The headlines this week are full of new conspiracy theories regarding former First Lady, Senator, Secretary of State, and current philanthropist and possible presidential candidate Hilary Rodham Clinton. The conspiracy? Attempting to hide information from public scrutiny by having her very own personal email address, which she used for correspondence while exercising the duties of the office of Secretary of State. Well, I am waiting for the Federal Marshals to arrive and haul me away, too, because I did the same thing, while exercising my duties as a federal contractor. Cutting through the hype and hysteria, one can easily see that the conspiracy falls apart in so many ways as to be classic slapstick comedy, though unfunny in its seriousness, stupidity, and mean-spirited attempt to smear yet another political aspirant for no good reason.
According to a release from the Associated Press, that has been widely re-published by various media, Clinton “suspiciously” ran her own “homebrew email system” to handle her email while Secretary of State, rather than using her official State Department .GOV account. OK, the latter would work for a person who only uses email for official business, with no personal or outside interests. But, most of us who don’t need help turning on our computers use the Internet for multiple purposes, many of which are at odds with the government’s computer policies about “For Official Use Only,” to the extent we necessarily use our preferred (and private) systems to comply with those policies.
As an independent contractor, I, of course, like the Clintons, had my own Internet domains, for the purpose of maintaining a web site and email identity for my business, which I used for both government and non-government correspondence, even though I also had a government email account provided with the contract. The government email account was necessary because government IT policies restrict certain mailing lists to internal email systems only. Most of those correspondences were in the realm of inter-office memos and “news,” of interest only to persons who work in the building that is the “home office” of the organization. In my case, this was a compound in Bethesda, Maryland, a city that I have never visited–I worked remotely from my office or at the Montana laboratories.
In Secretary Clinton’s case, by all accounts, she rarely spent time in the Washington, DC State Department offices, having spent much time “on the road,” so no doubt had little interest in notices of parking lot restrictions, “brown bag” lecture schedules in the auditorium, or the like, that make up a large part of the content of official government email boxes. The “official” mailing lists aside, there is no such internal-address limitation on personal address books for the immediate circle of colleagues that most people deal with 99% of the time. The other 1% are initial contacts from government employees who had to look up your address in the system’s directory. After the initial exchange, the correspondent usually will have your outside address.
Mechanics aside, it is a fact that all “official” correspondence within the government will be to or from a government mailbox, and therefore archived within the government email system, whether or not one endpoint is a non-government mailbox. In the case where correspondence is between two non-government addresses, it is also most certainly copied on CC or BCC to a staffer or colleague, or your own official mailbox, if for no other reason than “FYI” or to comply with record-keeping policies. Under the new rules, put into place after Secretary Clinton’s tenure, a correspondence that doesn’t include a government address but is pertinent to official business merely has to be forwarded to a government account within 20 days to meet the transparency rule.
It is also a fact that government mobile access to their systems is sometimes outmoded and painful to use, and the hardware provided can legally only be used with the official systems, for official business. However, personal systems can use the latest or at least preferred hardware and software, while still capable of connecting with government services if necessary. Carrying multiple hardware systems and accessing multiple accounts on each is not compatible with the kind of rapid-response, on-the-go travel that State Department officials (as well as itinerant consultants) do to accomplish their mission.
The AP release attempts to “spin up” the conspiracy angle by muttering about a “mysterious” individual named on the domain registrations for the Clinton’s businesses, and speculating about the location and security features of the actual physical servers. Oh, please. It is normal for the “IT guy” to be named on the domain registration, as it is a technical responsibility, and usually someone who has physical access to the server hardware, i.e., a hosting service. Whether or not the mystery man is indeed the Clinton house IT guy or simply a “nom de tech” to keep a famous name and contact information out of the public record is immaterial. The implication that a “homemade” email system is neither reliable nor secure is specious: we are dealing with a multi-million-dollar foundation here, not some preteen wannabe hacker running a web site from his bedroom.
Not that you can’t run a reliable and secure system on a budget–I run a webcam service from a $50 Raspberry Pi that is backed up and secured: the logs show it shrugs off break-in attempts; it gets updated with the latest Linux security patches regularly, and it is available as long as we have power and cable services to the window sill in my office where it sits. Our main services for web and email are physically located in Montana, where we rent server space for our personal domains. Those are backed up and/or replicated by the service. We pay a monthly fee for this service, so expect a certain degree of privacy and security that may not be the case with public free services like gmail or MSN.
This is not rocket science, people. Anyone as smart as the Clintons or who travels a lot should and usually does have their own Internet presence outside of Gmail and Facebook, i.e., something that they control and has “brand identification,” and people who have business both within and outside the government need to have a non-government account for non-government business: it’s the law. The speculation in the article about a “homemade email server” is simply specious. There is no evidence given that the hardware is in the Clinton’s home. The IP addresses for the mail servers associated with the domains mentioned in the AP article are not related, so are most likely not colocated on the same hardware. Domain registrations list the address of the owning entity, not the location of the hardware: it can be assumed that the services are hosted, like those of most small businesses, at a hosting service. Further analysis might at least reveal the geographic region to which the IP addresses are assigned. The domains themselves have private registration, so that the AP claims cannot be verified from publicly-available information. Given the wildly speculative tone of the article, there is no reason to believe any allegations or implications in it are true.