National security adviser Michael Waltz reportedly conducted business via Gmail

35 pointsposted a day ago
by beardyw
(theguardian.com)

9 Comments

LinuxBender

a day ago

I've noticed that many .gov email addresses just relay to gmail. I assume or hope it's at least business accounts and I hope they require 2FA at least. This has mostly been state .gov addresses that I have experienced gmail bounces, errors and such but there probably needs to be an extensive audit done for all .gov email addresses to see what is being relayed or routed where and which of those emails are encrypted and have the correct government classification headers for gov-to-gov emails. That should give DOGE something to do.

evanjrowley

a day ago

FYI, the US National Oceanic and Atmospheric Administration (NOAA) runs on GSuite/Google Workspace. Both PIV and WebAuthn are used for MFA. I've never seen anything there that wasn't simply unclassified, but for communications that need extra layers of encryption/DLP, they also have Kiteworks.

LinuxBender

a day ago

Nice they have DLP. Have they configured it to analyze or look for classification headers and are there teams that will reach out to violators and politely re-educate them?

evanjrowley

a day ago

Great question. If you ask senior management, the answer will be yes. ;)

Havoc

a day ago

Really raises the question if any of it is fit for purpose in the organisation when someone like that can rise national security adviser

edgineer

a day ago

> Waltz had “potentially exploitable information” sent to his Gmail, such as his schedule and other work documents

Says nothing about him sending information from the account

Goes on to say one of his aides "used Gmail for more sensitive material, such as discussing military positions and weapons systems" which is pretty vague as far as accusations go