* <> Clinton email This whole Clinton email thing is, if nothing else, a lesson in how "convenience" alone is never a good reason to do something. Why did Clinton use a private email server? People who hate her are going to tell you that it's because she's secretive and sinister and she wanted to be able to hide things from the public – ignoring "sinister" for a moment, there's probably at least a degree of truth to that – she likely didn't want her personal correspondence being archived on State Dept. computers – however the merit of those accusations is moot because we know, quite credibly, from Clinton's own words that the reason for the private email server was so that she could more "easily" communicate with people inside and out of work. Having two separate email accounts was not easy enough. Looking at multiple inboxes is not easy enough; having to make sure that you "send from..." the right email account is not easy enough. I hope someone with a shred of intelligence suggested that she just carry two Blackberries, labeled in enormous block letters with "BUSINESS" and "PERSONAL", but that, too, was not sufficiently convenient, was it? So, Justin Cooper or whomever made the suggestion said "why don't you just set up your own email server and do everything from there?" That sounds convenient, doesn't it? "I know computers pretty well, I could set-up an email server in your basement!" Okay, let's do it! Now, this is a bit of a digression, but I can't help myself ... ~I~ am pretty handy with computers. I've even set-up an email server before. But if the United States Secretary of State asked me if I could set-up an email server in her basement, I'd say "with respect, madam, you are out of your fucking mind if you are going to trust someone with no government/military information security experience to set-up an email server that's going to carry official state business." I don't know how much work was done by Cooper or Pagliano respectively, or the quality of their work, but the fact that neither of these guys said something tantamount to what I just said is ...mind-boggling. Anyway, this email thing has been dogging Clinton for the entire election, and it all comes down to her making a really stupid decision for the sake of convenience or "ease" of use. Unsurprisingly, none of her toadies were able to make a sufficiently compelling case (or even tried to?) for how this was a REALLY BAD IDEA (tho' I guess Colin Powell – not a toadie – tried). And – this is the part where I make a generalized statement only tangentially related to the prima facie subject of this post – the overarching problem here is that people, ALL the people, are fucking awful at information management & security. You ~might~ be able to convince a person to always use a strong password, and you might help them to make sure that their email client is using TLS to connect to their server, but then they'll let the application remember the password, because that's convenient, so that anyone sitting at their computer or operating their phone has full access. Public-key encryption for sensitive/personal messages? Waaay too inconvenient, for sender /and/ recipient. VPN? What admin wants to set-up a VPN? Too inconvenient! Bottom line: Clinton should never have been allowed to conduct state business with a private email account. She did it because she could and because it was not, in itself, a violation of policy to do so. Did she violate Title 18? Eh, possibly, although I will bet you money that even after these new emails are sifted-through there's not going to be enough evidence of wrongdoing to prosecute her for that. If she had classified information on her server, then we should also be asking why it was ever delivered to a private server in the first place. Clinton's taking a lot of heat for this personally, but the fact is, infosec at the State level is clearly not terribly well managed. -- Excerpted from: PUBLIC NOTES (G) http://alph.laemeur.com/txt/PUBNOTES-G ©2016 Adam C. Moore (LÆMEUR)