Responding to mounting questions, Hillary Clinton—the former U.S. secretary of state and a presumptive presidential candidate—said this week that she “opted for convenience” by using a personal email account instead of her official one.
But let’s be real: There’s absolutely nothing convenient about setting up a private email server, as Clinton says she did in her Chappaqua, New York, home. And security experts say her system may have had vulnerabilities that could have exposed correspondence to hackers and government snooping.
Setting up a server is no simple task. “It’s a pretty big job to maintain a server like that and make sure it’s properly configured,” says Peter Firstbrook, an Internet security researcher at Gartner. Firstbrook says such an endeavor is “highly unusual.” He has not heard of any companies whose executives had set up personal servers for work emails, let alone government officials.
To set a personal email server, someone would need to:
- Buy a server, which is about the size of a desktop computer.
- Buy an operating system to run the server, most likely a version of Microsoft Windows or Linux.
- Buy an exchange program to manage the flow of emails (Microsoft Exchange Server is the most common).
- Buy a digital certificate to certify that the server has been encrypted.
- Buy a domain name (in this case, clintonemail.com).
- Install the software.
- Install virus and spam filters.
- Set up firewalls, including a message-transfer agent, an email-specific firewall.
- Get a business-class Internet connection—a regular consumer connection likely isn’t reliable enough.
- Configure the devices using the server, such as Clinton’s BlackBerry.
A private server would need to be set up by someone who knows what they are doing, Firstbrook said—most likely, some sort of IT professional employed specifically to set up the system. This professional presumably would then have to continue working to maintain security systems and deal with any breaches.
This server system could have cost thousands of dollars to set up, Robert Siciliano, an Internet security expert, said. If the Clintons used high-end equipment, purchased licenses for operating systems and email programs, and bought powerful antivirus and anti-spam software, the costs would have been considerable. “The more security, more money it would’ve cost,” Siciliano said.
Why would someone set up a home server?
Although it’s unusual and a lot harder than using a service such as Gmail, the Clintons would not be the first people to set up a private home server. Ars Technica published a step-by-step guide to setting up an email server last year. Siciliano said, however, that this activity is “not for the faint of heart.”
A home server allows someone complete control over their digital correspondence. Emails do not live on a server in a datacenter that companies may be sifting through for ad targeting—they live on a hard drive in your living room. In the Clintons’ case, they may have wanted to be in control of the encryption of their correspondence, ensuring that no third parties—whether commercial, hacker, or government—were able to snoop on them. Hillary Clinton said at her press conference on March 10 that the server had originally been set up for Bill Clinton after he left office.
This doesn’t mean that a home server would block against all sorts of malicious attacks. The Clintons would still have had to make sure they didn’t leave themselves vulnerable to being duped into giving up their passwords, just like anyone else. Ideally, they would have used complex passwords that couldn’t be easily guessed, and “two-factor” security, which requires proving they had access to a second device or service—typically, a mobile phone or special passcode fob—to log in. One of the many unanswered questions is whether any administrators or other individuals had access to the Clintons’ emails, especially communications with foreign leaders or the president. For a personal server to be airtight, it would need to be constantly monitored and updated.
“To say it wasn’t compromised is to say, ‘I don’t know it was compromised,’” Stewart Baker, a former Department of Homeland Security assistant secretary, told Politico.
Firstbrook said that there is sophisticated auditing software out there that would allow the Clintons to see exactly who had read their emails and when, but it’s unclear whether they used it. Quartz contacted the office of Hillary Clinton for comment, as well as the Clinton Foundation, but has not received a response.
There is a high likelihood that the system was designed to be as secure as what the government itself uses to manage email, said Siciliano. Experts agree that the Clintons’ set-up was most likely quite sophisticated, according to Scientific American.
It’s unclear, however, if the server was monitored as hawkishly as government servers are because of the high probability that they will be targeted by hackers. “Government cybersecurity experts know that government servers will be compromised no matter what, so they are fully prepared to get hackers off the system as soon as possible,” Alex McGeorge, a security researcher at Immunity Inc, told Business Insider.
That said, even the government’s servers are not without their security flaws: The State Department itself had one of its email systems hacked last November.
By hosting her own email, Clinton was essentially trying to remove security issues associated with the broader, public cloud, Siciliano says. When using a cloud-based email service, like Gmail or Yahoo Mail, personal information resides on a company’s server that the individual has no control over, and could potentially be be breached by hackers. A home server, Siciliano said, is “kind of like putting your money in your mattress.” Before Clinton spoke publicly about her decision to run her own server, Al Jazeera America reported that the State Department advised her to use a government server, as her server was “at greater risk of being hacked,” but she ignored that advice.
Forbes reported that the server was likely unencrypted for the first three months Clinton was in office, which would have made it extremely vulnerable to hacking. Kevin Bocek, a researcher at the Internet security firm Venafi—who discovered the gap in security—said in a blog post that the server that ran the Clintons’ clintonemail.com had no digital certificate when it was first online in early 2009. (Digital certificates help web browsers and smartphones tell if servers are really what they claim to be, Bocek explained.)
Although clintonemail.com now has a certificate, Bocek said the greater concern is that someone could have acquired the Clintons’ passwords while the server had no certificate. Hillary Clinton was traveling in countries where Internet networks are set up to allow the state to perform eavesdropping—such as China—while the server was unsecured, Bocek said.
There is no evidence to suggest that the Clintons have been hacked. But any foreign or U.S. government agency—or private voyeur—could have theoretically accessed that server during that three-month window and continued to observe their communications.
Clinton’s rationale that a home server was more convenient seems a weak one. And it’s hard to imagine that anyone who has absorbed the details revealed by the former NSA contractor Edward Snowden could really believe their email communications to be completely private.
But it’s also plausible that the Clintons’ could have actually been a safe and secure system. While it created some security vulnerabilities, the secretary of state also would have had complete, personal control over her emails, and this may have influenced her decision not to use a government address. However, it has now created a controversy that isn’t going away—which seems hardly worth the tradeoff.