Tag Archives: e-mail

An Encryption Angle on the Clinton E-Mail Affair

An Encrypted Message?

An Encrypted Message?

Hillary Clinton’s problem with her e-mails are raising questions about judgment, honesty, and the security of her communications while Secretary of State. I’ll leave it for others to decide whether this is just a “bunch of hooey,” in a long string of ferocious “anti Clinton propaganda,” as Clinton ally and confidant, James Carville says; or if it has real substance. Regardless, all of this is now fare for the “Road to the White House, ” and puts Benghazi issues on the first page of Google searches again.

For the nerd writing this blog, the most important questions raised by Clinton E-mail Gate are around the security of electronic transmissions (generally); and especially the role and potential of Encryption, or lack thereof. (Here is a good sketch of how Encryption works).

These questions are the same, now all-too-familiar ones, raised in the NSA/Snowden affair; British intelligence agency (GCHQ) spying on news organizations; and the hacking of Sony, which almost brought that company to its knees, while making public some very embarrassing e-mails by it’s executives.

One of the first questions that should have been asked about Hillary’s private server and e-mail system, was whether her technicians used any form of Encryption, at least for e-mails in transit.  The only answer that has surfaced so far comes from a Bloomberg News report that hasn’t received much attention.  It says that Mrs. Clinton’s email-server had a “mis-configured encryption system.”

It’s not clear exactly what that means, other than her tech consultants tried installing some form of routine encryption, but botched the job. According to the Bloomberg story, “although Clinton worked hard to secure the private system, her consultants appear to have set it up with a misconfigured encryption system, something that left it vulnerable to hacking…..”

Further research reveals that building a robust, easy to use, universal, turnkey, Encryption system for all e-mail, is a lot harder than most of us realize; logistically, more than technically, if you can separate the two.

Years after British journalists were spied on by their government’s intelligence agency, The Guardian found that news organizations like the Associated Press, Le Monde, LA Times, CBS News, Forbes, Baltimore Sun, and Der Spiegel were still lax in protecting journalists and their sources from surveillance; still putting all of the people who communicate with them at risk of being spied on.

You’d think today’s tech geniuses could find a way to help us all routinely and robustly Encrypt our e-mail. But, as “Digital Trend’s,” Geoff Duncan put it: “the bottom line is that email as we know it today has never been secure, and the myriad ways we send, receive, store, and use email messages makes fully securing email a very difficult problem; at best.” This,  from an established tech company specializing in personal and custom networks and servers, like, perhaps, the consultants Hillary used.

Even many among us fixated on privacy have second thoughts about strong Encryption when they learn what it may really mean. Not only is it tedious and arduous to get there, but it’s questionable whether you could ever search your own e-mails (easily,  if at all) if they were encrypted on Google servers. That’s both good and bad. The best (and relatively understandable) explanation I’ve found as to why this is so difficult, can be found here.

Actually, the big e-mail providers, like Google, Yahoo, Apple and Microsoft appear to be closing in on this Holy Grail.  But, one formidable obstacle is U.S. Government security agencies, which are very worried about throwing away the Encryption key, so that no one except the users in the sender-receiver diad can ever decipher the message. That of course is really the whole point of strong Encryption.  But it would mean that NSA, for example, or it’s British counterpart, couldn’t decipher messages between terrorists planning an assault on a world cup soccer game.

Here is one vivid and very recent story about obstacles Google encountered offering user selectable Encryption for their customers.

Darrell Issa’s investigators would also be frustrated if a strong form of Encryption prevented them from finding out what Hillary might have written to the White House as the tragic Benghazi events unfolded?  She may not have written anything; if she did, it likely wound up on a (relatively) secure State Department server; or on a server (like at the White House’s or CIA’s) which may claim the Issa Committee is not entitled to see it.  The treacherous road to the White House!