Trump's Ukraine Call Was Transcribed Using Voice Recognition Software. Is That Secure?

A political explosion has rocked Washington D.C., all because of one phone call between President Donald Trump and Ukrainian President Volodymyr Zelensky. The subject of a whistleblower’s complaint, this conversation between the world leaders has been disclosed to Congress and the public in a memo formatted similarly to a transcript. According to reporting by the New York Times and Bloomberg, voice transcription software—in conjunction with notes taken by observers in the White House Situation Room—was used to draft the transcript memo.

Depending on how the White House transcribed this call, the generation of this report could raise further national security concerns.

According to former Obama White House official Larry Pfeiffer, who served as director of the so-called Situation Room, it is likely that the transcription software used by the White House was “off-the-shelf Dragon software“—one of a few commercial solutions that is not based in the cloud, which would require data to be sent to privately owned computer servers. Pfeiffer tells Fortune that Dragon was used as recently as eight months ago at the White House, and probably continues to be the administration’s transcription solution today.

Neither Nuance Communications, which makes the Dragon software, nor the White House responded to inquiries by Fortune regarding current security practices or the transcription of the Trump-Zelensky call.

Dragon, formerly known as Dragon NaturallySpeaking, was one of the first commercially available pieces of automated speech transcription software when it debuted in 1997, before the rise of cloud computing. Some products in the Dragon line do have cloud-based features, but its desktop software primarily uses a local computer’s processing power to convert speech to text. Over the years, Dragon has used its technology to develop specialized transcription software for data-sensitive applications, including law enforcement and medicine.

The use of locally installed transcription software to process conversations between world leaders may still have political implications. As Slate’s Fred Kaplan points out, the transcription software could have created digital “tapes” of President Trump’s conversations. Any such recordings would be important to the impeachment investigation launched by House Democrats this week. Kaplan compares these hypothetical recordings to the White House tapes that ultimately brought down President Richard Nixon.

But if locally installed transcription software was not used to transcribe the President’s call with the Ukrainian leader, it’s likely that the alternative was cloud-based—which would involve the upload of audio data to a remote server. Some of these popular solutions (such as Scribie and Rev) use remote human workers to transcribe uploaded files, while others (like Otter.ai) use artificial intelligence to interpret the audio.

Whatever the method used to turn sounds to words, cloud-based services are vulnerable to hacking, since files would be in transit over the Internet—and therefore at risk of interception—and then stored on servers connected to the Internet.

According to Pfeiffer, the standard practice during his tenure was to set the Dragon software to have “a small buffer” of audio during the transcription process, allowing the program to automatically delete audio. But according to a spokesperson for the file-recovery software maker CleverFiles, data temporarily saved by programs can be recovered with a variety of methods. The exceptions, says the spokesperson, are if such files “are actively overwritten,” or if the computer uses a solid state drive, a more expensive, faster hard drive technology that has not yet become a standard feature on workstation computers.

Pfeiffer also says audio files of presidential calls were not run through the Dragon software during his tenure, because the White House’s legal counsel would not permit it. Instead, a staffer would repeat what was said on the call into a microphone connected to the computer, negating the transcription of direct audio of President Obama’s phone calls. In addition, as Pfeiffer described to the Washington Post, at least two other staffers would transcribe what they heard live, and the transcripts would ultimately be reconciled to produce a definitive record of the conversation.

Even if data about presidential calls is only stored locally, Dragon is not without its own potential vulnerabilities. According to company documentation, the program saves temporary copies of the audio it processes. If Dragon is used in conjunction with some word processors, including Microsoft Word, those files are saved permanently by default.

This could create a target for hackers. It is widely believed that foreign governments have consistently worked to infiltrate U.S. government IT infrastructure, including that of the White House. In 2014, hackers believed to be Russian infiltrated non-classified computing networks in the Office of the President. It was recently revealed that the U.S. adversary had intercepted encrypted FBI communications in 2010 in a “stunning breach.”

Pfeiffer tells Fortune that workstations used for the transcription process had previously been connected only to a National Security Council intranet that is isolated from the Internet.

The Trump administration has a history of questionable operational security, including President Trump’s earlier use of an unsecured Samsung Galaxy phone, and openly conducting critical national security business at his Mar-a-Lago resort in Florida.