Computer Security Issues Far Larger Than Clinton Email

Truth be told, the FBI’s judgment that Hillary Clinton and her aides were “extremely careless in their handling of very sensitive, highly classified information” could probably be applied to leaders of other government agencies and hundreds of private businesses.

In announcing no indictment of Clinton, FBI Director James Comey criticized the slack security culture of the State Department, especially in regard to unclassified e-mail systems. State generally lacked “the kind of care for classified information found elsewhere in the government.”

And yet, many agencies of the government, along with private businesses, have been hacked and suffered computer security breaches, endangering the personal data of tens of millions of Americans.

“Indicting Clinton would require the Justice Department to apply a legal standard that would endanger countless officials throughout the government, and that would make it impossible for many government offices to function effectively,” observed Ian Milhiser at ThinkProgress.org.

The Hillary Clinton email “scandal” is simply endemic of long-term reluctance and cluelessness by government officials, bureaucrats, attorneys and employees of public and private businesses to extend their accountability to the digital era.

Computer security experts I knew more than a decade ago said the US government has been terrible at protecting itself, and major security breaches were inevitable. Hacks into State.gov, HomelandSecurity.gov, SocialSecurity.gov, and even the Pentagon and FBI.gov have been reported, not to mention major hacks into banks, credit card companies, and retail businesses selling online.

The government, as well as public and private businesses have not spent the considerable resources necessary to protect computer systems that have long been bogged down in complexity and bureaucratic inertia.

2001-2005: Former Secretary of State Colin Powell “found the State Department computer system, including Internet and email, to be woefully inadequate when he took office there in 2001. He devoted substantial re­sources to improving it but also made liberal use of his personal AOL account.” Hillary Gains Unlikely Ally in Email Controversy: Colin Powell.

2008: Congress to Bush: You’ve Lost Mail. 

2015: State Department Hack (By Russia) ‘The Worst Ever‘. State Department’s email was hacked well after Hillary left, and was less secure than Hillary’s private server, which apparently rebuffed hacker attacks. “Even a breach of the unclassified system poses major security risks, because sensitive information of value to foreign intelligence agencies is routinely shared in non-classified emails.”

Hacking of Government Computers (By China) Exposed 21.5 Million People

When Hillary Clinton established an email server in her home in early 2009, she was understandably concerned about the privacy of her electronic communication on a government system.  A much smaller system like clintonmail.com would be far easier to secure.

“Starting in 2009,” according to a Washington Post account, “there was a new, electronic system, known as SMART, to properly archive department emails without having to print and file them, but Ms. Clinton opted not to use it, out of concern that there was ‘overly broad access to sensitive materials.’ ”

The department’s email technology was archaic. Other staffers also used personal email, as did Secretary Colin Powell (2001-2005), without preserving the records.

For speed and simplicity’s sake, like many others she did not want to switch back and forth between public and private email accounts.  So she opted for a private account, with her own server.

The State Department’s Inspector General says she “had not sought permission to use it and would not have received it if she had.” But that’s a bureaucrat’s CYA passive mentality.

No one in the bureaucracy confronted Clinton or her staff that having her own server and private email account was unlawful or even that it violated State Department rules, which was perfectly obvious to anyone at State who received email from clintonmail.com. Everyone knows it’s easier to get forgiveness than permission, and Clinton needed to make a decision faster than the bureaucracy could decide. The IG declared that using a private server for official business was neither allowed nor encouraged because of “significant security risks,” which was BS considering the insecurity of the State Department system.

The State Department email system clearly faced significant security risks of its own. It has been successfully hacked, whereas Clinton’s private server by most evidence has not been successfully hacked.

At least 90 State Department officials received emails from Clinton’s private server, but “no one in the State Department told her directly to use the department’s official email.” Indeed, when

two officials in the record-keeping division raised concerns in 2010, their superior “instructed the staff never to speak of the secretary’s personal email system again,” the report said.

Typical bureaucratic behavior.

Clinton ultimately provided the State Department with 30,000 emails, nearly all of which have been made public, far more than her predecessors, and which covered preservation requirements for federal records.  Secretary of State John Kerry was the first State Department Secretary to rely mostly but not exclusively on a State.gov account. She said she deleted another 30,000 “personal” emails on the grounds that “no one wants their personal emails made public, and I think most people understand that and respect that privacy.”

The FBI expressed “reasonable confidence there was no intentional misconduct in connection with that sorting effort,” and that Clinton aides did not intentionally delete emails related to the public’s business,  FBI Director Comey reported.

I see this not as revealing a character flaw on Clinton’s part but as SLOPPY behavior regarding electronic communication within complex computer systems, both in government and private industry that is a cultural epidemic.

“We have met the enemy and he is us.”

Nearly everyone puts all sorts of potentially embarrassing information in email. Who among us would voluntarily disclose to the public everything we’ve ever posted in email? Nobody.

There is a lot of hypocrisy about this investigation. I have received emails from people using their official employee email address expressing criticism of Clinton’s behavior. They seem clueless themselves as they are doing the same thing she did, not respecting the legal difference between public and private email.  And it’s not unusual to receive email from private accounts seeking to conduct work-related business via email. When people conduct business over private email, it can all be arguably subpoenaed or surveilled.

Remember the old adage, people in glass houses shouldn’t throw stones.

A cultural change in awareness is required. If the Clinton email “scandal” leads the way, at least something good will come out of it.

If Clinton becomes president, she ought to be far more sensitive to issues of Internet security than her opponent Donald Trump, who simply sees a political problem for Hillary Clinton that he can exploit, not a widespread, non-political, non-partisan problem in governments and private businesses.

Related:

Advertisements

One thought on “Computer Security Issues Far Larger Than Clinton Email

Add yours

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: