Sunday, February 7, 2016

The Technology Behind Hillary Clinton's Email Scandal, Explained

9:45:00 PM By

The Hillary Clinton email scandal has seemingly everything that can bring down a presidential candidacy. There are national security issues at stake, an FBI investigation and the fact that a cabinet official chose to use a private email rather than an authorized government address, something her staff was discouraged from doing.
The issue is, of course, highly partisan. Democrats insist she did nothing wrong, while Republicans suggest that she will be indicted on criminal charges (the FBI says otherwise). Muddying the water further is the fact that her Republican predecessors, Colin Powell and Condoleezza Rice, did essentially the same thing.
What makes it all even more confusing is that there are technological issues that very few political reporters fully grasp, so even objective journalists often give skewed impressions of the facts. That’s a real problem. We’re increasingly living in a world where there is a requisite amount of technical knowledge needed to make moral judgments about many issues we face.

How Hackers Attack
The underlying presumption of the Clinton email scandal is that the Secretary of State, who had a secure government server guarded by the full resources of the federal government, nonetheless chose to use a unsecured private email server in her home. In doing so, she breached security and put the nation at risk.

That presumption is wrong. The truth is that a government server is no more secure—and possibly less so—than a private email server, especially one that’s located in a home guarded by the Secret Service. In fact, government servers are breached on a fairly regular basis. To understand why, it’s helpful to knowhow hackers actually invade computer systems.

The first method is to exploit a software vulnerability. Sometimes, these are so-called zero day vulnerabilities that are unknown even to the vendor, but more frequently a systems administrator simply fails to update software. I think it’s safe to assume that the US government takes security seriously and monitors its systems closely.
Much more commonly though, hackers use a technique called social engineering in which someone tricks an employee into revealing a password or sends an email with a link containing malicious software. So a large government agency like the State Department has literally thousands of vulnerabilities in the form of employees coming to work everyday.
How The Government Keeps Information Safe
There is probably no bigger target for hackers than the US government. Foreign agents want to uncover information about our policies, plans and capabilities, while businesses often want to know about decisions that will be made in advance. In this day and age, it is impossible to guarantee that our computer systems will not be infiltrated.
In fact, government operates under the presumption that email messages will be intercepted, and uses two methods to keep sensitive information secret. The first, for the most highly secret material, involves hard copies of classified documents. These are not allowed to be copied or sent electronically and can only be transferred by a government courier.
The second method involves something called aSensitive Compartmented Information Facility (SCIF)which is used for electronically encrypted information. This is done by using large random numbers to scramble messages so that, even if they are intercepted, they can’t be read by anyone who doesn’t have the key. Truly secret information is never sent by regular email.
So, for the purposes of security, it really doesn’t matter whether Hillary Clinton was using a government issued email or her own personal server. To a large extent unencrypted email is unencrypted email, no matter where the server resides. As long as she did not move information from an encrypted server or hard copy document, our secrets are probably safe.
How Did Classified Information Get Into Clinton’s Email?
Nobody is accusing Clinton of transferring documents from a hard copy or a SCIF and sending them by email. Furthermore, as Secretary of State, she was largely responsible for determining what information was classified and what was not. So how did classified information get into her email, as well as the accounts of her predecessors, Powell and Rice?
Glenn Kessler of The Washington Post gave a detailed explanation of why this happens, but here’s the the basic idea: virtually anything a Secretary of State says is potentially sensitive. If, for example, a regular citizen forwards an email containing a news article about a classified drone program, no problem, but when a top official does so, it may end up being classified.
Another issue is that different agencies have different ideas about what should be classified. If Hillary Clinton makes an offhand comment in an email such as “I like the drone program,” or “I think the CIA mishandled the situation,” she is not divulging a state secret, but another agency might not want that information released to the public and will classify it retroactively.
That’s why many of the emails were not classified at the time she sent them, but are classified now. Jeffrey Toobin of The New Yorker argues that the main problem is overclassification— government agencies often don’t want the public to have information whether it has national security implications or not.
Whatever the case may be, the fact that emails are classified now is largely irrelevant. What’s important is whether she actually mishandled secret information.
Making Sense Of An Increasingly Technological World
How you feel about the email scandal likely depends on how you feel about Secretary Clinton herself. So far, there has been no evidence reported that she committed any crime. Still, installing your own private server for official emails does point to a worrying sense of privilege. Certainly, we wouldn’t want every government official doing the same.
Yet just as worrying is the way the basic facts of the case have been distorted. Certainly, other candidates and officials with access to classified information know the difference between encrypted and unencrypted servers, just as they know the difference between sending classified information and sending information that was classified at a later time.
The truth is that as technology changes, the rules change as well. Ten or twenty years ago, cybersecurity wasn’t nearly the problem it is today. Current rules do not allow officials to use private emails for official business, although it was permitted when Clinton, Powell and Rice were in office.
In the coming years, technology will render even today’s stringent secrecy techniques inadequate. Quantum computers are being developed that canbreak even the most sophisticated encryption methods used today. At the same time even more secure techniques are being devised.

Technology is making the world an ever more complicated place and even abstract ideas can have far reaching consequences. It is no longer enough to simply have good will or even good sense. Today, technology is changing the rules as fast as we can make them.
  

0 comments:

Post a Comment