A trivial example: IT requires users to change their passwords every N days. So users start with "password", and when they are required to change it, they use "password1", then "password2", and so on.
A non-trivial example: someone in a high government position is told they have to use a crappy, outdated, locked-down Blackberry device to access their official email, so they start using a personal email account or a personal phone for official business.
Security doesn't work if it's hard to use, because people will find a way around it, and some of those people will have enough power that you can't force them to comply.
Wasn't that more of an effort to get around government records-retention and transparency laws than an attempt to get around annoying and onerous security requirements?
So, she had one of her own staffers take it rogue, with this server deployment.
Like a lot of senior executives, Hillary Clinton seems to have a pretty big ego and a commensurate attitude that she knows what she's doing.
In a larger context, something that really bothers me about all this: The Chelsea Manning problem arrived around the start of her tenure at State. State, the President and administration, pretty much all the powers that be were outraged over this event.
Again, from my reading, I gathered that the system these data were in was fundamentally deficient with respect to the security needs that were outline. Basically, two levels of acccess, with no compartmentalization nor, IIRC, active auditing -- perhaps much of any auditing or audit trail at all.
Clinton was head of State for the better part of eight years. They remained outraged at Manning and never ceased their push for punitive action.
But she very apparently never tackled and fixed the systems deficiencies that allowed the problem, in the first place.
As her campaign proceeded, I read numerous stories about its fundamental disorganization and corresponding disfunction.
To speak politically for a moment, I'd take this in a second compared to the malicious disaster that is Trump and his crony clown car of an administration.
But neither did she acknowledge, accept responsibility for, and actually work to fix the very tools her and State's work are now founded upon.
Go back twenty years. The intelligence services had a better scoped information collection and analysis system that showed real promise, while also better respecting privacy. Thin Thread.
Dick Cheney gets into the VP seat, and he wants to steer as much business as possible to his cronies. Thin Thread gets shut down, and in its place we end up with various proposals and tweaked formulations for what is called -- I can't remember the program names, right now -- "total situational awareness". That drowns in its own inefficiency, imprecision, and over-collection.
And in the gap, we also get 9/11 and a mis-lead if not dis-ingenuous ramp up to a multi-front war on the other side of the globe.
These people don't care about good, proper systems. They and their agendas vary; nonetheless, their agenda always takes primacy. And, invariably, the shortcuts or biased choices they force through end up costing, down the line.
Then they get into Government and we expect them to transplant their entire support network into the new environment. That is not going to happen.
What is needed is for the mail server that someone starts up to support their campaign to be secure be default with Whitehouse-level security made easier than not using it at all.
The hard part is getting people to use S/MIME certificates so that messages are encrypted end to end and you never have to quarantine cleartext on your cloud service.
Surely there is an entrepreneur in the HN crowd ready to take this on?
Fortunately in the latest NIST Digital Identity Guidelines this case is explicitly discouraged : Do not require that memorized secrets be changed arbitrarily (e.g., periodically) unless there is a user request or evidence of authenticator compromise.
Second, good luck until something like this 2017? guideline makes it into the big non-IT corporations, NGOs and governments. maybe 2022? :)
I argued for encryption of the files sent. Reached out to the technical side of the consulting company; the person I interfaced with seemed fine with the idea -- even if it wasn't their standard procedure. (Visions of however many companies sending this data each month, quarter, whatever.)
And promptly got chewed out by my management for my efforts.
It's not just that people like this don't know. It's that they are willfully ignorant until the pain becomes too great.
In other words, you can think of this -- kind of like pollution -- as a large momentum of externalized costs.
Even when companies tank, many of the managers responsible simply move on -- or have already moved on. Customers/clients experiences losses they never fully recoup. The wheel turns, and approximately the same people emerge in a new configuration of business that repeats the story.
P.S. This also reminds me of telling a geologist friend that they should really encrypt their online consulting on oil fiend technical issues for clients in the Far East. A lot of email and IM -- back before most any productized IM had encryption, neither of connection nor of content.
If I were playing the other side, I'd definitely scrape those to learn where production was at, technical tips and knowledge transfer, but also particularly -- and if I weren't interested in the geology and technical side, itself -- to learn of production expectations and use those to maximize the revenue I extracted in rights, leases, perhaps even outright confiscation in some cases.
Oh, not to mention taking advantage of inside knowledge to profit from market valuations, where accessible to investment.
>or the fortuity of foreign agencies not knowing his personal cell number
I find it incredibly difficult to believe that professional intelligence services don’t have his cell phone number already.
Then the access point is VPN-ed and firewalled back to an endpoint that is secured, from which phone calls are then connected directly to e.g. Verizon / ATT / Level3 for
termination to the dialed number.
i.e. network topology is
TrumpPhone <--> WifiAP <--> VPN to <--> Secured endpoint <--> telco/bandwidth .
More security could be added by e.g. configuring a virtual phone number which lives "on the switch" then forwards to a securitized softphone. This would mean that the phone number attached to a physical phone would never be used; and multiple phones configured identically could be set up ahead of time, audited, upgraded, etc.
More specifically, I hypothesize that there is a bubble right now in political thinking: It doesn't matter what evil, incompetent, or highly risky things we do, as long as our side 'wins' in the immediate term. We can safely ignore the longer term consequences. A successful businessperson who relies heavily on international trade told me recently: 'Trump is vile, but I voted for him and I'd vote for him again - because I'm a businessperson and business is good.' In that statement they believe there is a problem but choose to ignore its consequences, even the ones that will directly affect their business (e.g., trade problems).
And that property seems to apply to all idea bubbles in all areas: Ignore the consequences. I can see how bubbles work up close: The mechanism seems to be that when everyone joins the bubble, 1) it's exciting and engaging, and 2) nobody is making us think about the consequences; the social pressure to exercise judgment band behave is gone, because nobody will judge you for it. The parents are gone - let's party! Pick up your pitchforks and torches! This is gonna be Awesome!!!
Reality is that which, when you stop believing in it, doesn't go away. - Philip K. Dick
 Attributed; I don't have time to find the source.
Can someone with more knowledge explain how is this a security nightmare? If he's not using it for email, if it's just for him posting his opinions onto Twitter, I'm not sure I follow why it's so bad?
We can evaluate the likelihood of attack based on the attacker's return on investment: If there's a $1 million secret and the attacker can get it for $0.1 million, that's a good deal; if it costs the attacker $2 million, then why bother?
The value of accessing POTUS' information can't be overstated. It's the literal survival of nations, trillions upon trillions of dollars, the very course of the history of civilization. If foreign powers can access it, even if it costs them billions of dollars, they will. Even allies do it - the U.S. was caught hacking the German Chancellor's phone in the last several years. The same goes for others with the resources and the willingness to break the law, such as organized crime and less scrupulous buinsesspeople - you could easily make billions on the markets by knowing Trump's plans. And if your competitor knows and you don't, you are at a disadvantage.
Also, it's a good source for blackmailing POTUS (an incredible but now conceivable thought) and for gaining similar information about the powerful people he meets with.
To quote Obama about his iPhone:
"this is a great phone, state of the art, but it doesn’t take pictures, you can’t text, the phone doesn’t work, you can’t play your music on it"
When I had a job at an insurance company, where we had to comply with HIPAA et al, most people in the department hated making phone calls. I was there a fairly long time before I got any training on handling phone calls.
Phone call themselves are an information security nightmare waiting to happen in part because it is live conversation. It is hard enough to write a letter that is HIPAA compliant. Certain kinds of letters, like those advising customers of a HIPAA breach related to their policy, had to be written using a form letter and then reviewed by the legal department to make sure it was in compliance and this all went through your boss.
In the claims department, it was common for people to speak colloquially of 'paying claims' because most claims were paid, not denied. But the correct term is processing claims. I had a coworker get in trouble because she called a customer, said something like "We need this information so we can pay your claim" (instead of saying "so we can process your claim") and then the claim was actually denied.
President Reagan helped bring the presidency into the video age. He was a former actor and was constantly aware of surroundings and what was in the background behind him, what was framing his image. This changed the way the presidency was portrayed in visual media, both pictures and film. If you go look at presidential images preceding his administration and those following it, they are dramatically different.
My impression is that Trump made a concerted effort to go where the people were and adopt the channels of communication they used, including twitter. It wasn't his thing, personally. No surprise that he has no clue what he is doing.
Perhaps this is the presidency where we need to figure out how the president uses the internet and social media. Perhaps they need to develop some protocols around it. I don't believe there are previously established good protocols.
This is another venue for communicating with the people. Hopefully we woo't throw out the baby with the bath water in trying to resolve the issues this presents.
And here we are, decent economy, relative peace, no collusion, functioning government. Trump may be unconventional but there's nothing wrong with that (in fact many, including detractors, praise that quality) and it seems to be working OK so far.
Disclaimer: I loathe Trump but believe the criticism he gets is frequently unwarranted.
Why are you trying to downplay how incompetent one president it is by highlighting another candidate? Maybe it is true that they would both have been relatively incompetent, but that is not the point being made here. The example you're giving also does not serve to put things in perspective, as it is also an egregious offense.
I only threw in the "Hillary email" thing because the subject is communications security.