More Security Fears Surround Clinton’s ‘Homebrew’ Email Server

“Clinton’s decision to forgo the State Department’s servers is inexplicable and inexcusable,” says one security expert.

National Journal
Dustin Volz
Add to Briefcase
Dustin Volz
March 4, 2015, 6:15 a.m.

Hil­lary Clin­ton’s email con­tro­versy turned from bad to worse overnight, as re­ports sur­faced that the former sec­ret­ary of State re­lied on her own “homebrew” com­puter serv­er to send and re­ceive mes­sages, des­pite ap­par­ent se­cur­ity warn­ings from gov­ern­ment of­fi­cials.

The de­cision for a high-rank­ing gov­ern­ment of­fi­cial to cre­ate a sep­ar­ate email ser­vice is something usu­ally re­served for com­puter geeks and hack­ers wor­ried about pri­vacy and sur­veil­lance. But Clin­ton’s de­cision to forgo either a gov­ern­ment or com­mer­cial email ac­count is fur­ther stok­ing con­cerns that the na­tion’s former top dip­lo­mat may have been reck­less about se­cur­ing her com­mu­nic­a­tions.

The Web do­main clin­tone­mail.com, which Clin­ton used ex­clus­ively to con­duct of­fi­cial busi­ness dur­ing her four years head­ing the State De­part­ment, was run through an In­ter­net ser­vice re­gistered to a fam­ily home in Chap­paqua, N.Y., ac­cord­ing to the As­so­ci­ated Press.

“The task of keep­ing a mail-serv­er se­cure isn’t one even the av­er­age [sys­tem ad­min­is­trat­or] is up to. I’d be shocked if her serv­er was even re­motely se­cure,” said Nate Car­dozo, a staff at­tor­ney with the Elec­tron­ic Fron­ti­er Found­a­tion.”Clin­ton’s de­cision to forgo the State De­part­ment’s serv­ers is in­ex­plic­able and in­ex­cus­able.”

So far, Clin­ton has been mum on the con­tro­versy, al­though her aides and the State De­part­ment have at­temp­ted to down­play the fur­or by say­ing no clas­si­fied in­form­a­tion was ever trans­mit­ted over email and in­stead al­ways com­mu­nic­ated in per­son, over phone or se­cure video­link—an as­ser­tion her crit­ics have found highly im­prob­able.

Some have de­fen­ded Clin­ton’s de­cision, not­ing that email ser­vices such as Gmail and Ya­hoo are far from hack­proof—and that the State De­part­ment has its own troubled his­tory of pro­tect­ing its data, from an email breach last year to the Wikileaks re­lease of hun­dreds of thou­sands of dip­lo­mat­ic cables back in 2010.

Clin­ton’s use of a homebrew serv­er was “likely more se­cure than us­ing some free­bie sys­tem she signed up for on­line, which is how sev­er­al oth­er prom­in­ent fig­ures have got­ten burned, from Pal­in to Hol­ly­wood types,” said Peter Sing­er, a strategist and seni­or fel­low at the New Amer­ica Found­a­tion who re­cently wrote a book on cy­ber­se­cur­ity, in an email. The de­cision “also points to hav­ing some pro­fes­sion­al IT people work­ing for them on it. … But every type of email sys­tem has been hacked at some point.”

Sing­er noted that Clin­ton’s homebrew likely would have been ex­empt from some of the Na­tion­al Se­cur­ity Agency’s sur­veil­lance sweeps, es­pe­cially those that re­lied on dir­ect ac­cess to the data flows of com­pan­ies like Google, Face­book, and Mi­crosoft. An Ed­ward Snowden-ex­posed NSA pro­gram known as PRISM forces at least 9 U.S. In­ter­net com­pan­ies to hand over users’ com­mu­nic­a­tions, such as email con­tent and file trans­fers, of for­eign­ers. Data of U.S. per­sons who com­mu­nic­ate with for­eign­ers—something Clin­ton’s job would have re­quired her to do fre­quently—are scooped up in that sur­veil­lance, a prac­tice the NSA has de­fen­ded as “in­cid­ent­al” col­lec­tion.

Oth­ers were less con­vinced that Clin­ton’s de­cision af­forded her more se­cur­ity and that it was mo­tiv­ated by any­thing more than an at­tempt to dodge trans­par­ency. Bar­ton Gell­man, a re­port­er for The Wash­ing­ton Post who has ac­cess to the Snowden files, tweeted Wed­nes­day that “it is not pos­sible for a high-value tar­get to se­cure a home-man­aged email serv­er.”

Adding to Clin­ton’s email woes are new re­ports that Clin­ton was warned by State De­part­ment tech­no­logy ex­perts about the po­ten­tial se­cur­ity vul­ner­ab­il­it­ies of us­ing a private email ser­vice. But that “those fears fell on deaf ears,” ac­cord­ing to Al Jaz­eera Amer­ica, which cited an un­named State em­ploy­ee.

“We tried,” the em­ploy­ee told Al Jaz­eera. “We told people in her of­fice that it wasn’t a good idea. They were so un­in­ter­ested that I doubt the sec­ret­ary was ever in­formed.”

What We're Following See More »
TIME TO SPLIT
House Passes CR, Sends Bill to President’s Desk
3 hours ago
THE LATEST
CAN’T NAME ONE WORLD LEADER
Gary Johnson Stumbles Again
4 hours ago
WHY WE CARE
GOES TO PRESIDENT
Senate Approves Bill to Preserve Rape Kits
4 hours ago
THE LATEST

"The Senate on Wednesday approved legislation ensuring sexual assault survivors in federal criminal cases have access to forensic evidence collection kits, sending the bill to President Obama's desk. The legislation, known as the Survivors’ Bill of Rights Act, was passed by unanimous consent as lawmakers prepare to leave Washington until after the election. The House passed the measure earlier this month."

Source:
2-MONTH GIG OR 8-YEAR GIG?
Alec Baldwin to Play Trump on ‘SNL’
6 hours ago
THE DETAILS
STRIKES DOWN NEW HAMPSHIRE BAN
Court: Selfies in Voting Booth Now OK
8 hours ago
WHY WE CARE
×