Consider this before emailing your Social Security number — or State Department business
From a lone entrepreneur in Nigeria to the U.S. Secretary of State, email security is a major issue that impacts everyone. While third-party email providers like Apple, Google, Microsoft and Yahoo claim their services are safe and secure, sometimes it seems smarter to use your work address instead.
But Hillary Clinton opted to use a personal account instead of a government account while serving as Secretary of State, according to the New York Times. That revelation is causing headaches for the potential presidential candidate because she may have violated rules requiring public officials’ correspondence to be archived.
It’s still unclear why Clinton chose to use a personal email account instead of a State Department-supplied one (or which email service she used). Some observers, however, say it was a security risk for Clinton to go off the government grid. But when it comes to hacks and brass tacks, which email service is actually more secure: Consumer services like Gmail or government email?
“Neither,” says Justin White, a former director of information security compliance for the state of Colorado, who has also worked as an information security consultant with Microsoft, Costco, Wells Fargo, and the state of Washington. When asked which service he would use to send sensitive information, White, a graduate of the FBI Citizens Academy, begins to answer one way, then another.
And then he pauses and says: “You’d have to torture me to force me to do it.”
There are several reasons for White’s wavering response. First, while some governmental email systems are highly secure, that’s not true for every department. For instance, he says, if you were going to send some sensitive information to another agency, if that department has poor security on its servers, your data is put at risk of being intercepted — even if the other office is located just next door.
Secondly, there’s no way of knowing which governmental agency has good email security and which doesn’t, because, for security purposes, they don’t typically reveal their protocols.
“Some people are woefully unprepared at securing their own email servers at an agency level, so for all you know, people could already be intercepting emails,” says White.
Still, the State Department probably has very good email security for classified messages — security that Clinton apparently opted out of using.
But on the other hand, consumer services like Gmail aren’t hacker-proof, either. They often tout the exact measures they use to keep messages secure as a means of marketing — but by doing so, they’re also helping hackers untangle their safety measures. From unencrypted data to servers that aren’t protected and breaches that haven’t been fixed yet, hackers catalog security deficiencies to find ways to break in.
“You could go on any forum as well, and see what other people have researched about any of the different cloud or (email) solutions,” says White.
Is email encryption a magic bullet solution? The disappointing reality is that between the senders’ and receivers’ servers, there are many opportunities for intercepting or hacking into emails. It’s enough to make a person go all Janet Napolitano (the former Secretary of Homeland Security once said she doesn’t use email).
But that’s not to say we should all revert to the digital dark ages — we just need to be conscious about how secure our email services really are. For Clinton’s part, she might have just opted for more secure methods than email for truly sensitive communications. A State Department spokeswoman said Tuesday Clinton could have used secure voice and video chats instead, or opted for something truly old fashioned: printed documents.