On Monday, CNN's Jake Tapper reported
that top Trump administration officials had been hoodwinked by an email prankster in the United Kingdom. Homeland Security Adviser Tom Bossert responded to the email of a person purporting to be Jared Kushner, agreeing to attend a "soiree" and even volunteering his own private email address, even though Bossert's government email account appears to have flagged the prankster's message as suspected spam.
Former communications director Anthony Scaramucci was also duped by a nongovernment email address of a prankster pretending to be former White House Chief of Staff Reince Priebus. Scaramucci also responded to another email from a person claiming to be the President's nominee to be ambassador to Russia, Jon Huntsman Jr. And when that prankster wrote to Huntsman pretending to be the President's son, Eric Trump, Huntsman responded, too.
In these cases, the only damage done appears to be reputational. But while officials have acknowledged the incidents and say they're taking them seriously (and the prankster told Tapper he had no malicious intent) the White House needs to act quickly to prevent an apparently gullible staff from falling prey to other email hoaxes that could put sensitive information in the hands of terrorists or unfriendly states.
The administration should respond with both policy and programming fixes.
Of course, the irony of these situations is even richer, since Donald Trump ran for president in large part by calling
Democratic nominee Hillary Clinton "corrupt" for using a private email address to conduct government business. He also referred
to Clinton's use of a private email server as "the biggest political scandal since Watergate."
And after the FBI began examining emails that Hillary Clinton adviser Huma Abedin received from Clinton's private email address, Trump called for Abedin to be fired.
Though President Trump has proven unusually willing to personally attack his own team
, he hasn't yet publicly excoriated any of his staffers or fired them for irresponsibly handling email or (in Bossert's case) offering up his own personal email address.
The best policy fix would be for President Trump to make clear that administration officials may not communicate with one another via personal email accounts. Since he ran for president by arguing, in part, that the use of private email to conduct government business by Hillary Clinton was crooked, it seems reasonable that he shouldn't allow his own staff to use private email to conduct government business.
Such a policy would, obviously, prevent administration officials from falling for hoaxes in the guise of communication from the personal accounts of public figures. It would also ensure that their emails remain available for public inspection. Under the Freedom of Information Act, Americans are entitled to request copies of such government records, including email communication from government accounts.
However, top administration officials are deluged with email, and this directive wouldn't prevent them from accidentally responding to a private email address, not realizing the message hadn't come from a government account.
To help prevent this scenario, the government needs a programming fix as well. Emails from internal US government accounts should have a different color header than emails from outside accounts. This would help overtaxed and exhausted administration officials quickly identify emails purportedly from colleagues that are sent from private accounts.
It's puzzling for Donald Trump to argue as a candidate that Hillary Clinton should be criminally investigated for using a private email account but then take a "we're looking into it" approach to his own staff's carelessness about email communication. And while Clinton's most troubling issues involved classified information, if Trump administration staffers are falling for benign hoaxes this time, there's no guarantee they won't fall for something more ominous next time.
With two quick fixes, the Trump administration can protect both the country's and the President's interests, so the next campaign for the presidency can be a referendum on something besides Email Safety 101.