They can't provide her with a secure device. That's the Secretary of State of the United States of America who they can't provide with a secure device and so they leave her, literally to her own devices. Apparently nobody reviewed how she was communicating and advise her directly about her own behaviour. "Much less, ok what do you need? We'll design a system that does that with the best security we can manage. We'll tell you exactly what not to do. Mr/Madam Secretary." Whoever the secretary of state is.
Fire them all and start again. You can't do worse than this can you? No matter who you've got in power you're selling them and US State Department policy. Hillary, yeah, to hell with her, but that's entirely beside the point and totally a sideshow in this story. I can't think of a single politician who would know and understand the security implications of electronic communication without being directly advised in the most clear and emphatic fashion possible.
Does anyone care to speak up for the competence on display here?
It's worth remembering that Obama was also told no at first when he asked for a secure Blackberry. He only got one a few months later after making it clear as CIC he would get one or else.
So they made him one. Well why can't they make two? Or 20?
One answer might be bureaucracy. The NSA reports to the President, not State, so maybe they won't do as much for State. Turf-fighting is pretty common among federal agencies, especially those with overlapping jurisdictions.
Another reason might be that information collection is prized much more highly right now in the federal government that information assurance. Even if the NSA helps out State IA, will they get much credit for it? No. And will they get punished if they fail to help State IA? Obviously not.
Simply put, federal IT is very sick right now. The Clinton email saga is a tiny symptom of that. Snowden and the OPM breach are much larger and more consequential results of this pervasive problem.
(Non us citizen here btw)
I know this seems like nitpicking, but you said "She went against protocol because she wanted to and she could, and she should own the consequences". The fact is that she did not go against protocol. If the president or congress wanted to prohibit the use of certain communication devices, they would have. Just like if someone's supervisor didn't want them to use a blackberry, they wouldn't write a memo pointing out problems with the device. They would just say "Don't use a blackberry."
The issue is did she break any laws or policies regarding the handling of classified information. That's for the courts to decide. But if there was any evidence I'd imagine they would have brought an indictment by now.
The BlackBerry part is interesting. At civilian sites (Natl labs) you can easily get an encrypted blackberry, and even take it into classified areas. You are just required to power it off before viewing or discussing any material. Apparently the Dept of State can't even manage what we already do throughout the country.
I can't imagine, "Just power it off" as a security mechanism, and can only imagine that compliance is somewhat less than 100%.
Also - I can imagine there are different levels of classification, and that the Secretary of State may be in places where the rules might be somewhat more strict.
just seemed like she had really bad communication discipline and didnt believe it was that big a deal.
did get the impression that there really wasnt anyone who really wanted to step up and forbid her to do certain things not sure if there is a role who has authority to do that
I can understand where Clinton is coming from. If I took a new job and they told me I had to use the ed editor to write code, and could only send patches by fax, I would either demand to keep using my networked laptop, a version control system, and preferred editor, or quit on the spot.
It’s ridiculous that the NSA, the White House, and the State Department couldn’t work out some kind of secure mobile device solution for Clinton.
that's probably the most likely scenario. they can punish her but they cant control her real time.
They could not find one to set hillary's mail correctly? Or they did not wished to? Or did Hillary refused to have an email set up by the government to protect her MI6/DGSE leaks?
And when you read the story of snowden's, he was able to trigger all alarms and get away with it.
And now NSA discover that too much data is a problem because informational entropy is growing so much it is hard to find the relevant data, even though informational entropy is a basic concept? (not to speak of false positive (innocent tagged terrorists) and false negative (missing the boston terrorist)).
ELECTINT is living its last years at my opinion. And I am okay with it. It has created a growing gap of perception between governments and the people they govern.
Sometimes failure are okay for me.
To err is human, to persevere is evil, and no machine can notice when it errs. Relying to much on ELECTINT is the first part of incompetence here.
It's not exactly a vote of confidence that smartphones are so unsecure that the intelligence services will not even allow them within the walls of a secure building. Shouldn't that be the first problem on the list here?
It's not just that smartphones are insecure enough to allow external attackers. Smartphones would also make it easier for another Snowden to exfiltrate material.
And some of this is abundance of precaution - GCHQ and NSA banned Furbies because they weren't sure what would or wouldn't be recorded.
Which makes setting up her own server all the worse.
> They can't provide her with a secure device.
They did, but it wasn't a BlackBerry one. BlackBerry or Windows Mobile, I don't think either were that secure anyway.
I agree with the general sentiment that digital security in the government is between catastrophic and terrible. It's now going towards just "terrible", so there' some progress, I suppose.
> Which makes setting up her own server all the worse.
Obviously she didn't set up the server. She probably got one of her technical aids to do it. Probably not good either way, though. It's almost certainly unpatched.
> > They can't provide her with a secure device.
> They did, but it wasn't a BlackBerry one. BlackBerry or Windows Mobile, I don't think either were that secure anyway.
> I agree with the general sentiment that digital security in the government is between catastrophic and terrible. It's now going towards just "terrible", so there' some progress, I suppose.
Since Hillary Clinton was long expected to be a candidate in this years election, it's not too much trouble to use that as an explanation.
Interesting how people forget that our government is to serve its people, not its own career interests. Hillary Clinton chose to sacrifice the country's interests (major security lapse) in order to cover her ass and hide potentially unethical (perhaps even illegal) activity.
All business conducted on behalf of the country should be made public as soon as it is safe to do so (no more than 5 years for classified material).
1) this exposes that Secretary of State is a figurehead to placate world leaders, a tool for diplomacy, but not highly respected or valued by the intelligence community. The position exists on the outskirts of what they care about locking down.
2) they left her to her own devices on purpose. it was a trap she fell right into. they knew she would make a bad decision and let her hoping it would lead her to her own demise.
""" Clinton lawyer David Kendall later told the State Department that her “use of personal email was consistent with the practices of other Secretaries of State,” citing Powell in particular, according to a letter he wrote in August.
But Powell’s circumstances also differed from Clinton’s in notable ways. Powell had a phone line installed in his office solely to link to his private account, which he generally used for personal or non-classified communication. At the time, he was pushing the department to embrace the Internet era and wanted to set an example.
“I performed a little test whenever I visited an embassy: I’d dive into the first open office I could find (sometimes it was the ambassador’s office). If the computer was on, I’d try to get into my private email account,” Powell wrote in “It Worked for Me: In Life and Leadership.” “If I could, they passed.”
Powell conducted virtually all of his classified communications on paper or over a State Department computer installed on his desk that was reserved for classified information, according to interviews. Clinton never had such a desktop or a classified email account, according to the State Department. """
...sooooo. Colin Powell did the same thing as Clinton and all we have is his (and his staff's) claims that they didn't communicate classified information over inappropriate channels? So then what makes this situation any different or any more deserving of attention?
Also, even if we now find out that Powell acted as poorly as HRC, that doesn't excuse either of them at all. It just means that they're both guilty, not that Hillary should get off the hook because previous Secretaries of State did it too.
Well that's pretty obvious: she's the leading candidate for the Presidency. Would you claim it's unfair that the leading candidate for the highest office shouldn't be heavily scrutinized or treated differently than other people? That premise wouldn't be realistic, the world has never and will never work that way. It's unfair? Ok, let's say it's unfair (assuming similar abuses occurred under the last Bush White House and aren't going to be pursued at all), I agree... so what. Since when do leading presidential candidates get treated fairly?
It's also unfair if Hillary is being protected from prosecution by the Obama Administration, which appears to be the case right now. General Petraeus had his career destroyed for doing less than what Hillary has done. We already know for a fact that she communicated classified information improperly.
If there's no evidence that Colin Powell did anything wrong, then you don't get to proclaim that he broke the law. The difference - if that's all the evidence that exists regarding Powell - is that we have a full chain of proof of what Hillary did.
Hillary should get into appropriate trouble for it (which would instantly end her candidacy for President), and there needs to be an investigation into any other recent past abuses. It's that simple.
Among the things that can cause big drops:
User flagging.
Administrative action.
Staleness (some number of hours on front page)
Flamewar detector (flurry of responses to responses)
I've seen other controversial topics drop off the front page that have recent submission times, and a decent number of points and comments, while others with similar stats remain on the front. ¯\_(ツ)_/¯
> Clinton's private email server was reconfigured again to use a Denver-based commercial email provider, MX Logic, which is now owned by McAfee Inc., a top internet security company. Except MX Logic isn't a "commercial email provider," it's a service that offers spam and virus filtering for email, very similar to Google's own Postini service. One of my friends who runs an ISP offers both Postini and MX Logic to customers but recommends MX Logic because he says the spam management is better.
http://www.zdnet.com/article/clintons-little-email-fuss-beyo...
They didn't even have physical control over the server? So anyone could've exploited internaps vulnerable ubersmith install and asked them to boot clintons box into recovery.
What worries me is not the ethical part - I am yet too cynical, but the total disregard of basic security.
The chimp needs everyone else to be using PGP too. Since everyone else is using the already secure email networks they see no need to use PGP.
And, really, PGP is not that easy to use. It's very easy for people to make mistakes with PGP.
A simple policy - I have tuned the server to discard any non encrypted and non signed email will force big chunk of the beltway elite to learn a new thing.
The processors, basebands, MMUs, all of them lack the tools necessary to create a chain of trust with also sufficient isolation at the application level to run normal applications. When everyone is saying "of course the FBI could get into the terrorist cellphone, just take it to TAO," this same thing applies to Blackberries and Android phones when applied by opposite numbers in China or Russia.
It is not possible to secure a mobile device from a nation-state attacker due (at least) to gaps in the hardware capabilities
Can't trust the hardware, can't trust the software. How can this device be ok to be used by a state official?
This is a throwaway tidbit in the article that I wish had a link to some more details. That one sentence hints at a very interesting longform article on its own.
Edit: I found these, which offer a few details. Surprising that it's from 1999!
Seriously, it's enough already. There's no new information to discuss.