The soldier who loses his rifle faces harsher punishment than the general who loses the war. — Anonymous soldier So, I was reading this, by Kristy Culpepper. She’s smart, you should follow her. I agree with some of it but ultimately I think it’s off base from a tech / security / policy standpoint, like most of the furor on this issue.
I had a past life as CTO of the kind of hedge fund that’s barely big enough to need a CTO. So I had to be responsible for email servers, the whole kit and caboodle, spam and malware filtering, BlackBerries, backups, retention policies, compliance, disaster recovery, responses to regulatory requests.
It sucked, it was effectively 0% of my net added value and sucked up at least 20% of my time. No matter how well you implement best practices and protect the firm from downside, it always feels to everyone like you’re creating more problems than you solve. Nothing like dealing with senior management asking why a meeting on their calendar got screwed up, or dealing with their wives up in arms because they emailed their driver using their BlackBerry at the elevator and he hadn’t got the message by the time they got down to the lobby. Yeah, I’m responsible for every dropped signal in the tristate area. I’m sure you can tell I had a great attitude and was great at the job. Well, I was good at some things, others not so much.
So I digress, but my point is, I think that gave me a little perspective on security, email policies, etc.
One element that’s missing from the story is that State Department email sucks and was thoroughly penetrated by who knows who. That’s a real scandal and crisis. They shut that shit down and people literally can’t do their jobs. The notion that it sucked in Colin Powell’s day but now it’s fine, I don’t know where that comes from. I know folks over there — tell it to them when they lose out on job postings because they’re in the field and can’t send emails because the system was locked down.
The other thing is that the whole policy around email retention is misguided. Historically, transparency meant, when you have a meeting and take a decision, you keep minutes and all the docs and everything relevant to that decision. Which historically would have included memos and the like, but not usually handwritten notes and drafts and documenting every conversation. But electronic communication these days is so pervasive that it encompasses all the offline conversations that used to happen while crafting and negotiating decisions on the sidelines of a meeting, at a bar, etc.
And of course Hillary knows that everything she does is going to be the subject of a political witch-hunt at some point regardless of whether there is anything worth investigating.
Now, the normal reaction to that is not to set up a rogue email server. The normal reaction is to use iMessage and Google Chat and the various third-party end-to-end encrypted services that have sprung up — for the occasional message that you need to send but don’t particularly want in the permanent record.
Of course there are policies about that too. But that’s kind of how it works in Wall Street firms. The company email and phones and smartphones are recorded and monitored and archived, and there are policies about not using other devices. But no one is saying every communication from your trader about his plans at the pop-up secret strip club are subject to that, there is always some safe space, might be allowing Gmail, might be tolerating some apps like those above for personal use, in the extreme it might be, we can’t stop you from carrying two phones, just don’t use your personal phone on the trading floor or for company business. (And some places definitely put in super-strong policies while tacitly winking at circumventing them, as long as it’s plausibly deniable.)
In my opinion, the way she went about it may show some very poor judgment and the result of very questionable advice. It was inevitable that it was going to turn out the way it did. At some point someone is going to look at the email record, and ask, what the hell is ‘clintonemail.com?’ And then everything will come out…unless you properly erased, de-gaussed and then shredded the server when you were done with it, which is the proper way to go.
So probably her IT and operational and legal folks are just not very good and led her astray by suggesting it was no big deal and people would never make a fuss about it or she could keep the lid on it because she’s Hillary.
Sometimes hedge funds have not-so-great IT because it’s hard for nontechnical folks to hire and vet and keep technical staff. Sometimes fast-talkers sell them a bill of goods, sometimes management is so impossible to deal with that good staff is prevented from doing things right and won’t stick around at any price. Maybe someone told her what they thought she wanted to hear.
I think if her IT guy detected a cyberattack and shut it down, nothing whatsoever wrong with that. It’s sort of like noticing someone checking the locks and doors to see if they’re open. You might take services offline even if you’re secure, to slow down the attacker, and to give yourself time to double-check that you understand the attack and nothing is out of order. It would have been a juicy target and in this day and age nothing is secure. It seems like they had an eye on it but didn’t come very close to security best practices, sort of fitting the profile of a poorly managed hedge fund infrastructure.
Bottom line is, it goes beyond red flags, there is a concerted, systematic, poorly executed attempt to evade an IT policy which doesn’t suit her.
This is also a case that shows how, if security policies are onerous, they are circumvented. If systems aren’t fit for purpose, people will find other systems to use. There are limits to how far you can legislate ‘smoky rooms,’ morality, human behavior generally.
The question is more, did she break an arcane policy, a law like a speed limit, or a law like, keep our secrets safe from our adversaries?
Personally, I think it’s a breaking of rules that every politician breaks, but an unusually brazen, ill-advised, and poorly executed one.
She fits the profile of the entitled employee who thinks the rules don’t apply to them. Unlike most, she hired her own IT guy to help evade them. And they did a half-assed job.
I don’t really see that the public is entitled to all her emails about every decision and struggle with technology, about sensitive matters of state like the TPP. Some kind of privilege should attach to that. Even without them she flip-flopped, toeing the line on Administration policy as Secretary and then campaigning against it. To the extent it’s a cover-up, it’s an extremely poor one given that the end result is all her emails being made public.
I should add that if there was a specific national security compromise, a pattern of reckless handling of information, if the Clinton money is traced somewhere nefarious, all bets are off. But if she’s going down just for communicating over a back channel, pretty much everyone in government should be scared, and it throws a monkey wrench into a lot of government business.
But it does say something about her, the question is, what exactly?
Sometimes I think the whole thing could be a bit like Bush’s National Guard service… give the opposition a juicy-looking decoy target and they’ll spend all their time on something that ultimately no one is going to care about, and disregard the Clinton Foundation and millions of dollars in Wall Street speeches which carry a pretty strong whiff of corruption.
I don’t love Hillary. She’s shown questionable judgment on major issues. The decades of Clinton Derangement Syndrome by the opposition seems to have made her paranoid and defensive, sometimes completely oblivious or angry about legitimate criticism (like about the millions in speeches). They act like everything she does is a treason against motherhood and apple pie. Sometimes, like in this case, she acts like she’s above rules. In my opinion most (not all) the attacks on her and Obama as well are political, disingenuous, and stupid. Obama generally deals with ridiculous attacks like the birth certificate thing with pretty good grace and the occasional snarky counterattack. Hillary is a little more mercurial and thin-skinned and doesn’t have Bill or Barack’s charisma, political skill, or judgment.
She’s got issues of judgment and character. But compared to Donald Trump, she’s Mother Teresa. If this email thing is the worst thing about her, it’s not that big a deal.
When she was first running for Senate in NY I thought it was a joke, but she turned out to be hard-working, effective, popular (Rudy Giuliani couldn’t touch her in 2000 and withdrew), respected on both sides of the aisle.
Hopefully, she’ll be a President like that senator, not someone who shows poor judgment, is advised by people who seem chosen more for loyalty than wisdom, thinks she is above the rules, is thin-skinned and settles scores.
I saw her at an event in 2008 and she impressed as very bright and competent. I shook her hand and made some joke I don’t remember and she didn’t understand, I mostly remember the awkward pause. She doesn’t connect to the man or woman on the street. But then I couldn’t connect to them either, but I could probably have a good conversation with Hillary about policy.
One wishes there was someone who wasn’t a polarizing figure, that both sides could respect and work with even if they disagree. But we’re obviously not going to be so lucky. God help us.