Calling BS on Hillary Clinton’s email

Hillary Clinton, who is the non-declared front runner to be the next US President, used a personal email server during her time as Secretary of State. Supposedly the Administration wasn’t aware of this and she says she did it because it was easier. She has also said she has deleted the personal email from the server but refuses to turn it over to investigators.

She likely should have simply said it is her server, it wasn’t against the rules to use it while in office, and she doesn’t have to give anyone anything unless they have a warrant and then accidentally dropped a piano on it or, better, done a bad hard drive migration where none of the data makes it and this isn’t discovered until after the old hard drives are shredded. Yes it would look bad but no worse than it does now and the news cycle covering it likely would have been less juicy. Just another bungling politician who has no clue about how technology works.

Let’s look at the different aspects of this.

Why A Personal Email Server

Easy really doesn’t fly. Chances are you don’t know how to set up your own email server and neither does she. Apparently this required some of Bill Clinton’s people to set the thing up for her but then who acted as system administrator and who paid them? Securing the server wouldn’t have been trivial either and while Clinton says it was secured by the Secret Service, she likely means they watched her house to make sure nothing was stolen. But a server of any kind is less vulnerable to physical theft (largely because burglars want stuff that is easy to steal like jewelry and fence, and a server would typically take time to extract and be far harder to sell, though one containing State secrets would have value. No it would be securing against electronic theft or compromise that would be expensive and difficult and there is no evidence yet submitted that this was done, or if it was done, who did it and who paid them.

But one thing is certain it wouldn’t have been easier than say a Gmail or Hotmail account, even an AWS or Azure virtual email server would have been easier and likely more secure than a physical box placed in a non-IT environment. And we haven’t even addressed backup, uninterrupted power, and patching all of which is automatically taken care of if she was using a US Government email service. Just making sure everyone that touched the server and could get into the email was vetted and had the appropriate security clearance would have been a nightmare suggesting this likely wasn’t done at all.

So “More Convenient or Easier” is BS because all she’d need to do is make a staffer make a call to get her an email address on the Government’s server, she wouldn’t have to worry about administering the damn thing, and a government server should be far more reliable.

Deletions

Clinton represents the only email she deleted were personal email about things like her daughter’s wedding. However this is typically what a mother wants to keep forever and it would have no interest to the people wanting to determine if she was behaving ethically and legally. So her email about the color of the wedding dress or her thoughts on what sucked about the wedding get out, it would only make her appear more human and likely would get pretty boring (outside of a reality TV vibe) pretty fast.

No. You’d only delete email that you really didn’t want people to see—email that would reflect badly on you. As we saw with the Sony email breach this email could have personal thoughts on rivals, jokes with a racial angle, or other things people often put into email when they should know better.

So BS on the reason the emails were deleted.

Who Owns the Server and Email?

Now if these emails were sent while she was on the job, using government equipment, and particularly while on Government property, they could, in theory be read without warrant by her employer. And if that employer is paying to secure or otherwise maintain her server without a contract that specifically calls out who owns what there is an argument that some or all of that server belongs to the Government as well. In fact if the Government was paying to secure private property like an email server without approval that should be an improper conversion of government property for private use. I imagine it won’t be long before someone uses the term “embezzlement” in this regard.

So the government may own parts of the server and certainly have a right to any email written on government equipment by a government employee working on government property or simply while on the clock (and a Secretary of State is supposed to always be on the clock).

So BS on this actually being her server, at best it is a shared property. If the government maintained and/or secured this server without a contract defining ownership it may at least partially be the property of the government.

No Security Breaches

The problem with this statement when referencing a personal server is that unless she was running something like a Varonis solution she wouldn’t know. (Varonis alerts on unauthorized or even attempted unauthorized information access). If the server is hacked, particularly if it is hacked by either a legitimate System Admin (like Snowden) or someone that gains access through a legitimate password and ID (often easy to guess) there is no sign of a breach. And unless the person hacking the server wants to share what they took, and thus likely end any future access, you’d simply never know that the server was compromised. And unless you knew of the compromise you likely wouldn’t pull the access logs and compare them to legitimate times the server was accessed for maintenance, patching, or some other legitimate reason to figure out if there had actually been a breach.

In short the only thing she can attest to is that she doesn’t know about a breach. But consider that it is only because Snowden disclosed what he took that the NSA even has a clue he took anything and they still don’t apparently know of the extent of the breach.

So she may be accurate that she doesn’t know of a breach, but given the extent personal systems like this have been compromised in the past she can’t say with any certainty that one didn’t happen. In fact, technically, anyone working on that server without the appropriate security clearance is a breach and it is unlikely the people on Bill Clinton’s staff who set it up or anyone that patched, updated, or backed up that server had that required clearance.

So I call BS on the statement there has been no breach. She wouldn’t know if there had been one and given the level of security and the attractiveness of it as a target, a breach is almost certain to have occurred.

Wrapping Up: The More Clinton Talks the Worse it Gets

In a world driven and threatened increasingly be technology do we need another top executive that doesn’t even understand the basics? She is hardly alone in a field of relatively clueless people that are and have been running for office but maybe it’s time we require some basic skills in technology for the US President.

In any case if the Republicans want a copy of Hillary’s email server they likely should just send a nice letter to Russia, China, Israel, North Korea, Iran, Clinton’s Sys Admin or a selection of US allies because personal email servers are inherently unsecure at least at a State security level and it is likely all of these people have the copy the Republicans want. And, it goes without saying, that getting a copy this way would likely end Clinton’s run for US President very suddenly.

Rob Enderle: As President and Principal Analyst of the Enderle Group, Rob provides regional and global companies with guidance in how to create credible dialogue with the market, target customer needs, create new business opportunities, anticipate technology changes, select vendors and products, and practice zero dollar marketing. For over 20 years Rob has worked for and with companies like Microsoft, HP, IBM, Dell, Toshiba, Gateway, Sony, USAA, Texas Instruments, AMD, Intel, Credit Suisse First Boston, ROLM, and Siemens.

View Comments (3)

  • Boy, did you hit the nail on the head! In all of this, I haven't (until now) heard one word of concern about the virtual security of using a "personal server" for such sensitive material. Most private sector corporations have rules about sending work related emails over private accounts because (in theory, anyway) the corporation spends money and manpower ensuring such security. More sensitive industries have even stricter rules regarding encryption depending on the information being sent (i.e., customer financial information)
    With her law background, I have a hard time buying the clueless stance.

  • I thought basically all of the same things you mentioned when I heard her comments.

Related Post