Just asking...

I mean, seriously, it was external to her organization. A rather important organization, for that matter. I really don't care if she upgraded to gmail+.

I'm almost more shocked that the State Dept. IT dept even allowed it.

including the previous Secretary of State. Even now, many keep parallel email accounts.

Both private and public emails accounts can be hacked. Anything requiring security is likely encrypted.

Hillary turned over all requests for emails quite a while ago. She kept all of them unlike many government officials who lost or destroyed them.

Given that many public employees are inherited from the previous administration, any administrator has to be careful about leaks. As such, many employees over the last decade commonly used a private account, their own security, encryption, and non-government equipment to conduct business. Don't you remember the CIA snooping on Senator's staff computers?

I suspect that some commercial operations are more secure than dated government operations. Even then, the best government operations are likely contracts with private companies anyway.

If they don't destroy records (as I understand that was the law at the time), they are free to do so.

The last one I would trust in Washington would be a government IT department.

Not even close. You can assume every commercial operation is compromised.

Real security costs a lot of money and takes a lot of time to implement and maintain. Commercial operations aren't going to bother. Just like a bank isn't going to bother equipping its security guards to repel an invasion by another country.

Commercial operations do enough to make it so "common" hackers can't get to your email. They are utterly unprepared to deal with the attacks a foreign country can use against them.

For you and me, we can consider it secure because other countries do not give a damn about our email. On the other hand, they'd be very interested in the Secretary of State's email account.

for example: http://www.democraticunderground.com/10026304514

here's a link to play with about the legality.

http://bluenationreview.com/republican-double-standard-hillary-clinton-pathetic/

in other words, you are wrong.

Your claim is commercial services are more secure. That is exactly the opposite of reality. Every commercial service is compromised.

The "slow pace and frequent outages" the poster was complaining about are due to the efforts required for a really secure system.

you don't seem to understand. If Hillary was using a private company email service, she could easily have also used an encryption software no matter what private ISP was the host.

For example: http://www.symantec.com/small-business/page.jsp?id=small-business-encryption-solutions&depthpath=0&header=0&om_sem_cid=biz_sem_s217786571726287|pcrid|44046534409|pmt|b|plc||pdv|c

I have no idea (and neither do you) if the federal government offered her an encryption app that may have been secure. We know that the US Government was reading damn near all the world's email anyway. We know that Hillary was within the law, provided copies when asked, and archived her email.

We don't know if her email was encrypted, even if it went through a private server. Frankly, it's naive to think that Russia, China, and other powerful countries don't hack both government and private servers. Of course they do. Maybe they have a copy and can't read it.

Frankly, we don't know if she had a "double-secret" email account on her own secure satellite for communication! If so, why would the Secretary of State reveal such a top secret? It's easier to say, "I used hotmail." or whatever.

Giving a bunch of crazy Senators on a witch hunt a few thousand emails from her achieve of daily chatter is no big deal.

The primary problem is the recipient. They have to agree to use the same encryption and you have to exchange keys before sending an email. If you don't, the recipient gets an encrypted blob they can't read.

You can encrypt your connection to your mail server pretty trivially. You can encrypt your mail server's database with a bit more work. You can not encrypt the connections between your mail server and the upstream mail servers - usually these are run over something like TLS, but you're relying on some other ISP to encrypt the link. You have no idea if they actually will encrypt it, and do so properly.

So to send an encrypted email, you have to use something like PGP to encrypt the body of the email to protect it en route to the recipient. Which requires exchanging encryption keys before sending the email - you need to use the recipient's public key to encrypt the email.

The products you point to do not do the last part, or do not do the last part in a secure way. You also can't find this feature built in to the vast majority of email clients - an iPhone's mail app won't do it, for example.

I do not know with absolute certainty that Clinton doesn't change her oil every time she drives somewhere. It's possible she does. But it's so incredibly unlikely due to the massive level of effort that we can assume she does not until told otherwise.

Similarly, I do not know with absolute certainty that the emails were not properly encrypted. It's possible they were encrypted properly. But it's so incredibly unlikely due to the massive level of effort that we can assume they were not until told otherwise.

I don't think anyone cares about the routine stuff. If they did, they wouldn't want it on a typical ISP or typical government server with no more than a password account. Either might be hacked.

I'm assuming that the Secretary of State had a way to send a secure email if she want to...

I also know that we can buy off the shelve security for email now, and even a few years ago when Hillary was in government some versions were available. Some are not as cumbersome as PGP and, we don't even know if she was using even a lower level of security, off the shelf or created by the government or whatever. I also know I used a palm print, retina scan, and fingerprint for security for government access a long as 2 years ago, so even for minor things that are not top secret, the technology is available to quickly and easily screen people. I have no idea what the State Department does other than posts on DU from people who say they currently work there. They seem to think a private provider made sense.

The more secure, the more trouble and cost. That's what I would expect.

Other than Hillary providing emails on request (proving she has an archive), what public scandal is there? Benghazi has been investigated until everyone (even the GOP) is pretty sick of it. The hit piece on the emails is most likely a political ploy since Jeb just had a big email and technology screw up, so the GOP needs a story to contrast him with Hillary.

We'll see.

The reason Gmail isn't HIPAA compliant is the data is not encrypted on their servers. It's not standard practice to encrypt email databases.

Some for research projects and others for a lawyer. Some projects were federal funding. Many companies and universities have contract services for all kinds of providers, but also have a variety of security and encryption when necessary. Usually it's not so much a matter of national security, but more likely privacy or a patent or legally sensitive.

I'm sure that there a bunch of modern day Alan Turing's somewhere trying read stuff anyway, but for daily use it keeps almost anyone from seeing the protected document, data, or email.

Also, I've used tags that report any IP address that reads the email. I'm not sure how it works (it's a service), but in one case about 7-8 years ago someone got some email I sent who wasn't supposed to and I caught it.

Of course, all this stuff changes constantly. I'm just asking if anyone knows if the Secretary of State had a way to send a secure email - and if she did would she announce to the world how she did it?

is if she connected to the mail server using something like TLS or SSL, if that mail server's database is encrypted, and if she used something like PGP to encrypt the contents of the email. Which means she would have had to do a secure key exchange for every single recipient.

Not gonna happen.

Anything less than that means the email was in plaintext at some point, and thus interceptable. The last part being the most critical, and the hardest to do.

and who wants to encrypt 50,000 emails? OTOH, how do we know she didn't have the ability to encrypt when she wanted to...the technology was certainly available. You would only need a key for the super secret things which were probably a small subset. Ha..Hillary was probably just as worried about leaks to GOP operatives hiding in her office as she was a foreign government.

Frankly, we don't know if there was a parallel system that is not public for sending top secret email, etc.

Also, we know the emails were archived since she has already giving 55,000 pages of them to a committee at their request.

I don't think we can jump to the conclusion that Hillary's secret emails were loose in the world. Actually, Snowden and Wikileaks have revealed more secret emails that worry me than Hillary, and most of Snowden's stuff has not likely been released.

At least, based on this comment:

This is only talking about encrypting the copy of the email that she stored in her client or on her servers. That isn't the only copy.

You also have to encrypt the copy you send to the recipient. They don't receive the email by connecting to your mail server, they receive the email by connecting to their own mail server. After the email has been sent via a bunch of intermediate ISPs.

Encrypting the recipient's copy requires a secure key exchange, which can not be done via email or other simple network transfer. At least, not securely. There's plenty of places and products that will happily tell you "This is Bob's public key". That doesn't mean it actually is Bob's public key.

Additionally, you have to use an email client that will properly encrypt the message. This is rare - almost no common email clients support this. Your recipient must also use an email client that supports this, where they can use their private key to decrypt the message.

It is very easy to think you're being secure (my mail server's database is encrypted! And I use SSL!) when you are not actually being secure (Upstream mail server #4 was not encrypted. Also, your recipient connected via POP).

A few years ago, I would physically exchange a key in person. I'll bet that the State Dept. could arrange it.

I would assume that several years ago, both Hillary and her receiving party would have a key and method to send and receive if they used that type of encryption. I would also guess that routine email would simply not be secure. Someone hacking the server or whatever could read it. Maybe Hillary used some lower level of security, but we don't know and cannot assume anything.

For about a decade or more we have told everyone that email was not secure and that people should assume it is a public document. People should watch what they put in an email. That goes for text messages and voice mail. You'd have to live in a closet to have missed all the warnings and disclaimers, but maybe the State Department was different from the rest of the world. Frankly, we tell everyone now they may likely be recorded including on computers, phones, and in public places. Hell, even your new TV can record what you say.

Now, I can download various software and install it my home computer it so that what you are calling "rare" seems to work with a few thousand of my peers. For that application our IT has to run it's own server, but I don't know the details. I suppose I could ask, but it's not high on my list since I don't need that security often. I'm sure anything can be defeated, and it's a constant game so we expect changes pretty regularly. Just yesterday someone was telling me we would soon be able to use our iPhones with fingerprint recognition (like my passcode does now) for some security in the future - maybe office locks or access to a computer - whatever. I suppose that could replace a key for encryption too.

The point is that government emails are often public domain and employees know it. If something was declared "secret", then likely the State Department had ways to send the message without it being intercepted. It's not necessary to get overly excited about the emails yet.

The biggest problem with Jeb's emails was that there were a bunch of personal SS#'s and phone numbers and things that were released.

http://www.tampabay.com/news/nation/hillary-clinton-used-a-homebrew-computer-system-for-official-state/2219960

Most Internet users rely on professional outside companies, such as Google Inc. or their own employers, for the behind-the-scenes complexities of managing their email communications. Government employees generally use servers run by federal agencies where they work.

In most cases, individuals who operate their own email servers are technical experts or users so concerned about issues of privacy and surveillance they take matters into their own hands. It was not immediately clear exactly where Clinton ran that computer system.

-------------snip-------------

It was unclear whom Clinton hired to set up or maintain her private email server, which the AP traced to a mysterious identity, Eric Hoteham. That name does not appear in public records databases, campaign contribution records or Internet background searches. Records registering the Internet address for Clinton's email server since August 2010 identified Hoteham as the customer, listing his address as Clinton's $1.7 million home on Old House Lane in Chappaqua.

-----------------------------------------

You can read the whole article, but there are more unknowns than anything else. Essentially, no one knows the security or qualifications of the mystery person running her server. At the end of her term as SS, she turned things over to commercial companies. She might or might not have had any particular controls.

As others have pointed out, there are LOTS of controls on secret information before and after it's ever put into an email, but regardless it is likely that Hillary had some kind of security both to keep stuff from hackers, but also to keep stuff from GOP spies! The plot thickens, but this article describes what I would have speculated and parallels most institutions and businesses that I've worked with...

from what I understand, the State Department e-mail system does not allow for the application of emoticons.

What's the use of being an important member of the government if you can't illustrate a point with a clever little smiley face guy or gal.

And let's be honest. Her last name is Clinton. There is likely to be a whole lot of this sort of stuff....

for HRC...

But, FFS! Can everyone calm down for a minute over this? We are hearing a Lot of crap from CORPORATE HRC hating "Nuz4Nutz". They don't have all the details. No one has all the details. What we Do have is a LOT of speculation and Pre-determined Guilt and subsequent Judgment based Largely on Assumptions of "no fact" so far.

We have "expert msm heads" saying this, that and the other thing were wrong, in violation of federal law etc..OMG! Hair on Fire! "We Got her Now" bs.

C'mon....lets wait for a few more details. Lets hear from HRC. Lets wait for evidence and for Gods sake! Please Do NOT buy into the Big Corporate MSM BS "Opinion Formers" Intended with Malice to Ruin HRC.

So, the question is...If "they" are going after her with this much venom, this early...how close Can she be to the folks we believe she is close to, that We don't like? It takes big money and behind the scenes "power" support to go after someone in her position...think about That.

Otoh....maybe she did fk up...but shouldn't we wait for real evidence? That's gonna take time. And we'll never hear Unbiased reporting from MSM.
I'm staying neutral...for now.

Access to the emails is the big deal.

They need to be available for standard historic archiving and eventual analysis when they are released. How were relationships made/maintained? What worked? What didn't? Maybe the actions/emails of "state department little people" show it all. Or maybe personal relationships between leaders was an important factor.

And if there are any issues that come up (e.g. a foreign leader says they were promised X by Hillary but Kerry says it never happened), our government needs access to the emails. Maybe the agreement was oral rather than in emails, but emails could show something. All of the "real" agreements are worked out between the little people and written before the leaders get involved, but unwritten personal agreements between leaders can make or break agreement on the written deal.

Even without any issues coming it would have been to Kerry's advantage to have someone go through all of the communications of his predecessor and summarize the state of relations with different individuals. That's not possible when emails that should belong to the state department are controlled by someone who may or may not want them seen.

http://www.democraticunderground.com/10026308341