Hillary Clinton set up her own private email server because she didn’t want to lug around two mobile phones. We learnt that Tuesday at a as she addressed the continuing controversy over her use of a 90s style home email server when she was Secretary of State in the first Obama administration.
“I saw it as a matter of convenience,” she said during the 20-minute press conference. She couldn’t do personal email on her government-issued phone, so instead she set up her own server, using the clintonemail.com domain, and a server that appears to have been running out of her Chappaqua, N.Y. home. Email she sent from this server to state department officials at their .gov addresses would be saved on the government servers. That’s the email that she’s now asked the State Department to release. As for the rest, well that’s private.
We’ve already pointed out that this choice was a major security fail, but you can see how Clinton would have gone for it. After all, vice presidential candidate Sarah Palin had just had her Yahoo Mail hacked, thanks to a weakness in Yahoo’s password reset protocol. And that incident was surely fresh in Clinton’s mind when she decided to retain total control of her email system.
On Tuesday, she said that was the right thing to do. “The system… had numerous safeguards,” she said. “It was on property guarded by the Secret Service and there were no security breaches. So I think that the use of that server… certainly proved to be effective and secure.”
A nice thought, but one that Clinton didn’t back up today. The internet protocols we use to zap email about the globe were largely written during the early freewheeling days of the net and they’re still vulnerable to a wide range of attacks. Emails can be spoofed; they can be read in transit; and servers can be hacked. “Email is one of the least secure services you can run,” says Jonathan Zdziarski, a forensic scientist with viaForensics. “[Clinton’s] people might be very good, but no one who really is at the top of their game is going to try to make the claim that they can catch 100 percent of the attacks.”
And Clinton’s job as Secretary of State would have made her “a target of some the most well-funded adversaries,” says Dan Guido, the CEO of security consultancy Trail of Bits. In the years since Clinton was sworn in as Secretary of State, we’ve learnt that those attackers are capable of some very sneaky and technologically accomplished attacks. Knocking over a home-brew email server doesn’t seem so far fetched, given the break-ins we’ve seen at RSA, Sony, and the U.S. Government itself.
So while Clinton’s emails haven’t been posted to BitTorrent, that doesn’t mean there were no security breaches.
Julia Greenberg contributed to this story.