Clinton’s Homebrew Email Server

Hillary Clinton

Photo courtesy of Ready for Hillary

Clinton’s Homebrew Email Server
| published March 4, 2015 |

By Thursday Review staff

 

As Secretary of State, Hillary Clinton used personal email accounts to handle official State Department and government correspondence—a violation of Federal law and a serious breach of security under the guidelines established for government employees. The story of the protocol violation was first reported this week by the New York Times and other major media outlets.

The revelation that Clinton used personal email addresses to handle daily or routine State Department business raises concerns that she can effectively shield thousands of emails, letters and documents from exposure or scrutiny as she enters the final phases of establishing her candidacy for President. Emails sent or received using the U.S. government’s email platforms would be available for scrutiny by any interested party, including journalists, but email and documents sent using a private network would not be readily available.

More than a year ago, the Associated Press filed a Freedom-of-Information Act request (FOIA) and submitted other official requests to examine Clinton’s digital correspondence during the time she served as Secretary of State. Though both Clinton and the State Department say that the material is intact and safe, so far, thousands of Clinton’s emails remain inaccessible, the principal reason being that the correspondence sent using her private network is off limits—at least under the current provisions of the law.

Clinton has so far not answered any reporters’ questions about the use of her private email account for State Department business, but the controversy surrounding the alternate stream of official correspondence has quickly grown larger this week.

Cabinet-level officials and other top government officials are discouraged—in the strongest possible terms—to refrain from ever using handcrafted file servers or, worse still, the sort of free email accounts such as Yahoo, AOL, Gmail or MSN. Though these popular email platforms are easy to use, security experts tell business people and government officials to avoid the services because of the numerous vulnerabilities associated with free account.

Homebuilt servers and platforms—often crafted by people with moderate-to-above-average computer skills, also present challenges in terms of security. Many of Clinton’s email transactions while Secretary of State were being sent and received, as it turns out, using just such a locally-built server housed in Chappaqua, New York. Security searches of internet records and the IP addresses associated with it show that the server was—or may still be—located in the Clinton home. One of the email addresses used by Clinton at that time: hdr22@clintonemail.com, but the name on the account is listed as Eric Hoteham. Hoteham’s physical address, according the Associated Press, is the same as the Clinton address, though it lists no phone number or other identifying data. A Post Office box set up under Hoteham’s name turns out to be the one also used by the Clinton Foundation.

The server used by the Clinton’s would be a stand-alone piece of equipment, likely set up near one or more home-based computers and possibly a router. Computer geeks sometimes refer to such systems as “homebrew” servers. Though not uncommon for small businesses, security experts warn that such cobbled-together servers are vulnerable to attack. Many such systems are set up by hackers themselves who wish to remain anonymous.

Legal experts say that one reason for setting up such an account would be to dodge or deflect subpoenas or search warrants, or as a way to avoid full disclosure of information. The contents of such a privately-owned server would be protected from civil or government search or seizure.

Journalists who have run public records searches for “Eric Hoteham” have come up empty; his name cannot be found in any city or town, and there are no records that he paid taxes. Many reporters are jokingly suggesting that his name is an anagram, or that his name has been set up merely as a fake identity. The use of a fictitious person for the purposes of conducting State Department business would be a very serious crime, if in fact such a phony operation had been undertaken. But defenders of Clinton have also pointed out that “Eric Hoteham” may be little more than a way for a computer expert to protect himself after having been commissioned by the Clintons to set up a computer server in their home.

Still, there are concerns that Clinton’s out-of-the-box method of operating a privately-maintained email platform and computer network—for the purposes of official government business—is a massive violation of the rules and regulations set up for employees of the Federal government. And for Clinton, the use of such a network would have meant exposing crucial diplomatic correspondence to hackers, criminals or spies.

Though some Republicans, especially those who are looking toward the presidential race of 2016, have pounced on the issue as evidence of what they say is a pattern of non-disclosure by the Clintons, and of Hillary Clinton’s ongoing reticence to address some of the foreign policy controversies from her tenure as Secretary of State, computer experts and security analysts say that larger problem is safety. Emails sent using private servers and modems are vulnerable to hacking and criminal activity, unlike the servers and hardware used by the Federal government. As a result, some of Clinton’s important emails and correspondence would have been exposed to hackers in foreign countries—in theory, at least, including hackers or spies in adversarial lands.

Clinton’s political adversaries, however, seem poised to make the homebrew email system further evidence of Hillary Clinton’s allergies to full disclosure and accountability. Clinton has not been over forthcoming with the release of the documents requested last year by the Associated Press, and there are concerns among some reporters that official State Department emails and correspondence delivered using the home server could be easily deleted or destroyed.

Though the FBI has not confirmed its interest in the matter, some in the media are reporting that the nation’s top law enforcement agency is “looking into the matter” to see if any laws were broken. According to the Federal Records Act, official correspondence of government agencies and officials is required to be a part of a chain of communication preserved for the historical record. According to the National Archives, the Federal Records Act was originally created in 1950, but has undergone several major overhauls and updates to accommodate changing technologies. It was altered for the first time to include email and computer transactions in 1986, then updated again by the Clinger-Cohen Act of 1996, sometimes called the Information Technology Management Reform Act.

On social media, some Clinton supporters have come to her defense, suggesting that the whole affair is blown out of proportion. Neither Hillary Clinton, nor anyone with her campaign, has commented publicly on the matter.

Related Thursday Review articles:

Bush Emails Accidentally Disclose Personal Data; Thursday Review; February 14, 2015.

Clinton Vs. Scorcese: Clash of the Titans; R. Alan Clanton; Thursday Review; January 24, 2015.