[throwanem]

I absolutely do see the issue. But I'm not quite ready to concede that

> the kinds of technical wank that the average HN user thinks is important

includes whether or not the details of diplomatic communications at the highest level of our government are trivially available even to middle-tier private actors, to say nothing of potentially hostile states. Call it "technical wank" if you like, but information security exists for a reason, too. Can you imagine if we were in the middle of a political crisis and suddenly most of the Secretary of State's electronic communication is freely accessible to the same people with whom he's trying to negotiate an outcome favorable to the United States? See the issue here?

I totally get what you're saying with regard to user friendliness being a primary concern at this level, and I agree with it. I don't agree that the proper response to UX concerns, however difficult, is simply to throw security to the winds in the cause of easing communication - because security is a primary concern at this level, too.

[beat]

I don't think of a well-secured email server as "trivially available". I'm presuming that the private server in question could be and was well-secured. Again, I'm asserting that there is no technical reason that a well-administrated private server cannot be every bit as secure as a government-managed server that provides the same access to the outside world. The suggestions of air gaps and other measures suggested here simply won't meet requirements. Remember, those "potentially hostile states" are exactly the kind of actors the SoS needs to be able to reach via email.

Moreover, the security of individual emails depends on the security of the recipient as well as that of the sender. Sensitive/classified emails sent to officials of non-US governments are subject to whatever security they might have. The only solution to this leak vector is to completely ban email as a means of communication - which gets right back to the core requirement that the Secretary of State must be able to communicate quickly and efficiently.

I'm not arguing to "throw security to the winds", and I don't think that's what was done here. Again, I'm asserting there's no reason to believe an email server administrated by the State Department would be any more secure than an email server administrated by skilled private admins.

[throwanem]

You're conflating a well-secured email server administered in conjunction with State's infosec team - which I agree would be perfectly reasonable from a security perspective - and what actually obtained in the case at hand.

You're also conflating the responsibilities of State Department personnel with regard to information classified by the government they've sworn to serve, and the responsibilities of other nations' diplomatic personnel with regard to information originating in the government of a state foreign to them.

Neither seems especially conducive to a useful discussion of the matter at hand.

[beat]

It's not especially conductive to the dream of charging Hillary Clinton, I suppose. But it's a good point.

More to the point, shadow IT exists for a reason. Taken out of the context of the State Department and the political sphere, this was classic shadow IT. I've used shadow IT, and I've provided shadow IT, because I've worked a lot in large, sluggish bureaucracies, and that's How Things Get Done sometimes. "Security" becomes a catch-all excuse for laziness and cowardice.

If she felt like she could do her job with the existing State Department tools, she wouldn't have set up a shadow IT operation, period. It's not like she's completely ignorant of either operational security or political ramifications. To do this, she must have felt thoroughly hampered by the existing system.

[throwanem]

I'm sure she did. Perhaps that's a mitigation, and perhaps it's not. Assuming you're right about the extent to which using blessed IT would have made it impossible for Clinton to discharge her diplomatic office, she might have resigned, rather than choose between being derelict in her duty and being derelict in the responsibility she accepted with her oath of office. A high-profile resignation like that, in a preeminent department like State, might have been a cause for real change. Or it might not; we'll never know. In any case, it would've been the principled thing for anyone in such a position to do.

Sticking around at the expense of her oath of office doesn't seem to have worked out all that poorly for her, since she's still apparently a serious contender for the presidency. Should she end up in it, one hopes she'll take that oath a little more seriously than she did the last one.

[beat]

So she spent four years doing a job she loved, building her credibility for the job she dreamed of probably since childhood, and she did it very well (or as you call it (derelict in her duty and expense of her oath of office). She ran shadow IT so she could do her job efficiently. The cost of it politically was a partisan outrage-scandal that didn't actually change anyone's opinion - those who hate on her would have hated on her anyway, and those who don't aren't interpreting this as treason.

I'd say she won.