* <<GB1.0581>> Clinton email
This whole Clinton email thing is, if nothing else, a lesson in how
"convenience" alone is never a good reason to do something.
Why did Clinton use a private email server? People who hate her are
going to tell you that it's because she's secretive and sinister and
she wanted to be able to hide things from the public – ignoring
"sinister" for a moment, there's probably at least a degree of truth
to that – she likely didn't want her personal correspondence being
archived on State Dept. computers – however the merit of those
accusations is moot because we know, quite credibly, from Clinton's
own words that the reason for the private email server was so that
she could more "easily" communicate with people inside and out of
work.
Having two separate email accounts was not easy enough. Looking at
multiple inboxes is not easy enough; having to make sure that you
"send from..." the right email account is not easy enough. I hope
someone with a shred of intelligence suggested that she just carry
two Blackberries, labeled in enormous block letters with "BUSINESS"
and "PERSONAL", but that, too, was not sufficiently convenient, was
it? So, Justin Cooper or whomever made the suggestion said "why don't
you just set up your own email server and do everything from there?"
That sounds convenient, doesn't it? "I know computers pretty well, I
could set-up an email server in your basement!" Okay, let's do it!
Now, this is a bit of a digression, but I can't help myself ... ~I~
am pretty handy with computers. I've even set-up an email server
before. But if the United States Secretary of State asked me if I
could set-up an email server in her basement, I'd say "with respect,
madam, you are out of your fucking mind if you are going to trust
someone with no government/military information security experience
to set-up an email server that's going to carry official state
business." I don't know how much work was done by Cooper or Pagliano
respectively, or the quality of their work, but the fact that neither
of these guys said something tantamount to what I just said is
..mind-boggling.
Anyway, this email thing has been dogging Clinton for the entire
election, and it all comes down to her making a really stupid
decision for the sake of convenience or "ease" of use.
Unsurprisingly, none of her toadies were able to make a sufficiently
compelling case (or even tried to?) for how this was a REALLY BAD
IDEA (tho' I guess Colin Powell – not a toadie – tried).
And – this is the part where I make a generalized statement only
tangentially related to the prima facie subject of this post – the
overarching problem here is that people, ALL the people, are fucking
awful at information management & security. You ~might~ be able to
convince a person to always use a strong password, and you might help
them to make sure that their email client is using TLS to connect to
their server, but then they'll let the application remember the
password, because that's convenient, so that anyone sitting at their
computer or operating their phone has full access. Public-key
encryption for sensitive/personal messages? Waaay too inconvenient,
for sender /and/ recipient. VPN? What admin wants to set-up a VPN?
Too inconvenient!
Bottom line: Clinton should never have been allowed to conduct state
business with a private email account. She did it because she could
and because it was not, in itself, a violation of policy to do so.
Did she violate Title 18? Eh, possibly, although I will bet you money
that even after these new emails are sifted-through there's not going
to be enough evidence of wrongdoing to prosecute her for that. If she
had classified information on her server, then we should also be
asking why it was ever delivered to a private server in the first
place. Clinton's taking a lot of heat for this personally, but the
fact is, infosec at the State level is clearly not terribly well
managed.
--
Excerpted from:
PUBLIC NOTES (G)
http://alph.laemeur.com/txt/PUBNOTES-G
©2016 Adam C. Moore (LÆMEUR) <
[email protected]>
