I’m not sure whether to file this one under Cyber War or Geek Horror. The subject matter fits under Cyber War. My goal with cyber war is to discuss topics of interest while sneaking in a bit of a computer security primer for friends and family. But Hilary’s Bring Your Own Email to work story also smacks of tech gone horribly wrong. And I don’t have enough stories in that genre. I’ll classify this under both categories.
Hilary has yet to respond so it’s premature for me to comment, but this is a blog. She might surprise us by stating other reasons once she does respond, but the general consensus at this point in time is that the Clintons are private people (no really, everyone is saying this on the air about the most public figures in America) and they have lessons learned from their share of lawsuits and subpoenas. So I don’t question Hilary’s desire to set up an email server at home before beginning her tenure as Secretary of State to maintain a degree of privacy. In fact, and I’m still struggling to digest this, it’s common practice for high-level politicos. Apparently there’s a strong market for consultants to set up personal email servers for public figures.
I can even relate to Hilary, and so can you. Does your employer support BYOD in the workplace? You know, Bring Your Own Device to work? Mine does. If they didn’t, they would have to buy 450,000 $500 smart phones for us all. Do the math on that. This is a real trend. You use your personal iPhone to access your company email. You use your iPad to access company databases while sitting on your couch and also drafting your fantasy football team. The tradeoff is that you install your company’s computing policy onto your phone. That sets configuration specs such as the complexity of your password and how often you have to change it. And we’re as okay with this as we are with granting Facebook complete copyright to our family photo library.
Do you think Hilary complied with State Department computing policies on her home email server? The discussion to date is about her operating within the guidelines (at the time) of leveraging a personal email account for official business. My point is there is so much more to comply with. All of us working from home at the remote end of a VPN tunnel understand that we’re the weak link in the corporate security chain. We have family members accessing our keyboard. We allow guests on our wifi. Shoot, I use my personal MacBook Pro as my primary work computer. I also sacrifice half my CPU utilization to my company’s AV and computing policy auditing software. Some people use their work computer to host their personal pictures, play their music, and send personal email. I prefer to subject my personal MacBook Pro to crippling corporate security and compliance software in order to use a single device. Before that, I used two devices.
No one is talking about this yet but my concern is that Hilary did none of this. Maybe she ran AV software. Well of course she did. Computers don’t run for very long if you don’t. Point is, how would we know? How would the State Department I/T staff know? And AV is just one small example. There are many essential security practices that must be followed. Once that home email server is compromised, it can then email malware to heads of state! I’m trying to remain optimistic. Maybe this server was supported by a special team of State Department I/T staff. That’s not unusual at all for C-levels at large corporations. But stories like this remind us not to be surprised when common sense is ignored by people who should know better. Lost in this week’s news, General David Patraeus reached a plea agreement for sharing extremely confidential information with his biographer/lover. Trust no one.