So exactly who is to blame for the US state department having the worst opsec imaginable? I dislike Hilary but even if I think the absolute worst of her behaviour here she's kind of down the list of guilt. She's not a technology security expert and she's driving how her tech is set up while she's secretary of state without literally the best tech advise available to the most powerful nation on earth? Really?<p>They can't provide her with a secure device. That's the Secretary of State of the United States of America who they can't provide with a secure device and so they leave her, literally to her own devices. Apparently nobody reviewed how she was communicating and advise her directly about her own behaviour. "Much less, ok what do you need? We'll design a system that does that with the best security we can manage. We'll tell you exactly what not to do. Mr/Madam Secretary." Whoever the secretary of state is.<p>Fire them all and start again. You can't do worse than this can you? No matter who you've got in power you're selling them and US State Department policy. Hillary, yeah, to hell with her, but that's <i>entirely</i> beside the point and totally a sideshow in this story. I can't think of a single politician who would know and understand the security implications of electronic communication without being directly advised in the most clear and emphatic fashion possible.<p>Does anyone care to speak up for the competence on display here?
Though I'm not sure it's even worth trying to bring up in the opinion filled noise of these threads, there is no way to secure current generation mobile devices sufficiently to withstand nation-state attackers. Full stop.<p>The processors, basebands, MMUs, all of them lack the tools necessary to create a chain of trust with also sufficient isolation at the application level to run normal applications. When everyone is saying "of course the FBI could get into the terrorist cellphone, just take it to TAO," this same thing applies to Blackberries and Android phones when applied by opposite numbers in China or Russia.<p><i>It is not possible to secure a mobile device from a nation-state attacker due (at least) to gaps in the hardware capabilities</i>
The elephant in the room, which the media only occasionally brings up, is her motive for this arrangement. Based on the large number of emails that she tried to delete when the existence of this server became public, and her failure to previously include these emails in requests for data by Congress, we can deduce that the goal was likely to escape oversight and avoid accountability. A totally logical move for someone who is no stranger to scandal. And pretty damning to anyone who cares about making government accountable.
> Their fears focused on the seventh floor, which a decade earlier had been the target of Russian spies who managed to plant a listening device inside a decorative chair-rail molding not far from Mahogany Row.<p>This is a throwaway tidbit in the article that I wish had a link to some more details. That one sentence hints at a very interesting longform article on its own.<p>Edit: I found these, which offer a few details. Surprising that it's from 1999!<p><a href="http://edition.cnn.com/ALLPOLITICS/time/1999/12/13/spy.html" rel="nofollow">http://edition.cnn.com/ALLPOLITICS/time/1999/12/13/spy.html</a><p><a href="http://www.wsj.com/articles/SB944783077407465290" rel="nofollow">http://www.wsj.com/articles/SB944783077407465290</a>
From the article:<p>"""
Clinton lawyer David Kendall later told the State Department that her “use of personal email was consistent with the practices of other Secretaries of State,” citing Powell in particular, according to a letter he wrote in August.<p>But Powell’s circumstances also differed from Clinton’s in notable ways. Powell had a phone line installed in his office solely to link to his private account, which he generally used for personal or non-classified communication. At the time, he was pushing the department to embrace the Internet era and wanted to set an example.<p>“I performed a little test whenever I visited an embassy: I’d dive into the first open office I could find (sometimes it was the ambassador’s office). If the computer was on, I’d try to get into my private email account,” Powell wrote in “It Worked for Me: In Life and Leadership.” “If I could, they passed.”<p>Powell conducted virtually all of his classified communications on paper or over a State Department computer installed on his desk that was reserved for classified information, according to interviews. Clinton never had such a desktop or a classified email account, according to the State Department.
"""<p>...sooooo. Colin Powell did the same thing as Clinton and all we have is his (and his staff's) claims that they didn't communicate classified information over inappropriate channels? So then what makes this situation any different or any more deserving of attention?
How does the voting system on HN work? This is the second article on this topic I've seen today removed from the front page now. It was there only an hour or so ago, and now isn't in the first ten pages on HN.
Wow I really wouldn't want to be the guy who set up her email server. He was just granted immunity in exchange for cooperation, but that has got to be stressful to testify at the national level, plus against a Presidential candidate. Yikes.
One thing I don't get and drives me mad - why didn't she insisted of using pgp, but sent them plaintext. A chimp could learn to use it in 2 hours. So I guess for a career politician it would take a week. But it is doable.<p>What worries me is not the ethical part - I am yet too cynical, but the total disregard of basic security.
To get a copy: <a href="https://github.com/wsjdata/clinton-email-cruncher" rel="nofollow">https://github.com/wsjdata/clinton-email-cruncher</a>