wired | For a secretary of state, running your own email server might be a clever—if controversial—way to keep your conversations hidden from journalists and their pesky Freedom of Information Act requests.
But ask a few security experts, and the consensus is that it’s not a
very smart way to keep those conversations hidden from hackers.
On Monday, the New York Times revealed
that former secretary of state and future presidential candidate
Hillary Clinton used a private email account rather than her official
State.gov email address while serving in the State Department. And this
was no Gmail or Yahoo! Mail account: On Wednesday the AP
reported that Clinton actually ran a private mail server in her home
during her entire tenure leading the State Department, hosting her email
at the domain Clintonemail.com.
Much of the criticism of that in-house email strategy has centered on
its violation of the federal government’s record-keeping and
transparency rules. But as the controversy continues to swirl, the
security community is focused on a different issue: the possibility that
an unofficial, unprotected server held the communications of America’s
top foreign affairs official for four years, leaving all of it
potentially vulnerable to state-sponsored hackers.
“Although the American people didn’t know about this, it’s almost
certain that foreign intelligence agencies did, just as the NSA knows
which Indian and Spanish officials use Gmail and Yahoo accounts,” says
Chris Soghoian, the lead technologist for the American Civil Liberties
Union. “She’s not the first official to use private email and not the
last. But there are serious security issue associated with these kinds
of services…When you build your house outside the security fence, you’re
on your own, and that’s what seems to have happened here.”
The most obvious security issue with Clinton running her own email
server, says Soghoian, is the lack of manpower overseeing it compared
with the State Department’s official email system. The federal agency’s
own IT security team monitors State Department servers for possible
vulnerabilities and breaches, and those computers fall under the NSA’s
protection, too. Since 2008, for instance, the so-called Einstein project
has functioned as an umbrella intrusion-detection system for more than a
dozen federal agencies; Though it’s run by the Department of Homeland
Security, it uses NSA data and vulnerability-detection methods.
Clinton’s email wouldn’t have the benefit of any of that expensive government security.
1 comments:
Quit playin' wit dat title...
Post a Comment