I can't watch the video at the moment. Will watch it later.
I'd like to provide some info based on my experience as an email admin for the DoD and an information security officer for both the DoD and financial institutions. These are just things I'd like to point out to consider overall. None of this is in defense or accusatory of anyone. I'm not a fan of Hillary, its just since this email stuff will never seem to go away, and I keep seeing a lot of gaps in understanding how a lot of this stuff happens I just thought i'd share.
1. Anytime you host a mailbox outside of your organization, you are accepting a risk of compromise of that mailbox and you're also accepting the limitations that it puts on your administrators. This applies to ANY mailbox outside of your organization. So regardless of whether it's a private email server, as in the case of Clinton, or a GMail account or Yahoo account it's still the same: it's a risk and it limits your admins. As I understand it, SoS's before Clinton all used external mailboxes outside of the State Departments email system. So there's been a long history of the State Department accepting this risk. That's a risk I wouldn't have allowed and clearly the compromise of Clinton's email server is proof the State Department needs to remove this exception from their protocols. But the point is it's a risk the State Department has accepted long before Clinton came in.
One thing that isn't mentioned much in these discussions is many of our biggest compromises doesn't come from compromises of classified data. It comes from the bulk collection of unclassified data. The government has different acronyms. The one that stuck with me probably because it was the very first reference I was taught was E.E.F.I. Which stood for Essential Elements of Friendly Information. In short, the information was legitimately unclassified, but when combined with other unclassified information it forms a bigger picture that would be considered sensitive and/or classified.
Lets use Clinton's compromised email server as an example of what I mean about EEFIs. So Clinton's email server is compromised. That means the hacker will have access to her email, her delegates email, her calendar, and her contacts. Most of us have used the common online tools for travel so hotel reservations, flight iterneraries, restaurant reservations, etc all send an email about the respective activities. Government travel does the same thing. None of that is necessarily classified though.
So if we're the hacker and we have access to her server and her mailbox we see in her email a travel itenerary that she's travelling to South Korea on Jan 19. An interesting piece of information but on its own not classified. We also see a confirmation email on the hotel she's staying in. Again, on it's own not classified or sensitive. But now we know when she's flying in and where she is staying. Now we look at her calendar as she she has a meeting on Jan 19th at 4pm. Again, alone on its own that piece of information isn't very much. But with the other pieces of information now we know when she's traveling, where she is staying and who she is meeting with. Now we actually have a bigger picture and understanding of what she will be doing on Jan 19th.
Why do I mention this? Just sort of explain why the State Department should have never allowed exceptions for external mailboxes. EVER. The risk of bulk collection of unclassified data is still high and important.
2. One of the limitations this puts on admins is they can't quarantine/clean mailboxes when classified information is sent to external mailboxes. And here's the part that is never mentioned. Classified information gets sent across unclassified networks all the time. 99% of the time it's done in error. And unlike what's often reported, most of the time the people that do it don't go to jail. The people that DO get in trouble are generally repeat offenders or there is evidence that it was done deliberately.
One of the processes the DOD has is when it's discovered that classified information has been sent to unclassified mailboxes, we as admins trace and track everywhere that email went. Every DOD mailbox that email hit is flagged and access to those mailboxes are removed -- even if its a general. Any mobile device that is associated with that mailbox is wiped without question or notification -- even if its a general. If they are 0-6 and above we do at least contact them and communicate whats going to happen, but we still do it. We then remove the classified emails from all those mailboxes. Once every instance of that email is removed, we restore access to the mailboxes. We processed these requests several times a week. That's how often this happens. If the mail just went to a handful of recipients then we can turn it around in just a couple of hours by one admin. But in the cases when it hits a big distribution list and/or goes to hundreds of mailboxes then it make take a day or two with multiple admins working it.
But if a mailbox is sitting outside my systems, ie a Gmail account, Yahoo account or a private email server -- I can't do ****.
So lets say someone sends an email that has classified information in it to a distribution group and Clinton is just one of 30 people in that group. Well it's in her inbox. She didn't send it, she didn't even ask for it, but its now on her server and the State Department admin can't touch it. That's big problem and that's why external mailboxes should have never been allowed.
IT is also audited all the time so there's a whole chain of command that surely knew Clintons mailbox was external and allowed it. There's a big security gap with the State Department and it has clearly existed for a long time. They need to tighten their **** up.
But with the information I've provided, I would hope you can at least see how there is a systemic problem within the State Departments procedures that has existed before Clinton became SoS. And not only does this create risk but also creates a grey area in regards to punishments. If it's a risk the State Department allowed knowingly it's hard to punish people for it. So for example if someone sends Clinton and email with classified email in it whose fault is it? The sender or the recipient? Most will fault the sender since the recipient has no say in the matter. But that instance, that one email has to be investigated. Did the sender knowingly send classified information over unclassified networks? Now lets say Clinton took that email and forwarded to 4 other people. Should she be punished? Well again, depends on if it can be proven she was aware that the email she was forwarding was classified. Then when we're talking experienced and slick/corrupt lawyers like Clinton they can even go "Ok, yea I sent classified email knowingly. Do you have policy that says I cant do that? You do? Ok, now show me where I signed that policy and said I understood and accepted its terms? Oh you dont have that? Well thanks for your time. You might want to start doing that. I'll be leaving on this loophole. See ya."
So it's just a clusterfuck to suss out and even more difficult if the investigations are taking place years down the road. And all of this grey area is home turf for Clinton and she is a master of navigating it and ensuring **** don't stick to her.
Most cases when we see punishment of people mishandling classified information, its generally folks in the military because those folks fall under the UCMJ(Uniform Code of Military Justice). Civilians don't which is why you rarely see civilians get in trouble for it even though they do it just as frequently.
Again, all of this could have been prevented if the State Department didn't allow external mailboxes.
![Bovemanx Motorcycle Phone Mount Holder, [150mph Wind Anti-Shake][7.2inch Big Phone Friendly] Bike Phone Holder, Motorcycle Handlebar Cell Phone Clamp, Compatible with iPhone 16 Pro Max Smartphones](https://m.media-amazon.com/images/I/51F+1sontPL._SL500_.jpg)
