Mar-a-Lago has seen it all.
Equestrian events. Christmas celebrations. “The most beautiful piece of chocolate cake.”
There’s a reason President Donald Trump once called his members-only club, which boasts a spa and a salon, “the biggest and the hottest.” In more recent years, he has updated its moniker, labeling his Palm Beach getaway the “winter White House.”
The new title befits the increasingly solemn events that unfold in its chambers, furnished with gleaming chandeliers, Oriental rugs and 16th-century Flemish tapestries. It’s where Trump has prepared to address the nation. It’s where he has interviewed candidates for positions in his administration. And it’s where he has conducted high-wire talks with world leaders, alfresco.
But security officials and intelligence experts have warned for more than two years that Mar-a-Lago is ill-suited for statecraft. Guests stream through its doors without a security clearance. Internet protections have been found similarly incomplete, reportedly marked by weakly encrypted WiFi networks, wireless printers unguarded by passwords and insecure databases that could provide access to sensitive information about the club’s staff and members.
The club set aside just $442,931 for security in 2016, according to a joint investigation by ProPublica and Gizmodo. That’s a fraction of the $64 million that the military spent that year simply on updating the networks at the White House and at Camp David, the more traditional presidential retreat nestled in the Catoctin Mountains of Maryland.
“Any half-decent hacker could break into Mar-a-Lago,” the investigation concluded.
Fears that Mar-a-Lago could be susceptible to a breach mounted on Saturday, when Secret Service agents arrested a Chinese woman who had eluded security and gained access to the club’s reception area.
According to a criminal complaint filed Monday, Yujing Zhang was carrying four cellphones, two passports and a thumb drive infected with malicious software. She was stopped only because a receptionist knew that there was no United Nations Chinese American Association event later that evening, which Zhang had said was her reason for being on the premises.
The president himself was not in danger, Jonathan Wackrow, a former Secret Service agent, said on CNN, even though the woman had cracked the agency’s outer ring among several “concentric rings of protection.”
But the Secret Service said its power was limited at the winter White House.
“The Secret Service does not determine who is invited or welcome at Mar-a-Lago; this is the responsibility of the host entity,” the agency noted in a statement on Tuesday. “The Mar-a-Lago club management determines which members and guests are granted access to the property.”
The result has been a collision between Trump’s public duties and his freewheeling life in his private palace.
Democrats decry the financial burden of the president’s double life, as well as the prospect that he could be using his office to drive business to his commercial venture. Each jaunt to South Florida saddles taxpayers with an average $3.4 million, according to a report released in February by the Government Accountability Office.
“The bottom line is the president’s the president, no matter where he goes, and he doesn’t get to control the level of cost and security that may come along with that,” Sarah Sanders, the White House press secretary, said in response to a query about whether the president could save money by working from the White House.
But there are questions, too, about less calculable costs.
These came to the fore in February 2017, when Mar-a-Lago – which has been everything from a wedding venue to the site of New Year’s Eve bacchanalia – was briefly transformed into the Situation Room.
Guests at the country club snapped photos of Trump and Japanese Prime Minister Shinzo Abe huddling over dinner about their response to a ballistic missile test by North Korea. The chaotic scene on the dining terrace was captured in a Facebook post by Richard DeAgazio, a retired investor and club member from the Boston area.
“HOLY MOLY,” the club patron wrote, uploading photos of Trump talking on his phone and of the two leaders examining documents by the light of an aide’s cellphone. “It was fascinating to watch the flurry of activity at dinner when the news came that North Korea had launched a missile in the direction of Japan.”
Democrats were less enthusiastic.
“There’s no excuse for letting an international crisis play out in front of a bunch of country club members like dinner theater,” then-House Minority Leader Nancy Pelosi, D-Calif., wrote in a tweet at the time.
The same weekend, DeAgazio posted a photograph of himself at Mar-a-Lago with the military aide who carries the “nuclear football,” an aluminum briefcase wrapped in leather that contains the equipment necessary to launch nuclear weapons.
The hotel guest identified the aide-de-camp by his first name and pronounced him “the Man.”
The viral documentation of the inner workings of American diplomacy and military strategy prompted Democrats to request a review of security procedures at Mar-a-Lago, covering not only clearance for guests but also “telephonic, electronic, and any other communication by President Trump and his staff.”
In January, the Government Accountability Office provided insight into the different levels of screening that take place at the resort. There is an outer layer allowing access to general grounds, a middle layer covering specific rooms that the president may visit and an inner layer that surrounds the president’s personal room. The report also indicated that the Secret Service and the Department of Defense share responsibility for ensuring that the president has secure means of communication and secure areas for handling classified information at Mar-a-Lago. But the specific details, it said, were privileged.
Abe is hardly the only world leader hosted by Trump at Mar-a-Lago. In the spring of 2017, Trump discussed the situation in Syria with Chinese President Xi Jinping over “the most beautiful piece of chocolate cake you have ever seen.”
The investigation by ProPublica and Gizmodo found digital security wanting at the resort.
Part of their study was conducted from a speedboat parked 800 feet from the grassy expanse of Mar-a-Lago. From the azure waters of the Florida coast, they were able to reach three weakly encrypted WiFi networks.
“We could have hacked them in less than five minutes, but we refrained,” the story said, also warning, “Sophisticated attackers could take advantage of vulnerabilities in the WiFi networks to take over devices like computers or smartphones and use them to record conversations involving anyone on the premises.”
A spokeswoman for the Trump Organization said the conglomerate follows “cybersecurity best practices,” according to the report.
Yet Trump properties have been targeted by numerous hacks. One breach, between August 2016 and March 2017, exposed the names, addresses, phone numbers and credit card numbers and expiration dates of guests at 14 Trump properties, including hotels in more than one country.
Meanwhile, security has been beefed up in Palm Beach, including the presence of Secret Service agents armed with rifles watching from Coast Guard boats on the nearby Intracoastal Waterway.
Still, the Secret Service has said it does not keep visitor logs for guests at the resort.
And it appears that Trump’s digital tendencies have not fully evolved with his ascension to the Oval Office. When he travels, the president enjoys access to highly advanced, secure communications technology. But it’s not clear that Trump, who leveled a baseless accusation that his predecessor had wiretapped him, always follows best practices. An analysis by a website that tracks news about Android devices raised questions about the model employed by the president and whether it passes muster for classified use.
Digital technology has become a battleground ensnaring leaders across the globe, from Hillary Clinton, whose private communications were hacked during the 2016 election, to French President Emmanuel Macron, whose campaign was subject to a massive leak two days before a pivotal vote. This past winter, Australian Prime Minister Scott Morrison said parliamentary computer networks had been penetrated in that country.
Less sophisticated attempts to trespass on Mar-a-Lago are no less revelatory of the security risks at the president’s private club.
In January, a 30-year-old man drove up to the resort, parked near the service entrance, approached a Secret Service agent and explained that he needed to speak with the president about his “$6.3 trillion.” He was arrested on a trespassing charge, as local media reported.
Two years earlier, just before Trump’s inauguration, a 48-year-old woman sneaked onto the club grounds three times to smear bananas on cars and leave an explicit message on a hotel computer. She told police that she wanted to “make a statement regarding her being cyberattacked,” the Palm Beach Daily News reported. She was arrested on a trespassing charge.