Comment by untog

9 years ago

Among the more disappointing things in all of this is that there is a rational, important conversation to be had about everyday awareness of security and government inflexibility. But there won't be, because she is Hillary Clinton and it is 2016.

Supposedly she got the server set up because the NSA refused to give a politician who travels frequently a secure smartphone. She (I personally believe) was likely ignorant of many of the security requirements of such a server (even one set up for unclassified e-mail), as was whoever set it up. And no-one on her staff either knew enough or was willing enough to say anything. She is also supposedly not the first Secretary of State to have an arrangement of this nature.

This feels like the very definition of systematic failure and clearly needs to change. But the conversation is almost exclusively based around a) her having nefarious motivations, because she is Hillary Clinton, or b) this all being a Republican plot to derail the Democratic candidate for President.

It's all very depressing.

93 comments

untog

Reply
ctdonath  9 years ago

Supposedly she got the server set up because the NSA refused to give a politician who travels frequently a secure smartphone.

Baloney. She was the second most powerful person in the US government. If she couldn't get them to provide modern secure communications, she had the ear of the one who could.

If it was as you say, and truly that systemic a problem, then indeed heads should politically roll - starting from the top, which means her.

Handling national secrets on a cheap generic PC in one's bathroom because a subordinate huge-budget agency won't cooperate is a sign of gross incompetence on many levels. If jail time is what it's going to take to motivate people to get this systemic problem solved, them so be it. The standards are obvious, and ominously violated to a dangerous degree.

  • secabeen  9 years ago

    Here are the results from the FOIA request that underlie that statement. The NSA certainly pushed back. https://www.judicialwatch.org/press-room/press-releases/judi...

    • mtgx  9 years ago

      I think the NSA wanted to give her a secure Windows Mobile (or whatever it was called back then) phone, which may have been better supported. They also mention security issues with Blackberry, presumably even if they tried to make it "secure" themselves.

      If I remember correctly, they didn't want to allow Obama to use a Blackberry either back then, but he was a big fan of Blackberries and said he couldn't use the much uglier and brick-like alternatives. So I think they eventually compromised for the president. But I don't think they were just going to do it for everyone else, at least not at the time.

      2 replies →

  • eli  9 years ago

    Ever work in a really large oraganization and try to demand something from some far-flung other division? Not so easy.

    She shouldn't have set up her own server. And the NSA should have been more sensitive to how important mobile email is to a modern diplomat.

    • JonFish85  9 years ago

      "Ever work in a really large oraganization and try to demand something from some far-flung other division? Not so easy."

      As someone reporting directly to the CEO, I bet it's not so hard... And "but it was really hard" isn't exactly a solid excuse for... anything?

therobot24  9 years ago

>> She is also supposedly not the first Secretary of State to have an arrangement of this nature.

http://www.politifact.com/truth-o-meter/statements/2016/mar/...

Politifact rates this idea mostly false.

  • jbooth  9 years ago

    They rated the statement 'my predecessors did the exact same thing' mostly false. Editorial choice -- they could have rated the statement 'none of my predecessors followed proper procedure for email either' and found it true.

    Powell maintained his own email but without the server in his house, Rice claims she avoided all email, so we have exactly 0 secretaries of state who've handled email 'the right way' in 220-some-odd years of this fine country.

  • bhauer  9 years ago

    Indeed. I believe she should be investigated and prosecuted for this, but I nevertheless think it remains a mostly credible claim with respect to Powell. If I understand correctly, Politifact makes the argument that Powell used a personal e-mail address at an established service whereas Clinton installed her own mail server.

    As someone who believes strongly in revitalizing self-hosting, I find focusing on Hillary's use of a personal mail server (and not on the fact that it was not an official e-mail account, full stop) to be unfairly marginalizing personal mail servers or personal servers in general. There's nothing wrong about running your own mail server. The problem is running your own mail server to give yourself a personal e-mail account to use in your job as Secretary of State. But the key part is using a personal e-mail account for your job that involves dealing with highly sensitive and classified materials—an action that would get most government employees fired if not imprisoned.

merpnderp  9 years ago

I've almost entirely given up on conversations in HN threads, but the recent State Dept Inspector General's report concludes that after the server was found to be compromised, the staffers who found the issue were told to never speak of it again.

This wasn't just poor IT security, this was willful ignorance of the consequences of state secrets being in the open. It is incredibly likely she was targeted by foreign intelligence. And perhaps Russia found it useful that no one was talking about their impending invasion of Ukraine or Iran learned how desperate the administration was to cut a deal? There were a thousand ways this could have undercut US foreign policy, which has recently been disastrous (Like when Hillary hung up the phone on her Russian counterpart in 2012 when Russia was trying to negotiate a peaceful conclusion in Syria - according to the Wikileaks embassy cables).

  • GVIrish  9 years ago

    > This wasn't just poor IT security, this was willful ignorance of the consequences of state secrets being in the open.

    To be clear, this was unclassified email. Classified email is on a separate network.

    Certainly having access to the Secretary of State's unclassified emails could yield valuable intelligence insights but these are not emails that are going to contain "secrets" per se.

    • merpnderp  9 years ago

      That's absolutely not clear at all. Content from SIPRNet and JWICS both ended up in 1,340 of the emails on Hillary's server. The CIA has reviewed the emails and said that several of them contain partial content from their highly sensitive intelligence on human intelligence.

      We won't know for sure until the FBI investigation is complete, but it is looking like this wasn't an accident but a cavalier attitude towards handling sensitive intelligence.

      But given how no one seems to care how she handled Syria, Iraq, and N. Africa, it's obvious it doesn't much matter how she handled secret information.

      1 reply →

ChuckMcM  9 years ago

I agree with this, but the failure is one of the government to "train" its appointed/elected members adequately. It should never be acceptable for STATE to conduct official business over private email, that just just be the rule. And while previous secretaries have also "worked around it" it is something the FBI should intervene on and enforce. The pressure of it being hard to do can lead to better funding/resources on making it easier to use, but the going in position should be "You shall not ... and if you do we're coming after you."

themartorana  9 years ago

What's the rationale for not giving everyone secure smartphones? And I mean high-ranking officials, SoS certainly ranks considering how much she/he is in foreign countries with foreign leaders. Can someone in the know explain why the NSA would deny such requests?

  • untog  9 years ago

    Difficult to know for sure. Obama had one, Rice previously used one, but:

    The NSA refused to give Clinton a device similar to the one used by Obama: a modified BlackBerry 8830 World Edition with additional cryptography installed. And while Clinton's predecessor Condaleeza Rice had obtained waivers for herself and her staff to use BlackBerry devices, Clinton's staff was told that "use [of the BlackBerry] expanded to an unmanageable number of users from a security perspective, so those waivers were phased out and BlackBerry use was not allowed in her Suite,"[1]

    This being Clinton there are probably conspiracy theories (the NSA is out to get her!) but I suspect they simply didn't want to have to deal with it, and had the ability to say no. So they did.

    [1] http://arstechnica.com/information-technology/2016/03/nsa-re...

    • snappy173  9 years ago

      >Clinton's staff was told that "use [of the BlackBerry] expanded to an unmanageable number of users from a security perspective

      if you don't provide a secure way to get shit done, motivated individuals will figure out how to get shit done, security be damned. happens every time. that's what happened here.

      3 replies →

    • ams6110  9 years ago

      They refused to give her a highly customized hardened BlackBerry. She could have used a laptop or other device. There is no way they don't have a standard secure remote email capability, she just wanted what Obama had, and they said no, we aren't supporting any more bespoke devices for individuals. Which is totally rational from a security standpoint.

    • CRConrad  9 years ago

      Idunno, this might be a little spellOCD of me, but I find it hard to take an article seriously that not once, but at least twice -- judging just from the quote here plus the lede, not even having read the article yet -- misspells the name of a Secretary (albeit a former one) of State.

  • basseq  9 years ago

    In all fairness, Obama's use of a smartphone was unprecedented. I read (but cannot find a reasonable source now) that Obama's Blackberry was tethered to a private base station, not any kind of public network, cellular or otherwise. So "secure smartphone" is a term that really means "secure infrastructure".

    That infrastructure simply isn't scaleable.

    [Edit: See this HN comment for sources. https://news.ycombinator.com/item?id=11306380]

    • Crespyl  9 years ago

      Supposedly his phone is also locked down to just ~10 other similarly secure numbers, while Clinton wanted to be able to use her secure phone to call her entire staff. That would've required dozens or hundreds more devices, which is a problem when every possible loss or compromise of any device is such a huge deal.

  • rdiddly  9 years ago

    I liked where I _thought_ you were going with that. Why not give ALL OF US secure smartphones. Indeed. Indeed.

    • themartorana  9 years ago

      The NSA is already in my smartphone. If they gave me a secure smartphone, I'd still feel pretty much like I do now.

  • hobs  9 years ago

    Probably because they know how to pwn all of them, and are certain they are insecure or an absolute nightmare to secure.

    • na85  9 years ago

      No doubt whatever mods they make for the POTUSberry are resource- and time-intensive.

exabrial  9 years ago

Actually no, we're fortunate this isn't happening in 2017, or 2018. We can still keep her out of office, and we should, on moral grounds, not party grounds.

Unfortunately, the alternatives to her aren't that great either. I'm hedging my bets until November, hoping some sort of miracle happens. Hoping this election invokes the 12th amendment and goes to the house. I feel none of the current candidates would be eligible and we'd get a fresh start.

  • heurist  9 years ago

    The house would be the opposite of a fresh start, and would likely hand it to Trump (or whatever right-leaning 'independent' might happen to show up).

    • exabrial  9 years ago

      They are very displeased with him actually, remember Trump has alienated all the establishment in his party. And the house can nominate whomever they want.

Torgo  9 years ago

>Supposedly she got the server set up because the NSA refused to give a politician who travels frequently a secure smartphone.

She didn't want the one they offered her, which was an older-style Windows Mobile phone. As the emails frequently note, she is not a "computer person", she knew how to work one kind of device for accessing email and refused to use anything different. They offered her a secure computer with a dedicated outside line even inside State, but her handlers thought she wouldn't even be able to deal with the concept of accessing her email on a PC rather than a Blackberry. I am not bashing Clinton here, I am just reading back the stuff from the emails that was on JudicialWatch.

What's "depressing" to me is that I have had to handle classified material in the past and there's zero doubt what would happen to me if I handled this shit like her and her staff did, but there's going to be zero material consequences for her. I kind of feel like there's two sets of law books, ones for peons like me, and ones for special people like her.

  • Crespyl  9 years ago

    If our Secretary of State and would-be President can't be bothered to learn how to read email on a PC, even (especially) for the sake of information security, I think that deserves a little bashing.

    • panglott  9 years ago

      They're too busy to make an appointment with their desk to read emails, and the government can't supply a secure smartphone to anyone less high up than the President himself? Even the Secretary of State? Just bizarre.

mason240  9 years ago

>Supposedly she got the server set up because the NSA refused to give a politician who travels frequently a secure smartphone.

I have a very hard time believing that the 3rd (possibly 2nd) highest person in the US government couldn't get their IT requests fulfilled.

  • GVIrish  9 years ago

    The NSA is not beholden to the State Department so they could very easily have told her no. Even between different branches of the Armed Forces there is limited ability to force the issue if another branch doesn't want to do something.

sandworm101  9 years ago

It's not A or B. They are not mutually exclusive. She can be evil and the subject of a plot. In fact, given that she is a politician, A is a most certainly true. And given that she is a candidate for president, so is B.

magoon  9 years ago

> She is also supposedly not the first Secretary of State to have an arrangement of this nature.

Careful with the phrasing - it has been said others have used "private e-mail" but that is, to me, not the same as setting up a server and using it exclusively.

Do you know anybody with their own home email server?

  • NDizzle  9 years ago

    Maybe it was rhetorical but I know dozens of people with home email servers. I set up my first one, personally, in 1997.

    • dragonwriter  9 years ago

      In context, that was implicitly "any previous US Secretary of State", not "any human being on Earth".

      And I think the OIG report expressly said that Clinton was the only one to have done so.

      OTOH, one could argue that a third party non-government, non-sanctioned, email system that the official does not control is potentially worse in many ways than a personal email server, as in the latter case the official at least in principal had control of retention and access and other aspects of the behavior of the system.

mc32  9 years ago

I think it's one thing to have run your own email server back in the early 2000's and doing the same in the mid teens. There is much more sophistication in terms of adversarial means and methods as well as sheer number of adversaries --as well as "education" about security.

maratd  9 years ago

> This feels like the very definition of systematic failure and clearly needs to change.

> It's all very depressing.

Not at all.

Because of this fiasco, every clown with political aspirations will be using an approved and encrypted system instead of rolling their own garbage.

  • chatmasta  9 years ago

    What about the threat of the agency who secures the system simulateously compromising it in order to gain blackmail material on its user?

    • lazyjones  9 years ago

      In that case, I'd worry about the user doing unlawful/immoral things they can be blackmailed with. Agencies have made up accusations and set up traps for politicians in the past (and worse: see FBI vs. Martin Luther King, Jr.). If they can blackmail a person with the truth, chances are that others can do it too (criminals e.g.).

stillusingvb6  9 years ago

She knew what she was doing

  • foxylad  9 years ago

    No, she didn't, on many levels. Her underlings should have known better, but if a 68-year-old politician knew anything about internet security practices, I'd vote for them!

    • stillusingvb6  9 years ago

      Her underlings were speaking up and were promptly silenced.

      "The first query was dismissed by Clinton’s deputy chief of staff, claiming that the requirement to use two devices for official and personal e-mail “didn’t make a lot of sense.” Staffers raised concerns again the next January, but were told by a director that Clinton had received approval for her private server, even though she never requested it. Furthermore, the same official “instructed the staff never to speak of the Secretary’s personal e-mail system again.”

      http://finance.yahoo.com/news/now-know-hillary-lied-multiple...

    • elif  9 years ago

      So, after a bogus real estate fraud investigation lead to the revelation of one of Bill's affairs and his subsequent impeachment, and then congress created committees to pour through her records for dirt, you know "on many levels" that she is accidentally keeping her records private. right.

    • atf104  9 years ago

      This is really the crux of the case no one is talking about. There seems to be this notion she set out to do this evil deceptive thing. She had no idea, if anything her underlings were to blame. It was a colossal error, and she's terrible at articulating just about anything, let alone this failure.

      Our choices this cycle are extremely poor, but I'll take her finger on the button any day of the week over the real estate oompa loompa.

      15 replies →

curiousgal  9 years ago

>It's all very depressing.

It's not if you don't think about it. And given how it's not personal, that can be done.

a3n  9 years ago

> Supposedly she got the server set up because the NSA refused to give a politician who travels frequently a secure smartphone.

That would have made it more difficult for the NSA to spy on her. I know this sounds cynical, but really, do you think the NSA doesn't spy on our government officials?

mikecb  9 years ago

This isn't about a secure smartphone, because you can't use a secure smartphone on insecure networks, like with regular email.

nickpsecurity  9 years ago

Re smartphone NSA refused to let her use a specific phone. There were several smartphones and certified solutions available. Hillary only wanted Blackberry. Quite opposite of your statement.

Re nefarious motivations. The server and its location weren't just used for diplomatic stuff. There are nefarious things going on. She worked hard to block any FOIA requests or supeonas that would enlighten us more. The mark of an honest politician or nonprofit. ;)