<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><meta http-equiv="Content-Type" content="text/html charset=utf-8" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class=""><div class=""><blockquote type="cite" class=""><div class="">On Nov 9, 2016, at 8:38 AM, Ian G <<a href="mailto:iang@iang.org" class="">iang@iang.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" class="">
<div bgcolor="#FFFFFF" text="#000000" class=""><p class="">On 08/11/2016 15:10, Arnold Reinhold wrote:<br class="">
</p>
</div></div></blockquote>[snip]</div><div class=""><br class=""><blockquote type="cite" class=""><div class=""><div bgcolor="#FFFFFF" text="#000000" class=""><blockquote cite="mid:C7851A65-33BE-4296-8533-7722FE5FA9BA@me.com" type="cite" class=""><div class=""><div class=""><br class="">
</div>
Was it a leak from someone in the know, or was it embellished
(e.g. "98% chance”) along the way?</div>
</blockquote>
<br class="">
Both? It's charged times, so we know that both sides are going to
play it to the hilt. There were calls that the "Russians did it" on
the other side of the Atlantic, again with zero evidence.<br class="">
<br class="">
<blockquote cite="mid:C7851A65-33BE-4296-8533-7722FE5FA9BA@me.com" type="cite" class="">
<div class="">The fact the Fox News retracted its original story strongly
suggests the latter. <br class="">
</div>
</blockquote>
<br class="">
It suggests that their legal counsel assessed the chances of them
being drowned in court? If Hillary had won, she'd have sent in the
boys to clean up the opposition. This time with feeling. GC
wouldn't take that risk.<br class="">
<br class="">
I don't think we can determine much from any statements in the
press. All we can really do is to take all the leaks and correlate
them, look for trends, and eliminate them for stupidity.<br class=""><br class="">
</div></div></blockquote><br class=""></div><div class=""><div class="">The nice thing about leaks is we get to pick and choose the ones we like. But positing that Fox News suddenly became afraid of Hillary Clinton is a bit over the top. </div></div><div class=""><br class=""></div><div class="">[snip]</div><div class=""><br class=""><blockquote type="cite" class=""><div class=""><div bgcolor="#FFFFFF" text="#000000" class=""><blockquote cite="mid:C7851A65-33BE-4296-8533-7722FE5FA9BA@me.com" type="cite" class=""><div class="">
I’m not suggesting that a private server in each official's home
is the right answer going forward, but a separate email server
in each top-level official’s office safe with encrypted back up
to the department servers might be a good solution for
unclassified email privacy. The servers would be inside the
department’s firewall perimeter defenses and could have
additional protection, such as a stripped down operating system
loaded from ROM, to minimize attack surface. Admin access would
be limited to a few staff vetted by the official. The backups'
encryption key might be escrowed in the national archives for
future historical records. The old model of all email stored en
clar on department servers is unworkable.</div>
</blockquote>
<br class="">
Well, the security officers within each department generally handle
that, using the processes laid down in the security manuals. They
let Obama have his blackberry. I'm sure if enough pressure were
brought to bear they would have built a private server situation for
State Dept.<br class="">
<br class="">
But seems like they never got told to do that.<br class="">
<br class="">
In summary - I think there is merit in looking at how cryptography
could have changed the situation.<br class="">
<br class="">
1. Hillary's use of private server was an attempt to deal with one
threat, although what that was was never clear to me. But it opened
her up to another threat - hacking. At a simplistic level, I think
the answer is clear - don't do that. At deeper level, we should be
delivering systems that don't lead the users to taking such drastic
steps, and then making their situation worse.<br class="">
<br class="">
2. The sense of Russians hacking the electoral process leads us to
look at reliable voting systems. Thinking about our current infosec
posture, that this is something that cryptography can't provide the
answer to, I think we've got it wrong. Because (a) if we don't
secure the voting system then someone else will hack it and steal
it. And there's plenty of underground and anecdotal evidence that
this is going on.<br class="">
<br class="">
And (b) we need to get away from this impossibility thing.
Probability works for human systems, too. If we can make it
improbable that a vote is tampered with, that's still a win, for
those times in the majority where we got the true positive.<br class="">
<br class="">
iang<br class="">
</div>
</div></blockquote></div><div class=""><br class=""></div><div class="">The threat the private server was an attempt to deal with was employees who have access to her emails leaking them to political opponents. The security officers you suggest she should have gone to are likely part of the threat, not the solution. Hacking was a risk, but we know that the State Department unclassified email system was hacked, while there in apparently no evidence her servers were. Of course a more secure approach would be preferable.</div><div class=""><br class=""></div><div class="">As for voting systems, where I live we have paper ballots that are optically scanned. Results are available immediately after the election but the paper ballots can be manually counted as a check. A hack attack that targeted only a few machines would be noticeable statistically if it was large enough to matter. An attack that made small increments in many voting machines could be caught be hand counting a few precincts. Best of all, a paper system is understandable by the retirees hired to staff the voting places. What is the point of going to an all electronic system that only a few specialists can audit?</div><div class=""><br class=""></div><div class="">Arnold</div><br class=""></div></body></html>