Shemails
There is a lot of chatter about unethical use of email. Specifically, conflating the equivalence, often at a very low resolution, between improper use of emailing by Ivanka Trump and the extraction of email archives and migration of email service from the State Department to Hillary Clinton’s private location.
Whenever this is alleged, it is usually done without any specific terms or description of details, other than simply expressing that there are improper actions involving the use of email in both cases. That’s actually where the differences end.
It doesn’t take much to demonstrate dramatic differences in the degree and volume of behaviours that can reasonably compel one to believe that there was a breach of trust. What is often ignored completely is the degree of disparity in the potential consequences that could result from each set of behaviours.
Let us examine the actions themselves. What do we know about what happened?
Ivanka used her gmail account to send messages for official matters of the United States.
Persons acting at the behest of Hillary Clinton, who were able to access or receive authorization to access her email data, moved or copied that data and took it to a private location, believed to be Hillary Clinton’s home, where they were copied to new infrastructure that provided storage and email services. Then, Hillary Clinton’s personal electronic devices were reconfigured to send and receive email through this private infrastructure.
Security
The security of Ivanka’s data was probably not changed. That is to say, emails that are sent through gmail are encrypted using technology and protocols that are considered standard (SSL encryption).
This was likely done out of convenience and laziness, and demonstrates unprofessional behaviour.
The security of Hillary’s data was definitely at risk for various reasons. The first reason is that we don’t know what’s involved in extracting data from the State Department’s data centers. We don’t know, for example, if the person performing the task was given clearance to do so, as this might indicate breaches of ethics by anyone who had the authority to do so.
We also don’t know how the data was copied or what medium for transport was used. It might have been done through ftp, especially if the technician performing the work was not a security expert. This would have definitely posed an opportunity for malicious entities to gain access to the data.
Furthermore, we know that the server which this data was ultimately served from was not using SSL encryption. Though considered to be a secure standard, it is not particularly difficult to implement and the fact that it was not demonstrates that the technician did not possess the competencies necessary to perform the work safely. A lower standard for the selection of technician implies that there were constraints on accessing a suitable selection pool of prospective technicians, suggesting that the decision to have this task performed was a more private one.
After this work was performed, and Hillary’s devices were configured to connect to the private server, she used them to an unknown degree, but it is plausible that they were used exclusively, as she had been using them for some time. Even if she had not been using them exclusively, it does not really change the fact that the reasons for choosing to send even just some of her emails through the private instructure are not necessarily arbitrary. This, again, suggests that one could be compelled to choose the private server because it serves a personal advantage not otherwise present when utilizing the State Department’s email services.
Whenever Hillary was away from her home, she would be connecting through a range of networks, likely to frequently involve localized WiFi services and VPNs. As her own connection to the server was unencrypted, this meant that data that was transmitted is visible in “plain text”, and not even encoded into different characters, which would be a simple technique for obfuscation, but of course considered, at best, to be a less than mediocre security measure. Likely infosec professionals will scoff at the use of the terms security and obfuscation together. Sorry for cringe.
The next issue that is obvious and should be considered is that not only are trips being made to countries that are competing with the United States in some manner or another, but strategic diplomatic action with malicious or countries that are otherwise deemed to be a threat to the United States sometimes requires transporting oneself to a location that is contains more unknown factors, such as a locality within an enemy country’s territory. This means that the likelihood of observers who are purposely trying to obtain Hillary’s private data is very high, at least some of the time that she is working.
All of these observations and their implications paint a clear and distinct different set of outcomes and necessarily unethical behaviours. The number of, and degree of significance, for every possible dishonest action is much greater when considering Hillary Clinton’s private email server and comparing it to Ivanka’s use of gmail to send emails for official matters.