I am astonished that no one in the information security field has taken time to analyze the issues of e-mail security for public officials who, like Hillary Clinton, are squeezed between obsolete rules and modern reality.
The problem goes back at least to Madeline Albright. Condoleezza Rice and General Colin Powell also dealt with this technical problem. Hillary Clinton did not choose to use a private email server because she wanted one, but because it was the most secure system she could trust with America’s secrets. The diplomats of the world are faced with challenges from spies from every nation in the world, and even domestic enemies, like rival political parties.
The problem is that when government channels are used, there are literally thousands of points of contact from which the system can be hacked and cracked. Wholesale theft of diplomatic and military files is an ongoing problem, both from insiders and external players. Securing diplomatic instructions means trusting a chain of servers and undersea phone links. America’s enemies are constantly trying to gain access to the communications between the Secretary of State and the rest of the diplomatic corps.
So, using the government servers practically means a copy of all top-level diplomatic correspondence will be on the desk at dozens of foreign intelligence organizations just by putting those mails into the government system. For this reason, the Secretaries of State have been using non-government accounts to manage off the grid communications. We know for a fact that General Powell used an AOL account.
Adding complexity to this whole issue are the ethics laws that forbid political communications from government accounts. By forcing diplomats to use a personal account for personal, political correspondence, the line between official communications and partisan communications will become blurred. This is obviously what happened here. By using her own server, Secretary Clinton achieved additional level of security that would not have been possible using the well-infiltrated state department servers.
There is no evidence that suggests her personal servers were ever compromised. Given the high value of gaining such access, we can be sure that any agency that did infiltrate her personal server would have long ago taken credit and take shots at embarrassing the American Secretary of State. The files released by Manning and Snowden are freely available on the internet, yet not one email stolen from the Clinton private server was every divulged (except for copies retrieved from external mail systems.)
The obvious conclusion is that the technical staff managing Clinton’s servers were actively monitoring the system and would have noticed any attempts. The relative obscurity of the Clinton server also gave them a boost to keeping America’s secrets under wraps.
Whoever they were, the did a great job. Wiping the drives and destroying obsolete backups is the best practices of email security and Hillary’s IT team achieved that success by properly configuring the system, monitoring the usage and managing patches and security certificates.
None of this has any bearing on what may have been said following the Benghazi attack, which is the original concern of Mrs. Clinton’s detractors. But to conflate her sterling security practices with somehow being disingenuous or deceitful misses the best practices for managing secrets and keeping Americans safe.
Thank you / images courtesy Shepard Faiery/Obey Giant