan to build a factory in Mexico Yuri Kageyama Toyota stock dips after Trump tweet on planned Mexico plant Associated Press January 5 2017 accessed at html 7 Ben Eisen Dollar Jumps Against Mexican Peso After Trump Tweet The Wall Street Journal January 26 2017 accessed at Dolia Estevez Say Donald Trump s Tweets Are Weakening the Mexican Peso Forbes Magazine January 6 2017 accessed at 3 Jacob Pramuk Mexican president says he canceled meeting with Trump who maintains the decision was mutual January 26 2017 accessed at Mexican President Pena Nieto cancels trip to Washington Chicago Tribune January 26 2017 accessed at 9Laurie Segall Hacker to Trump Fix your security settings on Twitter CNN com January 24 2017 accessed at Max Greenwood Trump s Twitter account was tied to Gmail The Hill January 26 2017 accessed at 0 Sam Biddle Donald Trump is Using a Private Gmail Account to Secure the Most Powerful Twitter Account in the World The Intercept January 26 2017 accessed at Mr Trump s Twitter account has been hacked before as his @realDonaldTrump account was hacked in 2013 Kevin Cirilli Trump Twitter account was hacked Politico February 21 2013 accessed at 3 Cellphone Vulnerabilities A still bigger cybersecurity vulnerability is President Trump s outdated Android phone According to press reports Trump has either a Samsung Galaxy 83 or S414 and still uses it to access his @realDonaldTrump Twitter account 15 This is despite the fact that he received a secure phone approved by the Secret Service 16 Foreign intelligence services or even an unsophisticated hacker could easily exploit either of these phones Foreign intelligence services could set up the President s phone to be a bug recording everything around it and transmitting the recordings back to the hacker Malware could also allow a foreign intelligence service to log keystrokes take over the phone s camera or track the phone s location President Obama famously had a secure cellphone and complained about its lack of features 18 Nevertheless he understood that the phone s limitations arose from the extreme cybersecurity safeguards needed to protect national security Thus far President Trump has not shown an appreciation of the security needs inherent with the of ce of the Presidency The speci c issues discussed above 1 private email server use by senior staff of the Trump Administration 2 lack of safeguards on the social media accounts of the President and his senior staff and 3 the President s continued use of an unsecured imminently hackable cellphone all speak to this Administration s disregard for cybersecurity and the dictates of protecting national security As this Committee has previously taken an interest in Executive Branch cybersecurity issues we hope that the change of party in the Executive Branch will not diminish your interest in this important area The Majority s Oversight Plan for the 115th Congress says the Committee intends to continue to hold cybersecurity oversight hearings in order to review compliance with federal information security standards and guidelines and that the Committee will continue to investigate issues within this Committee s jurisdiction regardless of where they may be found Ensuring that cybersecurity standards and proper cybersecurity practices are applied across the government 2 Additionally Sean Spicer has already twice tweeted characters that look like a password from the @PressSec Twitter account Bryan Menegus Sean Spicer Just Tweeted Something That Looks an Awful Lot Like a Password Gizmodo January 26 2017 accessed at looks-an-awful-l791649692 3 Sam Biddle Donald Trump is Using a Private Gmail Account to Secure the Most Powerful Twitter Account in the World The Intercept January 26 2017 accessed at l4Alex Dobie Which Android phone does Donald Trump use Android Central January 25 2017 accessed at http androidcentral com which android- phone- does- donald trump use 15 Maggie Haberman Homebody Finds the Ultimate Home Of ce New York Times January 25 2017 accessed at nvtimes trumD- white- house html 6 A ccording to people close to the transition he has traded in his Android phone for a secure device approved by the Secret Service with a new number that few people possess Maggie Haberman and Glenn Thrush Trump Administration With Obama Staff Members Filling the Gaps New York Times January 19 2017 accessed at 7 Cecilia King That Old Phone Trump Uses for Twitter Could Be an Opening to Security Threats New York Times January 25 2017 accessed at 8 Aaron Pressman President Obama s New Smartphone is More Like a Toddler Phone Fortune Magazine June 10 2016 accessed at phone particularly in today s cybersecurity environment is critically important We hope that your commitment to ensuring federal cybersecurity standards are in place and that common sense cybersecurity practices are upheld does not stop at the White House lawn We stand ready to join the Majority in any robust investigation of these issues and wider federal cybersecurity issues in general Sincerely Eddie Bernice ohnsonc Ranking Member Committee on Science Space and Technology Dan Lipinski Member Committee on Science Space and Technology Don Beyer Member 3 Committee on Science Space and Technology This document is from the holdings of The National Security Archive Suite 701 Gelman Library The George Washington University 2130 H Street NW Washington D C 20037 Phone 202 994-7000 Fax 202 994-7005 nsarchiv@gwu edu