Tag Archives: email

What Does Mike Pence’s Use of A Personal Email Account Teach Us?

The Washington Post is reporting that Vice President Mike Pence used a personal email account to conduct government business when he was Governor of Indiana.

The Veep says that his use of a personal email account is different than Clinton’s use of a personal email account and I do not want to turn this into a political blog.  Pence said he didn’t break the law and I believe him.  That doesn’t mean that doing what he did wasn’t extremely reckless.  There were emails between him and Homeland Security regarding very sensitive terrorism matters that have no place being discussed on AOL.

There are some similarities that can’t be ignored:

  • Both used personal email accounts for government business
  • It appears that neither one violated the law at the time by using personal email accounts.
  • Emails from both accounts were publicly disclosed – one by a hacker and one after the fact by the government.
  • Emails in both accounts contained sensitive information, although, some of Clinton’s emails may have contained classified information even though none were marked with classified markings (either of which is a problem!)
  • Both email accounts contained emails, the content of which, according to each owner, was too sensitive to release publicly.

One thing that is different is that Pence’s email was known to be hacked while Clinton’s email is only speculated to possibly have been hacked.

So what can you or I learn from this situation and what might we do differently?

The first thing is to understand that normal email – in VP Pence’s case, it was an AOL account and in Clinton’s case it was a personally managed email server – is likely not very secure. Period.

Second is that if you plan to use email for sensitive information – which apparently both people did – you need to take extreme measures to protect it – which apparently neither person did.

Third, when it comes to the intersection of security and convenience, if you are going to use email for sensitive communications, security needs to win.  In neither case did that happen.

In THEORY (but only in theory), the privately run email server of Hillary Clinton COULD HAVE BEEN more secure than a public email server run by AOL because AOL has designed it’s email service to be used by grandma to get pictures of her grand-kids and a private email server can be designed to do whatever the owner decides is important.

If you are an executive of a company, of a state or of a country, you need to either understand enough about cybersecurity to make critical decisions (which is unlikely to be the case) or consider security important enough that you have people on your team who you can trust and count on to do that for you.

Public email servers like Google, Microsoft and AOL will NEVER be able to do that – it isn’t what you are paying for (which is pretty much zero).   You do, in fact, get what you pay for in this case.

While the Veep likely broke no laws by using a personal email account, if those emails were too sensitive to publicly release,  then the use of a public, consumer grade email solution shows, at a minimum, extremely poor judgement.

Executives need to become modestly technically adept and surround themselves with people who have the appropriate technical skills.  Then they need to do what those people tell them to do.

It seems like neither Pence nor Clinton did that.

For executives in private industry, it is unlikely that they will have classified emails in their inbox, but it is highly likely that they will have emails that are too sensitive for public release.

So why the <bleep> are they sending that kind of stuff over public email.  Regardless of what Google or any other general purpose public email provider might say, in reality, with the exception of a handful (literally) of security oriented email providers – all very small – no commercial email is encrypted in a way that you should consider safe from compromise and disclosure.

THAT is the message I want to deliver today.  It has nothing to do with either Pence or Clinton.  They are just the opportunity to discuss the issue.

So, executives —

SECURITY or CONVENIENCE – pick one.  And if you pick convenience and your emails show up in Wikileaks or the New York Times, don’t say you were not warned.

Consider yourself warned.

Information for this post came from the Washington Post.

Trump Senior Staff Using Same Hackable Private Email as Hillary

I generally stay away from politics in this blog, but this item is an interesting intersection of security and politics. And, it is pretty unique.  Most non-public sector businesses don’t have to worry about this.  While they may or may not let employees use their business email for personal reasons, there are no laws or regulations governing that.  Which makes this situation unique.  And very interesting. Sooooo…..

Politicians are an interesting breed.

After Trump spent months on the campaign trail saying that Hillary Clinton was a criminal for using a private email server, that she risked state secrets and that she should be locked up, Newsweek is reporting that Kellyanne Conway, Jared Kushner, Sean Spicer and Steve Bannon have active email accounts on the private RNC email server.

This is the same email system that George W. Bush used and on which he misplaced 22 million emails.  You may remember that Trump also complained about some 30,000 emails on Hillary’s private email server that were deleted.

Politicians can talk out of one side of their mouth to complain about what an opponent does and then do it themselves.

Now that it has come to light, the staffers are no  longer using those accounts.

But, just like Trump complained about Hillary, we have no idea what the senior Trump staff may have used that server for.

We do believe that Bush used that very same server to evade transparency rules.

We have not yet heard from the White House that while they may no longer be using the RNC email server that they are not using any other private email servers.

This is the same kind of servers that Trump complained about on the campaign trail were not secure.  And, at least until yesterday, they, themselves, were using.

Of course we have no idea what they used those email accounts for – or didn’t.  The law does NOT prohibit them from using private email accounts for non-government business.  It does require them to forward any government business email that is received on a private account to the government within 20 days.

A former Obama White House official said that they were trained on the issue of using private emails from day 1 and a former Obama administration lawyer said that they did an enormous amount of training on compliance.

That being said, we likely will never know what is on these servers – those accounts were likely wiped within an inch of their life.

Part of the problem is that some White House staff work part time or in an unpaid capacity for the RNC.  As soon as that happens, mischief is almost certain to follow.

Since FBI Director Comey said that Hillary Clinton’s use of a personal email server was “extremely careless”, I assume he will come out as publicly and as vocally about the Trump team’s use of similar servers.

The RNC said that those email accounts were only used for email distribution lists.  Who knows.  That is certainly possible.  Or not.

Stay tuned.

We definitely live in interesting times.

Information for this post came from Newsweek.