“Clinton's decision to forgo the State Department's servers is inexplicable and inexcusable,” says one security expert.
Hillary Clinton's email controversy turned from bad to worse overnight, as reports surfaced that the former secretary of State relied on her own "homebrew" computer server to send and receive messages, despite apparent security warnings from government officials.
The decision for a high-ranking government official to create a separate email service is something usually reserved for computer geeks and hackers worried about privacy and surveillance. But Clinton's decision to forgo either a government or commercial email account is further stoking concerns that the nation's former top diplomat may have been reckless about securing her communications.
The Web domain clintonemail.com, which Clinton used exclusively to conduct official business during her four years heading the State Department, was run through an Internet service registered to a family home in Chappaqua, N.Y., according to the Associated Press.
"The task of keeping a mail-server secure isn't one even the average [system administrator] is up to. I'd be shocked if her server was even remotely secure," said Nate Cardozo, a staff attorney with the Electronic Frontier Foundation."Clinton's decision to forgo the State Department's servers is inexplicable and inexcusable."
So far, Clinton has been mum on the controversy, although her aides and the State Department have attempted to downplay the furor by saying no classified information was ever transmitted over email and instead always communicated in person, over phone or secure videolink—an assertion her critics have found highly improbable.
Some have defended Clinton's decision, noting that email services such as Gmail and Yahoo are far from hackproof—and that the State Department has its own troubled history of protecting its data, from an email breach last year to the Wikileaks release of hundreds of thousands of diplomatic cables back in 2010.
Clinton's use of a homebrew server was "likely more secure than using some freebie system she signed up for online, which is how several other prominent figures have gotten burned, from Palin to Hollywood types," said Peter Singer, a strategist and senior fellow at the New America Foundation who recently wrote a book on cybersecurity, in an email. The decision "also points to having some professional IT people working for them on it. ... But every type of email system has been hacked at some point."
Singer noted that Clinton's homebrew likely would have been exempt from some of the National Security Agency's surveillance sweeps, especially those that relied on direct access to the data flows of companies like Google, Facebook, and Microsoft.
An Edward Snowden-exposed NSA program known as PRISM forces at least 9 U.S. Internet companies to hand over users' communications, such as email content and file transfers, of foreigners. Data of U.S. persons who communicate with foreigners—something Clinton's job would have required her to do frequently—are scooped up in that surveillance, a practice the NSA has defended as "incidental" collection.
Others were less convinced that Clinton's decision afforded her more security and that it was motivated by anything more than an attempt to dodge transparency. Barton Gellman, a reporter for The Washington Post who has access to the Snowden files, tweeted Wednesday that "it is not possible for a high-value target to secure a home-managed email server."
Adding to Clinton's email woes are new reports that Clinton was warned by State Department technology experts about the potential security vulnerabilities of using a private email service. But that "those fears fell on deaf ears," according to Al Jazeera America, which cited an unnamed State employee.
"We tried," the employee told Al Jazeera. "We told people in her office that it wasn't a good idea. They were so uninterested that I doubt the secretary was ever informed."