[beat]

Indeed. If she were still SoS, she'd probably have to resign over this. But the idea that she could be denied a security clearance as president is kind of ludicrous - especially when you consider that the point of security clearance rules is not to protect the data, but rather to protect the nation. A president who couldn't see the data required to make sound decisions would be actively dangerous. It'd be like driving with a blindfold on.

Of course, this won't make much of a difference to her partisan detractors. Haters gonna hate, and the email scandal is not so much reason as excuse for most of the people who already oppose her. But if she is elected, of course she'll get full presidential security clearance. To do otherwise is stupid.

What matters most to me is that we make changes in both policy and process so this doesn't happen again - policy in that it becomes crystal clear that private email for public business is unacceptable, and process so that the "If you can do your job, we're not doing ours" vibe of the info security world doesn't make the Secretary of State (or anyone else) feel like they can't do their job properly using the official channels.

[throwanem]

> the idea that she could be denied a security clearance as president is kind of ludicrous

Certainly so. I'm not sure the same is true of the idea that someone with a proven record of such a careless attitude toward security should be denied the presidency on that basis. That seems like a discussion worth having, although, given the modern political climate in the United States, not one likely to actually occur in any way that's even marginally useful to anyone.

[beat]

I wouldn't call it a "careless attitude toward security". She's thinking in a different way than we do, because she's a diplomat, not an engineer.

There is no technical reason that a privately administrated email server would be inherently less secure than a government-administrated server (there are good arguments that it's likely to be more secure). However, a private email server is likely to be far more user-friendly and free of "security theater" constraints. Speaking from experience, the usual approach of government and other large organizations to "security" is to throw user experience out the window, forcing ugly/retro "proven" tech on users, requiring complicated and difficult administrative steps to use the system, slow approval and ticketing processes, etc.

The primary job of the Secretary of State is to communicate. Any time wasted on arbitrary tech hoop-jumping, any restrictions on how that communication happens, is keeping the SoS from doing their job. Can you imagine if we were in the middle of a political crisis and suddenly the Secretary of State is on hold with tech support while dealing with a forced password reset or something equally stupid? American lives at risk, and Lotus Notes is the only way to communicate? Etc. See the issue here?

To really resolve the problem, they would need a relentlessly service-oriented approach for whomever is responsible for email at the State Department. It would have to be as friction-free an experience for the user as possible, within the boundaries of security.

Until then, every Secretary of State is going to put their ability to communicate quickly and easily with the most important and powerful people in the world ahead of the kinds of technical wank that the average HN user thinks is important.

[throwanem]

I absolutely do see the issue. But I'm not quite ready to concede that

> the kinds of technical wank that the average HN user thinks is important

includes whether or not the details of diplomatic communications at the highest level of our government are trivially available even to middle-tier private actors, to say nothing of potentially hostile states. Call it "technical wank" if you like, but information security exists for a reason, too. Can you imagine if we were in the middle of a political crisis and suddenly most of the Secretary of State's electronic communication is freely accessible to the same people with whom he's trying to negotiate an outcome favorable to the United States? See the issue here?

I totally get what you're saying with regard to user friendliness being a primary concern at this level, and I agree with it. I don't agree that the proper response to UX concerns, however difficult, is simply to throw security to the winds in the cause of easing communication - because security is a primary concern at this level, too.

[beat]

I don't think of a well-secured email server as "trivially available". I'm presuming that the private server in question could be and was well-secured. Again, I'm asserting that there is no technical reason that a well-administrated private server cannot be every bit as secure as a government-managed server that provides the same access to the outside world. The suggestions of air gaps and other measures suggested here simply won't meet requirements. Remember, those "potentially hostile states" are exactly the kind of actors the SoS needs to be able to reach via email.

Moreover, the security of individual emails depends on the security of the recipient as well as that of the sender. Sensitive/classified emails sent to officials of non-US governments are subject to whatever security they might have. The only solution to this leak vector is to completely ban email as a means of communication - which gets right back to the core requirement that the Secretary of State must be able to communicate quickly and efficiently.

I'm not arguing to "throw security to the winds", and I don't think that's what was done here. Again, I'm asserting there's no reason to believe an email server administrated by the State Department would be any more secure than an email server administrated by skilled private admins.

[throwanem]

You're conflating a well-secured email server administered in conjunction with State's infosec team - which I agree would be perfectly reasonable from a security perspective - and what actually obtained in the case at hand.

You're also conflating the responsibilities of State Department personnel with regard to information classified by the government they've sworn to serve, and the responsibilities of other nations' diplomatic personnel with regard to information originating in the government of a state foreign to them.

Neither seems especially conducive to a useful discussion of the matter at hand.

[beat]

It's not especially conductive to the dream of charging Hillary Clinton, I suppose. But it's a good point.

More to the point, shadow IT exists for a reason. Taken out of the context of the State Department and the political sphere, this was classic shadow IT. I've used shadow IT, and I've provided shadow IT, because I've worked a lot in large, sluggish bureaucracies, and that's How Things Get Done sometimes. "Security" becomes a catch-all excuse for laziness and cowardice.

If she felt like she could do her job with the existing State Department tools, she wouldn't have set up a shadow IT operation, period. It's not like she's completely ignorant of either operational security or political ramifications. To do this, she must have felt thoroughly hampered by the existing system.

[_wp3r]

Couple of considerations.

There are technical reasons that SIPR and JWICS communications are more secure than a private server. Mostly related to air-gaps and physical key infrastructures.

Secondly, the correspondence in review is internal and not so much related to the external communication role of the SoS. In this specific circumstance, the SoS chose to forgo the security apparatus for internal classified communication for something more user friendly.

[Retric]

An air gap would mean her private email could not reach computers on SIPR and JWICS which implies the SOC's email is not on those networks.*

*baring some sort of store and forward.

[_wp3r]

You are exactly right. Those systems are closed loop for a reason. The store/forward in this specific case was most likely a human, with a scanner or just retyping documents from those networks on to a unclass network and then sending to the private address. How that is not deliberate we will never know.

[_wp3r]

Interesting article about the CNI, having a suspended clearance.

https://www.washingtonpost.com/news/checkpoint/wp/2016/01/27...

[andy_ppp]

Wow, that's incredible! Hard to believe he hasn't just been sacked... clearly cannot do his job fully?