An oatmeal cookie! An oatmeal cookie to the first intrepid reporter who asks Hillary Clinton the really important question about her private email server. No, that question isn't about the legality of her use of private email or even her lack of transparency.
According to Christopher Budd in his article at GeekWire, the truly important matter here is the security of Hillary's "homebrew" email server. Budd presents the frightening but very possible spectacle about the likelihood of all of her emails being accessed by foreign intelligence agents:
The Secretary of State did not use an email account that was hosted on an official State Department server. Instead, she used an email account on an outside server. All accounts indicate that this email account was used exclusively: the Secretary never used an official State Department email account hosted on State Department servers. And reports indicate that this email account was hosted on a physical server that was not physically under government control or protection. Some reports have even indicated that it was located in the Secretary’s personal residence. Some reports have characterized this as a “homebrew” server, and that’s apt and accurate.
These are the facts that we need to focus on from an information security point of view. Because if these facts are true, this can represent one of the most serious breaches in data handling that we’ve ever heard of.
This matters for three reasons.
1. The Secretary of State is a very “high value target” from the standpoint of nation-state threat actors. The President, Secretary of Defense and the head of the CIA would also qualify in this top tier. These individuals handle the most important, most sensitive, most dangerous and therefore most interesting information to foreign intelligence.
2. Nation-state threat actors represent the top of the food chain in terms of adversaries in information security. Nation-states can bring the most talent and resources to bear in this arena. For all the worry about cybercriminals and terrorists, everyone in information security looks at nation-state threat actors as the most advanced and sophisticated threat to defend against.
3. Take #1 and #2 together and you have a situation where the very high value targets are threatened by the most advanced and sophisticated offensive information security capabilities out there. Put another way, the best of the best are gunning for those people to get their information.
Uh-oh! So how good could the security on a homebrew computer be?
The third point is critical: if the best of the best are after your information, you need the best of your best protecting it. And there is simply no way that a “homebrew” server is EVER going to have the security and resources appropriate to defend it adequately.
Yeesh! So a very good chance of the greatest security breach in high level national communications since the British and Americans read German Enigma messages via the ULTRA machine during WWII. Budd himself makes this point:
Unless we learn that this server was being protected by the government using the same levels of protection that official servers are, we have no choice but to assume that this server has been compromised by foreign intelligence agents.
Exit question: If Hillary continues to stonewall, should Congressman Trey Gowdy ask Vladimir Putin to turn over her Benghazi emails?