Tag Archives: state department

A Voter’s-Eye View of Clinton and Bush’s Emails

Former U.S. Secretary of State Hillary Clinton spoke out today about her email woes, goaded smugly by fellow prenominee Jeb Bush, who emailed reporters reminding them that he’d released his email records. As if that was a good thing.
Well, it should have been. But I’m getting ahead of myself. Let’s start with the basics. If you follow political news, you know that former U.S. Secretary of State Hillary Clinton used a private email account, rather than a Federal one, as she conducted U.S. diplomacy; and that she was, in fact, adhering to the letter of the law (the “spirit” of the law being rather vaguer); and that she has offered a data dump of emails she deems relevant from her personal servers to pass on to Federal officials, and urged them in turn to pass those on to reporters and the public. But neither of America’s prenominees have proven themselves visionary leaders when it comes to navigating the syclla, charybdis, and Blue Book of security, privacy, and legal policy when it comes to encrypting and archiving sensitive government emails.

Screen Shot 2015-03-10 at 5.46.14 PM

Oh — prenominee? That’s the term I use for former Senator and Secretary of State – and, yes, First Lady – Clinton; and for former Florida Governor Jeb Bush, the latter of whom commanded $100,000 per plate for appearing at a fundraiser before he actually has announced his candidacy for president. (In other words, to be read in a pharma-ad-speedy voice: “Disclaimer- – `prenominee’ denotes being the front-runner in a race which hasn’t officially started. It is not a presumption of actual victory.”)

So what are we to make of the digital hygiene of the prenominees, and the outraged-slash-befuddled coverage of it? New York-based technical architect Max Whitney is familiar with email protocol, having run email for a large private university. “Let’s break the issues here into two pieces,” she says. “One: should people [specifically public officials] be running their own email servers? And two: should they have been sending unencrypted emails?”
Secretary Clinton was using a private email server that reportedly was registered to, but not necessarily housed in, Chappaqua, New York,where the Clintons own a home. Whitney says that it’s unlikely that Clinton — or Bush, who also ran his own server, registered in Texas— “made the decision to both identify a [qualified] mail administrator and pay them what they would be paid.”

Of course, not every mail system is the same. Sendmail, which encompasses the widely used SMTP mail protocol, is notoriously eager-to-please in matching email-to-receiver, says Whitney. “Sendmail was not created to be a secure information exchange method. Sendmail was created to survive a nuclear holocaust.” In other words: upside: robust. Downside: the birth of spam. And a Microsoft Exchange-based system needs two admins minimum, no matter how many users are on the system, because as Whitney puts it simply, “Everyone’s gotta sleep sometime, and when email stops, everything stops.” The average pay for an Exchange admin is $68,000/year, according to Payscale.com. And following secure encryption protocols (or should that be secure-ish?) takes both knowledge and time — time that not everyone is willing to spend.

“Anything unencrypted that Hillary Clinton sent as Secretary of State, anyone on the internet could have picked it up,” says Whitney. “People who were motivated could have picked it up [right away], but people could have picked it up and not even known what they were looking for until now,” when the email addresses that Secretary Clinton was using were revealed. (Gawker did publish the Clinton address hdr22@clintonemail.com in 2013.) “Anything sent unencrypted via email,” Whitney adds, “is available to anyone.”

That brings us to the question of “the server under the desk,” which is the nickname for a home or private server, regardless of whether it’s on a kitchen counter or a closet or in a garage. Whitney has a couple different takes on this. Regarding encryption and security, “The server under the desk, if not well-run, is dangerous. Are the encryption keys in plaintext next to the files? Is there a likelihood that security protocols were open to question?”

But then there’s the point about the delays, inefficiency, and general kludginess of Federal secure mail servers raised by Clay Johnson of Blue State Digital in Medium. “I’d imagine Secretary Clinton at some point emailed the White House,” Johnson says. “I made the mistake of emailing the White House from my personal account once (!) during my term, and managed to get back a nastygram from Counsel about it. How or why didn’t the White House tell Hillary to use her official .gov email account? It could be that they knew the entire classified and unclassified email system was compromised and decided that the smartest thing to do was for her to use her personal email instead.”
So Whitney adds, “The State Department has to balance between being able to communicate quickly and effectively, and being able to communicate securely. The most secure way is to have face to face communication in room you know is not bugged with a translator you know is trustworthy.” She adds, “It’s a bad idea to have everyone in the world listening in on signals between state leaders, but this was not a problem created by email.” So just as the Kennedy-Krushchev hotline got the two Cold War-era leaders beyond “signaling in big ways, but they couldn’t [clearly] communicate; I think [modern] statecraft is advanced tremendously by being able to give high fidelity signals to who you are opposing or negotiating with in a timely manner,” says Whitney. “Security should not make that impossible.”

Although Secretary Clinton currently has the spotlight, let’s not forget about the inauspicious digital debut of Republican prenominee Jeb Bush, who took a bold lead in disclosing emails from his years as governor of Florida as part of his pre-campaign. But that didn’t turn out quite as expected. Governor Bush used a personal account for constituent services while in office. As proto-candidate of his party, he released a dump of selected emails, many of them seeming to depict him as attuned to the human suffering of his constituents. Of course, he then published the suffering of his constituents in full, not seeming to care if their personal tragedies became a political sideshow…or if their identity was compromised, as it was in cases when people included their social security numbers and other markers ripe for identity theft in the emails. In one case, which I will summarize so as to not to publicly re-identify the individual, a woman appeals to Governor Bush based on, in order:
1) unemployment
2) struggles with addiction
3) past criminal conviction and desire to avoid future ones
4) Christian faith
5) terminally ill husband

And that’s just for starters. The email goes on to detail several more personal tragedies and medical conditions; appeals for the Governor’s help; and ends with the petitioner’s social security number and full name.
How did this information go public? And make no mistake: it’s still public on many servers, even though the former Governor’s team has since ordered the files redacted.
Perhaps the better question is: in a world where the distinction between the public and private email accounts of officeholders is blurred at best, how should an officeholder have acted responsibly with some of the most private revelations and identifiers of private individuals?

Richard Cardran is a digital strategist based in Los Angeles. He identifies a series of steps that Governor Bush’s camp could have taken to truly protect constituents while still dealing with the need for disclosure and transparency. “Strategic redaction is an imperative for anyone in [Governor Bush’s] position. However redaction needs to be done by a third party to have any credibility–otherwise all redacted information is suspect by one’s enemies,” Cardran says. That deals with the data dump of information to the public after the fact. But what about inbound missives? “You can’t protect people from themselves, but you can protect yourself [as a politician],” he adds. “Make all public email submissions happen through a contact form with explicit warnings about public visibility. Or have staff destroy suspect emails when received with an auto-responder to alert emailers to resend minus the personal information.”
Governor Bush’s email did have a signature which read: “Please note: Florida has a very broad public records law. Most written communications to or from state officials regarding state business are public records available to the public and media upon request. Your e-mail communications may therefore be subject to public disclosure.” That’s not nothing, granted.

Imagine if the disclaimer said: “If you just emailed us your social security number, we must destroy this email to protect you from possible identity theft, because this email may become public record. Please re-send your email, and remember that even if you remove your social security number, you may end up publicly humiliated if your email is later published in the newspaper. Do you want your Mom reading this?”

Despite revealing far too much of his constituents’ personal lives, did Governor Jeb Bush show a pattern of helping them? Did his family’s deep political ties manifest in his electronic correspondence, in ways benign or noteworthy? Did Secretary Clinton, despite the complexities of this digital era, manage to keep a clean house in terms of sorting digital correspondence related to her personal life; U.S. Diplomacy; and the Clinton Foundation — and more importantly, were her emails revelatory about the separation or blending of those roles? (She says she deleted emails related to family deaths and weddings. Anything else?)

Given the way these emails were managed, it will be extremely hard to generate anything close to a definitive record. That’s a real detriment to the public’s knowledge.

Alec Ross: Can Connectivity Ease the Palestinian-Israeli Conflict?

Alec Ross, the former senior advisor of innovation at the State Department under Secretary Hillary Clinton, has put forth an intriguing proposal for helping ease Mideast tensions. In a piece for Foreign Policy (registration needed for full article; cited below), he makes a compelling argument that connectivity — and related policy — are key to breaking a cycle of animosity and increasing opportunity.

In recent years, public figures from Stephen Hawking to Stevie Wonder have boycotted Israel based on the nation’s treatment of Palestinians.

Ross, who is writing a book on globalization after leaving the State Department, begins his article by laying out the isolating lack of connectivity faced by West Bank Palestinians and visitors.

When international businessmen cross into the West Bank, they take out their passports, turn off their now-lifeless smartphones, and change their mindset from investment to assistance. The only parts of the Palestinian territories with reliable mobile coverage are in major cities or Israeli settlements; high-speed mobile Internet is all but nonexistent. So here’s an idea: Light up the West Bank with long-denied 3G wireless Internet connectivity and create an exception in the Arab League boycott of Israeli products for those that have Palestinian-controlled companies in their supply chains. Without 3G — and the economic opportunities that come with it — the territories will likely continue their slide toward militancy.

He continues:

Third-generation (3G) mobile communications technology might seem like a frivolous luxury to some, but it is foundational for economic development. The Palestinian territories will not be able to compete and succeed in today’s technology-rich, knowledge-based economy without the basic infrastructure for participation — and that means access to mobile broadband. In low- and middle-income countries like the Palestinian territories, the World Bank has found that a 10 percent increase in broadband penetration translates into a 1.38 percent bump in the GDP growth. Access to 3G would have a very positive impact for the Palestinian information and communications technology sector, generating an additional $60 million annually in addition to the $150 million in new revenues for the Palestinian Authority.

Most intriguingly, he posits a scenario in which Israeli companies would be rewarded by the international community for opening up broadband access.

[C]onfidence-building measures should move in both directions. If Israel allows for 3G access in the Palestinian territories, then Arab states should relax their boycott of Israeli goods and make an exception for those that have Palestinian-controlled companies in their supply chains. Arab states should also allow their citizens to provide labor and services to those companies. If they need to slap a “Made in Palestine” sticker on the products, so be it.

Connectivity is not food, water, or freedom — but as we have seen time and again, it can be both a precursor and a companion to the tangible goods and indefinable freedoms of human existence. Will Ross’ scenario gain traction? Tell me what you think.