Imagine that the White House, instead of a fortress, were an opulent country club.
If you pony up a US$200,000 nonrefundable initiation fee, you can have the run of the place.
Wander the halls. Drop in any time on the West Wing, the Oval Office, the Situation Room.
Chat freely with the US President's family and advisers, listen in on national security conversations with foreign leaders, even snap a selfie with POTUS himself.
Take it all in - actually, feel free to record it if you like.
Welcome to the Mar-a-Lago club, known in US President Donald Trump's circles as the winter White House, in Palm Beach, Florida.
When Yujing Zhang, a 32-year-old Chinese national, was arrested there on March 30 after breaching security, it was hardly surprising to learn from federal law enforcement authorities that she was in possession of five cellphone SIM cards, an external hard drive, nine USB thumb drives (one with malicious computer software installed) and a device for detecting electronic signals.
Zhang, who has not entered a plea yet, is charged with lying to a federal agent and illegal entering. The FBI is investigating whether she is a spy for China.
My personal experience as a counterterrorism agent tells me that Zhang's alleged loadout is consistent with an effort to monitor computer systems while evading surveillance.
Unfortunately, Mar-a-Lago appears wide-open to such operations.
Zhang's arrest is only the latest in a string of indications that the club is far from secure.
Mar-a-Lago may present the worst counterintelligence nightmare the country has faced since the Cold War.
Concerns began barely three weeks into the Trump presidency, when the President took a briefing on a North Korean missile test while sitting with Japanese Prime Minister Shinzo Abe on the club's packed terrace.
Other guests promptly used their phones to snap photos of the event for their social media feeds.
That could not have happened at the White House, not even during a state banquet, because visitors are not allowed to take their devices in.
At Mar-a-Lago and other Trump resorts, there is no such restriction; indeed, according to federal prosecutors, Zhang's interesting taste for electronics included carrying four cellphones on her person.
Experts regularly raise concerns about the President's apparent use of an unsecured iPhone, and with good reason. A competent intelligence operation can turn any consumer cellphone into a trove of information about its user - or into a live bug for listening in on its owner's conversations.
If even Trump's own devices are not immune to hackers, what of those employed by the informal advisers with whom he regularly huddles at his various estates?
ProPublica has reported that a group of three Mar-a-Lago members - a businessman, a doctor and a lawyer - exercise huge sway over decision-making regarding the Department of Veterans Affairs. How secure are their devices and the devices of other advisers with influence on other matters?
For that matter, how secure is the Mar-a-Lago wireless network used by the club's influential members and guests, many of them friends of the President?
What about the club staff's computers?
It is perhaps telling that one Mar-a-Lago visitor was reportedly able to gain sufficient access to the staff computer system to change its screen saver to an obscene message about the President.
Secretary of State Mike Pompeo was quick to describe Zhang's arrest as an indication of "the threat that China poses," strongly suggesting that the State Department suspects her of spying.
Yet Chinese influence-peddlers, some of them with unabashed connections to the Communist Party, continue to sell invitations to Mar-a-Lago online with impunity. And no wonder, given the lax security there.
The Secret Service can operate checkpoints and try to monitor visitors, but Mar-a-Lago isn't Camp David. It's a venue rented out for wedding parties in the Donald J. Trump Grand Ballroom.
Whether or not Zhang is ultimately charged with espionage, one thing is clear: Every hostile intelligence service worthy of the name must have eyes and ears at Mar-a-Lago and other Trump resorts.
Take it from an intelligence veteran: If Vladimir Putin ran his dachas as open-access country clubs, any US president would expect America's intelligence agencies to be running assets there.
Trump is, of course, entitled to discuss policy with whomever he pleases; as president, he is the ultimate declassification authority.
But, as with his freewheeling personal Twitter account, the Administration is trying to have it both ways: insisting that the winter White House is as good as the official version in terms of prestige and symbolism, yet less than official in terms of vetting and security.
For the safety of America's secrets, and of the President himself, a comprehensive review of Trump's unique way of working, and its counterintelligence implications, is urgently needed.
- Soufan, a former FBI counterterrorism agent, is a private security consultant and the author of Anatomy of Terror.