Hillary’s Emailgate Explained
March 16, 2015
Clinton’s 2016 presidential chances undoubtedly have been harmed by the revelation that she exclusively used a private email address while serving as Secretary of State. But while the media remain mired in calculations about whether Mrs. Clinton can survive this latest crisis, and who the villains are in this unfolding story, additional questions call out for answers.
Mrs. Clinton made many claims at her press conference on Tuesday. The media shouldn’t simply regurgitate them wholesale, as the AP has done, but rather they should approach them with due skepticism.
“Well, the system we used was set up for President Clinton's office, and it had numerous safeguards,” said Mrs. Clinton. “It was on property guarded by the Secret Service and there were no security breaches. So, I think that the use of that server, which started with my husband, certainly proved to be effective and secure.”
In contrast, Philip Bump reports for The Washington Post that the domain, clintonemail.com, was established “the same day that Clinton’s confirmation hearings began before the Senate.” That is suspicious timing for a system allegedly set up to support her husband’s office.
The professional assessment by security experts quoted in the media seems to be that Mrs. Clinton’s private email was vulnerable to hacking. “The system could have previously been hardened against attack, and left to get weedy and vulnerable after she left government,” writes Sam Biddle for Gawker. “We don't know. … With Clinton's off-the-books scheme, there are only questions.”
“We can only go by what Clinton says,” reports USA Today.
Mrs. Clinton told the press that she had set up the account for both private and work-related emails to avoid the inconvenience of having to set up two phones and two separate accounts, but that, in retrospect, she should have thought better about it. She offered few answers about the actual details of her server, and avoided questions about whether she would subject it to independent analysis, asserting that she had done her full duty by turning over 30,490 vetted emails to the State Department.
There were about 60,000 emails in total, she said—but after the private vetting process, controlled by her and her advisors, she has since deleted the private ones. “At the end I chose not to keep my private personal emails—emails about planning Chelsea's wedding, or my mother's funeral arrangements, condolence notes to friends, as well as yoga routines, family vacations—the other things you typically find in inboxes,” she said. Yet the Select Committee on Benghazi’s Chair Trey Gowdy indicated that no emails have been turned over to Congress covering the duration of her 2011 trip to Libya.
Mrs. Clinton apparently expects the media to swallow whole the argument that all her emails on that trip regarded personal affairs.
What can be established at this juncture is depressingly disturbing for national security.
“…security experts consulted by Gawker have laid out a litany of potential threats that may have exposed [Mrs. Clinton’s] email conversations to potential interception by hackers and foreign intelligence agencies,” writes Biddle. This, despite Mrs. Clinton’s assertion that there were no breaches.
Problems identified by Biddle’s sources include that the URL log-in was accessible by anyone in the world, and could have been linked to an “administrative console interface to the Windows machine or a backup,” allowing the possibility that Mrs. Clinton’s emails could have been copied in their entirety by hackers. And, as of March, reports Biddle, “the server at sslvpn has an invalid SSL certificate.” Without a valid SSL certificate there is no third-party indicating that the key is still good, and not hacked.
“An exact physical address could not be determined” for the server, but Internet records indicate that it’s in Chappaqua, New York, reported Bloomberg News.
The server, as of March 4, was on “factory default for the security appliance” when it could have been “replaced by a unique certificatepurchased for a few hundred dollars,” making it vulnerable to hacking, it reports.
But, the paper hedges, “While Clinton didn’t have a classified e-mail system, she had multiple ways of communicating in a classified manner, including assistants printing documents for her, secure phone calls and secure video conferences.”
Similarly, Mrs. Clinton asserted at the press conference that she never sent classified information through her private email.
It is not necessary to reveal classified information directly to jeopardize national security or the international diplomatic process. As Thomas Patrick Carroll, formerly of the Central Intelligence Agency’s Directorate of Operations, explained in 2001 for the International Journal of Intelligence and Counterintelligence, “classification usually has relatively little to do with the information itself, but a lot to do with the protection of sources and methods.” His given example was how a foreign minister’s personal assistant might have a private conversation with that minister and obtain “the minister’s private observations on the matter,” later relaying this to U.S. intelligence for their exploitation. These types of inside observations prove invaluable for all foreign intelligence services.
If Mrs. Clinton’s email was hacked, then foreign governments such as Iran, China, Russia, and others, might have gained access to her private internal musings about diplomatic talks as she worked out the details with her staff—an intelligence treasure trove.
One must also ask, if Mrs. Clinton refused to set up a government email, how high was that refusal relayed? If it wasn’t relayed to the very top by security specialists, then why not?
Mrs. Clinton was sworn in on January 21, 2009. A couple months after she took office, in March of 2009, the University of Toronto and TheSecDevGroup issued their report on Ghostnet, a cyberespionage network established by an unknown party to mine data from the Tibetans. They found “real-time evidence of malware that had penetrated Tibetan computer systems” which was connected to a large network of 1,295 infected computers in 103 countries—almost 30 percent of which were high-value targets such as ministries of foreign affairs.
The authors of the report found “that GhostNet is capable of taking full control of infected computers, including searching and downloading specific files, and covertly operating attached devices, including microphones and web cameras,” and was sent through “contextually relevant emails” that look like real emails.
Granted, the mechanism of action for Ghostnet would not have been the same as that which could have compromised the server that Mrs. Clinton was using. But few can claim ignorance about the degree of threat posed by the use of insecure systems at the time.
The Ghostnet network compromised computers at the “ministries of foreign affairs of Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei, Barbados and Bhutan; embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan.”
Even if the Obama administration’s appointees lacked the know-how to anticipate cyber threats when they took office, they were undoubtedly immediately educated about the dangers by the government’s more knowledgeable members. Bob Gates, the former Director of Central Intelligence, and later Defense Secretary under Obama, commented in his 2014 book, Duty, that “A number of the new appointees, both senior and junior, seemed to lack an awareness of the world they had just entered.” He noticed that “fully half” of those in the Situation Room had their “cell phones turned on during the meeting, potentially broadcasting everything that was said to foreign intelligence electronic eavesdroppers” and he ensured that such behavior stopped.
The Ghostnet story made page A1 of the New York Times in March 2009. Can this administration really claim innocence about the security threats posed by an insecure, private email server when Clinton served as Secretary of State? How much did President Obama know, and when?
It now appears that the Obama administration received questions from Gawker’s John Cook about the ramifications of Clinton’s private email use back in 2013. The Obama administration has likely spent at least those two years—if not much longer—covering for Mrs. Clinton. Her press conference to explain her exclusive use of private email fails to satisfy, and the press should continue demanding answers until this presidential hopeful provides some real ones.
This column was originally published at Accuracy in Media.