Yottabytes: Storage and Disaster Recovery

Mar 9 2015   9:38PM GMT

How Serious a Problem is Hillary Clinton’s Private E-mail System?

Sharon Fisher Sharon Fisher Profile: Sharon Fisher

Tags:
Email
privacy
Security

We’ve written before about the notion of Politicians Behaving Badly by using personal email systems while they served in office. Now former Secretary of State Hillary Clinton is under fire.

The New York Times broke the story on March 2, noting that in her time in office, Clinton used the email account hdr22@clintonemail.com and, in fact, had never had an official .gov email account. Later stories ascertained that the email system in question, which ran Microsoft Outlook, lived on a server in her house in Chappaqua, N.Y.

There’ve been two major challenges in the reporting of this story. First, Clinton is a polarizing figure in politics, and it can be difficult to separate out fact from partisan issues. Second, the mass media members are not technical experts, and some of the articles have been, to put it kindly, lacking in technical details, as David Gewitz so ably points out. The AP article on her server, for example, called it “homebrew,” as though she’d put it together in the basement with spare parts from Radio Shack, while Fox News and Bloomberg hired hackers to scour the Internet for references to other email accounts from that server and to look for security holes in her system, respectively.

Politicians ranging from Alaska Gov. Sarah Palin to the entire state of California have come under criticism for using personal email systems. What are the issues? The email isn’t secure. The system can be hacked. The owner of the system, if it’s a public mail service, has access to the government official’s email. The email messages might not be accessible to public records requests and legal issues.

Another major issue is concern that the government official can more easily delete potentially embarrassing email messages, either on purpose or on accident. This has been an issue with a number of government officials, ranging from President George W. Bush to Arkansas Governor Mike Huckabee to Massachusetts Governor Mitt Romney to Lois Lerner of the IRS. (Incidentally, they found her missing email. Right where it was supposed to be. Hmm.)

Clinton’s situation, however, is somewhat different. First of all, she wasn’t using personal email some of the time for certain issues; she used the personal email system all the time. Which raises the question: Why didn’t anybody talk about it before now? President Barack Obama reportedly said he didn’t know about this until he saw news reports. Really? He and his Secretary of State never exchanged email, or if they did, he never noticed her email address?

(Actually, Clinton’s personal email address had been known about for at least two years; it just didn’t get the attention it’s getting now.)

Second, the Secretary of State’s office has apparently not traditionally had an email system per se. Noting that only four Secretaries of State have been in office in the email era, the State Department asked them to send in copies of any email records they had from private email systems. Two, Madeline Albright and Condoleeza Rice, said they didn’t use email.

Apparently this isn’t unusual in government; South Carolina Senator Lindsey Graham – who, incidentally, serves on the subcommittee on privacy, technology, and the law – says he’s never sent an email message.

Meanwhile, Colin Powell, Secretary of State under President George W. Bush until 2005, said he used a personal email account because the State Department system was “antiquated.” But it’s only since 2014 that rules about private email accounts for federal government business were implemented, which is why current Secretary of State John Kerry uses one.

Third, the State Department system was vulnerable to hacking. In fact, despite some security weaknesses such as a default encryption certificate, it may have been stronger than the official system, notes Clay Johnson, former director of the Sunlight Labs for the Sunlight Foundation (and others). “That personal email was probably far more secure than her state.gov email account,” he writes. The State Department’s email system has been compromised for months.

For example, the State Department doesn’t have a number of common security measures, such as malware detection for remote email, encryption, digital signatures, or two-factor personal identity verification cards, reports NextGov. And the “homebrew” system would likely have been more secure than a public system such as Gmail or Yahoo!, writes Slate.

But didn’t Clinton violate the law by not using the government email system? “There was no such ironclad rule when Clinton became Secretary of State,” writes Joe Conason in National Memo. “The former Secretary of State doesn’t appear to have breached security or violated any federal recordkeeping statutes, although those laws were tightened both before and after she left office. She didn’t use her personal email for classified materials, according to the State Department.”

“Federal regulations don’t outright ban the use of personal accounts,” confirms NextGov.

Regardless, Clinton’s actions have come under criticism, such as from Gov. Scott Walker of Wisconsin. “How can she ensure that that information wasn’t compromised?” he told The Weekly Standard, after an event with supporters in Des Moines. “I think that’s the bigger issue—is the audacity to think that someone would put their personal interest above classified, confidential, highly sensitive information that’s not only important to her but to the United States of America.”

This, of course, is the same Gov. Walker whose staff set up a private email system within his own County Executive office when he was running for Governor. But that was different, Walker argues, though The Weekly Standard didn’t explain how.

Clinton was also criticized by former Florida Gov. Jeb Bush. “For security purposes, you need to be behind a firewall that recognizes the world for what it is and it’s a dangerous world and security would mean that you couldn’t have a private server,” he told Radio Iowa. “It’s a little baffling, to be honest with you, that didn’t come up in Secretary Clinton’s thought process.”

This, of course, is the same Gov. Bush who also used a private email system and address, on a server that he owned, when he was Governor of Florida. But that was different, some argue, because people knew that he was using that email address.

Clinton is also being criticized by Utah Rep. Jason Chaffetz, chair of House Oversight and Government Reform Committee, which is going to investigate the situation. ABC News, however, points out that Rep. Chaffetz’ own business card lists a Gmail address. The list of Clinton detractors who also use private email goes on.

Whether people see this as the death blow to Clinton’s candidacy or something to mock, as Saturday Night Live did, we should have our chance to judge for ourselves before long; Clinton has called on the State Department to release her 55,000 pages of email messages to the public.

12  Comments on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • trex
    The relevant issues with the use of private email are security and government transparency.  It's too bad this article did not focus on the issues. 
    10 pointsBadges:
    report
  • Sharon Fisher
    What security aspects did I leave out?
    9,215 pointsBadges:
    report
  • poeglives
    Access to the building housing the mail server, Admin for the DC, RDP account holders, seperate or same subnet as personal devices, other devices on that same subnet... The list is a Chinese phone book. All these articles are written for scrubs.
    10 pointsBadges:
    report
  • MikeSr
    Nice try but the Whitewash or white water or what ever the latest "I know better than you" because i like the Clintions enough to be able to get some for myself is no longer a secret.
    35 pointsBadges:
    report
  • Badraoul
    I think the above is a bit more detail than could reasonable be expected of public sourced material.

    One question I would shave, is how international communications are normally conducted.  For example, does the Sec of State send a secure message to the President of Russia via encrypted email, secure fax, secure voice line, courier..?  That would give some context to highlight the security concerns.

    In general, I think this was a good article in that it highlights the political motivations around the issue and some of the general hypocrisy around finger pointing.
    50 pointsBadges:
    report
  • puzzler47
    This whole thing is obviously a smear campaign in preparation for he next election.  As you point out all of this was known 2 years ago but the opposition put it on the back burner until the Presidential Campaign. 
    In view of the lack of security at State we may have been better off with Hillary's personal emails.
    20 pointsBadges:
    report
  • PerpetualRocket
    Thanks for an informative and balanced article
    40 pointsBadges:
    report
  • Sharon Fisher
    Badraoul, I did run into that and didn't put it in because it was just so awful long already, but basically she didn't use the system for secure communications but used the telephone, printouts, etc. 
    9,215 pointsBadges:
    report
  • In999wood

    Seems to be that Hillary Clinton is already a strong contender for the White House, otherwise why all the fuss after two years?   She isn't in yet and if she were, just make sure she goes under the same rules as present and past Presidents. After all, her explanation is plausible, although shows a propensity towards taking short cuts.

    30 pointsBadges:
    report
  • David Scott
    A major problem will be her assertion that she combined personal and business e-mail for purpose of "convenience."  It makes her sound either disingenuous, or horribly out-of-touch:  It's not difficult to have innumerable e-mail accounts accessible from a single device.  I have a personal e-mail account, and a business one.  I can't imagine a single, blended, account with the attendant mess of personal and business e-mails residing together - whether discretionized in folders or not - never mind the calendaring nightmare and other associated problems of pop-up reminders, etc.
    125 pointsBadges:
    report
  • Sharon Fisher
    True now, but was it when she started?
    9,215 pointsBadges:
    report
  • David Scott
    Yes.
    125 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: