Millions of Americans employed by the federal government – including those who work in the White House and agencies with secret missions like the FBI and the CIA – are likely having conversations about sensitive but unclassified matters that are picked up by foreign intelligence agencies.
Thanks to Sen. Ron Wyden, we’ve just learned that the Office of the Director of National Intelligence (ODNI) and FBI report that there is no agency, office or person tasked with trying to protect U.S. federal employees from hostile actors.
PPSA has long warned about the vast utilization of cell-site simulators, often referred to as “stingrays,” that spoof Americans’ cellphones into divulging our emails, call records, texts and location histories to intelligence agencies and law enforcement. As of 2018, 16 federal agencies, as well as 75 agencies in 27 states and the District of Columbia were employing stingrays to snoop on Americans.
Of course, others can play this game as well.
Former President Donald Trump famously loved to make unsecured calls on his iPhone to a circle of friends. In 2018, The New York Times reported that the U.S. intelligence agencies “had learned that China and Russia were eavesdropping on the president’s cellphone calls from human sources inside foreign governments and intercepting communications between foreign officials.”
During the Trump Administration, it was also discovered that a foreign power had planted cell-site simulators near the White House to pick up the president’s calls. Forensic analysis of the devices convinced investigators that they were planted by Israel.
Surveillance capabilities aimed at a president can certainly target any number of government officials and employees. Assuming a targeted federal employee is professional enough not to discuss classified information over open airwaves, they could still render themselves vulnerable to “social engineering” or even blackmail by divulging personal secrets. And they could inadvertently reveal a detail about an official, a program or an ongoing operation.
Sen. Wyden had these concerns in mind when he sent a letter late last year to ODNI, FBI, the Department of Defense, the Department of State, the Cybersecurity Infrastructure Agency and the Federal Communications Commission asking which agency, which office, and which official is responsible for countering such surveillance.
Among questions the senator asked, “Which federal agency has the authority to require that intra-executive branch unclassified voice calls be end-to-end encrypted?” And “[w]hich federal agency is responsible for protecting U.S. government facilities in the United States from cell-site simulators?”
The response from ODNI and FBI? Nobody.
Perhaps to shift the blame to Congress, these agencies seized on the senator’s use of the word “authority.” They wrote, “we are not aware of any specific federal agency that has existing authority to implement your proposed solution of requiring intra-executive unclassified voice calls to be end-to-end encrypted.” Is a specific legal authority needed to direct government employees to use Signal, WhatsApp, or some other easily downloadable encryption app? And since when did these agencies worry about having a legal authority to do whatever they want?
This is a case in which the government already has answers, it just isn’t asking itself the right questions.
If an official is given the task of implementing such a government-wide policy, PPSA can recommend where to go to for easy guidance – the Open Technology Fund. This grantee of the U.S. Agency for Global Media – which is currently helping Ukraine secure its communications from Russia – is sure to have ready answers on the best, off-the-shelf tools for government employees.