[beat]

I wouldn't call it a "careless attitude toward security". She's thinking in a different way than we do, because she's a diplomat, not an engineer.

There is no technical reason that a privately administrated email server would be inherently less secure than a government-administrated server (there are good arguments that it's likely to be more secure). However, a private email server is likely to be far more user-friendly and free of "security theater" constraints. Speaking from experience, the usual approach of government and other large organizations to "security" is to throw user experience out the window, forcing ugly/retro "proven" tech on users, requiring complicated and difficult administrative steps to use the system, slow approval and ticketing processes, etc.

The primary job of the Secretary of State is to communicate. Any time wasted on arbitrary tech hoop-jumping, any restrictions on how that communication happens, is keeping the SoS from doing their job. Can you imagine if we were in the middle of a political crisis and suddenly the Secretary of State is on hold with tech support while dealing with a forced password reset or something equally stupid? American lives at risk, and Lotus Notes is the only way to communicate? Etc. See the issue here?

To really resolve the problem, they would need a relentlessly service-oriented approach for whomever is responsible for email at the State Department. It would have to be as friction-free an experience for the user as possible, within the boundaries of security.

Until then, every Secretary of State is going to put their ability to communicate quickly and easily with the most important and powerful people in the world ahead of the kinds of technical wank that the average HN user thinks is important.

[throwanem]

I absolutely do see the issue. But I'm not quite ready to concede that

> the kinds of technical wank that the average HN user thinks is important

includes whether or not the details of diplomatic communications at the highest level of our government are trivially available even to middle-tier private actors, to say nothing of potentially hostile states. Call it "technical wank" if you like, but information security exists for a reason, too. Can you imagine if we were in the middle of a political crisis and suddenly most of the Secretary of State's electronic communication is freely accessible to the same people with whom he's trying to negotiate an outcome favorable to the United States? See the issue here?

I totally get what you're saying with regard to user friendliness being a primary concern at this level, and I agree with it. I don't agree that the proper response to UX concerns, however difficult, is simply to throw security to the winds in the cause of easing communication - because security is a primary concern at this level, too.

[beat]

I don't think of a well-secured email server as "trivially available". I'm presuming that the private server in question could be and was well-secured. Again, I'm asserting that there is no technical reason that a well-administrated private server cannot be every bit as secure as a government-managed server that provides the same access to the outside world. The suggestions of air gaps and other measures suggested here simply won't meet requirements. Remember, those "potentially hostile states" are exactly the kind of actors the SoS needs to be able to reach via email.

Moreover, the security of individual emails depends on the security of the recipient as well as that of the sender. Sensitive/classified emails sent to officials of non-US governments are subject to whatever security they might have. The only solution to this leak vector is to completely ban email as a means of communication - which gets right back to the core requirement that the Secretary of State must be able to communicate quickly and efficiently.

I'm not arguing to "throw security to the winds", and I don't think that's what was done here. Again, I'm asserting there's no reason to believe an email server administrated by the State Department would be any more secure than an email server administrated by skilled private admins.

[throwanem]

You're conflating a well-secured email server administered in conjunction with State's infosec team - which I agree would be perfectly reasonable from a security perspective - and what actually obtained in the case at hand.

You're also conflating the responsibilities of State Department personnel with regard to information classified by the government they've sworn to serve, and the responsibilities of other nations' diplomatic personnel with regard to information originating in the government of a state foreign to them.

Neither seems especially conducive to a useful discussion of the matter at hand.

[beat]

It's not especially conductive to the dream of charging Hillary Clinton, I suppose. But it's a good point.

More to the point, shadow IT exists for a reason. Taken out of the context of the State Department and the political sphere, this was classic shadow IT. I've used shadow IT, and I've provided shadow IT, because I've worked a lot in large, sluggish bureaucracies, and that's How Things Get Done sometimes. "Security" becomes a catch-all excuse for laziness and cowardice.

If she felt like she could do her job with the existing State Department tools, she wouldn't have set up a shadow IT operation, period. It's not like she's completely ignorant of either operational security or political ramifications. To do this, she must have felt thoroughly hampered by the existing system.

[throwanem]

I'm sure she did. Perhaps that's a mitigation, and perhaps it's not. Assuming you're right about the extent to which using blessed IT would have made it impossible for Clinton to discharge her diplomatic office, she might have resigned, rather than choose between being derelict in her duty and being derelict in the responsibility she accepted with her oath of office. A high-profile resignation like that, in a preeminent department like State, might have been a cause for real change. Or it might not; we'll never know. In any case, it would've been the principled thing for anyone in such a position to do.

Sticking around at the expense of her oath of office doesn't seem to have worked out all that poorly for her, since she's still apparently a serious contender for the presidency. Should she end up in it, one hopes she'll take that oath a little more seriously than she did the last one.

[beat]

So she spent four years doing a job she loved, building her credibility for the job she dreamed of probably since childhood, and she did it very well (or as you call it (derelict in her duty and expense of her oath of office). She ran shadow IT so she could do her job efficiently. The cost of it politically was a partisan outrage-scandal that didn't actually change anyone's opinion - those who hate on her would have hated on her anyway, and those who don't aren't interpreting this as treason.

I'd say she won.

[_wp3r]

Couple of considerations.

There are technical reasons that SIPR and JWICS communications are more secure than a private server. Mostly related to air-gaps and physical key infrastructures.

Secondly, the correspondence in review is internal and not so much related to the external communication role of the SoS. In this specific circumstance, the SoS chose to forgo the security apparatus for internal classified communication for something more user friendly.

[Retric]

An air gap would mean her private email could not reach computers on SIPR and JWICS which implies the SOC's email is not on those networks.*

*baring some sort of store and forward.

[_wp3r]

You are exactly right. Those systems are closed loop for a reason. The store/forward in this specific case was most likely a human, with a scanner or just retyping documents from those networks on to a unclass network and then sending to the private address. How that is not deliberate we will never know.