Visit the all-new Tech Night Owl Store
  • Explore the magic and the mystery!
  • The Tech Night Owl's Home Page
  • Visit the all-new Tech Night Owl Store
    Namecheap.com





  • The Very Dumb Debate Over the Infamous Clinton Emails

    August 9th, 2016

    It’s easy to become sick and tired of the political byplay that’s going on in the U.S. now, and I’m not about to argue for or against any candidate. But I will argue against stupid, and there’s been plenty of that from all sides in the ongoing nonsense about Hillary Clinton’s emails.

    On one side of the political aisle, it demonstrates a carelessness that may have allowed national secrets to be disclosed, theoretically a criminal act. But the other side denies any such wrongdoing, yet admits that Sec. Clinton was wrong in using a private email server. Unfortunately, this is one of those “process” debates that’s being advanced by people who have little or no clue about the technical issues involved. So you get confusing and contradictory stories that really have only a passing connection to how things work.

    To put matters in perspective, until former Senator John Kerry became Secretary of State, the occupants of that office routinely used a private email address, at least when they actually sent email, rather than rely on the State Department’s system. That was the way things were done. Former Secretary of State Colin Powell actually used an AOL account to manage his mail, regarding the government system as “woefully inadequate.” Although it has gotten better in recent years, AOL was hardly the paragon of security.

    Where Clinton differed from her predecessors was not to use a commercial email service, but a private server that was, at first, placed in the home she shared with her husband at their Chappaqua, New York home. According to the Wikipedia entry on the subject, the hardware ran a version of Microsoft Server with Microsoft Exchange 2010, a business-class email system that can manage messages via a secure TLS certificate. This is a setup familiar to many businesses around the world, and has been shown to be relatively secure. Well, so long as proper settings and secure passwords are used.

    It doesn’t matter why Secretary Clinton chose this route, other than to have more control over the system. Her problem is that, for all intents and purposes, she’s a luddite when it comes to technology. Therefore, she depended on others to set up and manage the server.

    So politics took over. Using carefully crafted focus group talking points, the Republican opposition routinely referred to her server as “insecure,” even though the very same technology has been tested and proven for a number of years. This doesn’t mean it couldn’t be hacked. But despite claims that the Russians and others have had their way with Clinton’s server, FBI Director James Comey conceded there is no actual evidence of hacking. That didn’t stop him from suspecting that there were intrusions, but that was never confirmed.

    Now since Sec. Clinton left office in 2013, the State Department’s requirements have been tightened. So her successor is required to use the government’s email system. But that may be a mixed bag, since there have been many hacks of those systems over the years. But it does give the government control over those messages, in theory at any rate.

    Unfortunately, government regulations in place when Sec. Clinton was in office allowed an employee to determine which of their own messages they can delete. This honor system doesn’t really survive the logic test, because a less ethical person might rely on a lax system to hide incriminating messages. There is no guarantee that the improperly deleted message can be successfully recovered.

    in response to a Freedom of Information request to release her emails, Sec. Clinton had her lawyers determine which were personal, the ones she could delete if she wanted, and which involved State Department business. Here her lack of technical knowledge may have conspired to make her seem to be deceptive in her responses to the media. So while she evidently believed that her lawyers would examine all of the messages — highly impractical with tens of thousands to check — they actually used search terms to separate the business from the personal. Search systems are notoriously imperfect, and if the search terms aren’t comprehensive enough, thousands of messages may be mistakenly flagged as personal, which is evidently what happened. So she was accused of being dishonest, trying to hide the truth. But the messages that were recovered did not appear to exhibit evidence of shady behavior.

    In contrast, Sec. Powell deleted all his AOL emails. Evidently he believed that, since they involved State Department communications, the agency would have captured all of them. That may or may not be true, but that’s hardly relevant. Recovering deleted messages from AOL would probably be impossible after the passage of a few months.

    The other argument is whether Sec. Clinton sent or received classified emails over her private server. Here’s where the process argument becomes awfully confusing. Government agencies frequently disagree over what should be classified, and quite often messages containing content that’s already public will receive such classifications.

    Now Sec. Clinton claims that such messages were marked classified after she sent or received them. The FBI determined that to be mostly true, but found some that were classified at the time they were sent. Now here’s where the process argument gets mighty confusing. It appears that three messages bore some sort of classified markings, which should supposedly warn the recipient of the nature of their content. Perhaps. But it also appears those messages, which were mostly about phone call schedules, weren’t properly marked because the message headers didn’t flag them correctly. At least two of them were actually marked confidential by mistake according to the State Department.

    So Sec. Clinton continued to maintain that she never sent or received any message marked classified, which from her point of view might be true. But the FBI pointed to those questionable messages to say that wasn’t so. With tens of thousands of messages involved, simple human error is also possible.

    Two other FBI arguments are curiously ill-informed. So Director Comey disputed Sec. Clinton’s contention that she only used one smartphone. He said a number were used over the four-year period of her service, but at the end of the day both statements appear to be true. So she used one device at a time before replacing it with a newer model. She also used an iPad. In short, Comey was speaking about matters he knew nothing about.

    The other dispute is whether more than one email server was used, and that might simply involve replacing hardware or, when the data was moved to a web host, sharing it among multiple servers. Here’s where the media’s lack of knowledge of the technology made matters all the more confusing. I heard one report on a cable news network referring to it as a “virtual private server,” and I’m sure the anchor had no clue what that meant. For those who might be wondering, such a server, often referred to as VPS, is a single computer with multiple virtual machines, each of which contains a full operating system and software environment. This is similar to a Parallels Desktop or VMWare Fusion virtual machine on your Mac. It’s a way for web hosts to offer the full control of a dedicated server at a much lower price, since you’re sharing the hardware with other users. I do not know if Clinton’s email setup was managed that way when it transferred to the host.

    What her opponents seize on is the FBI’s conclusion that she was careless in managing her email. That may be true. Or maybe not, but it hasn’t stilled the “lock her up” demands. Unfortunately, she stands alone in having her email use so closely examined. The authorities have not considered the email practices of other Secretaries of State, or any cabinet official, to see how well they managed their messages. So there no way to know whether Sec. Clinton was more or less careless in handling email.

    It’s an argument that’ll never be settled, as both sides dig in on their positions. Forgetting about her use of the phrase “short circuit” to describe one of her faulty answers to questions about the controversy, she really should be screaming at her handlers and campaign people for failing to manage the message responsibly. They don’t seem to understand the issues involved any more than she does. But the opposition is happy to turn her missteps, or apparent missteps, into a major scandal.

    Again, without any way to compare her performance to her predecessors, or her successor for that matter, this is a matter that will never be resolved. As I said, it’s really all about process, since no claim is being made by the FBI that she may have seriously compromised national security. There are legitimate reasons to choose either Hillary Clinton or Donald Trump for President. But speaking as someone who has managed email servers for many years, those reasons have nothing whatever to do with an email server.

    Let the flames begin.



    Share
    | Print This Article Print This Article

    6 Responses to “The Very Dumb Debate Over the Infamous Clinton Emails”

    1. dfs says:

      If you work for a company that provides you with an e-mail address, it’s only sensible to maintain a separate private account. There is a substantial body of case law establishing the principle that your boss owns and gets to read your e-mail. So it’s wise to use your corporate account only for transacting company business and maintain a separate private one for your personal use. With your corporate account you need to be sure you are abiding by whatever guidelines and restrictions regarding content your company has, (and, if you work for government at any level, it is likely that some of your actions, involving your deletion of sent and received e-mails, are prescribed by law). With your private one you don’t. And if you use your corporate account for company business, you use your company’s security system, so whether or not it works well is your boss’s problem, as long as you abide by your outfit’s protocols you’re home free.

      So far, so good. What Hillary did is no different than what every smart working stiff ought to do. The problem then becomes one of judgment: what e-mail transactions you choose to perform on your company account and what ones to perform on your private one. If you are careful in making these decisions, you’re home free. The problem starts when you get sloppy about observing the corporate/private distinction. If you start using your private account to transact company business, you run the risk of violating corporate policies and protocols, you become personally responsible for maintaining adequate security, and if you choose to delete any e-mails that ought to be handled by your organization’s server and you happen to be a government employee you may be violating the law. In any such outfit, such sloppiness may expose you to to possible disciplinary action, up to and including getting fired.

      Hillary’s decision to set up two separate e-mail accounts was in itself a smart thing to do. Her choice of setting up a private server rather than relying on some commercial service is a little difficult to understand, it seems like unnecessary (and unnessarily expensive) overkill, but there’s nothing objectionable about it per se. Her problem is one of judgment, when (evidently) she got sloppy and used her personal account to transact State Department business. I do not doubt that there was no criminal intent, although in deleting some State traffic she may have technically violated the law. The only substantial question concerns her judgment, and in some people’s minds might legitimately raise the question of whether this exercise of bad judgment disqualifies her for the presidency. This is not a question to be decided in a court of law. But it is very appropriate for every individual citizen to consider this question and answer it in the voting booth.

      • gene says:

        You are just repeating the spin. There is no comparison whatever to how other cabinet officials handled their email. She exists in a vacuum. More to the point, where is Secretary Powell’s business email from his AOL account? Did he break the law by deleting it? Nobody knows, few care. It’s not being explored. Was any of that email classified? Was it labeled classified or classified later on?

        As to those deleted messages, that may well have been due to the faulty scheme her lawyers (not her) used to search email to separate business from personal. It was all done with search and search terms, which is why lots of messages were overlooked. It doesn’t have to be some insidious plot.

        Peace,
        Gene

    2. dfs says:

      I think the whole thing boils down to how you answer two questions. 1.) Q.: Is there any sign of criminal activity or criminal intent? A.: No, that’s merely silly unless it could be proven that she deliberately destroyed some data in an attempt to erase the evidence for her actions in violation of laws dictating how governmental employees should preserve data. 2.)Q.: If an average employee in an average corporation had done what she did, could that get her fired? A.: Very possibly, since she had acted out of company policy, and if she were CEO of the outfit she could scarcely plead ignorance of that policy (whether or not other previous CEO’s had or had not behaved in the same way would probably not be considered a relevant issue in determining her liability).

      • gene says:

        At the time, she and her predecessors were allowed to use private email accounts, so there was no issue of liability or breaking regulations, since there is no evidence she actually allowed secret information to be put in the hands of third parties, or government employees without the requisite need to know. The rules were changed after she left.

        What’s more, typical of government agencies, I suspect the rules were vague enough to allow for a variety of interpretations. The question is whether she did anything at all wrong, and that is not at all certain. Saying she was “careless” is a statement without a comparison as to what is not careless, and what others in similar positions have done.

        Peace,
        Gene

    3. dfs says:

      “What’s more, typical of government agencies, I suspect the rules were vague enough to allow for a variety of interpretations. The question is whether she did anything at all wrong, and that is not at all certain.” Usually, when you are hired by some outfit you are given an employee handbook in which company regulations, policies and procedures are spelled out (and since you have been given this handbook and urged to read it, this takes away any plea of ignorance and so the guys in the legal department adore these things). This certainly happened to me when I was hired, and then I was informed in writing of all subsequent changes in policies and procedures. I presume if you are hired by the State Department for any position from Secretary of State down to the guy who empties the wastebaskets at night, you are issued a similar handbook. It would be very illuminating if we could see a copy of this from the time Hillary was appointed (and also any amendments made during her time in office) so we could be sure what the rules were at the time. Then everybody could be a lot more sure what we are talking about.

      • gene says:

        Let’s just cut to the chase, rather than deal with the process, OK? Every Secretary of State before Clinton, where they used email at all, used a private email address. So did she. That’s the beginning and end of it. You can’t evaluate her email practices, nor the cartoon version pushed by the opposition party, in a vacuum.

        Peace,
        Gene

    Leave Your Comment