I keep getting asked about the Clinton email investigation. So let me answer all your questions.
The issue of Hillary Clinton's private email server. Her explanation is that she wanted to use her Blackberry cell phone.
The thing is, I have a close friend who is about her age who loves the Blackberry and despises the smart phones like the iPhone and Samsung Galaxy phones. I'm actually older than both of them, so I understand why they feel that way. For the Millennials let me show you why:
For you iPhone Millennials, that's a Blackberry. While it is a phone first, it also can do texts and email. But unlike the "smart" phones you love, it has a real keyboard. And it is a QWERTY keyboard for those of us who spent decades typing, first on typewriters and then on computer keyboards. We make far fewer mistakes and we don't want the phone using some kind of auto-correct to change the words we type.
Like it or not, the Secretary of State should be able to use a Blackberry if she wants to, without some tech security wonk insisting she fumble with the latest hot smartphone. In making this statement I have credentials as a tech wonk.
I began working with a computer in 1970 - an IBM 360 - and was operating a computer services business in 1980 with Tandy Model II's. I maintained a sustained level of expertise with computers and the internet since. A decade ago I quit assembling computers and I don't run my own server because in both cases the complexities have compounded and maintenance is a nightmare for one old man. With that said, let's take a look at the truth about that whole government email/server security issue.
It is not unreasonable to assert that some of, if not most of, the worst computer operations in large organizations in the United States can be found in federal and state government.
And based on hacks during the first 15 years of the 21st Century, some of the world's least effective security measures could be found being used in the federal government's computer operations at:
- The White House
- The Department of Energy
- The Internal Revenue Service
- The Office of Personnel Management
- The Army Corps of Engineers
- NOAA
- US Postal Service
- The Department of Education
- The FBI
- The Department of Homeland Security
- Nuclear Regulatory Commission, and
- The State Department
- prepare a description of a need which must be integrated into the department's budget request (a one year process);
- get an appropriation from Congress (typically a two year process);
- get the General Services Administration (GSA) to prepare a complete request for bids (typically at least a six month process);
- get the GSA to receive and review the bids, issue a contract to the lowest bidder, and then issue a notice to proceed (another six months);
- monitor the work of the lowest bidder and sometime around 18 months into the work, fire them and hire someone else - not the lowest bidder - to actually finish the job at 400% of budget (another two years);
- teach everyone to use the system (another six months);
- discover that the "new" system is completely out of date and was out of date by the time Congress appropriated the money because this is 21st Century and to be even moderately secure technology must be substantially upgraded in an ongoing 18 month cycle.
Just to make it clear that I'm not creating a picture of a problem that doesn't exist, consider the following recent stories:
- US State Department Hack Has Major Security Implications from the Security Intelligence website of IBM
- Twin Brothers Sentenced for Wire Fraud, Conspiring to Hack into U.S. Department of State and Private Company from the U.S. Department of Justice website
- State Department email attack 'fits pattern' of Russian hackers, says expert
- Justice, Homeland Security Probe Hack of DHS, FBI Employee Data
Finally, we can't ignore these November 2015 stories Iranian Hackers Attack State Dept. via Social Media Accounts and Facebook Notifies State Department Employees of Iran Hacks nor can we ignore this 2016 story ISIS-aligned hackers leak confidential info on 43 US State Dept employees.
For a more thorough review of 21st Century federal government computer security failures you can download and read Security Matters (1.8Mb PDF file).
So when Hillary reluctantly said her using a private server "was bad judgment", as someone who can lay claim to at least some computer/device expertise I wholeheartedly disagreed with her. She did not use bad judgement.
First, there was no security reason to not use her own server as the State Department's servers offer almost no viable security.
Second there is no reason, indeed no excuse, to make the Secretary of State use a device that is awkward to use for her.
Finally, if it is so important to the American people to have the State Department retain control of the emails for all time, Congress should have funded any and all equipment and systems needed for the Secretary of State to function.
A nice negligible annual lump sum of $330 million ($1 a year per American citizen as an additional cell phone service tax because they think this is really important) to be spent as needed by nerds hired from those funds by the Secretary of State to do nothing but provide computer services and devices that are secure and also convenient solely for the Secretary of State and her/his staff. Most importantly, the spending of those funds must be exempt from all General Services Administration purchasing procedures.
The ultimate point here is that yes, there were rules put in place under the guise of security requirements. As with typical government bureaucracy, the rules focused not on the needs of employees nor were they realistically related to security. They just looked good on paper so that those who should be concerned didn't have to be - the rules looked good because they implied there was sufficient security in place when, in fact, frustrated tech employees knew better and knew the government environment will never allow for sufficient security because the mostly-tech-ignorant public elects mostly-tech-ignorant politicians to Congress.
And by the way, the FBI needs to divert from the Clinton investigation resources needed to do something properly computer security related so that we don't keep reading stories like Hacker Claims Breaching FBI Server, Exposes Details of 80 Miami Police Officers.
Let's quit pretending that Clinton's private server is a bigger scandal than the sorry state of our government computer technology. When Congress has funded for our government agencies proper computer technology by levying an excise tax on smartphones and tablets, then we can worry about whose email is stored where.
Finally, don't pretend that this is some reason not to vote for Hillary Clinton. It is only some reason to not vote for Republican candidates for Congress who have not addressed the subject of security for federal computers systems nor provided adequate funds for that security.
No comments:
Post a Comment