I suggest getting to ground on how OPSEC works (or doesn’t) for the White House, NSC, and others. To what degree are various intel agencies proactively versus retroactively involved? This is probably very complicated. Common sense guesses or understandings are unlikely to reflect reality. My guess is that proactive OPSEC for private phones is patchy at best.

For anyone who studies this in detail, I suggest passing the information to credible investigative journalists exclusively. This may be a dumpster fire. (If not exclusively, then on embargo.)