Saturday, August 15, 2015

Why Hillary’s Wiping Her E-mail Server Clean Matters More than It Might Seem



By Charles C. W. Cooke
Thursday, August 13, 2015

Hillary’s homebrew server has been wiped blank. Long live Hillary’s hosted server. Per the Washington Post:

    Before it was taken to the data center in New Jersey, the [homebrew] server had been in the basement of the Clintons’ private home in Chappaqua, N.Y., during the time she was secretary of state, according to people familiar with the Clintons’ e-mail network.

    After she left government service in early 2013, the Clintons decided to upgrade the system, hiring Platte River as the new manager of a privately managed e-mail network. The old server was removed from the Clinton home by Platte River and stored in a third party data center, which are set up to provide security from threats of hacking and natural disaster, Wells said.

    Platte River Networks has retained control of the old server since it took over management of the Clintons’ e-mail system. She said that the old server “was blank,” and no longer contained useful data.

    “The information had been migrated over to a different server for purposes of transition,” from the old system to one run by Platte River, she said, recalling the transfer that occurred in June 2013.

It would be easy for the layman to conclude upon reading this news that, because the data had been backed up, Clinton’s decision to wipe her original server was inconsequential. This conclusion, I’m afraid, would be a false one. On the contrary: By having cleaned the hard disk on which all of the important activity took place, Clinton could well have impeded the FBI’s investigation, and thereby rendered it impossible for the federal government to learn what she has been up to.

Casual users of modern computers do not realize that, until a hard disk is deliberately and comprehensively wiped clean — “overwritten” in the correct parlance — it will retain a good amount of useful, accessible, intact information. On almost every system available, what appears to the user’s eye to have been “trashed” is in fact kept around unblemished until such time as the space it’s taking up is needed for something else. From the point of view of the person controlling the operating system, files that have been “erased” may indeed be inaccessible. For a person who knows what he is doing, however, those files can often be easily retrieved. If the FBI had been given Clinton’s original hard disk(s), they would have had some chance of discovering which files had been deleted (or, rather, unlinked from the file system) and which had not. By wiping the disks, she has denied them that opportunity.

“Aha,” the Clintonistas say. “But Hillary moved all of the data to a new machine in 2013.” Indeed she did. But — and this is the key — only the non-deleted information will have been transferred over. As Clinton’s team presumably knows, when data is copied from one hard disk to another, it is only the “active” files that are included in the process. In only the rarest of circumstances (RAID arrays, etc.) do source hard drives also replicate the “dead” information they are carrying, and there is next to no chance that Hillary asked for this to be done. Instead, she has almost certainly done nothing more or less than to make a copy of her e-mail cache as she had curated it; in other words, to have copied exactly what she wanted to have copied. From the perspective of an investigator, this is a problem. Sure, keeping the homebrew machine in working order would have provided no guarantees of anything. But by wiping it she has ensured that there is no chance whatsoever that her deleted items can be perused.

To illustrate why this matters so much, perhaps you will forgive me an analogy? Imagine that you are writing a manuscript by hand, and that your initial draft contains all the crossings out, substitutions, and spelling errors that initial drafts tend to include. Next, imagine that having completed that draft to your satisfaction, you make a perfect copy — minus all the changes and mistakes, of course — and then, lest anyone be privy to your imperfections, you burn the original. In such a case, handing over the finished draft would naturally be entirely useless to anyone who wanted to find out what changes you had made. Indeed, it would be of use only to those who believed that you were a perfect writer. That, effectively, is what Hillary Clinton has done here. As I noted yesterday, she may still come a cropper. But if so, it will be because she didn’t get rid of the incriminating materials when she had the chance.

Will this matter in the immediate term? As far as the FBI’s investigation is concerned, probably not. Hillary claims that she didn’t delete anything incriminating or important, and there is now no obvious way of proving otherwise — unless a whistleblower comes forward, that is. Legally, though, this is another blow upon the bruise. By transmitting the server’s contents to a third-party (Platte River), she may well have committed a felony. As of now, Clinton’s best defense is that she only passively received classified e-mails — as opposed to having sent, forwarded, or deleted them — and that she is thus not in violation of USC 18 793(f). But if she handed over a server full of classified information and then actively copied that information onto computers owned by a commercial provider — a clear violation of both the “communicates, delivers, transmits or causes to be communicated” and “fails to deliver” clauses in USC 18 793(e) — that defense becomes horribly moot.

Drip, drip, drip . . .

No comments: