Clinton’s email server

I try to avoid addressing specifically political issues on this blog too often, since I could easily get carried away with them to no useful purpose. This post is an extended reply to a couple of Twitter responses from a friend; discussing anything complicated on Twitter just doesn’t work. Also, it relates to issues where I have a bit of knowledge.

While she was Secretary of State, Hillary Clinton used a private server for the large majority of her official email. According to the New York Times, she didn’t even have a .gov email address. This doesn’t appear to have violated any laws, but legal isn’t the same thing as reasonable and prudent.

An article on Gizmodo discusses the security risks that may come with a less than expert setup of an email server. She used the domain clintonemail.com, managed by a company called Perfect Privacy, LLC. Perfect privacy sounds good, but names are easy. It’s hardly likely that its security was as good as the State Department’s. (Although, perhaps … she had reasons to think that hostile spy agencies had completely compromised the State Department’s email and she escaped to a private server? These days you can’t be too paranoid, but it isn’t clear how her course would have helped much. Future news developments might yet surprise us.)

The problems with such a system include lack of credible authenticity (If you got a message from “clintonemail.com,” would you think it was from the Secretary of State?), easy confusion with other domains, an uncertain level of security, and a far too convenient ability to delete anything she didn’t want known. Whether President Obama knew she was using this server is very confusing. A Guardian article says, “Barack Obama emailed Hillary Clinton several times at her personal email address, the White House said on Monday, while insisting the US president did not realise his secretary of state was operating an independent email system detached from government servers.” How is that even possible? Whatever Obama is, he isn’t stupid. Would he accept email from any old address that claimed to be his Secretary of State, without even wondering about it?

Maybe I’m just underestimating how tech-stupid most people, even intelligent ones, are. Some email clients, like the inexplicably popular Outlook, do their best to hide the address from which you got any email, showing only the name. When I had to use Outlook at a previous employer, even I found it hard to tell what address a message really came from. (Which isn’t to say that an email address authenticates anything. They’re trivial to forge.) This affair has me wondering just how vulnerable high-level government email communications are. Maybe it isn’t so unreasonable that Obama would be oblivious to an unfamiliar address. There must be clever technical people in Washington constantly begging high-level officials not to do stupid things, and I don’t envy them; who’d want to tell someone at the White House or Cabinet level, “Don’t do that, you idiot” for a living?

When caught, Clinton blustered; that’s a normal politician’s reflex. It only made her look more stupid to me, but not that many people understand the technical issues. I know how to read email headers; most people don’t know anything more than “From” and “To.” I’m regularly surprised when people don’t know things I consider common knowledge, like that Linux is an operating system or that Lenovo shipped Superfish with many of its computers. There are as many things I don’t know that other people take for granted. But somebody, in all that time, should have noticed that Clinton was engaging in seriously bad security and accountability practices. I suppose no one dared raise the issue.

Advertisements

2 Responses to “Clinton’s email server”

  1. Cat Faber Says:

    Although, perhaps … she had reasons to think that hostile spy agencies had completely compromised the State Department’s email and she escaped to a private server?

    I… I’m hoping your joking. If not, you sound pretty paranoid. Let’s go with “joking” for now.

    How it’s possible for the President to e-mail the Secretary of State without realizing the Secretary of State has a (legal) private server?–presumably the President does not have the time or training to trace e-mail addresses. If Clinton’s, I dunno “clinton@whitehouse.gov” address forwards to, say, Hil@Clinton.com, he doesn’t know the difference, nor care. If Hillary in person says “here’s my e-mail address” he writes it down and uses it. Nowadays the government is more careful with security–the new regulations were put in place about a year after Clinton quit.

    Come on, Gary. If I see you face to face and you say you’ll send me an e-mail about Consonance, and I get an e-mail about Consonance, signed Gary, and I talk to you on the phone about something in the e-mail and you know what I’m talking about and answer my question in a way consistent with the rest of the e-mail, I’d assume the e-mail was from you without bothering to check the e-mail address (which apparently is useless anyway, so no loss, right?), and I wouldn’t be stupid or careless to do it, even if I am a Democrat.

    So what you appear to have is “she didn’t obey rules that wouldn’t be put into practice until a year after she left office and I don’t like that the Secretary of State and the President didn’t practice top-notch e-mail security years ago.” Which I understand, but there’s nothing unethical about it, and it looks weird trying to push it into some kind of unethical shape.

    • Gary McGath Says:

      It’s not joking, but it’s a nagging doubt that I have to keep reminding myself lacks support. The CIA has spied on Congress, after all. It’s only the ineffectiveness of a private server as a solution that makes me dismiss the idea.

      If she’d set up forwarding, she’d have some plausible deniability that anyone would notice. But please note again, the New York Times story said she didn’t have a State Department email address at all. To set up forwarding from state.gov, she’d need the cooperation of the admins in the State Department. Everything I’ve seen in the news stories says she worked entirely outside the State Department in this respect.

      I’ve received email purportedly from people I know, claiming they’re stuck in some foreign country and need money. These have been so inept that I recognized them as fakes right away, but some people do send money to the scammers. With high government officials, there’s more to gain from impersonation, and the opportunities to get information must attract skilled people. Really, I’d figure there are at least bad attempts at this all the time. Doesn’t Obama have some way of filtering out the fakes? The whole scenario just doesn’t make sense to me. If he’s telling the truth, the government is seriously vulnerable to impersonation attacks. Maybe it is.

      An email address is useful in one respect: If you reply to a forged address, it will go there, and not to the impostor, unless the server that manages the account (or MX records on DNS servers pointing to it) has been hijacked. It’s hopefully very difficult to hijack a state.gov email server, and I expect it would be noticed quickly if it happened.

      Replying to your last paragraph: I wrote this whole post to try to explain to you that there’s more to this than whether her actions were actually illegal. Apparently I’ve failed, and you still think my concern is with the legal situation. Apart from that, her practices were definitely unethical. She went to considerable effort to set up an email system that just happens to shield her from normal accountability. What legitimate purpose could that serve? She didn’t inform anyone she was doing this. She’s now blustering instead of explaining. Granted, it’s not in the same category as torture and illegal war-making, but when it comes from someone who might be the next president, it’s significant.

      Update: She has said that her server was (physically) guarded by the Secret Service. That means that it was on the government record, yet no one noticed that her emails were coming from an odd address. (Some people think Obama was lying about not noticing, but could everyone she communicated with have been in on the conspiracy?) I really don’t know what sense to make of this. If this were a novel and I were the editor, I’d tell the author to fix the obvious plot inconsistencies.


Comments are closed.