The other day on Facebook, I wrote:
I’ll say this about Hilary’s email mess: lots of people (some of my colleagues, lots of my students) don’t think it’s important to discuss and teach things like “how to send an email” or the basics of how “the intertubes works” because this is just stuff people don’t need to know. Email and stuff, the argument goes, is like your car– you don’t need to know how it works to drive it. Well, I hope this convinces people that’s wrong.
Maybe this is all obvious, but given what’s happened with this election, maybe not.
I should point out that I’m voting for Clinton and I hope you vote for Clinton too. I don’t think a “President Trump” (geez, it hurts putting those two words together, even hypothetically) would necessarily be the end of democracy as we know it and/or plunge the U.S. into Mad Max-esque dystopia, but I do know it would be a hot hot mess.
I should also point out that I think Hillary Clinton is the most qualified person (based on previous experiences, at least) to run for president in my lifetime. In a lot of ways, this is Clinton’s problem because even though I have “been with her” from the start, she has done/said/supported things over the last 30 years I disagree with, which is inevitable based on being in public life for the last 30 years. And yes, there are other ways in which Hillary and her family (I’m talking about “the big dog” here) have sometimes done stuff that doesn’t seem completely above board– again, almost inevitable for politicians in the public eye for decades.
But this email mess? In my opinion, it’s not a reason to vote against Clinton because I really really doubt there was any criminality there, either intentionally or unintentionally. (And as a slight but relevant tangent: let’s just set aside the fact that government argues amongst itself all the time but what’s a “secret” and how information should be classified and about proper procedures for handling this information. The second Bush administration apparently had an email server owned and operated by the RNC that “lost”/deleted 22 million or so emails, lots other politicians have in the past or currently still operate some version of a private server, etc., etc. In other words, lots of politicians have done a version of what Hillary did, but the difference is Hillary is running for president.)
So vote for Hillary Clinton, okay? But let’s also learn (or really, relearn) some email basics based on these mistakes, both the ones that she has made and the mistakes I know I continue to make all the time.
Lesson 1 (and this is the most important lesson of all): Always always always remember and never forget that no email system is secure. Assume anything you write and send in an email message could be read by anyone.
For starters, it’s pretty easy for that email you wrote about how Johnny is a complete jerk to be forwarded to Johnny. I’ll admit it, I’ve had emails I’ve written like that forwarded to the wrong person, and I’ve forwarded messages like that to the potentially offended. As is always the case in discussions of security and privacy, humans are the weakest link.
The other thing is because email (and most other internet communications) gets broken up into bits of data called packets and travel through all kinds of computers before reaching a destination, it is possible for the strongly motivated to steal those messages. Think WikiLeaks, though most of us probably don’t need to worry about them snooping around our inbox.
“Pretty Good Privacy” and encryption can make email more secure, but a) it requires an extra layer of process that most of us (certainly this is true with me) are too lazy to do, and b) it still doesn’t solve the problem of the human forwarding a message after decoding it.
I realize email is convenient and easy and all of that, so adhering to this rule– especially in a complex organization where people are spread across time and space– is probably next to impossible. Heck, I just sent an email that probably violates this rule.
Lesson 2: Use your employer’s email set-up (and only your employer’s email set-up) to conduct business. In my experience, this is actually not that easy to do, especially if your employer has a shitty email set-up– which, as I understand it, was part of the reason why Clinton set up this private server in the first place.
I have some personal experience/sympathy with this. Several years ago, before EMU moved to an email system supported by MERIT (for EMU/other Michigan folks, I’m thinking of Zimbra), EMU’s email was so under-powered that it could not handle more than about 20MBs of content (messages and attachments) in any one account. So for several years, I had my EMU email automatically forwarded to a Google account and I used that Google account for all sorts of official business. Like Hillary, I don’t think I did anything illegal or criminal, but I probably had some email exchanges with students about grades and stuff that weren’t completely above-board.
On a related note: know your employer’s policies regarding personal email on the company account. For example, EMU’s Acceptable Use Policy (which I suspect is similar to lots of other universities and similar employers) makes it clear that it is okay to use EMU email for personal and “incidental” uses, as long as you aren’t doing anything illegal. However, it also makes it clear that EMU reserves the right to look at your email without your consent, particularly in the event of some kind of warrant-driven investigation.
So my advice (and personal practice) is to have an EMU email account and my own personal email account. The problem though is even as I work diligently to separate the two, these accounts frequently get crossed: that is, I sometimes get work email on my personal account and vice-versa, and this has become all the more complicated for me now that EMU is using Google for email and related services, which means I often enough get my school Google account and my private Google account mixed up.
Lesson 3: Don’t set up your own server. Again, this is based on what I’ve seen Clinton go through and on personal experience. About 10 years ago, I ran a little server on a Mac Mini cable-locked to the desk in my office. Why was I doing this? Because no one stopped me, I thought it’d be “interesting,” and/or because I was dumb and naive. Well, the first thing that happened was I found out (via an email from EMU’s local IT people) that somehow, my little server was a relay of some sort to some really nasty porn sites. I figured out how to stop that (thanks to some help from the local IT people). The next thing that happened was someone got into my office, cut the cable lock, and took that little server.
The details of who/what/how the infamous Clinton server was set up remains a bit confusing to me, and I am certain that whoever was running it was more of an IT professional than me. But hindsight being 20-20, I think Hillary and I both would have been better off relying on an Internet Service Provider with an established record rather than trying to do it ourselves or even rather than relying on just “a tech guy” or a small operation.
By the way, there was an interesting piece in The Atlantic just the other day called “The Inevitability of Being Hacked.” The good news is that most of us who use modest security measures (e.g., a home router and a professional and vigilant ISP) are pretty safe; the bad new is it took less than an hour for an unsecured device set up by the article’s author to be hacked.