Secretary Clinton's Email Server Fiasco
This is a brain dump, which I'm posting so I don't think about it while I should be enjoying the world for the next 10 days or so.
By now, the investigation of Secretary Clinton is officially closed. Since jeopardy never attached, in theory Ms. Clinton could still be indicted by a future administration, but I doubt that will happen.
Let me start with FBI Director Comey's statement. I freely admit I don't understand the legal nuance between being "extremely careless in their handling of very sensitive, highly classified information" and mishandling "classified information ... in a grossly negligent way." Perhaps someone could help me out here.
I'm also not sure about the claim that "no reasonable prosecutor would bring such a case." True, since the federal statutes at issue weren't designed to cover this exact case, a prosecution would likely fail against the type of legal talent Ms. Clinton could afford to hire. But isn't it reasonable for an upcoming conservative prosecutor to take on such a losing case in order to build his or her resume? After all, a future career in politics or at Fox News likely awaits.
Next, I'd like to step away from statutes and stroll down reality street. As SecState, Ms. Clinton could not have done her job competently without informal, unofficial diplomatic back channels. In today's world, email will inevitably be one of those channels. So I think Ms. Clinton had very valid reasons to use an unofficial mail server, and inevitably some of that traffic would be highly sensitive in nature. But it was foolish of her not to use an official account for "on-the-books" day-to-day purposes.
My second reality check has to do with Director Comey's comment about "unclassified personal servers not even supported by full-time security staff." The implication is that such a server is inherently less secure, and I'm not sure I agree with that. I've run my own mail server since late in 1994, and supporting it is nowhere near a full-time job. I see evidence of attempts to break in to the server literally every day. Usually, it's just an automated script that's been p0wn3d into a botnet, but occasionally I'll see what appears to be a concerted attack from 8-20 computers on the same Chinese subnet. AFAIK, I've been successfully hacked once. That's because I was running IIS on the same machine and fell victim to the NIMDA virus. I moved off of Windows after than and never looked back.
To paraphrase Bruce Schneier, "government email systems tend to be antiquated, hard to use, and annoying." The State Department uses Microsoft Outlook. That means it runs on Windows, which is still more likely to be targeted for attack by hackers. As part of the Microsoft office suite, it's also a vastly more complicated system than a standard Linux-based mail server. Upgrades, including security upgrades, tend to be delayed while that "full-time security staff" goes through an extended set of processes and paperwork. Don't get me started on password policies. The State Department servers also are a far more obvious target for potential intruders than a private server. Finally, breaches of email systems are frequently inside jobs. The same "full-time security staff" that Directory Comey wants to rely on is perhaps the systems greatest vulnerability.
So could have Ms. Clinton's system been hacked? Sure. But I'm not sure which side a honest assessment of comparative risk would fall. Certainly the FBI didn't try. What I am sure feel Ms. Clinton and her staff put at risk is the historical record. And for someone who clearly cares about how History will see her as Ms. Clinton, I can only assume that she was blind to that risk.
By now, the investigation of Secretary Clinton is officially closed. Since jeopardy never attached, in theory Ms. Clinton could still be indicted by a future administration, but I doubt that will happen.
Let me start with FBI Director Comey's statement. I freely admit I don't understand the legal nuance between being "extremely careless in their handling of very sensitive, highly classified information" and mishandling "classified information ... in a grossly negligent way." Perhaps someone could help me out here.
I'm also not sure about the claim that "no reasonable prosecutor would bring such a case." True, since the federal statutes at issue weren't designed to cover this exact case, a prosecution would likely fail against the type of legal talent Ms. Clinton could afford to hire. But isn't it reasonable for an upcoming conservative prosecutor to take on such a losing case in order to build his or her resume? After all, a future career in politics or at Fox News likely awaits.
Next, I'd like to step away from statutes and stroll down reality street. As SecState, Ms. Clinton could not have done her job competently without informal, unofficial diplomatic back channels. In today's world, email will inevitably be one of those channels. So I think Ms. Clinton had very valid reasons to use an unofficial mail server, and inevitably some of that traffic would be highly sensitive in nature. But it was foolish of her not to use an official account for "on-the-books" day-to-day purposes.
My second reality check has to do with Director Comey's comment about "unclassified personal servers not even supported by full-time security staff." The implication is that such a server is inherently less secure, and I'm not sure I agree with that. I've run my own mail server since late in 1994, and supporting it is nowhere near a full-time job. I see evidence of attempts to break in to the server literally every day. Usually, it's just an automated script that's been p0wn3d into a botnet, but occasionally I'll see what appears to be a concerted attack from 8-20 computers on the same Chinese subnet. AFAIK, I've been successfully hacked once. That's because I was running IIS on the same machine and fell victim to the NIMDA virus. I moved off of Windows after than and never looked back.
To paraphrase Bruce Schneier, "government email systems tend to be antiquated, hard to use, and annoying." The State Department uses Microsoft Outlook. That means it runs on Windows, which is still more likely to be targeted for attack by hackers. As part of the Microsoft office suite, it's also a vastly more complicated system than a standard Linux-based mail server. Upgrades, including security upgrades, tend to be delayed while that "full-time security staff" goes through an extended set of processes and paperwork. Don't get me started on password policies. The State Department servers also are a far more obvious target for potential intruders than a private server. Finally, breaches of email systems are frequently inside jobs. The same "full-time security staff" that Directory Comey wants to rely on is perhaps the systems greatest vulnerability.
So could have Ms. Clinton's system been hacked? Sure. But I'm not sure which side a honest assessment of comparative risk would fall. Certainly the FBI didn't try. What I am sure feel Ms. Clinton and her staff put at risk is the historical record. And for someone who clearly cares about how History will see her as Ms. Clinton, I can only assume that she was blind to that risk.