I should begin by saying I generally don’t consider issues like this “30,000 emails” thing. I consider them theatrics for the masses, much like a politician’s sexual details or tax returns. That being said, I’ve been running Exchange (Windows) mail servers for the past 15 years so I know a thing or two about how mail servers are run. So watching this whole issue unfold brought up some interesting issues for me, with our government, with Hillary, and with what changes really need to happen in 2017.
The tipping point was when my wife and I were listening to an episode of This American Life which was trying to justify Hillary’s private e-mail server. The basic premise was that this private e-mail server wasn’t some Machiavellian scheming on Hillary’s part, it was just a certain cluelessness and carelessness about a technology that the government hadn’t really adopted yet. I’d read some other justifications, like that it’s accepted protocol to destroy an old phone with a hammer.
First I’d like to debunk some of these justifications. And first among those is smashing a phone with a hammer. This is not just untrue, it shows real stupidity on the part of whoever decided to smash it. Smashing a phone will just smash the plastic and glass, more than likely it won’t smash the flash memory on which sensitive data may reside.
Of course, in the private sector, business e-mail needs to be encrypted on a phone in such a way that it can never be retrieved if someone were to get the phone. It technically doesn’t even sit on the phone. And if a phone is stolen, the e-mail administrator has the ability to remote wipe it. If you’d like to know more about that you can check out IBM’s MaaS360.
Second was Ira Glass’s charge that a lot of government officials use private e-mail accounts, citing Colin Powell’s use of an AOL account. Now let’s get this straight, there is a huge difference between using a personal commercial e-mail address and hosting your e-mails on your own server. An AOL account can be subpoenaed. AOL follows proper data storage protocols, they can pull up any and all e-mails that ever went through their organization. If Colin Powell were under investigation for something, the FBI could gain access to this.
Not only that, this is a compliance requirement of all private sector businesses. I’d like to introduce you to an appliance I have personal experience with – the Barracuda Message Archiver. All businesses with compliance requirements need something like this. Any e-mail that goes in, out, or through the company gets passed through this archiver, to be stored for eternity. Nobody gets away with deleting anything.
This is in addition to backups. Without regular backups, Exchange simply doesn’t work. You could technically skimp on the backups and keep a short retention history, but you can’t do that with the archiver.
So, my understanding is Hillary’s team made backups, even offsite backups, but didn’t archive. The only way this could result in so many e-mails being deleted by chance is with some combination of deleting e-mails as they come in, and having a very short backup retention policy. Which, if you’re going to keep backup retention that short, why even have them offsite?
Okay, so you see where I’m going with this? Two possible stories surface here, both of which spell something scandalous.
- The traditional story that Hillary’s camp purposely used a private e-mail server so they could write each other e-mails outside the realm of scrutiny, knowing what they were doing was illegal.
- Government agencies do not have the compliance requirements of the private sector, which puts them above the laws they create. Hillary’s team’s carelessness about this is just a symptom of a much larger issue with a public sector that needs a tech overhaul.
Either story speaks of a scandal.
A quick way to vet which story is true is to find out what other senators, candidates, or any political officials run their operations with a private e-mail server. But I have a hunch Hillary’s camp is unique in this behavior. Really, e-mail is so much more complicated than a server. Maybe 15 years ago we could get away with a simple server but we’ve been in the era of strict compliance and sophisticated spam filters for years now. We generally talk of e-mail more in terms of systems than servers. I haven’t even gotten into so many of the other features we have to keep in our e-mail organization. Really, unless you’re an organization of at least a thousand people, it’s more efficient to outsource it.
Unless you have something to hide.