More Security Fears Surround Clinton’s ‘Homebrew’ Email Server

“Clinton’s decision to forgo the State Department’s servers is inexplicable and inexcusable,” says one security expert.

National Journal
Dustin Volz
March 4, 2015, 6:15 a.m.

Hil­lary Clin­ton’s email con­tro­versy turned from bad to worse overnight, as re­ports sur­faced that the former sec­ret­ary of State re­lied on her own “homebrew” com­puter serv­er to send and re­ceive mes­sages, des­pite ap­par­ent se­cur­ity warn­ings from gov­ern­ment of­fi­cials.

The de­cision for a high-rank­ing gov­ern­ment of­fi­cial to cre­ate a sep­ar­ate email ser­vice is something usu­ally re­served for com­puter geeks and hack­ers wor­ried about pri­vacy and sur­veil­lance. But Clin­ton’s de­cision to forgo either a gov­ern­ment or com­mer­cial email ac­count is fur­ther stok­ing con­cerns that the na­tion’s former top dip­lo­mat may have been reck­less about se­cur­ing her com­mu­nic­a­tions.

The Web do­main clin­tone­, which Clin­ton used ex­clus­ively to con­duct of­fi­cial busi­ness dur­ing her four years head­ing the State De­part­ment, was run through an In­ter­net ser­vice re­gistered to a fam­ily home in Chap­paqua, N.Y., ac­cord­ing to the As­so­ci­ated Press.

“The task of keep­ing a mail-serv­er se­cure isn’t one even the av­er­age [sys­tem ad­min­is­trat­or] is up to. I’d be shocked if her serv­er was even re­motely se­cure,” said Nate Car­dozo, a staff at­tor­ney with the Elec­tron­ic Fron­ti­er Found­a­tion.”Clin­ton’s de­cision to forgo the State De­part­ment’s serv­ers is in­ex­plic­able and in­ex­cus­able.”

So far, Clin­ton has been mum on the con­tro­versy, al­though her aides and the State De­part­ment have at­temp­ted to down­play the fur­or by say­ing no clas­si­fied in­form­a­tion was ever trans­mit­ted over email and in­stead al­ways com­mu­nic­ated in per­son, over phone or se­cure video­link—an as­ser­tion her crit­ics have found highly im­prob­able.

Some have de­fen­ded Clin­ton’s de­cision, not­ing that email ser­vices such as Gmail and Ya­hoo are far from hack­proof—and that the State De­part­ment has its own troubled his­tory of pro­tect­ing its data, from an email breach last year to the Wikileaks re­lease of hun­dreds of thou­sands of dip­lo­mat­ic cables back in 2010.

Clin­ton’s use of a homebrew serv­er was “likely more se­cure than us­ing some free­bie sys­tem she signed up for on­line, which is how sev­er­al oth­er prom­in­ent fig­ures have got­ten burned, from Pal­in to Hol­ly­wood types,” said Peter Sing­er, a strategist and seni­or fel­low at the New Amer­ica Found­a­tion who re­cently wrote a book on cy­ber­se­cur­ity, in an email. The de­cision “also points to hav­ing some pro­fes­sion­al IT people work­ing for them on it. … But every type of email sys­tem has been hacked at some point.”

Sing­er noted that Clin­ton’s homebrew likely would have been ex­empt from some of the Na­tion­al Se­cur­ity Agency’s sur­veil­lance sweeps, es­pe­cially those that re­lied on dir­ect ac­cess to the data flows of com­pan­ies like Google, Face­book, and Mi­crosoft. An Ed­ward Snowden-ex­posed NSA pro­gram known as PRISM forces at least 9 U.S. In­ter­net com­pan­ies to hand over users’ com­mu­nic­a­tions, such as email con­tent and file trans­fers, of for­eign­ers. Data of U.S. per­sons who com­mu­nic­ate with for­eign­ers—something Clin­ton’s job would have re­quired her to do fre­quently—are scooped up in that sur­veil­lance, a prac­tice the NSA has de­fen­ded as “in­cid­ent­al” col­lec­tion.

Oth­ers were less con­vinced that Clin­ton’s de­cision af­forded her more se­cur­ity and that it was mo­tiv­ated by any­thing more than an at­tempt to dodge trans­par­ency. Bar­ton Gell­man, a re­port­er for The Wash­ing­ton Post who has ac­cess to the Snowden files, tweeted Wed­nes­day that “it is not pos­sible for a high-value tar­get to se­cure a home-man­aged email serv­er.”

Adding to Clin­ton’s email woes are new re­ports that Clin­ton was warned by State De­part­ment tech­no­logy ex­perts about the po­ten­tial se­cur­ity vul­ner­ab­il­it­ies of us­ing a private email ser­vice. But that “those fears fell on deaf ears,” ac­cord­ing to Al Jaz­eera Amer­ica, which cited an un­named State em­ploy­ee.

“We tried,” the em­ploy­ee told Al Jaz­eera. “We told people in her of­fice that it wasn’t a good idea. They were so un­in­ter­ested that I doubt the sec­ret­ary was ever in­formed.”

What We're Following See More »
Trump Enriching His Businesses with Donor Money
1 days ago

Donald Trump "nearly quintupled the monthly rent his presidential campaign pays for its headquarters at Trump Tower to $169,758 in July, when he was raising funds from donors, compared with March, when he was self-funding his campaign." A campaign spokesman "said the increased office space was needed to accommodate an anticipated increase in employees," but the campaign's paid staff has actually dipped by about 25 since March. The campaign has also paid his golf courses and restaurants about $260,000 since mid-May.

Trump Cancels Rallies
1 days ago

Donald Trump probably isn't taking seriously John Oliver's suggestion that he quit the race. But he has canceled or rescheduled rallies amid questions over his stance on immigration. Trump rescheduled a speech on the topic that he was set to give later this week. Plus, he's also nixed planned rallies in Oregon and Las Vegas this month.

Sean Hannity Is Also Advising Trump
2 days ago

Donald Trump's Fox News brain trust keeps growing. After it was revealed that former Fox chief Roger Ailes is informally advising Trump on debate preparation, host Sean Hannity admitted over the weekend that he's also advising Trump on "strategy and messaging." He told the New York Times: “I’m not hiding the fact that I want Donald Trump to be the next president of the United States. I never claimed to be a journalist.”

RNC’s Spicer to Work from Trump HQ
2 days ago

"Donald Trump's campaign and the Republican party will coordinate more closely going forward, with the GOP's top communicator and chief strategist Sean Spicer increasingly working out of Trump campaign headquarters, the campaign confirmed Sunday."

Manafort Resigns from Trump Campaign
5 days ago

In a statement released Friday morning, the Trump campaign announced that Paul Manafort has resigned as campaign chairman. The move comes after fresh questions had been raised about Manafort's work in Russia and Ukraine, and Trump brought in Stephen Bannon "as a de facto demotion for Manafort."