• United States



Christopher Burgess
Contributing Writer

When the insider threat is the Commander in Chief

Feb 17, 20227 mins
Threat and Vulnerability Management

The revelation of former U.S. President Trump allegedly mishandling and removing sensitive government documents presents presents unique security challenges.

A magnifying lens examines top secret information amid binary code.
Credit: DNY59 / Traffic Analyzer / Getty Images

When the insider is the President of the United States, the mishandling and removal of information take on a different demeanor given the national security implications. The U.S. media has widely reported how the National Archives and Records Administration bird-dogged the return of missing presidential records, most recently 15 boxes of presidential papers that should have been directed to the National Archives when President Trump’s term ended on January 20, 2021.

It is alleged the 45th President of the United States directed the collection of materials to be placed into those boxes and forwarded to his Florida residence where they have sat for more than a year. It is also alleged that within some of these boxes were documents that carried the national security “secret” and “top secret” classifications.

The National Archives has asked the Department of Justice (DOJ) to examine the former President’s handling of White House records.

[Editor’s update: On August 8, the FBI executed a search warrant at former President Trump’s Mar-a-Lago resort. According to Eric Trump, the search was done at the request of the National Archives to determine whether his father still had any official documents in his possession. Neither the FBI nor the Justice department have commented.]

The Presidential Records Act

Since 1981, the National Archives has had the responsibility to collect, collate and organize the papers of presidents and vice presidents per the Presidential Records Act. The PRA “establishes the public ownership of all presidential records.” The PRA places the “responsibility for the custody and management of incumbent presidential records with the President.” The definition of records is wide-ranging and includes both textual and electronic (email, memos, speeches, notes, faxes, etc.). In addition, it is the responsibility of the President and staff to “take all practical steps to file personal records separately from presidential records.”  

The PRA also includes a means by which records that the incumbent president may dispose of records that “no longer have administrative, historical, informational or evidentiary value, once the views of the Archivist of the United States have been obtained in writing.”

In her forthcoming book “Confidence Man,” New York Times reporter Maggie Haberman shares how White House resident staff had to call the plumber to unclog a toilet. The plumber found torn up pieces of printer paper had caused the clog.

The National Archives, in a statement, noted how the former President was known to tear up records, requiring either White House records management officials to recover and tape them back together. The statement goes on to say that among those records turned over at the end of the presidency were a number of “torn-up records that had not been reconstructed by the White House.”

Handling classified materials

Classified information is handled on a need-to-know basis within the United States government and requires the information to be handled in a secure manner. The White House Communications Agency (WHCA) is charged with ensuring classified materials within the White House are afforded secure handling at all times. Those entrusted with a national security clearance as also expected to self-report any mishandling of classified information, be it leaving a piece of classified paper not secured or forgetting to lock a safe at close of business. Furthermore, discovery of classified materials outside of an approved secure environment warrants both reporting and investigation.

National Archives referral to the Department of Justice

While having to hunt down pieces of memorabilia or documents following the transition of Presidents is not particularly unusual for the National Archives, the wholesale removal of documents, to include classified documents is unusual. To its credit, the National Archives, upon receipt of the tranche of materials from Mar a Largo reviewed the materials within their SCIF (Sensitive Compartmented Information Facility) and is now providing secure storage to those materials.

The Washington Post reported on February 9 how the National Archives has asked the DOJ to review the handling of the White House records. Such a referral is warranted and appropriate, as it would appear that both the PRA and the rules which govern the handling of classified materials have been violated.

Precedent for prosecution

There is ample precedent for criminally charging an individual within the Executive Branch of government for mishandling classified information. Two noteworthy examples are former CIA Director John Deutch and former National Security Advisor Samuel (Sandy) Berger.

John Deutch, former CIA Director, was found to have retained classified materials at his personal residence long after he was director. Deutch, who was advising the government on national security topics, was summarily stripped of his national security clearance by then CIA Director George Tenet and the incident was referred to the DOJ. Deutch himself publicly acknowledged his mishandling of the classified materials. The DOJ and Deutch’s legal team hammered out a deal where he would plead guilty to a single charge misdemeanor of mishandling classified government information. The agreement had made its way to the desk of Attorney General Janet Reno, who approved of the “information” charging document. It never happened. President Clinton granted Deutch a pardon on January 20, 2001, much to the surprise of all concerned.

Perhaps a more salient example involving the National Archives is that of National Security Advisor Samuel R. Berger, who pleaded guilty to a charge of knowingly removing classified documents from the National Archives. “In his plea, Berger also admitted that he concealed and removed his handwritten notes from the Archives prior to a classification review, in violation of Archives rules and procedures. Those notes have been returned to the government.” A federal judge at sentencing ordered that Berger be fined $50,000, sentenced to two years of probation, ordered to perform 100 hours of community service, and to pay a fine of $6,905 to cover the administration costs associated with his probation.

Remaining questions and CISO takeaways

If this had occurred in the private sector, the story would align with the pitch of every insider threat solution provider as to why insider threat programs are important. The headline would note how a CEO, the ultimate company insider, departed with company documents. It’s a typical instance of insider threat realized in the final days of the insider’s employment, and the company is now chasing down the lost information to recover and protect trade secrets or intellectual property.

The National Archives noted early in 2021 how documents that should have been in their possession at the conclusion of the 45th President’s term were not and that over the past year has been working with the designated individuals within the former President’s office to have the documents provided to the National Archive.

The recovery of the 15 boxes of by the National Archive’s leaves us with questions begging for answers. A CISO might ask similar questions should a departed executive be found to have retained sensitive company documents.

Who had access to these documents once they left the President’s residence? During the tenure of the President, he was no doubt afforded secure storage in keeping with the norms of national security. Once he left office, was this secure storage capability continued?

What is the risk should the most sensitive documents become publicly known? While it is difficult to speculate as to the substance of the classified materials, the fact that they carried high classification markings is sufficient evidence of their importance. Any DOJ review will also have to include the participation of the originator to determine the potential damage to the nation’s national security.

Are there additional documents to be recovered? Presumably, the National Archive will be looking at whether additional documents that remain in the former President’s possession. How will we know? 

Lastly is the question of accountability. Will the DOJ pursue legal recourse and prosecution as was the case with both Berger and Deutch?


Christopher Burgess
Contributing Writer

Christopher Burgess is a writer, speaker and commentator on security issues. He is a former senior security advisor to Cisco, and has also been a CEO/COO with various startups in the data and security spaces. He served 30+ years within the CIA which awarded him the Distinguished Career Intelligence Medal upon his retirement. Cisco gave him a stetson and a bottle of single-barrel Jack upon his retirement. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century”. He also founded the non-profit, Senior Online Safety.

More from this author