Did the Clinton Email Server Have an Internet-Based Printer? (opens in new tab)

Here are the results from the FOIA request that underlie that statement. The NSA certainly pushed back. https://www.judicialwatch.org/press-room/press-releases/judi...

Ever work in a really large oraganization and try to demand something from some far-flung other division? Not so easy.

She shouldn't have set up her own server. And the NSA should have been more sensitive to how important mobile email is to a modern diplomat.

The NSA isn't subordinate to the State Dept.

They rated the statement 'my predecessors did the exact same thing' mostly false. Editorial choice -- they could have rated the statement 'none of my predecessors followed proper procedure for email either' and found it true.

Powell maintained his own email but without the server in his house, Rice claims she avoided all email, so we have exactly 0 secretaries of state who've handled email 'the right way' in 220-some-odd years of this fine country.

Indeed. I believe she should be investigated and prosecuted for this, but I nevertheless think it remains a mostly credible claim with respect to Powell. If I understand correctly, Politifact makes the argument that Powell used a personal e-mail address at an established service whereas Clinton installed her own mail server.

As someone who believes strongly in revitalizing self-hosting, I find focusing on Hillary's use of a personal mail server (and not on the fact that it was not an official e-mail account, full stop) to be unfairly marginalizing personal mail servers or personal servers in general. There's nothing wrong about running your own mail server. The problem is running your own mail server to give yourself a personal e-mail account to use in your job as Secretary of State. But the key part is using a personal e-mail account for your job that involves dealing with highly sensitive and classified materials—an action that would get most government employees fired if not imprisoned.

> This wasn't just poor IT security, this was willful ignorance of the consequences of state secrets being in the open.

To be clear, this was unclassified email. Classified email is on a separate network.

Certainly having access to the Secretary of State's unclassified emails could yield valuable intelligence insights but these are not emails that are going to contain "secrets" per se.

Difficult to know for sure. Obama had one, Rice previously used one, but:

The NSA refused to give Clinton a device similar to the one used by Obama: a modified BlackBerry 8830 World Edition with additional cryptography installed. And while Clinton's predecessor Condaleeza Rice had obtained waivers for herself and her staff to use BlackBerry devices, Clinton's staff was told that "use [of the BlackBerry] expanded to an unmanageable number of users from a security perspective, so those waivers were phased out and BlackBerry use was not allowed in her Suite,"[1]

This being Clinton there are probably conspiracy theories (the NSA is out to get her!) but I suspect they simply didn't want to have to deal with it, and had the ability to say no. So they did.

[1] http://arstechnica.com/information-technology/2016/03/nsa-re...

In all fairness, Obama's use of a smartphone was unprecedented. I read (but cannot find a reasonable source now) that Obama's Blackberry was tethered to a private base station, not any kind of public network, cellular or otherwise. So "secure smartphone" is a term that really means "secure infrastructure".

That infrastructure simply isn't scaleable.

[Edit: See this HN comment for sources. https://news.ycombinator.com/item?id=11306380]

I liked where I _thought_ you were going with that. Why not give ALL OF US secure smartphones. Indeed. Indeed.

Probably because they know how to pwn all of them, and are certain they are insecure or an absolute nightmare to secure.

Sweet Meteor of Death 2016!

The house would be the opposite of a fresh start, and would likely hand it to Trump (or whatever right-leaning 'independent' might happen to show up).

If our Secretary of State and would-be President can't be bothered to learn how to read email on a PC, even (especially) for the sake of information security, I think that deserves a little bashing.

The NSA is not beholden to the State Department so they could very easily have told her no. Even between different branches of the Armed Forces there is limited ability to force the issue if another branch doesn't want to do something.

Maybe it was rhetorical but I know dozens of people with home email servers. I set up my first one, personally, in 1997.

What about the threat of the agency who secures the system simulateously compromising it in order to gain blackmail material on its user?

No, she didn't, on many levels. Her underlings should have known better, but if a 68-year-old politician knew anything about internet security practices, I'd vote for them!

Please stop posting unsubstantive comments.

No?

"i didnt [sic] want to let them have the chance to"

Can you imagine if this was how Google and Amazon handled security?

I wouldn't say "anyone". Most people, technical or not, have no idea what they're doing when it comes to computer security and don't care enough or take the time to research best practices.

"She" did nothing of the sort. She told someone she wanted her email available. They said, ok, we'll just host it ourselves. "Whatever, I want my daily suduko and make sure I stop getting those damn linked-in spams". "Ok boss".

Seriously, how could anyone really believe she specc'd this out herself? Her staff probably threw it together as a MVP with the full intention of revisiting the implementation "really soon".

And then they lost interest.

> She could have hired a team of machine learning grad students to build her a personalized spam filter.

Or instead of reinventing the wheel, installed an existing spam detection product like SpamAssassin on the email server.

Here are the two obvious one, and another one that's well. . . more in the vein of the Clinton's being the Clinton's IMHO.

http://www.ijreview.com/2015/03/264655-3-federal-laws-hillar...

- Executive Order 13526 and 18 U.S.C Sec. 793(f) of the federal code make it unlawful to send of store classified information on personal email.

- Section 1236.22 of the 2009 National Archives and Records Administration (NARA) requirements states that:

“Agencies that allow employees to send and receive official electronic mail messages using a system not operated by the agency must ensure that Federal records sent or received on such systems are preserved in the appropriate agency record keeping system.”

- MSNBC’s Lawrence O’Donnell believes that the use of a personal emails server appears to be a preemptive move, specifically designed to circumvent FOIA:

It's quite possible the law discussed in that article was broken. The author lists the three cases of relevance: (1) whether Clinton knew she was putting classified information into an unclassified system, (2) did she willfully communicate classified information to anyone not authorized to receive it, and (3) did she remove classified information with the intent to retain such documents or materials at an unauthorized location. None of those are settled yet. The headline that "Hillary Clinton didn't break the law" is an opinion, not settled. The author is only citing what Clinton's aides and one government lawyer have said -- those are far from unbiased or conclusive. And after the state department IG's report from yesterday, it is pretty clear the violation was intentional.

It depends your perspective and who you ask. The State Department was directed to draft regulations, as is common, as the result of law. The State Department says that Clinton broke those regulations. By extension, it could be argued that she broke the law.

Department of State employees are supposed to treat any material that even could be classified as extremely sensitive, and not to leave the building. On top of the flagrant disregard for security procedure detailed in this commentary, Clinton routinely shared material with private citizens like Sid Blumenthal, who had no security clearance whatsoever.

For answers to most of your questions about the Clinton email scandal, http://www.thompsontimeline.com/ breaks all the factors in play here down in excruciating detail.

Part of the whole security clearance process is instruction on detecting misclassification, so the :%s/SECRET/SUCRETS/g defense doesn't work. At least 22 emails where later classified as top secret, there is no way to mistake top secret material for uncontrolled information. There were at least 22 chances to take a step back and wonder about the wisdom of the thing.

What do you mean "that server was for only unclassified data"? There was no other server. Clinton had a .gov account but entirely refused to use it. Meaning 100% of the email Clinton sent was sent through her insecure personal server.

Do you believe 100% of her email was entirely unclassified at the time it was sent?

As for innocuous, it's reported that her emails (unsurprisingly) included intelligence from "special access programs" which are actually classified beyond top secret.

I was unaware the clintonemail.com email server could differentiate between unclassified and classified content.

I would say that the "3 Felonies a Day" theory applies equally if not even more-so to someone like the Secretary of State. It's probably very hard if not impossible to actually do your job as a high ranking government official and not end up breaking a few laws.

The problem is once said law-breaking becomes widely reported and results in State Department and FBI inquiries, where do you go from there? How can they come back with a recommendation not to prosecute Clinton, but yet they vigorously prosecute people like Aaron Swartz?

However, I do disagree strongly with you that if charges are pressed it has anything to do with her gender. If it were John Kerry who had been SoS when Clinton was, operating kerryemail.com, and he was now running for President, I think we would be in exactly the same position.

Because of her gender? No way.

Because she's unpopular with a large segment of the population, and therefore has less political cover than some of those other people? Maybe.

Because we're getting less tolerant of "senior officials" who can ignore the rules? Hopefully that.

Does Poe's law apply here?

This is the best case version (for her), and what her camp wants people to believe. Its hard to see that it's true though. The IG report is pretty clear that she willfully violated recommendations and warnings about security.

I'm inclined to believe accounts like this: https://news.ycombinator.com/item?id=9149363

Perhaps she wasn't furtively planning to take over the world, but the evidence points to more than her just wanting to use a Blackberry - it really seems (to me) like she took significant measures to avoid keeping records.

You're acting like the NSA told her she couldn't have any smartphone, which isn't the story. The story is that the NSA said she couldn't have that smartphone.

Second, it seems to be your argument that she didn't get the IT support she wanted and so it's reasonable she did her own thing. This seems perfectly reasonable if you're trying desperately to give her the benefit of the doubt. Heck, we've all dealt with annoying IT departments!

Except, it's not like that. She was our top diplomat and 4th in line of succession to the presidency. It's a fact that classified information was discussed on the system.

I just can't believe that the best defense is "well, she didn't like the UI of Windows CE and she wanted a Blackberry, and it's not her fault the NSA wouldn't give her one -- so, she did what any of us would do -- she co-opted her husband's private server and paid a State Department employee under the table to manage it outside of the government infrastructure. She also made sure to order her subordinates to keep the email address out of the official State Dept. email registry because she didn't want to risk being forced to disclose anything. And, it's perfectly OK that when her email correspondence was subpoenaed during a FOIA lawsuit brought by Judicial Watch, the State Dept. didn't know to look on this server, and as such they didn't turn over all of the relevant materials until years later, when the private email address was made public and she felt it was OK to release hard copies of 30k emails (promising that among the 32k she deleted were only personal emails about yoga, Chelsea's wedding, etc.).

But, isn't that what we all do when the IT department is unreasonable?"

And those slipups should open her to prosecution under the Espionage Act.

A number of security professionals (I mean security in the government, Information Assurance sense) have told me that if they or I were to do anything like what Secretary Clinton did, we would be liable to be prosecuted.

This narrative doesn't address the fact that Clinton was actively opposed to FOIA requests and had sought means to keep her public work private as much as possible.

Following common sense here, her decision to ignore State Department regulations (which she lied about) and participate in classified communications (which she also lied about) on a private server immediately after she had made efforts to minimize public access to her communications, leads to the obvious conclusion that she put secrecy above transparency. If her narrative in private testimony matches the public one, then she likely perjured herself as well on the point of whether the State Department authorized the server, since they now say they did not (which again, she lied about).

Do you have any sources for that?

The story I keep hearing is that she had this set up to make FOIA requests more difficult/impossible to fulfil.

The really out there stuff is that this was to hide any cash-for-favors exchanges that happened with relation to The Clinton Foundation.

I just don't believe that Hillary Clinton could not get an email account on a government email server and that somehow having exchange at her house with no controls was the last option she had. I can't think of a scenario where a server at her house is better than almost any other option.

I never really understood why the NSA couldn't have provided her with some sort of handheld digital device that wasn't that Windows CE PDA. I also don't understand why Clinton didn't just opt to use it. Having used the WinCE devices before, they're not all that bad to do email on. They're not good, but how much worse would it have been compared to a BB? I used a UT Starcomm PP6700 (or something like that) and I even kinda liked the keypad.

http://arstechnica.com/information-technology/2016/03/this-i...

That's the most believable version I've heard so far by a long shot.

Seems similar to Hanlon's Razor:

https://en.m.wikipedia.org/wiki/Hanlon%27s_razor

It is "65 years old wants to skirt the rules and no in her entourage had the skills to do it properly or the balls to tell her it is a bad idea".

In a sense I am sympathetic with her - this is the type of hacking the system we at HN tend to admire. Clinton is "Uber for Email" before it was cool - dislike the rules and current infrastructure - build your own.

While I care for neither she is the bigger danger because the anti-war left will be silent with her as will many other good activist groups like they are currently silent. A complicit and complacent press and Congress is the reason we have drones killing American's abroad, Manning in jail, Snowden in Russia, Libya in disarray, and a general mess in the Middle East to say the least about increased racial issues in the states. Identity based politics is poison and it shuts down too many groups.

Donald won't catch a break from ANYONE, it will be good to have nearly every group riding the Administrations ass every single day. Let alone he really isn't bound to one party or another and likely will go down the middle and get more things fixed than a party centric politician.

tl;dr the real threat Clinton poses over Trump is that press, Congress, and activist, will be silent against her.

> The Donald, a man who has committed worse transgressions and has the potential to do even worse things when given power.

You are overestimating Trump and underestimating Hillary.

She has no one to blame but herself.

Worry not. Any democrat candidate on the ballet will beat trump. You can't win an election on the rich, white, male vote.

That's not as bad as Colin Powell, who used AOL while serving as Secretary of State.

And of course it also was hacked by, you guessed it, Guccifer.

Printer firmware and drivers are the worst. I've integrated with a software package that supplies its own printer drivers because the manufactures can't make a driver that will actually work well.

They constantly screw up the most basic of things. A good test of a network printer is to set it offline, send 20 print jobs to it (a test page is fine), then set it back online. Way too many printers will not print out all 20 print jobs, despite reporting success for all of them (This is true even of $30k printers).

I think you've misread my point. I understand this indicates an intention to talk to the printer over the internet; I don't understand why this would indicate that the emails, specifically, were printed in that manner rather than directly through a local connection. Perhaps the printer was used for printing emails locally but also was made web-accessible as a (misguided) convenience feature for printing other content.

It was on a cable internet connection. Typically that means that everything is broadcast to every customer on the same node (because cable networks are inherently broadcast-only) and the only privacy protection is a crappy 56-bit DES encryption that can be broken with a couple of dollars of compute time.

Yeah, that was it. Thanks.

> If I was her, I would fight for the email address "hillary@clinton.com."

How does one "fight for an email address"?

Once you own a domain, you own it. It doesn't matter that it just so happens to be someone else's last name.

She would have had to pay most likely a large sum to the investment firm that already owns clinton.com... and perhaps they aren't interested in selling, or they value the domain too high.

Yes, let's look at all the dns records created, edited, removed and theorize all possible devices that could have been connected or not.

Wouldn't a better rendering of all of this be a video from Taiwanese animation?