It’s time to talk about House (of Reps) Security
The SCIF breach is just the tip of the iceberg
As a former staffer, I love the People’s House. It’s boisterous, messy, and usually a pretty accurate-if-amplified reflection of the national id. I hold tremendous affection for staffers of BOTH parties — those young people sitting behind the members on CSPAN, shuffling alongside the person with the mics in their face, and yes, the interns taking the calls and pounding the halls to ask for signatures on cosponsorship or a dear colleague. I respect lawmakers of BOTH parties who put themselves (and their families) out there, endure the grind of an every-two-years election cycle, and — with few exceptions – work every day to do what they think it right. These are my people, which is why today’s events are so concerning.
I will leave it to the national security experts to explain why the “storming of the SCIF,” in which members without proper clearance entered the Sensitive Compartmented Information Facility (SCIF) with their devices, is so concerning. It is. But there was another security breach this morning that is much more common, and it’s time to talk about it.
Huffington Post is reporting that Rep. Gaetz [R, FL] did not just lead a posse of lawmakers to demand entrance to the SCIF, but that he also had an unauthorized camera crew from HBO’s “The Swamp” in tow, using expired Congressional badges to navigate the Capitol campus.
[H]is staff handed out expired congressional passes to some uncredentialed reporters and the crew of HBO’s “The Swamp.” The show is following Gaetz’s efforts to combat the impeachment process, and his office gave about 10 crew members and reporters expired passes to another room in the Capitol, according to a GOP staffer familiar with the situation.
Unfortunately, I was not surprised that it was so easy for uncredentialed reporters to gain access and that an office would have a collection of expired IDs laying around for just that purpose.
Here’s the thing. The House ID system is a joke.
For over a decade, House badges have included a “chip” that gives the superficial impression of a secure identity system. But if you look closely, you will see that the “chip” is actually a sticker printed to look like a chip. It was that way when I went to work on the Hill in 2007 and it was still that way last time I checked a friend’s badge about a month ago. Let that sink in.
These IDs are visually checked by Capitol Police officers on campus and are the only validation in use for entry into restricted areas — even during major events like the State of the Union. This system is so insecure that I have hesitated to mention it publicly in the past because I am loathed to expose this vulnerability… but it’s way past time to address this.
The House is under constant attack. House Admin Chairwoman Zoe Lofgren [D, CA] noted last week that the House blocks an estimated 1.6 billion unauthorized scans, probes, and connections and filters 12.6 million questionable emails and phishing attempts each month. In July, the U.S. Capitol Police chief said the agency is investigating a record number of threats to lawmakers. Those staffers and interns I mentioned are on the front lines. They deserve modern security that protects their physical safety.
The “Storming of the SCIF” was stunt and it will rightfully get lots of attention, BUT it has also provided an opportunity to discuss the inadequate state of House security as a whole, before a tragedy or disastrous breach occurs. Let’s make sure this opportunity does not go to waste.
Note: the following applies only to the House. The Senate has its own ID system (& an RFP out for updates to the system).
Note to note: a recent Senate staffer shares this:
We keep our badges. They punch tiny (toothpick size) holes in it — that spell SENATE… but in the pouch or from a distance, you can’t tell it’s been punched. They tell you not to wear it. It’s basically the honor system. I know people who have kept their badges and not even had them punched. There’s no requirement on outprocessing to turn it in or verification with Senate ID that you’re leaving.
Marci Harris is co-founder and CEO of POPVOX, an online platform for legislative information and civic engagement, and a former Congressional staffer.
