Wednesday, March 4, 2015

Hillary Didn’t Just Accidentally Start Using a Homemade Internet Server



By Charles C. W. Cooke
Wednesday, March 4, 2015

The news got worse for Hillary Clinton today. On Monday, the New York Times reported that Clinton had been caught using a private e-mail address for all of her official business during her time as secretary of state. This morning, the Associated Press confirmed that not only is this the case, but that Clinton’s team ran the servers themselves:


    The computer server that transmitted and received Hillary Rodham Clinton’s emails — on a private account she used exclusively for official business when she was secretary of state — traced back to an Internet service registered to her family’s home in Chappaqua, New York, according to Internet records reviewed by The Associated Press.


This, the AP confirmed, is “highly unusual”:


    Most Internet users rely on professional outside companies, such as Google Inc. or their own employers, for the behind-the-scenes complexities of managing their email communications. Government employees generally use servers run by federal agencies where they work.

    In most cases, individuals who operate their own email servers are technical experts or users so concerned about issues of privacy and surveillance they take matters into their own hands. It was not immediately clear exactly where Clinton ran that computer system.


As anyone with a reasonable knowledge of e-mail must know, it is downright impossible for Hillary to claim ignorance here. This was not a case of an older person’s accidentally continuing to use her Gmail account after she was appointed to high office. Nor is it an example of the occasional and comprehensible techno-confusion that leads people to send some e-mails from their work account and others from their personal address. Rather, it is an unlovely confirmation of the suspicion that Clinton deliberately and assiduously commissioned the construction of a private system on the eve of her new role — and then used it exclusively once she was in place.

Technically speaking, there seem to be two main options here. The first is that the Clinton team built the server from scratch: i.e., that she and her people (1) contrived to register a domain, “clintonemail.com,” and then to point the DNS and MX records at a computer that was located in her home; (2) configured her home Internet connection so that any servers within could talk seamlessly to the outside world, and possibly even asked her ISP to ally the domain name she was using to the physical address of her connection (this is called “setting up reverse DNS resolution”); (3) installed a mail application and instructed it to handle her address; (4) set up whatever custom software she came to rely on; and (5) programmed all of her various devices — her phones, her computers, her tablets — to use that server, and not a generic service or the State Department’s own system. This, clearly, represents a great deal of work.

The second option is that the Clintons had such a server set up already, and that her people merely added Hillary’s variables to it. In its story the Associated Press notes that the pseudonym under which Clinton’s domain was registered was “associated with a separate email server, presidentclinton.com, and a non-functioning website, wjcoffice.com, all linked to the same residential Internet account as Mrs. Clinton’s email server.” This being so, her team would presumably have needed only to obtain the “clintonemail.com” domain and then to tweak the server so that it accepted mail from that address, too. Certainly, this involves less effort than starting from scratch. But even so, it still involves a good deal of time and industry — far, far more, at least, than it would take simply to ask the State Department for a handle.

Whichever of these two options turns out to be the case, an array of questions will remain. Are we seriously expected to believe that Clinton and her team expended all of this energy constructing a private option, but never at any point wondered if they were acting within the rules? Did it really occur to a woman of Hillary’s supposed savvy that she should hire a team to build or amend a custom off-the-books e-mail server, but not that she might inquire in passing if she should have a .gov account? Was she temporarily deaf when her own party was knocking Republicans for their own e-mail standards in the years preceding her comeback? And is it an accident that the domain name was “registered under an apparent pseudonym?” The answer to all four, I’d propose, is: Of course not. Rather, as is so often the case in Washington, D.C., Clinton’s behavior was premeditated and it was corrupt. We are dealing here with a family that is famously paranoid about its image, and that will do almost anything to protect it. Really, we should not be surprised to see such control freakery.

Which is, eventually, to say that one does not typically go to such effort without having a clear reason for doing so, and that Clinton’s reason for doing so is as clear as day. As the AP notes, Hillary’s arrangement permitted her “impressive control over limiting access to her message archives,” and it afforded her “additional legal opportunities to block government or private subpoenas in criminal, administrative or civil cases because her lawyers could object in court before being forced to turn over any emails.”

Rick Wilson, a Florida-based Republican consultant, spent some of this morning asking some important questions as to what exactly this implies — questions, I’d venture, that Trey Gowdy and his team would do well to pose themselves. Because Hillary’s own team was responsible for the security of her e-mail, Wilson notes, and because she used the same private addresses for both her official and personal affairs, we cannot know with any certainty if her security was compromised. Among the questions that he would like answered: “At any time did these accounts send or receive FOUO, Secret, Top Secret, or Codeword documents?”; “What was the precise configuration of the Clintonmail servers? Were they patched frequently? Who provided admin support?”; “Was the server ever compromised by a foreign intelligence service? How do you know?”; “If the server was attacked, did you report that attack to State or other government agencies?”; “Is the Clintonemail server backed up regularly? How? Locally, or to the Cloud? If cloud, what service? If local, who retains backups?”; and “Did Mrs. Clinton receive her daily schedules, call lists, and briefings via this account? Do those contain sensitive/classified?”

As the Associated Press notes, “homemade email servers are generally not as reliable, secure from hackers or protected from fires or floods as those in commercial data centers.” Now, it is unlikely that Clinton’s home was attacked physically — the Secret Service is there to prevent that — and I imagine we’d have heard if there had been a fire. But we would not know if Clinton’s system lacked the “monitoring for viruses or hacking attempts, regulated temperatures, off-site backups, generators in case of power outages, fire-suppression systems and redundant communications lines” that are common to professional and government providers. We should.

As it happens, one can only imagine that the process by which we might find out would prove rather stressful for Clinton, for, as far as I can see, she is now damned if she does and damned if she doesn’t. If none of the e-mails that Clinton sent or received were in any meaningful way “sensitive,” then she can be asked to provide them under the standard Freedom of Information Act process. This, presumably, would undermine the entire point of her exercise. If they were sensitive, however — and so much so that she does not want to hand them all over — then she will be forced to acknowledge that she put the country’s security at risk in the name of her own vanity. As such, she has a stark choice to make ahead of 2016. Does she want to defend herself here by appealing to her ignorance: To wit, “I’m an old woman and I didn’t know that I was endangering the country”? Or does she want to confirm that she was attempting to escape the system, but insist meanwhile that she was ruthlessly professional about doing so? When she finally comes out of hiding, and deigns at last to expose herself to some basic scrutiny, we will presumably find out which path she believes to be the least damaging. That should be fun.

No comments: