Running a private email server is not for the technically faint of heart. Most individuals around the world rely on the massive infrastructure of Web giants like Google, Yahoo and Microsoft to handle their day-to-day messaging needs. Accordingly, they can send and receive mail without worrying if the supporting infrastructure is protected by proper network security or if they will be personally on the hook for fending off a cyber attack.
Email servers quickly went from a niche, technical topic to the subject of mainstream conversation when it was revealed that Hillary Clinton, former U.S. First Lady, Senator and Secretary of State and prospective presidential candidate for 2016, depended exclusively upon a private email server during her time at the State Department. What are the cyber security ramifications of this approach?
A private email system: A high risk strategy
For starters, opting for the DIY route over a .gov address was risky. The numerous steps required for proper setup and maintenance of an email server mean that there are many opportunities for getting something wrong and leaving all correspondence vulnerable to interception. A secure private email system would need features such as:
- A valid digital certificate to certify that the server was encrypted.
- Security mechanisms such as antivirus software, spam filters and firewalls, including a message transfer agent.
- Specific hardware and software, such as a physical server and a flow manager like Microsoft Exchange.
- Proper configuration of the email server on mobile devices.
- Trained IT and cyber security staff to handle upgrades and deal with the fallout of any breach.
As one can see, managing a private email system can require investing in expensive equipment as well as having personnel with extensive cyber security expertise on hand. Otherwise, the risks of surveillance quickly begin to outweigh the perceived control benefits of running one’s own storage. To its credit, there is no evidence that the Clintons’ email server in their home in Chappaqua, New York, was ever hacked, which may say something about its design and daily operation.
On the other hand, absence of evidence is not evidence of absence, as the old Carl Sagan maxim goes. Large firms, much less individuals maintaining critical IT infrastructure, often see no signs of {a breach? breaches?} and believe that they are in the clear, despite a combination of being under constant pressure from attacks and taking questionable measures to protect their assets. The Sony Pictures breach late last year is a good example, since its presence and impact weren’t immediately apparent, and its execution took advantage of missteps on fronts such as password security.
A possible area for concern with the Clinton email server is whether it was encrypted from the get-go. A team of security researchers speaking to Forbes traced the server’s cyber security history, looking at how certificates in particular had been managed, and discovered that it may have been unencrypted for 3 months early on, when Clinton was Secretary of State for the Obama Administration. As such, it would theoretically have been vulnerable to:
- Spoofing: The email header could have been forged to make messages seem like they came from the Secretary of State herself, when in fact they originated from a rogue party. Phishing campaigns benefit greatly from such convincing imitations of legitimate accounts.
- Malware distribution: Without a digital certificate to ensure encrypted access to the server, the system could have been turned into a distribution pipe for malware embedded in messages. Trend Micro’s Tom Kellermann has observed that the account could have become a “carrier of cyber disease.”
- Surveillance: Unencrypted access would have made spying on conversations relatively straightforward. This surveillance would have spread the risk beyond just Clinton’s correspondence by putting her interlocutors around the world at risk of having their sensitive information lifted and their own networks attacked. Her frequent travel would have amplified this effect.
“Those three months were really risky times especially given the travel of the secretary,” Kevin Bocek of Venafi told Forbes. “Certainly traveling to China raises a lot of concern.”
High risk, questionable reward
Going through all the possibilities of what could go wrong with an unsecured private email server prompts the question: Are there any advantages to doing all the cyber security diligence on one’s own, rather than entrusting it to companies with dedicated teams?
A few arguments have been floated to explain Clinton’s move. For example, one such argument, made by Clinton herself, is that the private email system was “a matter of convenience,” likely referring to her ability to carry just one device for personal and work email rather than two (i.e., a personal phone in addition to a government-issued BlackBerry). Of course, such convenience in device consolidation is only possible through the additional work of configuring the email server for associated devices.
Another explanation holds that Clinton’s move kept her correspondence off of the public cloud. Large email systems keep data on servers over which individual users have no control. This lack of control, of course, is somewhat offset by the around-the-clock security and technical attention that major email providers offer. Still, perhaps Clinton wanted complete control over where and how her messages were being kept. The situation could be compared to managing one’s finances: While most people trust a bank to hold their money, there’s always the option to keep cash in a mattress, as one cyber security expert pointed out to Quartz.
Talking about this issue naturally lends itself to many political and ethical angles that are best discussed elsewhere. In terms of its specific ramifications for cyber security, Clinton’s private email system was a major gamble that courted a lot of risk, despite her claims that it was properly safeguarded, overseen by the U.S. Secret Service and free of any data breaches.
Intrusions, as we noted earlier, are not always apparent at the time. Plus, defaulting to a standard-issue State Department email address is almost always going to provide more security from cyber attacks than running one’s own infrastructure would allow. Government accounts have been hardened over the years with many security regulations and mechanisms, given their prominence as targets for cyber attackers.
However, even these accounts have hardly been free from breaches. Incidents affecting bodies such as the Department of Energy show that government cyber security, despite its relative sophistication, can still struggle against advanced threats. In this context, going it alone with a private email system seems even riskier: If the same amount of attention were channeled toward compromising such setups as is already directed at government email, the prospect of an intrusion would be serious.
