Clinton Email Fail: Worst Government Security Flubs - InformationWeek
IoT
IoT
IT Life
News
3/17/2015
05:05 PM
Joe Stanganelli
Joe Stanganelli
Slideshows
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Clinton Email Fail: Worst Government Security Flubs

Hillary Clinton isn't the first politician to have committed a data compliance faux pas when it comes to email. CIOs, compliance departments, and privacy officers would do well to learn from the mistakes of those who screwed up before her.
Previous
1 of 8
Next

Hillary Rodham Clinton has been in the spotlight this month after reports emerged that she exclusively used a personal email account, instead of a government-issued one, to conduct official US business during her tenure as Secretary of State. The House Select Committee on Benghazi (already investigating Clinton) and the House Oversight Committee will now join to determine if Clinton violated any laws in failing to release emails.

Worse, Clinton's email was based on her own home server -- a matter that State Department technology staffers reportedly voiced security concerns over.

Many argue that the issue is overblown, noting that former Secretary of State Colin Powell, too, used personal email for government business when he held the post. Clinton critics maintain that precedence does not change data security issues.

"Personal emails are not secure," said Thomas S. Blanton, Director of National Security Archive, a government transparency advocacy group. "Senior officials should not be using them."

Indeed, several of Clinton's emails were leaked in March 2013 by Romanian hacker Marcel Lazar Lehel, a.k.a. "Guccifer," after he hacked the AOL email account of Sidney Blumenthal, a longtime Clinton family advisor. While Blumenthal held no official post at the time, he and Clinton shared sensitive foreign intelligence data, including information related to the 2012 Benghazi terror attacks.

(Around the same time as the Blumenthal/Clinton leaks, incidentally, Guccifer demonstrated that he had hacked Powell's AOL account as well.)

Other politicos have made mistakes, as well, when it comes to email security and compliance. On the following pages, you'll see three examples of government officials engaging in bad email behavior. Judge for yourself who made the bigger email blunder, and tell us what you think in the comments section below.

Joe Stanganelli is founder and principal of Beacon Hill Law, a Boston-based general practice law firm. His expertise on legal topics has been sought for several major publications, including US News and World Report and Personal Real Estate Investor Magazine. Joe is also ... View Full Bio

Previous
1 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
impactnow
50%
50%
impactnow,
User Rank: Ninja
3/31/2015 | 1:32:08 PM
Re: No Excuses
Does the blame line with Mrs. Clinton or does it live with the technology infrastructure that the government has given their employees and how they educate them on using it ?
asksqn
50%
50%
asksqn,
User Rank: Ninja
3/30/2015 | 4:43:39 PM
No Excuses
Hillary Clinton should be held to a much higher standard than CIOs since she holds elected office on behalf of Americans.  If she can't get her act together to comply, what hope in hell is there for anyone else to?
impactnow
50%
50%
impactnow,
User Rank: Ninja
3/24/2015 | 1:23:20 PM
Security for Gov't officials tech infrastructure

The discussion raises another issue should someone who has a high ranking government official have a private server at their home or should all their communications be secured? Personally I think if you are at the level of secretary of state the government should be implementing an IT infrastructure at your home and other primary residences that is highly secure. After all it's only our national security!

impactnow
50%
50%
impactnow,
User Rank: Ninja
3/23/2015 | 1:24:35 PM
Why

For all companies and governments the issue has to be why is someone using a personal account? If the reason is that they don't want accountability for their email communications then that is a specific issue related to their ethics. If the issue is that the email account from the government or company does not enable effective communications then there is another issue. In the early days of corporate email there were so many limitations we often use personal accounts for speed and to be able to send large documents. If this was the case then there is an issue that should be addressed with government technology effectiveness. If there was another issue then it's an issue with national security that should be addressed.

Brian.Dean
50%
50%
Brian.Dean,
User Rank: Ninja
3/19/2015 | 8:36:45 AM
Re: Mistake?
IT as a tool to combat corruption in general is an interesting area. There is a huge body of knowledge available that specifies the gains that a private business can achieve by utilizing IT to gain greater economies of scale and efficiency, etc. However, I have not come across any frameworks that deal with IT and combating corruption.

An audit trail and transparency are a few measures that IT can easily enable but, both these measures would run counter to security.
Technocrati
50%
50%
Technocrati,
User Rank: Ninja
3/19/2015 | 12:45:14 AM
Re: What fail?

@danielcawrey    I was initially surprised as well, but it didn't last long.   This "loosely goosey" method of using email and maintaining it is highly questionable.  

And of course, those that have taken advantage of this loop hole use the defense that it was not "illegal".  Come on.  Do politicians think we are all idiots ?

 

On second thought, that question is purely rhetorical.

Technocrati
50%
50%
Technocrati,
User Rank: Ninja
3/19/2015 | 12:37:19 AM
Re: Mistake?

@Thomas  LOL   And of course this was  as proposed by the new governmental head of Technology Innovations and Security, Yahoo the company.

 

Truly trail blazers I tell ya....

danielcawrey
50%
50%
danielcawrey,
User Rank: Ninja
3/18/2015 | 8:29:57 PM
Re: What fail?
It's amazing to me that the Secretary of State was able to get away with doing this.

There are some serious security implications to using personal email to conduct what needs to be secure communications, and I am surpised that in this day and age high level government officials were able to do this. 
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
3/18/2015 | 6:45:45 PM
Re: Mistake?
"What IT should do to fight corruption in Washington DC?"

That should be the question all of us ask, not just IT and not just in Washington DC. Whether Hillary broke the law or violated any number of technology policies is certainly up for debate. I do know that if I did the same thing, not only would I lose my job, but I'd face possible prosecution in several jurisdictions. It saddens me that some would pass this off as shrewd instead of calling it out as deplorable behavior from a government official who should know better.

The same could be said of the other examples cited in the slideshow. However, in the case of the Sarah Palin hack, that was definitely illegal behavior at the federal and state level in most states. In the case of Jeb Bush, releasing protected PII is also illegal. Neither side of the aisle has the monopoly on ethics and transparency.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Author
3/18/2015 | 6:40:39 PM
Re: Mistake?
>"What IT should do to fight corruption in Washington DC?"

Require a single national login and password, so everyone can read everything.
Page 1 / 2   >   >>
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll