But security officials and intelligence experts have been warning for more than two years that Mar-a-Lago is ill-suited for statecraft. Guests stream through its doors without a security clearance. Internet protections have been found similarly incomplete, reportedly marked by weakly encrypted WiFi networks, wireless printers unguarded by passwords and insecure databases that could provide access to sensitive information about the club’s staff and members.
The club set aside just $442,931 for security in 2016, according to a joint investigation by ProPublica and Gizmodo. That’s a fraction of the $64 million spent by the military that year simply on updating the networks at the White House and at Camp David, the more traditional presidential retreat, nestled in the Catoctin Mountains of Maryland.
“Any half-decent hacker could break into Mar-a-Lago,” the investigation concluded.
According to a criminal complaint filed on Monday, Yujing Zhang was carrying four cellphones, two passports and a thumb drive infected with malicious software. She was only stopped because a receptionist knew that there was no United Nations Chinese American Association event later that evening, which Zhang had said was her reason for being on the premises.
The president himself was not in danger, Jonathan Wackrow, a former Secret Service agent, said on CNN, even though the woman had cracked the agency’s outer ring among several “concentric rings of protection.”
But the Secret Service said its power was limited at the winter White House.
“The Secret Service does not determine who is invited or welcome at Mar-a-Lago; this is the responsibility of the host entity,” the agency noted in a statement on Tuesday. “The Mar-a-Lago club management determines which members and guests are granted access to the property.”
The result has been a collision between Trump’s public duties and his freewheeling life in his private palace.
“The bottom line is the president’s the president, no matter where he goes, and he doesn’t get to control the level of cost and security that may come along with that,” Sarah Sanders, the White House press secretary, said in response to a query about whether the president could save money by working from the White House.
But there are questions, too, about less calculable costs.
These came to the fore in February 2017, when Mar-a-Lago — which has been everything from a wedding venue to the site of New Year’s Eve bacchanalia — was briefly transformed into the Situation Room.
Guests at the country club snapped photos of Trump and Japanese Prime Minister Shinzo Abe huddling over dinner about their response to a ballistic missile test by North Korea. The chaotic scene on the dining terrace was captured in a Facebook post by Richard DeAgazio, a retired investor and club member from the Boston area.
“HOLY MOLY,” the club patron wrote, uploading photos of Trump talking on his phone and of the two leaders examining documents by the light of an aide’s cellphone. “It was fascinating to watch the flurry of activity at dinner when the news came that North Korea had launched a missile in the direction of Japan.”
Democrats were less enthusiastic.
“There’s no excuse for letting an international crisis play out in front of a bunch of country club members like dinner theater,” then-House Minority Leader Nancy Pelosi of California wrote in a tweet at the time.
The same weekend, DeAgazio posted a photograph of himself at Mar-a-Lago with the military aide who carries the “nuclear football,” an aluminum briefcase wrapped in leather that contains the equipment necessary to launch nuclear weapons.
The hotel guest identified the aide-de-camp by his first name and pronounced him “the Man.”
The viral documentation of the inner workings of American diplomacy and military strategy prompted Democrats to request a review of security procedures at Mar-a-Lago, covering not only clearance for guests but also “telephonic, electronic, and any other communication by President Trump and his staff.”
In January, the Government Accountability Office provided insight into the different levels of screening that take place at the resort. There is an outer layer allowing access to general grounds, a middle layer covering specific rooms that the president may visit and an inner layer that surrounds the president’s personal room. The report also indicated that the Secret Service and the Department of Defense share responsibility for ensuring that the president has secure means of communication and secure areas for handling classified information at Mar-a-Lago. But the specific details, it said, were privileged.
The investigation by ProPublica and Gizmodo found digital security wanting at the resort.
Part of their study was conducted from a speedboat parked 800 feet from the grassy expanse of Mar-a-Lago. From the azure waters of the Florida coast, they were able to reach three weakly encrypted WiFi networks.
“We could have hacked them in less than five minutes, but we refrained,” the story said, also warning, “Sophisticated attackers could take advantage of vulnerabilities in the WiFi networks to take over devices like computers or smartphones and use them to record conversations involving anyone on the premises.”
A spokeswoman for the Trump Organization said the conglomerate follows “cybersecurity best practices,” according to the report.
Yet Trump properties have been targeted by numerous hacks. One breach, between August 2016 and March 2017, exposed the names, addresses, phone numbers and credit card numbers and expiration dates of guests at 14 Trump properties, including hotels in more than one country.
Still, the Secret Service has said it does not keep visitor logs for guests at the resort.
Digital technology has become a battleground ensnaring leaders across the globe, from Hillary Clinton, whose private communications were hacked during the 2016 election, to French President Emmanuel Macron, whose campaign was subject to a massive leak two days before a pivotal vote. This past winter, Australian Prime Minister Scott Morrison said parliamentary computer networks had been penetrated in that country.
Less sophisticated attempts to trespass on Mar-a-Lago are no less revelatory of the security risks at the president’s private club.
In January, a 30-year-old man drove up to the resort, parked near the service entrance, approached a Secret Service agent and explained that he needed to speak with the president about his “$6.3 trillion.” He was arrested on a trespassing charge, as local media reported.
Two years earlier, just before Trump’s inauguration, a 48-year-old woman sneaked onto the club grounds three times to smear bananas on cars and leave an explicit message on a hotel computer. She told police that she wanted to “make a statement regarding her being cyberattacked,” the Palm Beach Daily News reported. She was arrested on a trespassing charge.