White House Weighs Personal Mobile Phone Ban For Staff

The White House is considering banning its employees from using personal mobile phones while at work. While President Trump has been vocal about press leaks since taking office, one official said the potential change is driven by cybersecurity concerns. Bloomberg reports: One official said that there are too many devices connected to the campus wireless network and that personal phones aren't as secure as those issued by the federal government. White House Chief of Staff John Kelly -- whose personal phone was found to be compromised by hackers earlier this year -- is leading the push for a ban, another official said. The White House already takes precautions with personal wireless devices, including by requiring officials to leave phones in cubbies outside of meeting rooms where sensitive or classified information is discussed. Top officials haven't yet decided whether or when to impose the ban, and if it would apply to all staff in the executive office of the president. While some lower-level officials support a ban, others worry it could result in a series of disruptive unintended consequences.

make them deal with SCIF rules

You're not allowed to bring your phone into a SCIF. Why in the hell should you be allowed to bring your personal device into the damn White House? Make the Executive Office of the President follow those same rules too.

Re:make them deal with SCIF rules

[Sarten-X]

Yeah, that's kind of my thought, too. I could understand a section of the White House being open for unsecured electronics, and a "official business" section being completely secured.

The White House already takes precautions with personal wireless devices, including by requiring officials to leave phones in cubbies outside of meeting rooms where sensitive or classified information is discussed.

"No electronics" is the standard practice for any classified space. I'd be extremely concerned if unsecured phones were allowed in classified meetings, but I can't really say I'd be surprised, considering this administration.

Re:make them deal with SCIF rules

[darthsilun]

Nice deflection.

Basically you're arguing that two (or three) wrongs make a right. They don't.

And this is a perfect example of exactly the kind of "But what about-ism" that Twitler and company have engaged in since the beginning of the campaign. The whole "but what about Benghazi," "what about email server," "what about on and on and on."

What about Benghazi, that eleven investigations turned up no wrong doing. Ancient history. Thanks, we're past that now.

So, to the point: nothing about Obama's or Hilary's phones has any bearing now on what Twitler should or shouldn't be doing with phones. Nothing. If there are rules, and POTUS is supposed to be obeying the rules, then let's talk about that. Anything else, komrade, is deflection. Stay on target. Don't digress. We don't care about Obama's phone. What we care about now is Twitler's phone. That's what we're talking about.

Re: make them deal with SCIF rules

[geekmux]

The problem with that is this isn't the 1990s. People have lives and those lives involve connectivity.

And how the FUCK do you think the thousands of military personnel continue to survive while working in a SCIF during their entire work day?

Honestly the biggest problem with private devices is cameras, and it would be appropriate to not allow them in rooms where classified material is of course. If that includes your private office, then go somewhere else to use your phone.

Frankly, I'd rather people keep their personal stuff on personal devices and off of potentially sensitive computers, even if those computers are not on a classified network.

They ought to have a monitored wifi connection for personal business, the monitoring being only for the presence of government information.

Total bans encourage workarounds and workarounds yield security breaches every single time.

Total bans are validated for just reasons. Much like the current rules that completely ban such devices within a SCIF. People need to understand that a personal cell phone is nothing more than a security breach waiting to happen. They are personal tracking and listening devices that are constantly being hacked. Those wanting actual security to be implemented and enforced don't see these devices any other way because they can't afford to. So a black and white approach to policy is the only effective solution.

If people don't like those rules, find another fucking job elsewhere.

Re: make them deal with SCIF rules

[EndlessNameless]

Honestly the biggest problem with private devices is cameras, and it would be appropriate to not allow them in rooms where classified material is of course.

OK, so we can be fairly confident that you do not work in an infosec capacity. Unmanaged devices are an unmitigated nightmare for a variety of reasons.

Possession of a personal device leads to a tendency to use it, and that includes conducting official business on it. Or discussing official matters in an unofficial context. Due to piss poor manufacturer support, consumer Android phones often run outdated, unpatched software. Let's not forget that both Apple and Google have pulled malicious software from their stores, and users can link up to all kinds of remote or cloud services on devices they own.

The biggest problem is the fact that a compromised phone can be running an open mic all the time. Unlike the camera, a mic is fully functional even when the device is stowed in a pocket---which is where most phones spend the majority of their time. Running the mic also has less of an impact on battery life than the camera, so the user is unlikely to notice a problem with the device.

They ought to have a monitored wifi connection for personal business, the monitoring being only for the presence of government information.

This is hopelessly naive. Do you have any idea how difficult it is to identify content on the fly? And what about encryption (almost everything uses it these days)? The kind of monitoring you suggest is bordering on the impossible.

Total bans encourage workarounds and workarounds yield security breaches every single time.

When the ban is backed up by immediate termination and possible criminal charges, it tends to be far more effective.

The only reason that "workarounds" are popular is because private companies rarely enforce their policies, especially against high-ranking personnel. Enforcing policies pretty much kills this habit, at least after the first couple of terminations.

People routinely do far more unpleasant things than locking up their phones for the day---when the business forces them to.