A New York Times report that Donald Trump continues to carry his ancient and insecure Android phone—despite having received a new Secret Service-approved secure device on Inauguration Day—has prompted a flurry of reports on the cybersecurity “risks” this entails. But “risk”—the connotations of which are both future-oriented and hypothetical—seems like the wrong word here. We should be asking how many foreign intelligence services have had access to the phone, for how long, and what sensitive information they’ve already gleaned from it.
Because let’s be clear: An American president’s personal smartphone may be a holy grail for foreign spies, but a phone belonging to a president-elect, or even a credible candidate, would be an extremely juicy target too. It’s almost inconceivable it would not have been attacked already. And given the laughable level of security provided by a phone that last saw an update in 2015, any serious effort to compromise it by a state-level adversary would likely have succeeded. The safe assumption that NSA’s overseas counterparts have a similar array of “implant” tools would mean that Trump’s movements could have been tracked, any credentials stored on the phone exfiltrated, and any conversation held in the same room as the phone, recorded.
If the White House has been following the most basic protocols, we can at least expect Trump’s Android hasn’t been allowed into the Secure Compartmentalized Information Facilities where classified briefings are held, but even so, that’s a rich trove of intelligence on Trump’s strategic intentions and mindset, and may well include sensitive personal information that could be used for leverage. So, by all means, he ought to ditch the phone immediately—but instead of tossing it in the trash, he ought to hand it off to NSA’s technical division for a thorough look, assuming they haven’t already had one. It will be too late to undo the damage, but perhaps not too late to mitigate the consequences if the Intelligence Community can start piecing together what the adversaries would have obtained and how they’re likely to use it.