More Security Fears Surround Clinton’s ‘Homebrew’ Email Server

“Clinton’s decision to forgo the State Department’s servers is inexplicable and inexcusable,” says one security expert.

National Journal
Dustin Volz
Add to Briefcase
Dustin Volz
March 4, 2015, 6:15 a.m.

Hil­lary Clin­ton’s email con­tro­versy turned from bad to worse overnight, as re­ports sur­faced that the former sec­ret­ary of State re­lied on her own “homebrew” com­puter serv­er to send and re­ceive mes­sages, des­pite ap­par­ent se­cur­ity warn­ings from gov­ern­ment of­fi­cials.

The de­cision for a high-rank­ing gov­ern­ment of­fi­cial to cre­ate a sep­ar­ate email ser­vice is something usu­ally re­served for com­puter geeks and hack­ers wor­ried about pri­vacy and sur­veil­lance. But Clin­ton’s de­cision to forgo either a gov­ern­ment or com­mer­cial email ac­count is fur­ther stok­ing con­cerns that the na­tion’s former top dip­lo­mat may have been reck­less about se­cur­ing her com­mu­nic­a­tions.

The Web do­main clin­tone­, which Clin­ton used ex­clus­ively to con­duct of­fi­cial busi­ness dur­ing her four years head­ing the State De­part­ment, was run through an In­ter­net ser­vice re­gistered to a fam­ily home in Chap­paqua, N.Y., ac­cord­ing to the As­so­ci­ated Press.

“The task of keep­ing a mail-serv­er se­cure isn’t one even the av­er­age [sys­tem ad­min­is­trat­or] is up to. I’d be shocked if her serv­er was even re­motely se­cure,” said Nate Car­dozo, a staff at­tor­ney with the Elec­tron­ic Fron­ti­er Found­a­tion.”Clin­ton’s de­cision to forgo the State De­part­ment’s serv­ers is in­ex­plic­able and in­ex­cus­able.”

So far, Clin­ton has been mum on the con­tro­versy, al­though her aides and the State De­part­ment have at­temp­ted to down­play the fur­or by say­ing no clas­si­fied in­form­a­tion was ever trans­mit­ted over email and in­stead al­ways com­mu­nic­ated in per­son, over phone or se­cure video­link—an as­ser­tion her crit­ics have found highly im­prob­able.

Some have de­fen­ded Clin­ton’s de­cision, not­ing that email ser­vices such as Gmail and Ya­hoo are far from hack­proof—and that the State De­part­ment has its own troubled his­tory of pro­tect­ing its data, from an email breach last year to the Wikileaks re­lease of hun­dreds of thou­sands of dip­lo­mat­ic cables back in 2010.

Clin­ton’s use of a homebrew serv­er was “likely more se­cure than us­ing some free­bie sys­tem she signed up for on­line, which is how sev­er­al oth­er prom­in­ent fig­ures have got­ten burned, from Pal­in to Hol­ly­wood types,” said Peter Sing­er, a strategist and seni­or fel­low at the New Amer­ica Found­a­tion who re­cently wrote a book on cy­ber­se­cur­ity, in an email. The de­cision “also points to hav­ing some pro­fes­sion­al IT people work­ing for them on it. … But every type of email sys­tem has been hacked at some point.”

Sing­er noted that Clin­ton’s homebrew likely would have been ex­empt from some of the Na­tion­al Se­cur­ity Agency’s sur­veil­lance sweeps, es­pe­cially those that re­lied on dir­ect ac­cess to the data flows of com­pan­ies like Google, Face­book, and Mi­crosoft. An Ed­ward Snowden-ex­posed NSA pro­gram known as PRISM forces at least 9 U.S. In­ter­net com­pan­ies to hand over users’ com­mu­nic­a­tions, such as email con­tent and file trans­fers, of for­eign­ers. Data of U.S. per­sons who com­mu­nic­ate with for­eign­ers—something Clin­ton’s job would have re­quired her to do fre­quently—are scooped up in that sur­veil­lance, a prac­tice the NSA has de­fen­ded as “in­cid­ent­al” col­lec­tion.

Oth­ers were less con­vinced that Clin­ton’s de­cision af­forded her more se­cur­ity and that it was mo­tiv­ated by any­thing more than an at­tempt to dodge trans­par­ency. Bar­ton Gell­man, a re­port­er for The Wash­ing­ton Post who has ac­cess to the Snowden files, tweeted Wed­nes­day that “it is not pos­sible for a high-value tar­get to se­cure a home-man­aged email serv­er.”

Adding to Clin­ton’s email woes are new re­ports that Clin­ton was warned by State De­part­ment tech­no­logy ex­perts about the po­ten­tial se­cur­ity vul­ner­ab­il­it­ies of us­ing a private email ser­vice. But that “those fears fell on deaf ears,” ac­cord­ing to Al Jaz­eera Amer­ica, which cited an un­named State em­ploy­ee.

“We tried,” the em­ploy­ee told Al Jaz­eera. “We told people in her of­fice that it wasn’t a good idea. They were so un­in­ter­ested that I doubt the sec­ret­ary was ever in­formed.”

What We're Following See More »
Putin-Linked Think Tank Developed Plan to Influence U.S. Election
3 days ago

A Russian government think tank run by Putin loyalists "developed a plan to swing the 2016 U.S. presidential election to Donald Trump and undermine voters’ faith in the American electoral system." Two confidential documents from the Putin-backed Institute for Strategic Studies, obtained by U.S. intelligence, provide "the framework and rationale for what U.S. intelligence agencies have concluded was an intensive effort by Russia to interfere with the Nov. 8 election."

FBI Relied on Dossier Allegations to Monitor Page
4 days ago

"The FBI last year used a dossier of allegations of Russian ties to Donald Trump's campaign as part of the justification" to monitor Carter Page, who was then a defense adviser to the Trump campaign. "The dossier has also been cited by FBI Director James Comey in some of his briefings to members of Congress in recent weeks."

Russian Bombers Fly Near Alaska
5 days ago
Pentagon Deploying F-35s to Europe
1 weeks ago

"The Air Force is set to deploy its high-tech, fifth-generation F-35A fighter jets to Europe this weekend as part of an effort to assure U.S. allies there who are worried about Russian aggression." The new, state-of-the-art fighters will train with European air units. "The Pentagon noted that the deployment had been long planned, meaning it was not a reaction to recent increasing tensions between the United States and Russia," although a statement noted the move is part of the "European Reassurance Initiative," which began three years ago when Russia annexed Crimea.

Tillerson Meets Putin
1 weeks ago

Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.