Clinton Email Fail: Worst Government Security Flubs - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
IT Life
News
3/17/2015
05:05 PM
Joe Stanganelli
Joe Stanganelli
Slideshows
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Clinton Email Fail: Worst Government Security Flubs

Hillary Clinton isn't the first politician to have committed a data compliance faux pas when it comes to email. CIOs, compliance departments, and privacy officers would do well to learn from the mistakes of those who screwed up before her.
Previous
1 of 8
Next

Hillary Rodham Clinton has been in the spotlight this month after reports emerged that she exclusively used a personal email account, instead of a government-issued one, to conduct official US business during her tenure as Secretary of State. The House Select Committee on Benghazi (already investigating Clinton) and the House Oversight Committee will now join to determine if Clinton violated any laws in failing to release emails.

Worse, Clinton's email was based on her own home server -- a matter that State Department technology staffers reportedly voiced security concerns over.

Many argue that the issue is overblown, noting that former Secretary of State Colin Powell, too, used personal email for government business when he held the post. Clinton critics maintain that precedence does not change data security issues.

"Personal emails are not secure," said Thomas S. Blanton, Director of National Security Archive, a government transparency advocacy group. "Senior officials should not be using them."

Indeed, several of Clinton's emails were leaked in March 2013 by Romanian hacker Marcel Lazar Lehel, a.k.a. "Guccifer," after he hacked the AOL email account of Sidney Blumenthal, a longtime Clinton family advisor. While Blumenthal held no official post at the time, he and Clinton shared sensitive foreign intelligence data, including information related to the 2012 Benghazi terror attacks.

(Around the same time as the Blumenthal/Clinton leaks, incidentally, Guccifer demonstrated that he had hacked Powell's AOL account as well.)

Other politicos have made mistakes, as well, when it comes to email security and compliance. On the following pages, you'll see three examples of government officials engaging in bad email behavior. Judge for yourself who made the bigger email blunder, and tell us what you think in the comments section below.

Joe Stanganelli is founder and principal of Beacon Hill Law, a Boston-based general practice law firm. His expertise on legal topics has been sought for several major publications, including US News and World Report and Personal Real Estate Investor Magazine. Joe is also ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
impactnow
50%
50%
impactnow,
User Rank: Author
3/31/2015 | 1:32:08 PM
Re: No Excuses
Does the blame line with Mrs. Clinton or does it live with the technology infrastructure that the government has given their employees and how they educate them on using it ?
asksqn
50%
50%
asksqn,
User Rank: Ninja
3/30/2015 | 4:43:39 PM
No Excuses
Hillary Clinton should be held to a much higher standard than CIOs since she holds elected office on behalf of Americans.  If she can't get her act together to comply, what hope in hell is there for anyone else to?
impactnow
50%
50%
impactnow,
User Rank: Author
3/24/2015 | 1:23:20 PM
Security for Gov't officials tech infrastructure

The discussion raises another issue should someone who has a high ranking government official have a private server at their home or should all their communications be secured? Personally I think if you are at the level of secretary of state the government should be implementing an IT infrastructure at your home and other primary residences that is highly secure. After all it's only our national security!

impactnow
50%
50%
impactnow,
User Rank: Author
3/23/2015 | 1:24:35 PM
Why

For all companies and governments the issue has to be why is someone using a personal account? If the reason is that they don't want accountability for their email communications then that is a specific issue related to their ethics. If the issue is that the email account from the government or company does not enable effective communications then there is another issue. In the early days of corporate email there were so many limitations we often use personal accounts for speed and to be able to send large documents. If this was the case then there is an issue that should be addressed with government technology effectiveness. If there was another issue then it's an issue with national security that should be addressed.

Brian.Dean
50%
50%
Brian.Dean,
User Rank: Ninja
3/19/2015 | 8:36:45 AM
Re: Mistake?
IT as a tool to combat corruption in general is an interesting area. There is a huge body of knowledge available that specifies the gains that a private business can achieve by utilizing IT to gain greater economies of scale and efficiency, etc. However, I have not come across any frameworks that deal with IT and combating corruption.

An audit trail and transparency are a few measures that IT can easily enable but, both these measures would run counter to security.
Technocrati
50%
50%
Technocrati,
User Rank: Ninja
3/19/2015 | 12:45:14 AM
Re: What fail?

@danielcawrey    I was initially surprised as well, but it didn't last long.   This "loosely goosey" method of using email and maintaining it is highly questionable.  

And of course, those that have taken advantage of this loop hole use the defense that it was not "illegal".  Come on.  Do politicians think we are all idiots ?

 

On second thought, that question is purely rhetorical.

Technocrati
50%
50%
Technocrati,
User Rank: Ninja
3/19/2015 | 12:37:19 AM
Re: Mistake?

@Thomas  LOL   And of course this was  as proposed by the new governmental head of Technology Innovations and Security, Yahoo the company.

 

Truly trail blazers I tell ya....

danielcawrey
50%
50%
danielcawrey,
User Rank: Ninja
3/18/2015 | 8:29:57 PM
Re: What fail?
It's amazing to me that the Secretary of State was able to get away with doing this.

There are some serious security implications to using personal email to conduct what needs to be secure communications, and I am surpised that in this day and age high level government officials were able to do this. 
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
3/18/2015 | 6:45:45 PM
Re: Mistake?
"What IT should do to fight corruption in Washington DC?"

That should be the question all of us ask, not just IT and not just in Washington DC. Whether Hillary broke the law or violated any number of technology policies is certainly up for debate. I do know that if I did the same thing, not only would I lose my job, but I'd face possible prosecution in several jurisdictions. It saddens me that some would pass this off as shrewd instead of calling it out as deplorable behavior from a government official who should know better.

The same could be said of the other examples cited in the slideshow. However, in the case of the Sarah Palin hack, that was definitely illegal behavior at the federal and state level in most states. In the case of Jeb Bush, releasing protected PII is also illegal. Neither side of the aisle has the monopoly on ethics and transparency.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Author
3/18/2015 | 6:40:39 PM
Re: Mistake?
>"What IT should do to fight corruption in Washington DC?"

Require a single national login and password, so everyone can read everything.
Page 1 / 2   >   >>
Slideshows
Strategies You Need to Make Digital Transformation Work
Joao-Pierre S. Ruth, Senior Writer,  11/25/2019
Commentary
Enterprise Guide to Data Privacy
Cathleen Gagne, Managing Editor, InformationWeek,  11/22/2019
News
Watch Out: 7 Digital Disruptions for IT Leaders
Jessica Davis, Senior Editor, Enterprise Apps,  11/18/2019
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll