The Democratic and Republican gristmills got to work last week on Hillary Clinton’s “homebrew” email, and the ensuing firestorm underscored an alarming lack of cyber-savvy among the leading players of the 2016 election. It also raised a serious question: Should the Secret Service protect presidential candidates against cyber attack?
News of Hillary Clinton’s use of a private email service, @clintonemail.com, hosted from her home in Chappaqua, N.Y., spread fast last week. The State Department commented that for six years the former secretary of state had not been in compliance with their policy, specifically because she failed to submit the records for transfer to government computers. Immediately, the Internet lit up with rapid-fire analysis of her server setup and heated discussions about the former secretary of state’s almost Nixonian will to control.
Was Secretary Clinton’s email secure? With what we know, it’s nearly impossible to answer that question. There have been reports about an out-of-a-box encryption program and critiques of other software used, but the question of whether her system was up to snuff with the State Department’s standards requires Edward Snowden-level clearance.
Security isn’t the sole point of critics’ contention. The fact that the Secretary of State’s communications were essentially beyond the reach of her boss, the President, will almost certainly be the subject of continued debate and discussion. So will the security issues this brings into sharper focus, though the extent of the faux pas is, at this point, unclear.
Hillary confirmed in her Tuesday press conference that the server used to store her emails was set up for her husband, the former President, and guarded in their home by the Secret Service. One can reasonably wonder whether that means they secured just the physical box, or did they take charge of the security software as well? Whereas the average American can make do with an over-the-counter Internet setup, we can only hope that the email of a former president wasn’t set up by the Geek Squad. I called the Secret Service for comment on the security measures used regarding the email server, but there was no reply. And why would there be? No security experts worth their salt would discuss such specifics publicly.
Clearly whatever protocols and safety measures are in place for the executive branch are not going to be discussed with reporters and citizen journalists looking for an angle on the 2016 presidential race. But while Hillary’s emailgate is certainly a big deal, so was an email-related misstep of the presumed Republican candidate.
The week before Clintonemail.com-gate (it doesn’t roll off the tongue), Jeb Bush compromised the identities of thousands of Floridians by publishing his email correspondence with constituents, and the error was in no way mitigated by the fact that no one on his team thought there might be an issue. Of the 250,000 emails from constituents that were published, some of them contained personally identifiable information, including Social Security numbers.
“In the spirit of transparency, I am posting the emails of my governorship here. Some are funny; some are serious; some I wrote in frustration. But they’re all here so you can read them and make up your own mind,” Bush’s site reads.
After shaking off the seemingly well-meaning obliviousness of the above, I find myself asking what would be an acceptable level of risk for us to take with the private communications of our presidential candidates, and who should make that determination?
Given the fact that party-nominated candidates receive classified daily briefings on matters of state, this needs to be figured out. We’ve already seen too many compromises in what should be restricted cyberspace. In 2012, hackers gamed Mitt Romney’s Hotmail account by guessing a security question. (And who would have guessed it could be, “What’s the name of your favorite pet?”) In 2013, a black hat hacker named Guccifer managed to crack open an AOL account belonging to Dorothy Bush Koch, daughter of George H. W. Bush and sister of George W. Bush. This hack yielded plenty of their private correspondence, including a self-portrait of the 43rd president-turned-artist taking a shower.
The Secret Service protects presidential candidates from physical harm, but these latest email stumbles have caused me to wonder if that protection should be expanded to include the cyber-realm.
Setting aside the issue of how a campaign would be able to absorb the cost of White House-level cybersecurity in the middle of a presidential slugfest—and whether they would be required to—the above email snafus strongly suggest that the people making decisions are 1) nowhere near cyber-savvy enough to make sound decisions about data security or much worse; and 2) they are out of touch with public sentiment regarding breaches and identity theft and have somehow not grokked that a lapse in security could raise serious questions regarding a candidate’s judgment.
Either way, the cybersecurity of our next presidential candidates is a question that the Secret Service needs to answer sooner rather than after something serious happens on the campaign trail.