More Security Fears Surround Clinton’s ‘Homebrew’ Email Server

“Clinton’s decision to forgo the State Department’s servers is inexplicable and inexcusable,” says one security expert.

National Journal
Dustin Volz
March 4, 2015, 6:15 a.m.

Hil­lary Clin­ton’s email con­tro­versy turned from bad to worse overnight, as re­ports sur­faced that the former sec­ret­ary of State re­lied on her own “homebrew” com­puter serv­er to send and re­ceive mes­sages, des­pite ap­par­ent se­cur­ity warn­ings from gov­ern­ment of­fi­cials.

The de­cision for a high-rank­ing gov­ern­ment of­fi­cial to cre­ate a sep­ar­ate email ser­vice is something usu­ally re­served for com­puter geeks and hack­ers wor­ried about pri­vacy and sur­veil­lance. But Clin­ton’s de­cision to forgo either a gov­ern­ment or com­mer­cial email ac­count is fur­ther stok­ing con­cerns that the na­tion’s former top dip­lo­mat may have been reck­less about se­cur­ing her com­mu­nic­a­tions.

The Web do­main clin­tone­, which Clin­ton used ex­clus­ively to con­duct of­fi­cial busi­ness dur­ing her four years head­ing the State De­part­ment, was run through an In­ter­net ser­vice re­gistered to a fam­ily home in Chap­paqua, N.Y., ac­cord­ing to the As­so­ci­ated Press.

“The task of keep­ing a mail-serv­er se­cure isn’t one even the av­er­age [sys­tem ad­min­is­trat­or] is up to. I’d be shocked if her serv­er was even re­motely se­cure,” said Nate Car­dozo, a staff at­tor­ney with the Elec­tron­ic Fron­ti­er Found­a­tion.”Clin­ton’s de­cision to forgo the State De­part­ment’s serv­ers is in­ex­plic­able and in­ex­cus­able.”

So far, Clin­ton has been mum on the con­tro­versy, al­though her aides and the State De­part­ment have at­temp­ted to down­play the fur­or by say­ing no clas­si­fied in­form­a­tion was ever trans­mit­ted over email and in­stead al­ways com­mu­nic­ated in per­son, over phone or se­cure video­link—an as­ser­tion her crit­ics have found highly im­prob­able.

Some have de­fen­ded Clin­ton’s de­cision, not­ing that email ser­vices such as Gmail and Ya­hoo are far from hack­proof—and that the State De­part­ment has its own troubled his­tory of pro­tect­ing its data, from an email breach last year to the Wikileaks re­lease of hun­dreds of thou­sands of dip­lo­mat­ic cables back in 2010.

Clin­ton’s use of a homebrew serv­er was “likely more se­cure than us­ing some free­bie sys­tem she signed up for on­line, which is how sev­er­al oth­er prom­in­ent fig­ures have got­ten burned, from Pal­in to Hol­ly­wood types,” said Peter Sing­er, a strategist and seni­or fel­low at the New Amer­ica Found­a­tion who re­cently wrote a book on cy­ber­se­cur­ity, in an email. The de­cision “also points to hav­ing some pro­fes­sion­al IT people work­ing for them on it. … But every type of email sys­tem has been hacked at some point.”

Sing­er noted that Clin­ton’s homebrew likely would have been ex­empt from some of the Na­tion­al Se­cur­ity Agency’s sur­veil­lance sweeps, es­pe­cially those that re­lied on dir­ect ac­cess to the data flows of com­pan­ies like Google, Face­book, and Mi­crosoft. An Ed­ward Snowden-ex­posed NSA pro­gram known as PRISM forces at least 9 U.S. In­ter­net com­pan­ies to hand over users’ com­mu­nic­a­tions, such as email con­tent and file trans­fers, of for­eign­ers. Data of U.S. per­sons who com­mu­nic­ate with for­eign­ers—something Clin­ton’s job would have re­quired her to do fre­quently—are scooped up in that sur­veil­lance, a prac­tice the NSA has de­fen­ded as “in­cid­ent­al” col­lec­tion.

Oth­ers were less con­vinced that Clin­ton’s de­cision af­forded her more se­cur­ity and that it was mo­tiv­ated by any­thing more than an at­tempt to dodge trans­par­ency. Bar­ton Gell­man, a re­port­er for The Wash­ing­ton Post who has ac­cess to the Snowden files, tweeted Wed­nes­day that “it is not pos­sible for a high-value tar­get to se­cure a home-man­aged email serv­er.”

Adding to Clin­ton’s email woes are new re­ports that Clin­ton was warned by State De­part­ment tech­no­logy ex­perts about the po­ten­tial se­cur­ity vul­ner­ab­il­it­ies of us­ing a private email ser­vice. But that “those fears fell on deaf ears,” ac­cord­ing to Al Jaz­eera Amer­ica, which cited an un­named State em­ploy­ee.

“We tried,” the em­ploy­ee told Al Jaz­eera. “We told people in her of­fice that it wasn’t a good idea. They were so un­in­ter­ested that I doubt the sec­ret­ary was ever in­formed.”

What We're Following See More »
New Survey Shows Clinton Up 9 in Pennsylvania
2 hours ago

If a new poll is to be believed, Hillary Clinton has a big lead in the all-important swing state of Pennsylvania. A new Suffolk University survey shows her ahead of Donald Trump, 50%-41%. In a four-way race, she maintains her nine-point lead, 46%-37%. "Pennsylvania has voted Democratic in the past six presidential elections, going back to Bill Clinton’s first win in 1992. Yet it is a rust belt state that could be in play, as indicated by recent general-election polling showing a close race."

Obama Library Heading to Jackson Park in Chicago
3 hours ago

"President Barack Obama has chosen Jackson Park, a lakefront park that once hosted the world’s fair on the city’s South Side, for his $500 million presidential library, according to a person familiar with the matter."

Democrats Beat Republicans in Convention Ratings So Far
3 hours ago

Wednesday was the third night in a row that the Democratic convention enjoyed a ratings win over the Republican convention last week. Which might have prompted a fundraising email from Donald Trump exhorting supporters not to watch. "Unless you want to be lied to, belittled, and attacked for your beliefs, don't watch Hillary's DNC speech tonight," the email read. "Instead, help Donald Trump hold her accountable, call out her lies and fight back against her nasty attacks."

How Many VIPs Were the Secret Service Protecting in Philly Last Night?
5 hours ago

Seven, according to an official Secret Service tweet.

Candidates’ Code Names Revealed
5 hours ago

The Clintons will retain their Secret Service "code names from the last time they lived in the White House. Hillary Clinton is EVERGREEN and Bill ClintonEAGLE. Donald Trump is MOGUL, according to reports, and Melania Trump MUSE. The vice presidents get code names, too: Mike Pence is HOOSIER—a little on the nose—and his wife HUMMINGBIRD. Tim Kaine is DAREDEVIL, somewhat ambitiously. His wife's? To be determined."