Burn after reading.

Photographer: Chip Somodevilla/Getty Images

Clinton's E-Mail Server Was Never Safe

Leonid Bershidsky is a Bloomberg View columnist. He was the founding editor of the Russian business daily Vedomosti and founded the opinion website Slon.ru.
Read More.
a | A

It's hard to top the irony of Hillary Clinton's homebrew e-mail set up. The only reason anyone would run their own e-mail servers in an era of highly functional and free mail systems is to avoid all government surveillance. In some sense, a top U.S. government official, perhaps the next president, decided to suddenly go survivalist.

Her ploy may have been effective in keeping her private interactions secret from the government she helped run. But it's important to know that it's unlikely it could have accomplished much else. Her data was always still accessible to determined hackers and even creative reporters.

Consider this. A Whois query about the domain Clintonemail.com, which Clinton apparently used while she was U.S. Secretary of State, returns the information that its registrar is a Florida company called Perfect Privacy. On its website, it tells potential clients that if they register a domain in their own name, they "become vulnerable to spammers, scammers, and other Internet predators who can target you for solicitation, fraud, identity theft... or worse." The firm claims to "eliminate these risks by ensuring that your personal information stays private."

That clearly hasn't worked in Clinton's case. The Associated Press claims to have traced Clintonemail.com -- a domain that's been known to the public since 2013 -- "to a mysterious identity, Eric Hoteham," who "was listed as the customer at Clinton's $1.7 million home on Old House Lane in Chappaqua in records registering the Internet address for her email server since August 2010." I'm not sure which records they're referring to, but the inquisitive reporters apparently broke through the first privacy barrier protecting the Clintonemail domain.

As anagram experts were having fun with the name Eric Hoteham, The Washington Post already traced the P.O. box listed for Hoteham to the Clinton Foundation. Seek, and ye shall find.

The same goes for the actual e-mail messages that passed through the server apparently located in the Clinton home. I agree with Barton Gellman, The Washington Post's point man on the Snowden revelations, who tweeted today:

Anyone looking for instructions on setting up and running one's own email server will find no shortage of them on the Web. They come complete with important warnings. "Writing this tutorial has demonstrated to me that securing the bulk of your email from government snooping beyond the per-message level is a task whose complexity far exceeds the capability of the average person, perhaps even the average technologist," tech consultant Jeff Reifman wrote on his blog.

The biggest problem with running your own servers, as Lee Hutchinson recently pointed out on Ars Technica, is that "you are responsible for the care and feeding of your system. This is not an impossible task -- it's not even really difficult -- but it is non-trivial and never-ending. Applying critical updates is your responsibility. When do critical updates come out? That's your responsibility to keep track of, too." Not trusting government information technology experts to do this and hiring your own is a risky move for a public official, not because government employees are better at Internet security -- far from it -- but because it means assuming full responsibility for preventing a hack.

Besides, running one's own e-mail only keeps your messages out of the unspecific dragnets typically run by the National Security Agency and other intelligence services. Even if the private consultant working on the server is diligent and does everything right, he or she can't always stop direct surveillance. When a server is monitored -- whether by spies or malicious hackers -- everything that moves over that connection, including email, can be skimmed. Encryption helps, but it is not a panacea -- a lot depends on how interested the hackers are.  

Going the private e-mail server route held no advantages for Clinton unless her only goal was to keep certain e-mails away from prying government eyes. That is a natural enough desire, but in the case of a major public figure, it will raise questions about the content of those e-mails, as is already happening now. 

If privacy was Clinton's goal, she should not have used email at all for anything but official communication. That's not a completely outlandish suggestion: Clinton's predecessor, Condoleezza Rice, did exactly that. Nobody is entitled to the benefits of technology. Sometimes one's highly public role makes life less convenient than it is for mere mortals. People with political aspirations as far-reaching as Clinton should understand they have to make a trade-off.

This column does not necessarily reflect the opinion of Bloomberg View's editorial board or Bloomberg LP, its owners and investors.

To contact the author on this story:
Leonid Bershidsky at lbershidsky@bloomberg.net

To contact the editor on this story:
Cameron Abadi at cabadi2@bloomberg.net