Reports that White House staffers have resorted to using an encrypted messaging app that erases messages as soon as they’re read has raised significant concerns that the practice might violate the Presidential Records Act.
Multiple reports surfaced this month that White House employees close to President Donald Trump have been using Confide to prevent the type of email hacking and release of information that occurred at the Democratic National Committee. Confide encrypts messages from end to end, allowing only the sender and receiver to read them. Once the message is read, it disappears.
Confide creators say it “makes perfect sense” that White House staff members would be using the communication system to prevent leaks.
“As a confidential messenger we don’t know a lot about who is using our platform,” said Jon Brod, co-founder and president of Confide, in an interview with MeriTalk. “If the reports that political operatives may be using Confide are accurate, we think it makes perfect sense, regardless of which side of the aisle they’re on.”
This type of messaging system poses particular problems for White House staff members because they must follow the Presidential Records Act, which maintains that they adequately document all presidential business. The messages can’t be documented if they disappear.
If the president wants to get rid of records because they’re no longer relevant or for any other reason, he must consult with the National Archives and get permission before the records can be eliminated. The National Archives and Records Administration directed MeriTalk to its Guidance on the Presidential Records Act when asked for comment on the White House’s use of Confide.
“The President shall take all such steps as may be necessary to assure that the activities, deliberations, decisions, and policies that reflect the performance of the President’s constitutional, statutory, or other official or ceremonial duties are adequately documented and that such records are preserved and maintained as Presidential records pursuant to the requirements of this section and other provisions of law,” the act stated.
Presidential staff members are required to use their official White House emails when conducting official business. The information from these emails can be archived to comply with the Presidential Records Act. Even if the staff members aren’t communicating directly with the president, their communications must be documented.
“Documentary materials produced or received by the President, the President’s staff, or units or individuals in the Executive Office of the President the function of which is to advise or assist the President, shall, to the extent practicable, be categorized as Presidential records or personal records upon their creation or receipt and be filed separately,” the act sated.
Confide launched in 2013 to protect professionals who communicate sensitive information for their jobs, such as executive teams, lawyers, journalists, human resources professionals, management consultants, and celebrities.
Brod said that White House officials should be aware of and comply with records management regulations while they use the app.
“For specific industries, there are certain people and certain types of communication that are regulated,” Brod said. “We expect people to use Confide in a way that complies with any regulation that may be relevant to their particular situation, just like they would with other communication platforms.”
Confide collects users’ address book information in an anonymized form, meaning they won’t be able to read the data. When users send or receive encrypted messages, Confide might temporarily process and store the message in encrypted form as well as other related information. Confide does not read the encrypted messages and it deletes messages as soon as they have been successfully read. Unread messages get deleted after several days, according to Confide’s privacy policy.
Confide can be required to submit information to law enforcement or third parties when mandated by law. Confide’s servers are located in the United States and it abides by the EU-US Privacy Shield Framework.
“Please understand, however, that no security system is impenetrable,” the privacy policy stated. “We cannot guarantee the security of our databases, nor can we guarantee that the information you supply will not be intercepted while being transmitted to and from us over the Internet.”