
NSA refused Clinton a secure BlackBerry like Obama, so she used her own - tortilla
http://arstechnica.com/information-technology/2016/03/nsa-refused-clinton-a-secure-blackberry-like-obama-so-she-used-her-own/
======
fabulist
This is a classic story that gets repeated again and again, and security
professionals should take note; if you forbid your users from doing something,
they will route around you to do it, and it will be end up being less secure
than if you were involved.

Haroon Meer says that saying "no" is a finite resource that security
professionals are too willing to tap. If an organization comes to see your
department as an obstacle that shoots down ideas and never contributes, you
end up ignored. Chip in with ways to make bad ideas less bad, because we
already know that deploying any vendor's software is a loss to security.

~~~
talmand
I'm not sure I understand. Are you saying that security professionals should
lower their standards because too many people don't want to follow the
protocols that security professionals have determined to be the best course of
action?

Must be nice to have a high enough position in life to ignore security
protocols at whim. If I did that I would be fired.

~~~
mywittyname
I think he means, if you tell somebody that you can't do something that's
technically possible, they will find someone who can and will do it.

They did it for the previous administration but refused to do it for her and
offered no good alternative. She couldn't fire them and replace them and with
someone more capable, so her team found an alternative.

This is exactly how a person who is used to getting shit done would operation.
You either break down obstacles or you go around.

~~~
13thLetter
Just to be clear, in this case "getting shit done" meant recklessly creating a
massive security breach at the highest levels of the government.

~~~
mywittyname
During a period of time when government insiders were leaking damaging
classified information on the internet.

I can see how she would consider her actions to be the lesser to two evils, at
least she could trust her people.

~~~
13thLetter
That's the equivalent of someone who sees a bunch of broken windows in the
neighborhood and therefore figures it's okay to toss a beer bottle out the
window of their car.

Mind you, I could see that being her thought process, it's very human. But it
is hardly a ringing endorsement of her behavior and principles, to say the
least.

------
specialp
I understand that is is very inconvenient to use the channels provided to
transmit confidential information, but that goes with the job. It is also
probably inconvenient to have a massive physical security detail follow you
everywhere as well but that is also necessary as a high profile government
official.

Securing mobile communications on a massive scale according to SCI government
specifications does not happen overnight, and is not very easy. So
unfortunately she has to use the channels provided, however clunky they are. I
am sure Mrs. Clinton wouldn't hop into her car to visit a friend without
gathering a full security detail. Yes this curtails her life, and yes it is
inconvenient, but it is necessary just like securing her communications is!

It is like if I were working for a large bank, and I put in a back door VPN to
the network since their VPN client only works on Windows, and I want to use
Linux. Sure more convenient for me, but it is not my place to subvert security
for my own personal convenience.

~~~
rm_-rf_slash
I don't know why this comment was downvoted without explanation, because your
point is correct: as a public servant, one is expected to live up to and
follow the rules and laws dictated for that position.

Security is something you never need until you need it the most.

~~~
kafkaesq
_Security is something you never need until you need it the most._

Yeah, we get that part. But it isn't about secure, or not secure.

It's that she (or more specifically Donald Reid, her secure information
technology coordinator) was never provided a legitimate explanation as to why
this technology was available for the POTUS -- and for her predecessor -- but
not for her. So it's understandable that they felt dissed.

~~~
specialp
Feeling dissed, is one thing, but subverting the process is another. The
explanation given was that scaling the Blackberry that the POTUS was given was
unmanageable. Whether that is a fair explanation or not we do not know. Even
if it were not a fair explanation, does that give Mrs. Clinton the right to
basically backdoor the whole process?

~~~
kafkaesq
_Feeling dissed, is one thing, but subverting the process is another._

Agreed - I definitely do not condone her going rogue in response.

My message is simply: if the NSA can't (or won't) reasonably coordinate with
the 2nd most important office holder in the Executive Branch, on what should
be a perfectly tractable issue... then we have to wonder whose interests
they're serving, exactly.

 _The explanation given was that scaling the Blackberry that the POTUS was
given was unmanageable._

Actually what they said was quite different.

------
Someone1234
This makes Clinton seem petty.

She had a wired-computer she could check email on in the SCIF, but she refused
and was only willing to read her email on a Blackberry, so her staff tried to
get authorisation for one, failed, and then tried to get her a highly
sensitive top level device just so she could check her unclassified email in
the SCIF (she could use a standard Blackberry elsewhere).

I'm siding with the NSA here. She should just buck up and learn to check her
email on a wired PC like everyone else.

~~~
res0nat0r
This is easy when you work in an office every day at the same location for
your job. As Secretary of State travelling all of the time around the world
this isn't realistic.

~~~
talmand
Imagine all the previous people in that position that were incapable of
properly doing their jobs because they had no Blackberry in which to receive
secured information.

~~~
inopinatus
It says in the article that Condaleeza Rice + staff were authorized for BB use
whilst SecState, but the grant of that was withdrawn for Clinton.

~~~
Someone1234
It wasn't withdrawn for Clinton, it was withdrawn for the devices themselves.
The NSA decided the potential consequences for a baseband compromise within a
SCIF was too high risk.

Honestly I suspect their policy is "no wireless devices within the SCIF
period." From wireless keyboards, to cellphones, to WiFi, and beyond. The
black phone might be authorised but I suspect that is due to operational
importance (e.g. calls vital to national security).

------
chris_wot
This is literally the highest level example of Bruce Schneier's theory that
people understand risks, but security people don't understand people. [1]

Let's look at this classic case: they won't give Hillary Clinton access to a
modified BlackBerry that Obama was using because it made security
"unmanageable". Even though Clinton's position is literally one of the most
important in the country, if not the _world_ the NSA decided it was a security
threat and so just didn't allow it to happen.

So Clinton setup her own email server infrastructure and conducted all State
business through that.

So now those same security people caused a considerably greater threat to
national security.

Someone should find who denied Clinton access to a secure BB, then they should
be removed from any security related work. I almost feel sorry for them if
Clinton becomes President, because their days will hopefully be numbered. But
I don't feel sorry, because their short-sightedness caused a greater risk to
U.S. National Security.

1\.
[https://www.schneier.com/essays/archives/2009/08/people_unde...](https://www.schneier.com/essays/archives/2009/08/people_understand_ri.html)

~~~
tn13
It feel the same about these modern chip based credit cards. While giving a
totally intangible security benefit these cards have brought great discomfort
to everyone. A swipe takes around 1 second to register. Chip based cards take
anywhere from 5 to 9 seconds with the message "do not remove card" flashing in
between. Machines are designed such that you have to insert card in a slit you
cant see, I have seen elderly people struggle to do that and cards falling out
on floor creating more delays.

I really wonder if the wasted human time is worth saving handful of frauds.

~~~
elthran
I still find it bizarre the USA is only just dealing with this - the UK and
most of Europe moved to chip and PIN years ago, and are now increasingly
rapidly moving to using contactless payments.

~~~
mikeash
I'm American and I find it bizarre too.

What really baffles me is how inconsistent the rollout has been. Chip-capable
terminals are everywhere, but maybe 3/4ths of them don't have the chip part
enabled. So many times, I've inserted my card only to find that it simply
doesn't work. Yesterday I made a purchase where they had taped over the slot
so you wouldn't even try.

It seems like once you have the hardware, the rest should just work. I don't
know what the hell is going on.

~~~
stock_toaster
I was at a place the other day with a taped over chip slot, with a little note
saying "please swipe". I asked what the deal was, and the guy said all chip
purchases were being double billed (apparently due to some software issue). I
commented, "at least they were being _securely_ double billed". Chuckles all
around.

------
johngalt
A number of comments here blame the security people or government IT in
general for not being accommodating. That may be appropriate in some cases,
but anyone who has worked in IT for any length of time understands how this
happens. Systems that you don't like are created by bad policies, not bad IT
people. Bad policies are driven by overly centralized security responsibility.
The security department that says no to <X> because they are responsible for
whatever you manage to do with <X>.

Think of a car accident. There is a diffusion of responsibility. The decisions
both drivers made, road conditions, weather, speeds etc... You would only be
concerned with the manufacturer of the car if one of the safety systems
malfunctioned. Yet in the case of computer security we want to hang all the
contributing factors/decions around one party: the security team. Imagine if
General Motors was liable for every car accident; regardless of fault. Every
time someone didn't put on their seatbelt, or drove through a flooded road
etc... What kind of cars would be produced? Certainly not the kind you would
enjoy driving.

The day that we can have the security departments we want is the day we
understand that we can't absolve ourselves of all security responsibility.

------
grej
Having dealt with classified work in a previous life, there's no doubt that if
any normal joe without her political connections did anything remotely close
to this type of thing, they'd wind up in prison.

Clinton will probably skate. And yet she'll be the first person demanding that
we try Snowden and keep Chelsea Manning locked up.

~~~
jhayward
It's not crystal clear that she violated any laws. Agency heads determine
policy for their department's classified information, and she was the most
senior of the agency heads. She had explicit authority to classify and
declassify information, and to say how it can be disseminated.

There isn't that much statutory groundwork to support charges and what there
is says an agency head "is assumed to be acting under executive authority",
i.e. as the arm of the President.

The Congressional Research Service wrote a rather helpful summary[1] of the
myriad aspects of classification and law.

[1]
[https://www.fas.org/sgp/crs/secrecy/RS21900.pdf](https://www.fas.org/sgp/crs/secrecy/RS21900.pdf)

But yeah, if you or I were to do what she did, big difference - just not all
because of politics.

~~~
grej
I hear you, although I would argue that someone with her position should have
been the first person to know whether what they were sending needed a security
designation or not.

The fact that 10-15% or so of those emails needed a retroactive security
classification demonstrates that she held either had a cavalier attitude
toward guarding that information, or was simply incompetent in knowing what
should and should not have been classified.

Whether that rises to the level of a criminal act, I suspect, depends on
whether any of the 30k+ emails she deleted, claiming they were personal, also
contained classified material, because then the crime is lying to the FBI more
so than the reckless handing of classified information.

~~~
snowwrestler
Information does not get de-classified just because it is publicly known.

For example if one of Clinton's friends forwarded her a NYTimes story about
CIA activity in Syria, and she forwarded that to a deputy, well, now she has
both received and sent classified information from her email.

And even though it might have been on the front page of a newspaper, a
retrospective review would designate it as classified information.

Would a staff-level person get fired in that situation? I don't know. _So much
stuff_ is classified these days, and yet the press is pretty good about
ferreting out stories. Any regular reader of the major news operations is
probably going to see classified info on a regular basis.

How easy is it to keep track of which public, well-known news stories should
be excluded from nonsecure email? I would guess, not that easy.

~~~
over
I've seen the same thing at companies, where employees get in trouble for
talking about confidential information that is known outside of the company.

I think the rationale is because sometimes the file gets updated internally
such that the leaked info is no longer accurate and the person with access
might screw up.

------
jsprogrammer
The title seems incorrect.

>And while Clinton's predecessor Condaleeza Rice had obtained waivers for
herself and her staff to use BlackBerry devices, Clinton's staff was told that
"use [of the BlackBerry] expanded to an unmanageable number of users from a
security perspective, so those waivers were phased out and BlackBerry use was
not allowed in her Suite," an e-mail from the NSA's senior liaison to the
State Department noted.

NSA says that they could not ensure the security of BlackBerry devices. That's
not a refusal, just the facts. Is someone expecting the NSA to magically
conjure unlimited, secure BlackBerries?

~~~
hackinthebochs
Securing the blackberry is a red herring. What they wanted was a functionally
equivalent mobile device. If providing such capabilities isn't exactly what
the NSA should be doing, then they shouldn't exist.

------
rrmm
From my inside perspective, government IT is dumb.

Not that that excuses her going off and using her own. The NSA should probably
evaluate if the end result of their refusal was more security or less.

~~~
barney54
But why would the NSA believe that she would set up her own server? Other
Secretaries of State hadn't done anything like that.

~~~
bbatha
> Other Secretaries of State hadn't done anything like that.

They actually have, the FBI is auditing the last 4 Secretaries of State and
has found similar use of private email servers [1]. Outside of the state
department the Bush administration was rife with the use of private, RNC
managed email servers [2].

1\. [http://www.nytimes.com/2016/02/05/us/politics/state-dept-
cla...](http://www.nytimes.com/2016/02/05/us/politics/state-dept-classified-
data-found-ex-secretaries-personal-email-john-kerry-condeleezza-rice-colin-
powell.html?_r=0)

2\.
[https://en.wikipedia.org/wiki/Bush_White_House_email_controv...](https://en.wikipedia.org/wiki/Bush_White_House_email_controversy)

~~~
barney54
None of these guys used their private email exclusively for government
business. That is the key. They all had State Department email. Clinton did
not. ALL of her email was on her private server.

------
AcerbicZero
Perhaps I'm overly cynical but I'm guessing she got caught with her phone in
the SCIF more than a few times before she got the message to leave it outside.

------
cm2187
I was rather impressed by Clinton's IT skills, managing her own mail server,
using electronic communications extensively, and according to this even asking
the NSA to provide a bberry.

Then I read:

> As I had been speculating, the issue here is one of personal comfort…
> [Secretary Clinton] does not use a computer.

What?

~~~
azinman2
She obviously didn't setup the email server herself.

~~~
deong
I might be more excited about voting for her if I thought she could
commiserate with the pain of sendmail.cf files.

------
Glyptodon
So basically she's even more guilty than previously realized, but perhaps a
little more sympathetically so.

------
thedz
Important bit from the article:

> the solution supported by the NSA—its SME PED (Secure Mobile Environment
> Portable Electronic Device)—was hardly BlackBerry-like. SME PED devices are
> based on a secure version of Windows CE, and they're only rated up to
> "Secret" classification. And as Clinton was taking over at State, the SME
> PED was only just becoming available.

It sounds like at the time that Clinton was moving into State, there was,
literally, no good solution supported by the NSA for mobile email use.

Which considering it was 2009, and mobile email was already prevalent with
Blackberry, iPhones/Androids, etc, is well, maybe par for the course for
government entities.

------
junto
I'm reading between the lines here, but is it suggesting that Clinton didn't
trust the PC she had been assigned, and that she suspected she was being spied
on?

Was this the reason why she chose to run her own email server (not that it was
secure but still)?

~~~
grej
Maybe she did not want anyone in to be able to FOIA her correspondences. She
has said she deleted about 30k emails off the server because she claimed they
were "personal in nature". The problem is, that wasn't her call to make.

------
joesmo
I'm so glad people are finally, hopefully going to shut up about this soon.
I'm surprised Clinton didn't just say this herself and end the scandal months
ago. It's an extremely lame scandal because we're talking about unencrypted
email anyways, email that could have been read by anyone and everyone and
almost undoubtedly was. The irony that it was the NSA (as usual) that made
things less secure instead of more secure is certainly not lost on me.

~~~
barney54
People are not going to shut up about this. This will be an issue through the
election. It's a really big issue that the Secretary of State was so cavalier
about how she handled classified information.

~~~
Aloha
I'm going to point out that no one has found a single email sent to Secretary
Clinton that was born secret - all of the emails were retroactively
reclassified.

~~~
thrill
No, they are not "retroactively" classified. They were intentionally kept out
of the classification process by Clinton via her undisclosed server. When the
emails were finally inspected for classification many of them were designated
as containing what _should_ have been classified from their creation. This act
was fully intentional by Clinton. And inexcusable.

~~~
Aloha
That would cover emails sent by her - but not emails sent /to/ her - which
arguably if they were classified never should have left the email servers
hosted by Department of State/General Service Administration.

~~~
castis
I don't believe I understand the reason for pointing out the distinction. IIRC
the overarching issue here is the subterfuge involved in the email server even
existing.

