Wednesday, 1 June 2016

The Hillary Clinton E-mail Server

So, unless you have completely avoided any mention of American Politics, you have heard about the Hillary Clinton E-mail Server scandal. You may think it is unimportant, or you may think it matters quite a bit. However, you need to understand what you can learn from the scandal so that you do not make the same mistake.

Was it a mistake for her? In retrospect, it absolutely was a mistake. The FBI will determine whether or not it was a criminal act, and the people of the US will decide if it was a criminal mistake. However, she definitely should not have used a private e-mail server for her job as the US Secretary of State. So why shouldn't she have done so? What can you learn from her error?

In order to fully understand the significance of the error, you need to understand how e-mail works. There are variations, but in basic form, an e-mail is a text file being transmitted across the Internet. It cannot be fully encrypted, but it can be partially encrypted. The part that cannot be encrypted is referred to as the headers, and indicate the e-mail address to which it is being sent, as well as other information such as the sender, time it was sent, the subject of the e-mail, and so on. That is what you create when you type up an e-mail. For more information about encryption of e-mail, you can check out my recent posts.

Once you click send, then your computer talks to your SMTP server, which is responsible for sending the e-mail. This communication can be encrypted, and usually is. The SMTP server then makes a note of what is being sent, along with all of the information about the process, such as the result of attempting to send it, the username that is sending it, and so on. There is now a copy of your e-mail stored on the SMTP server. It is then communicated through the intervening networks to get to the recipient's mail server. This is accomplished by transferring the text file containing the e-mail from server to server until it reaches the intended recipient.

As the e-mail is sent on, it may or may not be logged on the servers that forward it along. The ISP of the mail server may have a copy of each message you send, the recipients mail server will have a copy, and at least a few servers in between could have a copy. This means that any e-mail you send is compromised, and may be read by other people. This is exactly like sending a postcard, which can be read by anyone involved in transmitting the postcard to the recipient.

That is the nature of e-mail. Anything that is sent by e-mail can be read as is, anywhere along the network path. This can be mitigated by two things. First, if the e-mail contents are encrypted and only the headers are readable, then this will make it more difficult for outsiders to access it. The other way is to control the entire network from sender to recipient. This is not typically possible, unless the sender and recipient use e-mail servers on the same network, or the same e-mail server. For instance, if you and your co-worker exchange e-mails, and you are using the same e-mail server, which is likely, then the entire process will take place on the server.

In the Clinton situation, she should have used the Government server. Anything that was sent by her to other Government employees would then be secure and not sent across the Internet. It would remain private and confidential unless the Government servers were compromised. Instead, every single e-mail she sent was potentially visible to others. This is even more true if her server was not set up to use fully secure communications between her and the server. This is perfectly acceptable for personal e-mails arranging that get together with your cousins, but if there is anything private or confidential, it is not acceptable. So if you are tempted to use a private e-mail server instead of your company's e-mail server, just don't do it. It isn't worth the risks to store private information on an unauthorized server.

No comments:

Post a Comment