THIS IS NOT A POLITICAL POST. But the story does have, I think, an extremely important message to all corporate I.T. and security people.
Here is the Clinton story. Judicial Watch, the conservative PAC that has been driving the Clinton email investigation got some documents under a Freedom of Information Act request that are enlightening.
Apparently, Clinton was not a computer user, but someone gave her a Blackberry and, after a while, she became addicted to it.
But, the seventh floor at Foggy Bottom (State Department HQ, mahogany row) was a wireless free zone for security reasons, so she had to leave her Blackberry in a locker outside, just like the rest of us do when we enter a SCIF or high security area. The effect of that was that she would be without email access for hours at a time and would run outside on breaks to check her email.
In fact, they crafted an office for her, outside the SCIF, so that she could go read her emails a couple of times a day.
In an effort to solve this problem. Donald Reid, the State Department’s coordinator for security infrastructure said that he repeatedly asked the NSA what their solution was for the President’s Blackberry addiction and was “politely told to shut up and color“. Great quote. Probably not for the NSA, but I like it.
So what did Clinton do? She did what every executive will do in the face of being told no. She told them to F@#$ Off and used her own Blackberry, insecure as it was.
NSA did have a secure phone, called a SME-PED. SME-PED stands for Secure Mobile Environment Portable Electronic Device. Think about holding a brick up to your face and talking into the brick. People that I know who have one call it a Franken-phone. It was a horrible device and never accepted in the military – except when forced on low ranking soldiers. I recall many stories of military brass asking their keepers to borrow their personal phone to make calls, the SME-PED was so bad.
Not only were SME-PEDs horrible to use, they cost, according to Ars, almost $5,000, which, to spend on the SoS, is not a big deal. On top of it, according to some special ops folks who showed me one (but wouldn’t let me touch it even though I had a clearance – I didn’t have a need to know), the rules for handling it were unworkable also. You basically had to treat it like the classified information it contained.
Condaleeza Rice, Clinton’s predecessor in the Secretary of State position had received waivers for her and her staff to use their own Blackberrys. But now, under the new administration, they wanted Clinton to use this brick, the SME-PED.
The SME-PED was only cleared to store information classified at the SECRET level, not TOP-SECRET or Compartmented information, so even if she used one, it would not be able to store the information that people are now complaining they have found some instances of, unmarked and classified after the fact, on her Blackberry.
All that was background. Here is the important part and if you don’t already know this, you should.
IF YOU (I.T. OR SECURITY) TELL PEOPLE IN YOUR ORGANIZATION THAT THEY CAN’T DO SOMETHING THEY THINK IS IMPORTANT, FOR SECURITY REASONS, THEY WILL DO IT ANYWAY IF THEY THINK THEY CAN GET AWAY WITH IT.
I have been having the conversation with a friend of mine in the DoD who keeps saying that if he did what Clinton is accused of doing that he would get fired and likely brought up on charges. And I have no doubt that he is right.
But, executives have different rules. Colin Powell used his personal email. he said the State Department computers were totally unusable. Condi Rice and her entire staff used Blackberrys. No one got in trouble for doing that. You could counter that Rice got permission to do that – Powell did not – but Clinton asked for permission and was told to shut up and color. My friend points to General Patraeus who didn’t risk having his emails compromised; he willing gave them to his mistress. There is no question about whether his emails were compromised, we know they were. And, he was the Director of the Central Intelligence Agency. Should he, kind of, know better? Not to mention, having a mistress is kind of a violation of military rules.
What happened to the General? Well, he had to retire. Sadness. He was ordered to pay a $100,000 fine and serve two years probation. Granted, this was much more serious penalty than the 100 hours of community service that Sandy Berger got for removing classified documents from the National Archives, but he didn’t give them to his mistress.
According to CBS, the Pentagon considered retroactively removing one of General Patraeus’ stars (demoting him), but decided not to because he apologized.
So, apparently, if you are Brass and you break the law, violate the Uniform Code of Military Justice and give classified documents to your mistress, but say you are sorry, then we are good? He doesn’t have to forfeit his pension of $230,000+ a year. And, of course, he has a private sector “consulting” job working for KKR making seven figures a year (see here).
None of this is unusual, but the point is, DON’T TELL PEOPLE THEY CAN’T; THEY WILL THUMB THEIR NOSE AT YOU AND DO IT ANYWAY.
Just my two cents.
Information for this post came from Ars Technica.