Like many Americans, I’ve been trying to explain and justify the 2016 election cycle.
I am not an expert political scientist. I am a software engineer. The question I ask myself is: “What role did technology play in this election?” In particular, I want to focus on email.
Email is an insecure medium. Period.
I once attended an HR orientation session where we were told to write our emails in a way that wouldn’t embarrass the company if it showed up on the front page of The New York Times. The reason was that emails are inherently easy to leak. Even without someone hacking the email server, it is incredibly easy to mistype an email address or add the wrong person or the wrong group to Cc or Bcc list.
We have all heard stories of someone broadcasting their private emails to entire departments or even entire companies. There are anecdotes of whistleblowers forwarding company emails to the newspapers. And of course, we’ve all heard of the DNC email leaks. Email is simply the wrong mechanism for private and secure communications.
Both the DNC and Hillary Clinton could learn a simple lesson that private sector companies teach their employees: write your emails as if you are writing for the New York Times. This way if the DNC CFO Brad Marshall feels the need to send an anti-Semitic email he will think twice.
DNC used an on-premise Microsoft Exchange
To understand what made the DNC email leaks possible and so seemingly trivial I went to Wikileaks and searched for a sample set of emails. In the raw source of the emails there is a clear indication the DNC email system used a custom configured Microsoft Exchange. There are signs that this is an internally configured private server.
I searched long and hard to find out who configured the on-premise Microsoft Exchange server for the DNC and why they did that. Did they properly configure it? Did they rely on Microsoft alone to secure it? Has the DNC followed the advisories on Outlook and Exchange vulnerabilities? Is the DNC taking advantage of the Exchange compliance and security features? Why is DNC not using Office365 or Google?
All you need is a weak link
Any system designed to archive emails is bound to be vulnerable to a leak. A private email server configured to archive emails is susceptible to that one administrator user with a poorly chosen password or a phishing attack. Using a cloud provider isn’t going to solve all privacy and security questions. Google’s Vault that is part of the G Suite is subject to the same vulnerabilities. Recent revelations about Dropbox hack just prove my point.
The implications for transparency and compliance
I fear that politicians, public officials, and publicly traded company officers are likely to gravitate towards end-to-end encrypted means of communication such as Edward Snowden approved Signal. This can weaken and rollback information retention, transparency and disclosure laws such as the Freedom of Information Act and Dodd-Frank Act. My concern is that the institutions we trust with power will become even less transparent.
Storing sensitive emails on-premises doesn’t make it any more secure
The DNC emails were all leaked from an on-premise private Microsoft Exchange server. Personally identifiable data must meet PCI DSS and HIPAA requirements regardless of where it is stored. Sensitive data should be encrypted. As Edward Snowden and the DNC email leaks demonstrated, a determined hacker or government agency can obtain private data from a walled garden environment. Most recently, one billion Yahoo accounts had been leaked from Yahoo's data centers. Hillary Clinton’s private walled garden email server was not immune to government intrusion or hacking either.
All you need is common sense
You don’t need to abandon email or be in violation of archival information rules to feel secure about your communications. Following basic common sense with regards to your data is all that’s needed to avoid disastrous consequences for yourself and others:
- Don’t store anything you would not want to show up on the front page of a major newspaper in an un-encrypted form. If somebody intends to look at your data, whether they are a government or a hacker, they have to ask your permission first to unencrypt it.
- Use two-factor authentication. Stealing your password should not enough for a hacker to access your data. They will need a second mechanism to authenticate themselves.
- Do not use the same password for all of your accounts. Use a password manager, such as 1Password to generate and manage random and secure passwords.
- Apply common sense to your emails: Do not click on links that look suspicious, verify the URLs before you fill out password forms, and take great care not to forward your emails to people you don’t trust. In other words, do not fall for phishing.