Emails Show Hillary Clinton's Email Server Was A Massive Security Headache, Set Up To Route Around FOIA Requests

from the breaking-badly dept

More bad news for Hillary Clinton and her ill-advised personal email server. Another set of emails released by the State Department shows the government agency had to disable several security processes just to get its server to accept email from Clinton's private email address.

The emails, reviewed by The Associated Press, show that State Department technical staff disabled software on their systems intended to block phishing emails that could deliver dangerous viruses. They were trying urgently to resolve delivery problems with emails sent from Clinton's private server. "This should trump all other activities," a senior technical official, Ken LaVolpe, told IT employees in a Dec. 17, 2010, email. Another senior State Department official, Thomas W. Lawrence, wrote days later in an email that deputy chief of staff Huma Abedin personally was asking for an update about the repairs. Abedin and Clinton, who both used Clinton's private server, had complained that emails each sent to State Department employees were not being reliably received. After technical staffers turned off some security features, Lawrence cautioned in an email, "We view this as a Band-Aid and fear it's not 100 percent fully effective."

While trial-and-error is generally useful when solving connection problems, the implication is undeniable: to make Clinton's private, insecure email server connect with the State Department's, it had to -- at least temporarily -- lower itself to Clinton's security level. The other workaround -- USE A DAMN STATE DEPARTMENT EMAIL ADDRESS -- was seriously discussed.

This latest stack of emails also exposed other interesting things... like the fact that Clinton's private email server was attacked multiple times in one day, resulting in staffers taking it offline in an attempt to prevent a breach. (h/t Pwn All The Things)

In addition to the security issues, there's also some discussion about why Clinton was choosing to use her own server.

In one email, the State Department's IT person explains the agency already has an email address set up for Clinton, but offers to delete anything contained in it -- and points out that using the State Dept. address would make future emails subject to FOIA requests.

[W]e actually have an account previously set up: SSHRC@state.gov. There are some old emails but none since Jan '11 -- we could get rid of them. You should be aware that any email would go through the Department's infrastructure and subject to FOIA searches.

So, there's one reason Clinton would have opted to use a personal email address and server. More confirmation of the rationale behind this decision appears in an earlier email (2010) from Clinton to her aide, Huma Abedin.

Abedin: We should talk about putting you on state email or releasing your email to the department so you are not going to spam. Clinton: Let's get separate address or device but I don't want any risk of the personal being accessible.

There appears to be some intent to dodge FOIA requests -- either by ensuring "no documents found" when Clinton's State Department email address was searched, or by being able to control any release by being the chokepoint for responsive documents.

To accomplish this, Clinton's team set up a private email server that was insecure and did not follow State Department guidelines. In fact, her team brushed off the agency more than once before finally informing it that they simply would not comply with State Department regulations.

In a blistering audit released last month, the State Department's inspector general concluded that Clinton and her team ignored clear internal guidance that her email setup broke federal standards and could leave sensitive material vulnerable to hackers. Her aides twice brushed aside concerns, in one case telling technical staff "the matter was not to be discussed further," the report said.

The FBI investigation that Clinton refuses to call an investigation continues. There may be no criminal charges forthcoming, but there's already plenty of evidence that Clinton's use of a private email server was not only dangerously insecure, but put into place in hopes of limiting her accountability.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: email, foia, hillary clinton, security, state department, vulnerabilities