[Cryptography] Clinton email issues

Arnold Reinhold agr at me.com
Fri Mar 22 12:59:52 EDT 2019 

On Thu, 21 Mar 2019 21:57 Phillip Hallam-Baker wrote:

...
> Because if security is going to be any use to people it has to be easy
> enough that a 60+ year old grandmother who left school before the Internet
> arrived can use it because she is the US Secretary of State. ...

There are a number of security issues related to the Hillary Clinton email story that seem to have gotten lost. 

The Secretary of State’s job involves sensitive negotiations where complete confidentiality is essential. The unclassified State Department email system was widely reported as having been hacked by the Chinese, to the point where it took a long time to purge the system. The classified email system was, of course, run by the NSA, which is part of the Department of Defense. Rivalries between DOD and State are legion and there was no reason for Secretary Clinton to trust that her email would be kept confidential from the Secretary of Defense, not to mention dozens of system administrators and other civil servants. She was reportedly advised by outgoing Secretary of State Colin Powell to get a private email account. 

Tens of thousands of her email messages were reviewed by the Justice Department, which determined that a small number contained information that the Justice Department believed to be classified. As far as I know, no similar review of the entire corpus of email messages sent over unclassified systems by any other major government official has ever been made or, at least, revealed. 

Whether her actions in deleting what she considered her private email was justified or not, it was evidently done to high security standards. None have been recovered from her servers and if they were intercepted by Russia, they have not been leaked, despite a public request from President Trump to do so.

For what it’s worth, both Time and Newsweek reported that for her 50th birthday, Secretary Clinton was given a copy of “Internet E-Mail For Dummies” so she could keep in touch with her daughter, who was going off to college. I was co-author of that book, along with Carol Baroudi, as part of a writing group led by John Levine. I wrote the chapter on email security, basically describing PGP. Running ones own email server was not discussed.  

So basically everything that has transpired since is my fault.

Sorry,

Arnold Reinhold

More information about the cryptography mailing list