Softpanorama
May the source be with you, but remember the KISS principle ;-)

Contents Bulletin Scripting in shell and Perl Network troubleshooting History Humor

Shadow IT

News Danger of overcentralization Recommended Links Hillary Clinton email scandal Bureaucratic avoidance of responsibility  Bureaucracy as a Political Coalition
Bureaucracies Bureaucratic ritualism Bureaucratic Inertia   Bureaucratic Collectivism Number of Servers per Sysadmin
Parkinson Law The Peter Principle The Power Elite   Corporate bullshit as a communication method Unix flavors
Admin Horror Stories Tips History   Humor Etc

Contents


Introduction

Shadow IT can be defined as software and hardware solutions as well as associated manpower used in organization that are neither approved not supported by the formal IT organization. Typically this is a reaction on excessive centralization and bureaucratization of IT, endemic for large corporations.  It is also can be used for "double books" kind os schemen like for example in case of Hillary Clinton email scandal. In the latter case the key goal was to avoid accountability and disclosure of her emisl while in the position of the Secterary of State of Obama administration:

 

In the past few years, it's gone from being considered a problem to being consider something more or less tolerated because over-centralized  (and/or outsourced ) IT organizations is essentially unable to solve user problems. Helpdesk tickets are travelling two or more days in a bureaucratic maze before assigning to a specialist who can resolve them, laptops are unable to install patches and take 10 minutes to boot; Bluetooth stop working two years ago and nobody care why. Servers can be down for a week.  Sounds familiar. It is ;-)

At the same time IT management is unwilling to acknowledge that the strategy to save cost via over-centralization is dead-ended and quickly reaches the stage of unintended consequences or as they are often called "centralization blowback". So, as we mentioned above, shadow IT naturally develops and mature as a reaction to excessive bureaucratization of central IT typical for large corporations. As well as loss of flexibility of IT (fossilization) resulting in the inability of IT to serve user needs. When a simple helpdesk ticket travels to central helpdesk and then is lingering somewhere for two days and then is assigned to clueless outsourcer, the user community quickly adapt, creates its own experts (out of the most knowledgeable users who run complex home networks, are involved with home automation or robotics) and knowledge centers and start ignoring official IT functions and services.

The term "blowback" is richer then the term of "unintended consequences" and includes the elements of hidden revolt or at least active counteraction to the policies of central IT. (The Full Wiki) :

Blowback is the espionage term for the violent, unintended consequences of a covert operation that are suffered by the civil population of the aggressor government. To the civilians suffering it, the blowback typically manifests itself as “random” acts of political violence without a discernible, direct cause; because the public—in whose name the intelligence agency acted—are ignorant of the effected secret attacks that provoked revenge (counter-attack) against them. Specifically, blowback denotes the resultant, violent consequences — reported as news fact, by domestic and international mass communications media, when the actor intelligence agency hides its responsibility via media manipulation. Generally, blowback loosely denotes every consequence of every aspect of a secret attack operation, thus, it is synonymous with consequence—the attacked victims’ revenge against the civil populace of the aggressor country, because the responsible politico-military leaders are invulnerable.

Originally, blowback was CIA internal coinage denoting the unintended, harmful consequences—to friendly populations and military forces—when a given weapon is carelessly used. Examples include anti-Western religious fanatics who, in due course, attack foe and sponsor; right-wing counter-revolutionaries who sell drugs to their sponsor’s civil populace; and banana republic juntas who kill American reporters.

This is the situation when, unfortunately,  implicitly sending central IT to hell became politically correct in regional offices. But as everything it is important to remember Talleyrand advice to young diplomats "first and foremost, not too much zeal" ;-). 

Forms of Shadow IT

Shadow IT has several forms:

All-in-all rise of "Shadow IT" signify both loss of control and loss of influence that IT organizations experienced during the last decade. It is the most pronounced when due to over-centralization the quality of service became unacceptably low (despite Potemkin villages of official reporting with their excellent and completely fake "incident resolution time" metrics)

Major symptoms of the loss of flexibility and alienation of users

There are several major symptom of this loss of flexibility and alienation from user needs:

Like with any counterculture there are risks in using shadow IT. It you overstep your boundaries you can lose your job. But if everybody is suffering from the same problem attempt to find a solution outside normal IT channel usually is not punished severely. Typically such cases are just swiped under the rag. Often solution initiated as part of "shadow IT' later find its way into mainstream. In this sense it serves as internal innovation incubator.

Countermeasures to the removal of administrative privileges on laptops

Reagan citing old Russian proverb "Trust but verify" was right not only about international relations, but also about best policy for the user laptops. "Trust but verify" compliance is a better approach then "scan and block".

Removal of administrative privileges is essentially declaration from the central IT that the user lost the trust. And it rises the classic question "Who are the judges ?" Why often incompetent (in comparison with staff of engineering and research departments often having Ph.Ds among members) and detached from reality central IT staff should impose without consultation and consent from business departments measures that undermines productivity in those departments? After all central IT is a parasitic organization that spends money earned by business units. Why business units can't be consulted what that need and want and treated like children, who are just told what to do and what don't?

That's why users without administrator privileges on his/her laptops often rebel. Sometimes there is no direct removal, but severe restrictions are imposed via Active Directory (AD fascism). Restrictions that make doing useful work for certain tasks within the framework imposed by organization next to impossible. Again, this typically is not a problem in accounting department (which actually can squeeze overzealous IT jerks pretty easily ;-) but in research units and labs who have creative people able to smash those restrictions, and who understand some part of IT much better then central IT (especially people involved with such things like genome sequencing, molecular modeling, etc where community is generally extremely computer literate.)

At this point it is the central IT which is a loser as people are much more creative and often invent elegant tricks to bypass restrictions imposed by IT infrastructure and create more usable alternative. In other words shadow IT exists because the business unit(s) perceive that IT is not meeting their needs and using official tools is either unsuitably cumbersome and slow or is detrimental to the success of business.

The key performance indicator for IT is availability. But users satisfaction is equally important and disgruntled users represent much bigger danger to IT infrastructure. The danger that stupid and/or overzealous members of security group that invert those measure fail to understand... In other words instead of improving security such measures are undermining it.

Countermeasures by "deprived" members

Let's discuss countermeasures that "deprived" members of corporate units (and that typically includes some It members, for example Unix administrators) can use to restore status quo. There are several avenue for undermining this decision.

  1. Pressure on "power hungry". Typically such measures are introduced during new hardware deployment. As environment is not perfect especially during new laptop deployment period you can always claim that existing arrangement does not allow you to performs some important part of your job. Logging a couple of tickets and putting a negative evaluation for unresolved ticket can help to speed the sobering of "drunk with power" members of IT team, but this is a razor sharp weapon and should be used with extreme caution and only as a reaction to a real screw-ups. You just no longer need to swipe them under the floor. And you need to find and cultivate allies. There is strength in numbers.
  2. Switch to alternative hardware.
    1. Private tablets, Ultrabooks or Macbooks. They are not the expensive and can be used in additional to company granted laptop or in tandem with company granted laptop. Typically company policy is fuzzy about ultrabooks and, especially, tablets that user owns. Here Microsoft Surface Pro can be very handy in bypassing the "IT standards". You probably need to buy your own 4G internet access card and that can eliminate restrictions imposed by company proxy. Freedom has its price :-).
    2. Using some old laptop or desktop connected along with "standard" laptop via Linksys or similar internet gateway with the address translation and ability to emulate Mac address of your standard laptop. For this solution you should be somewhat knowledge in networking or have a friend who does. Of course nmap and similar tools will discover this substitution but usually this is pretty safe method that gives you both the possibility of using standard laptop and "alternative" laptop. You probably need to use additional non-routable address space for those two connections. For example if organization is using 10 network you can use 192.168 network on the segment that Linksys provides. Used Linksys gateway is approximately $10 on eBay so this is not a big expense.
    3. Some unused server can be used as you "surrogate desktop". If old, decommissioned hardware often is not discarded immediately and you are either in It of have a good contacts that can help you in this area this is a good avoidance maneuver. Windows server is not and as an alternative desktop. Linux is mainly suitable for those who have previous Unix experience. If you in IT but not very close to emperor (for example is in Unix group) and as such was selected for repressions, you have multiple opportunities in this area.
  3. Switch to alternative OSes. Current laptops are so over specified that they can curry multiple OSes.
    1. Dual boot. This is the simplest possibility, if you can do without company specific services (for example use you Blackberry for email). Both Linux and some older version of Windows can be installed. Using virtual machine is another. Guerilla installation of Windows 2003 server are also pretty nice countermeasure. Often you can create some fancy justification for such a "private" server and by definition is not controlled by the same group as desktop. So you get more degrees of freedom.
    2. Use a virtual machine. If company allow using VM players you externally are given a free pass for this solution. Microsoft also provides the ability to install VM with Windows 7. You just need to justify this which is not that difficult as many applications after transition has difficulties.
  4. Using "in the cloud" servers or services. Using alternative email is very common among company employees as using official email for private messages is one of the stupidest thing that you can do in the corporate environment.

Those points are of course raw and incomplete. But stupidity of official policy is the gasoline that fuels "shadow IT renaissance" and inventions of those who are affected. Creatively bypassing of those restrictions is a banner of real IT professional. Pleas note that this often puts company data on far less protected then a regular corporate PC environment. Excessive zeal in security often backfire in a very interesting ways.

In many instances, corporate IT policies and standardization efforts are simply stupid in the very exact meaning of this word. They are often created by a clueless bureaucrat that does not understand (and don't want to) understand the situation "in the trenches". That means that even parts of official IT staff can be engaged in "shadow IT" activities.

Creating shadow Web services

The existence of Shadow IT implies a failure on the part of IT to provide the services to meet the users need. As such this problem is a typical sign of the rotting of IT organizations ("fish rots from the head") -- a widespread phenomenon due to promotion of incompetent manages, outsourcing and other related phenomenon. IT is no longer young and losing IQ this is just one of the ailment of the old age.

Deployment of unreliable, slow, resource hungry systems like Lotus Notes, Lotus Sametime, Documentum and to a certain extent SAP/R3 (which often has very slow response that defeats the purpose and benefits of the centralization) also stimulate search for alternatives.

Like any counterculture creating your own Web services entails certain risks including security risks but it would be simplistic just to condemn it like many writers do. For example

The existence of Shadow IT within an organization is symptomatic of a lack of alignment between business units and IT and, possibly, even senior management and IT. Shadow IT is, at best, a shortsighted strategy that may work well for a given business unit, but be detrimental for the organization overall.

(see The Dangers that Lurk Behind Shadow IT — Datamation.com).  One precondition for creation of shadow Web services is the ability to run virtual mashine on you laptop desktop. Or on remote sites, availability of some local Linux expertise

Often Shadow IT is associated with Unix culture and open source software. Linux essentially started as countercultural phenomenon and only recently got corporate respectability. Firewall on Linux box can easily configured to exclude any outsiders. In with special non-routable network used  the service is not visible outside the particular site and it represents much lesser security risks.

Any modern desktop is extremely capable and powerful server in disguise, often superior to the "real" server from HP or Dell that is five years old.  If ti allow "dual boot" configuration you already has all the necessary infrastructure.

Also on remote sites there is always possibility to get "departmental" desktop and use it as departmental server. In case central IT goes nuts this is one path that might be considered. Using Internet ISPs and places like Amazon cloud is another possibility, but here the problem is that your data migrates outside of It infrastructure. This is a definite security risk and this way you might violate some corporate policy.  

Creation of shadow IT file servers

If using corporate file servers is too painful or the became too slow one extra laptop of desktop in the group can fill the void. A simple linux box with Samba is a decent and quick solution.

Creating of alternative email infrastructure

To a certain extent alternative email infrastructure existed as long as Web connectivity exist. Hotmail, Gmail and other Web-based mail applications automatically mean alternative email infrastructure. That only question if how widely it is used (it definitely should be used for all private emails). The fact that it is impossible to synchronize with corporate Blackberry or other smart phone works against shadow email infrastructure but many people have their own smart phones those days in additional to a corporate one.

Conclusions

Shadow IT is a reaction of users to the problem of fossilization and loss of efficiently and competence of over centralized IT organizations. As such it is just a symptom of the disease. In perverted world of corporate IT it is often serves to increase productivity and as such has the right for existence.

It is naive to think that an official edict can stop shadow IT from emerging in a typical large, bureaucratized IT organization with its multiple sites, multiple datacenters and multiple jerks, authoritarians ("kiss up, kick down" type), and psychopaths (especially dangerous are female psychopaths) at the top and middle levels of IT management.

Budgets cuts also stimulate looking for alternatives for officially supported IT products but not to the extent that bureaucratization and stagnation of "official" IT organizations.


Top updates

Softpanorama Switchboard
Softpanorama Search


NEWS CONTENTS

Old News

[Jan 29, 2016] US government finds top secret information in Clinton emails

Notable quotes:
"... Oh, but it is serious. The material is/was classified. It just wasn't marked as such. Which means someone removed the classified material from a separate secure network and sent it to Hilary. We know from her other emails that, on more than one occasion, she requested that that be done. ..."
"... fellow diplomats and other specialists said on Thursday that if any emails were blatantly of a sensitive nature, she could have been expected to flag it. "She might have had some responsibility to blow the whistle," said former Ambassador Thomas Pickering, "The recipient may have an induced kind of responsibility," Pickering added, "if they see something that appears to be a serious breach of security." ..."
"... Finally whether they were marked or not the fact that an electronic copy resided on a server in an insecure location was basically like her making a copy and bringing it home and plunking it in a file cabinet... ..."
"... In Section 7 of her NDA, Clinton agreed to return any classified information she gained access to, and further agreed that failure to do so could be punished under Sections 793 and 1924 of the US Criminal Code. ..."
"... The agreement considers information classified whether it is "marked or unmarked." ..."
"... According to a State Department regulation in effect during Clinton's tenure (12 FAM 531), "classified material should not be stored at a facility outside the chancery, consulate, etc., merely for convenience." ..."
"... Additionally, a regulation established in 2012 (12 FAM 533.2) requires that "each employee, irrespective of rank must certify" that classified information "is not in their household or personal effects." ..."
"... As of December 2, 2009, the Foreign Affairs Manual has explicitly stated that "classified processing and/or classified conversation on a PDA is prohibited." ..."
"... Look, Hillary is sloppy about her affairs of state. She voted with Cheney for the Iraq disaster and jumped in supporting it. It is the greatest foreign affair disaster since Viet Nam and probably the greatest, period! She was a big proponent of getting rid of Khadaffi in Libya and now we have radical Islamic anarchy ravaging the failed state. She was all for the Arab Spring until the Muslim Brotherhood was voted into power in Egypt....which was replaced by yet another military dictatorship we support. And she had to have her own private e-mail server and it got used for questionable handling of state secrets. This is just Hillary being Hillary........ ..."
"... Its no secret that this hysterically ambitious Clinton woman is a warmonger and a hooker for Wall Street . No need to read her e-mails, just check her record. ..."
"... What was exemplary about an unnecessary war, a dumbass victory speech three or so months into it, the President's absence of support for his CIA agent outed by his staff, the President's German Chancellor shoulder massage, the use of RNC servers and subsequently "lost" gazillion emails, doing nothing in response to Twin Towers news, ditto for Katrina news, the withheld information from the Tillman family, and sanctioned torture? ..."
"... Another point that has perhaps not been covered sufficiently is the constant use of the phrase "unsecured email server" - which is intentionally vague and misleading and was almost certainly a phrase coined by someone who knows nothing about email servers or IT security and has been parroted mindlessly by people who know even less and journalists who should know better. ..."
"... Yet the term "unsecured" has many different meanings and implications - in the context of an email server it could mean that mail accounts are accessible without authentication, but in terms of network security it could mean that the server somehow existed outside a firewall or Virtual Private Network or some other form of physical or logical security. ..."
"... It is also extremely improbable that an email server would be the only device sharing that network segment - of necessity there would at least be a file server and some means of communicating with the outside world, most likely a router or a switch, which would by default have a built-in hardware firewall (way more secure than a software firewall). ..."
"... Anything generated related to a SAP is, by it's mere existence, classified at the most extreme level, and everyone who works on a SAP knows this intimately and you sign your life away to acknowledge this. ..."
"... yeah appointed by Obama...John Kerry. His state department. John is credited on both sides of the aisle of actually coming in and making the necessary changes to clean up the administrative mess either created or not addressed by his predecessor. ..."
"... Its not hard to understand, she was supposed to only use her official email account maintained on secure Federal government servers when conducting official business during her tenure as Secretary of State. This was for three reasons, the first being security the second being transparency and the third for accountability. ..."
"... You need to share that one with Petraeus, whos career was ruined and had to pay 100k in fines, for letting some info slip to his mistress.. ..."
"... If every corrupt liar was sent to prison there'd be no one left in Washington, or Westminster and we'd have to have elections with ordinary people standing, instead of the usual suspects from the political class. Which, on reflection, sounds quite good ! ..."
"... It's a reckless arrogance combined with the belief that no-one can touch her. If she does become the nominee Hillary will be an easy target for Trump. It'll be like "shooting fish in a barrel". ..."
"... It is obvious that the Secretary of State and the President should be communicating on a secure network controlled by the federal government. It is obvious that virtually none of these communications were done in a secure manner. Consider whether someone who contends this is irrelevant has enough sense to come in out of the rain. ..."
www.theguardian.com

The Obama administration confirmed for the first time on Friday that Hillary Clinton's unsecured home server contained some of the US government's most closely guarded secrets, censoring 22 emails with material demanding one of the highest levels of classification. The revelation comes just three days before the Iowa presidential nominating caucuses in which Clinton is a candidate.


jrhaddock -> MtnClimber 29 Jan 2016 23:04

Oh, but it is serious. The material is/was classified. It just wasn't marked as such. Which means someone removed the classified material from a separate secure network and sent it to Hilary. We know from her other emails that, on more than one occasion, she requested that that be done.

And she's not just some low level clerk who doesn't understand what classified material is or how it is handled. She had been the wife of the president so is certainly well aware of the security surrounding classified material. And then she was Sec of State and obviously knew what kind of information was classified. So to claim that the material wasn't marked, and therefore she didn't know it was classified, is simply not credulous.

Berkeley2013 29 Jan 2016 22:46

And Clinton had a considerable number of unvetted people maintain and administer her communication system. The potential for wrong doing in general and blackmail from many angles is great.

There's also the cost of this whole investigation. Why should US taxpayers have to pick up the bill?

And the waste of good personnel time---a total waste...

Skip Breitmeyer -> simpledino 29 Jan 2016 22:29

In one sense you're absolutely right- read carefully this article (and the announcement leading to it) raises at least as many questions as it answers, period. On the other hand, those ambiguities are certain not to be resolved 'over-the-weekend' (nor before the first votes are cast in Iowa) and thus the timing of the thing could not be more misfortunate for Ms. Clinton, nor more perfect for maximum effect than if the timing had been deliberately planned. In fact I'm surprised there aren't a raft of comments on this point. "Confirmed by the Obama administration..."? Who in the administration? What wing of the administration? Some jack-off in the justice dept. who got 50,000 g's for the scoop? The fact is, I'm actually with Bernie over Hilary any day, but I admit to a certain respect for her remarkable expertise and debate performances that have really shown the GOP boys to be a bunch of second-benchers... And there's something a little dirty and dodgy that's gone on here...

Adamnoggi dusablon 29 Jan 2016 22:23

SAP does not relate to To the level of classification. A special access program could be at the confidential level or higher dependent upon content. Special access means just that, access is granted on a case by case basis, regardless of classification level .


Gigi Trala La 29 Jan 2016 22:17

She is treated with remarkable indulgence. Anywhere with a sense of accountability she will be facing prosecution, and yet here she is running for even higher office. In the middle of demonstrating her unfitness.


eldudeabides 29 Jan 2016 22:15

Independent experts say it is highly unlikely that Clinton will be charged with wrongdoing, based on the limited details that have surfaced up to now and the lack of indications that she intended to break any laws.

since when has ignorance been a defence?


nataliesutler UzzDontSay 29 Jan 2016 22:05

Yes Petraeus did get this kind of scrutiny even though what he did was much less serious that what Clinton did. this isn't about a rule change. And pretending it is isn't going to fool anyone.


Sam3456 kattw 29 Jan 2016 21:18

Thats a misunderstanding on your part First lets look at Hillary's statement in March:

"I did not email any classified material to anyone on my email. There is no classified material. So I'm certainly well aware of the classification requirements and did not send classified material."

She later adjusted her language to note that she never sent anything "marked" classified. So already some Clinton-esque word parsing

And then what people said who used to do her job:

fellow diplomats and other specialists said on Thursday that if any emails were blatantly of a sensitive nature, she could have been expected to flag it.
"She might have had some responsibility to blow the whistle," said former Ambassador Thomas Pickering, "The recipient may have an induced kind of responsibility," Pickering added, "if they see something that appears to be a serious breach of security."

It is a view shared by J. William Leonard, who between 2002 and 2008 was director of the Information Security Oversight Office, which oversees the government classification system. He pointed out that all government officials given a security clearance are required to sign a nondisclosure agreement, which states they are responsible if secrets leak – whether the information was "marked or not."

Finally whether they were marked or not the fact that an electronic copy resided on a server in an insecure location was basically like her making a copy and bringing it home and plunking it in a file cabinet...

beanierose -> dusablon 29 Jan 2016 21:08

Yeah - I just don't understand what Hillary is actually accused of doing / or not doing in Benghazi. Was it that they didn't provide support to Stevens - (I think that was debunked) - was it that they claimed on the Sunday talk shows that the video was responsible for the attack (who cares). Now - I can think of an outrage - President Bush attacking Iraq on the specious claim that they had WMD - that was a lie/incorrec/incompetence and it cost ~7000 US and 200K to 700K Iraqi lives. Now - there's a scandal.

Stephen_Sean -> elexpatrioto 29 Jan 2016 21:07

The Secretary of State is an "original classifier" of information. The individual holding that office is responsible to recognize whether information is classified and to what level regardless if it is marked or not. She should have known. She has no true shelter of ignorance here.

Stephen_Sean 29 Jan 2016 21:00

The Guardian is whistling through the graveyard. The FBI is very close to a decision to recommend an indictment to the DOJ. At that point is up to POTUS whether he thinks Hillary is worth tainting his entire Presidency to protect by blocking a DOJ indictment. His responsibility as an outgoing President is to do what is best for his party and to provide his best attempt to get a Democrat elected. I smell Biden warming up in the bullpen as an emergency.

The last thing the DNC wants is a delay if their is going to be an indictment. For an indictment to come after she is nominated would be an unrecoverable blow for the Democrats. If their is to be an indictment its best for it to come now while they can still get Biden in and maintain their chances.

Sam3456 29 Jan 2016 20:57

In Section 7 of her NDA, Clinton agreed to return any classified information she gained access to, and further agreed that failure to do so could be punished under Sections 793 and 1924 of the US Criminal Code.

According To § 793 Of Title 18 Of The US Code, anyone who willfully retains, transmits or causes to be transmitted, national security information, can face up to ten years in prison.

According To § 1924 Of Title 18 Of The US Code, anyone who removes classified information " with the intent to retain such documents or materials at an unauthorized location," can face up to a year in prison.

The agreement considers information classified whether it is "marked or unmarked."

According to a State Department regulation in effect during Clinton's tenure (12 FAM 531), "classified material should not be stored at a facility outside the chancery, consulate, etc., merely for convenience."

Additionally, a regulation established in 2012 (12 FAM 533.2) requires that "each employee, irrespective of rank must certify" that classified information "is not in their household or personal effects."

As of December 2, 2009, the Foreign Affairs Manual has explicitly stated that "classified processing and/or classified conversation on a PDA is prohibited."

kus art 29 Jan 2016 20:54

I'm assuming that the censored emails reveal activities that the US government is into are Way more corrupt, insidious and venal as the the emails already exposed, which says a lot already...

Profhambone -> Bruce Hill 29 Jan 2016 20:53

Look, Hillary is sloppy about her affairs of state. She voted with Cheney for the Iraq disaster and jumped in supporting it. It is the greatest foreign affair disaster since Viet Nam and probably the greatest, period! She was a big proponent of getting rid of Khadaffi in Libya and now we have radical Islamic anarchy ravaging the failed state. She was all for the Arab Spring until the Muslim Brotherhood was voted into power in Egypt....which was replaced by yet another military dictatorship we support. And she had to have her own private e-mail server and it got used for questionable handling of state secrets. This is just Hillary being Hillary........


PsygonnUSA 29 Jan 2016 20:44

Its no secret that this hysterically ambitious Clinton woman is a warmonger and a hooker for Wall Street . No need to read her e-mails, just check her record.


USfan 29 Jan 2016 20:41

Sorry to be ranting but what does it say about a country - in theory, a democracy - that is implicated in so much questionable business around the world that we have to classify mountains of communication as off-limits to the people, who are theoretically sovereign in this country?

We've all gotten quite used to this. In reality, it should freak us out much more than it does. I'm not naive about what national security requires, but my sense is the government habitually and routinely classifies all sorts of things the people of this country have every right to know.

Assuming this is still a democracy, which is perhaps a big assumption.


Raleighchopper Bruce Hill 29 Jan 2016 20:40

far Left sites like the Guardian:

LMAOROFL
Scott Trust Ltd board
https://en.wikipedia.org/wiki/Scott_Trust_Limited

FirthyB 29 Jan 2016 20:36

Hillary is in that class, along with Goldman Sachs, JP Morgan, Bush, Cheney etc.. who believe the rule of law only pertains to the little guys.


MooseMcNaulty -> dusablon 29 Jan 2016 20:28

The spying was illegal on a Constitutional basis. The Fourth Amendment protects our privacy and prevents unlawful search and seizure. The government getting free access to the contents of our emails seems the same as opening our mail, which is illegal without a court order.

The drone program is illegal based on the Geneva accords. We are carrying out targeted killings within sovereign nations, usually without their knowledge or consent, based on secret evidence that they pose a vaguely defined 'imminent threat'. It isn't in line with any international law, though we set that precedent long ago.


makaio USfan 29 Jan 2016 20:08

What was exemplary about an unnecessary war, a dumbass victory speech three or so months into it, the President's absence of support for his CIA agent outed by his staff, the President's German Chancellor shoulder massage, the use of RNC servers and subsequently "lost" gazillion emails, doing nothing in response to Twin Towers news, ditto for Katrina news, the withheld information from the Tillman family, and sanctioned torture?

Those were just starter questions. I'm sure I missed things.


Raleighchopper -> Popeia 29 Jan 2016 20:05

http://www.reuters.com/article/us-usa-politics-clinton-idUSN2540811420080326


Rowan Walters 29 Jan 2016 19:51

Another point that has perhaps not been covered sufficiently is the constant use of the phrase "unsecured email server" - which is intentionally vague and misleading and was almost certainly a phrase coined by someone who knows nothing about email servers or IT security and has been parroted mindlessly by people who know even less and journalists who should know better.

As an IT professional the repeated use of a phrase like that is a red flag - it's like when people who don't know what they're talking about latch on to a phrase which sounds technical because it contains jargon or technical concepts and they use it to make it sound like they know what they're talking about but it doesn't actually mean anything unless the context is clear and unambiguous.

The phrase is obviously being repeated to convey the impression of supreme negligence - that sensitive state secrets were left defenceless and (gasp!) potentially accessible by anyone.

Yet the term "unsecured" has many different meanings and implications - in the context of an email server it could mean that mail accounts are accessible without authentication, but in terms of network security it could mean that the server somehow existed outside a firewall or Virtual Private Network or some other form of physical or logical security.

Does this term "unsecured" mean the data on the server was not password-protected, does it mean it was unencrypted, does it mean that it was totally unprotected (which is extremely unlikely even if it was installed by an ignorant Luddite given that any modern broadband modem is also a hardware firewall), and as for the "server" was it a physical box or a virtual server?

It is also extremely improbable that an email server would be the only device sharing that network segment - of necessity there would at least be a file server and some means of communicating with the outside world, most likely a router or a switch, which would by default have a built-in hardware firewall (way more secure than a software firewall).

And regarding the "unsecured" part, how was the network accessed?
There are a huge number of possibilities as to the actual meaning and on its own there is not enough information to deduce which - if any - is correct.

I suspect that someone who knows little to nothing about technology has invented this concept based on ignorance a desire to imply malfeasance because on its own it really is a nonsense term.


seanet1310 -> Wallabyfan 29 Jan 2016 19:37

Nope. Like it or not Manning deliberately took classified information, smuggled it out and gave it to foreign nationals.
Clinton it would appear mishandled classified material, at best she failed to realise the sensitive nature and at worst actively took material from controlled and classified networks onto an unsecured private network.


dusablon 29 Jan 2016 19:28

Classified material in the US is classified at three levels: confidential, secret, and top secret. Those labels are not applied in a cavalier fashion. The release of TS information is considered a grave threat to the security of the United States.

Above these classification levels is what is as known as Special Access Program information, the release of which has extremely grave ramifications for the US. Access to SAP material is extremely limited and only granted after an extensive personal background investigation and only on a 'need to know' basis. You don't simply get a SAP program clearance because your employer thinks it would be nice to have, etc. In fact, you can have a Top Secret clearance and never get a special access program clearance to go with it.

For those of you playing at home, the Top Secret SAP material Hillary had on her server - the most critical material the US can have - was not simply 'upgraded' to classified in a routine bureaucratic exercise because it was previously unclassified.

Anything generated related to a SAP is, by it's mere existence, classified at the most extreme level, and everyone who works on a SAP knows this intimately and you sign your life away to acknowledge this.

What the Feds did in Hillary's case in making the material on her home-based server Top Secret SAP was to bring those materials into what is known as 'accountability .'

That is, the material was always SAP material but it was just discovered outside a SAP lock-down area or secure system and now it must become 'accountable' at the high classification level to ensure it's protected from further disclosure.

Hillary and her minions have no excuse whatsoever for this intentional mishandling of this critical material and are in severe legal jeopardy no matter what disinformation her campaign puts out. Someone will or should go to prison. Period.

(Sorry for the length of the post)


Sam3456 -> Mark Forrester 29 Jan 2016 19:22

yeah appointed by Obama...John Kerry. His state department. John is credited on both sides of the aisle of actually coming in and making the necessary changes to clean up the administrative mess either created or not addressed by his predecessor.

Within weeks of taking the position JK implemented the OIG task forces recommendations to streamline the process and make State run more in line with other government organizations. I think John saw the "Sorry it snowed can't have you this info for a month" for what it was and acted out of decency and fairness to the American people. I still think he looks like a hound and is a political opportunist but you can't blame him for shenanigans here


chiefwiley -> DoktahZ 29 Jan 2016 19:18

The messages were "de-papered" by the staff, stripping them from their forms and headings and then scanning and including the content in accumulations to be sent and stored in an unclassified system. Taking the markings off of a classified document does not render it unclassified. Adding the markings back onto the documents does not "declare" them classified. Their classified nature was constant.

If you only have an unsecured system, it should never be used for official traffic, let alone classified or special access traffic.

dusablon -> MtnClimber 29 Jan 2016 19:05

Give it up.

She used a private server deliberately to avoid FOIA requests, she deleted thousands of emails after they were requested, and the emails that remained contained Top Secret Special Access Program information, and it does not matter one iota whether or not that material was marked or whether or not it has been recently classified appropriately.


chiefwiley -> Exceptionalism
29 Jan 2016 19:04

18USC Section793(f)

$250,000 and ten years.

dusablon -> MtnClimber 29 Jan 2016 19:00

False.

Anything related to a special access program is classified whether marked as such or not.

dalisnewcar 29 Jan 2016 18:58

You would figure that after all the lies of O'bomber that democrats might wake up some. Apparently, they are too stupid to realize they have been duped even after the entire Middle Class has been decimated and the wealth of the 1% has grown 3 fold under the man who has now bombed 7 countries. And you folks think Clinton, who personally destroyed Libya, is going to be honest with you and not do the same things he's done? Wake up folks. Your banging your head against the same old wall.

fanUS -> MtnClimber 29 Jan 2016 18:46

She is evil, because she helped Islamic State to rise.


Paul Christenson -> Barry_Seal 29 Jan 2016 18:45

20 - Barbara Wise - Commerce Department staffer. Worked closely with Ron Brown and John Huang. Cause of death unknown. Died November 29, 1996. Her bruised, nude body was found locked in her office at the Department of Commerce.

21 - Charles Meissner - Assistant Secretary of Commerce who gave John Huang special security clearance, died shortly thereafter in a small plane crash.

22 - Dr. Stanley Heard - Chairman of the National Chiropractic Health Care Advisory Committee died with his attorney Steve Dickson in a small plane crash. Dr. Heard, in addition to serving on Clinton 's advisory council personally treated Clinton 's mother, stepfather and Brother.

23 - Barry Seal - Drug running TWA pilot out of Mean Arkansas , death was no accident.

24 - John ny Lawhorn, Jr. - Mechanic, found a check made out to Bill Clinton in the trunk of a car left at his repair shop. He was found dead after his car had hit a utility pole.

25 - Stanley Huggins - Investigated Madison Guaranty. His death was a purported suicide and his report was never released.

26 - Hershel Friday - Attorney and Clinton fundraiser died March 1, 1994, when his plane exploded.

27 - Kevin Ives & Don Henry - Known as "The boys on the track" case. Reports say the two boys may have stumbled upon the Mena Arkansas airport drug operation. The initial report of death said their deaths were due to falling asleep on railroad tracks and being run over. Later autopsy reports stated that the 2 boys had been slain before being placed on the tracks. Many linked to the case died before their testimony could come before a Grand Jury.

THE FOLLOWING PERSONS HAD INFORMATION ON THE IVES/HENRY CASE:

28 - Keith Coney - Died when his motorcycle slammed into the back of a truck, 7/88.

29 - Keith McMaskle - Died, stabbed 113 times, Nov 1988

30 - Gregory Collins - Died from a gunshot wound January 1989.

31 - Jeff Rhodes - He was shot, mutilated and found burned in a trash dump in April 1989. (Coroner ruled death due to suicide)

32 - James Milan - Found decapitated. However, the Coroner ruled his death was due to natural causes"?

33 - Jordan Kettleson - Was found shot to death in the front seat of his pickup truck in June 1990.

34 - Richard Winters - A suspect in the Ives/Henry deaths. He was killed in a set-up robbery July 1989.

THE FOLLOWING CLINTON PERSONAL BODYGUARDS ALL DIED OF MYSTERIOUS CAUSES OR SUICIDE
36 - Major William S. Barkley, Jr.
37 - Captain Scott J . Reynolds
38 - Sgt. Brian Hanley
39 - Sgt. Tim Sabel
40 - Major General William Robertson
41 - Col. William Densberger
42 - Col. Robert Kelly
43 - Spec. Gary Rhodes
44 - Steve Willis
45 - Robert Williams
46 - Conway LeBleu
47 - Todd McKeehan

And this list does not include the four dead Americans in Benghazi that Hillary abandoned!


Paul Christenson Barry_Seal 29 Jan 2016 18:42

THE MANY CLINTON BODY BAGS . . .

Someone recently reminded me of this list. I had forgotten how long it is. Therefore, this is a quick refresher course, lest we forget what has happened to many "friends" and associates of Bill and Hillary Clinton.

1- James McDougal - Convicted Whitewater partner of the Clintons who died of an apparent heart attack, while in solitary confinement. He was a key witness in Ken Starr's investigation.

2 - Mary Mahoney - A former White House intern was murdered July 1997 at a Starbucks Coffee Shop in Georgetown (Washington, D. C.). The murder happened just after she was to go public with her story of sexual harassment by Clinton in the White House.

3 - Vince Foster - Former White House Councilor, and colleague of Hillary Clinton at Little Rock 's Rose Law Firm. Died of a gunshot wound to the head, ruled a suicide. (He was about to testify against Hillary related to the records she refused to turn over to congress.) Was reported to have been having an affair with Hillary.

4 - Ron Brown - Secretary of Commerce and former DNC Chairman. Reported to have died by impact in a plane crash. A pathologist close to the investigation reported that there was a hole in the top of Brown's skull resembling a gunshot wound. At the time of his death Brown was being investigated, and spoke publicly of his willingness to cut a deal with prosecutors. The rest of the people on the plane also died. A few days later the Air Traffic controller committed suicide.

5 - C. Victor Raiser, II - Raiser, a major player in the Clinton fund raising organization died in a private plane crash in July 1992.

6 - Paul Tulley - Democratic National Committee Political Director found dead in a hotel room in Little Rock on September 1992. Described by Clinton as a "dear friend and trusted advisor".

7 - Ed Willey - Clinton fundraiser, found dead November 1993 deep in the woods in VA of a gunshot wound to the head. Ruled a suicide. Ed Willey died on the same day His wife Kathleen Willey claimed Bill Clinton groped her in the oval office in the White House. Ed Willey was involved in several Clinton fund raising events.

8 - Jerry Parks - Head of Clinton's gubernatorial security team in Little Rock .. Gunned down in his car at a deserted intersection outside Little Rock . Park's son said his father was building a dossier on Clinton . He allegedly threatened to reveal this information. After he died the files were mysteriously removed from his house.

9 - James Bunch - Died from a gunshot suicide. It was reported that he had a "Black Book" of people which contained names of influential people who visited Prostitutes in Texas and Arkansas

10 - James Wilson - Was found dead in May 1993 from an apparent hanging suicide. He was reported to have ties to the Clintons ' Whitewater deals.

11 - Kathy Ferguson - Ex-wife of Arkansas Trooper Danny Ferguson , was found dead in May 1994, in her living room with a gunshot to her head. It was ruled a suicide even though there were several packed suitcases, as if she were going somewhere. Danny Ferguson was a co-defendant along with Bill Clinton in the Paula Jones Lawsuit, and Kathy Ferguson was a possible corroborating witness for Paula Jones.

12 - Bill Shelton - Arkansas State Trooper and fiancée of Kathy Ferguson. Critical of the suicide ruling of his fiancée, he was found dead in June, 1994 of a gunshot wound also ruled a suicide at the grave site of his fiancée.

13 - Gandy Baugh - Attorney for Clinton 's friend Dan Lassater, died by jumping out a window of a tall building January, 1994. His client, Dan Lassater, was a convicted drug distributor.

14 - Florence Martin - Accountant & sub-contractor for the CIA, was related to the Barry Seal, Mena , Arkansas Airport drug smuggling case. He died of three gunshot Wounds.

15 - Suzanne Coleman - Reportedly had an affair with Clinton when he was Arkansas Attorney General. Died Of a gunshot wound to the back of the head, ruled a Suicide. Was pregnant at the time of her death.

16 - Paula Grober - Clinton 's speech interpreter for the deaf from 1978 until her death December 9, 1992. She died in a one car accident.

17 - Danny Casolaro - Investigative reporter who was Investigating the Mean Airport and Arkansas Development Finance Authority. He slit his wrists, apparently, in the middle of his investigation.

18 - Paul Wilcher - Attorney investigating corruption at Mean Airport with Casolaro and the 1980 "October Surprise" was found dead on a toilet June 22, 1993, in his Washington DC apartment. Had delivered a report to Janet Reno 3 weeks before his death. (May have died of poison)

19 - Jon Parnell Walker - Whitewater investigator for Resolution Trust Corp. Jumped to his death from his Arlington , Virginia apartment balcony August 15,1993. He was investigating the Morgan Guaranty scandal.

Thijs Buelens -> honey1969 29 Jan 2016 18:41

Did the actors from Orange is the New Black already endorsed Hillary? Just wondering.

Sam3456 -> Sam3456 29 Jan 2016 18:35

Remember as soon as Snowden walked out the door with his USB drive full of secrets his was in violation. Wether he knew the severity and classification or not.

Think of Hillary's email server as her home USB drive.

RedPillCeryx 29 Jan 2016 18:33

Government civil and military employees working with material at the Top Secret level are required to undergo incredibly protracted and intrusive vetting procedures (including polygraph testing) in order to obtain and keep current their security clearances to access such matter. Was Hillary Clinton required to obtain a Top Secret clearance in the same way, or was she just waved through because of Who She Is?

Sam3456 29 Jan 2016 18:32

Just to be clear, Colin Powell used a private email ACCOUNT which was hosted in the cloud and used it only for personal use. He was audited (never deleted anything) and it was found to contain no government records.

Hillary used a server, which means in electronic form the documents existed outside the State Department unsecured. Its as if she took a Top Secret file home with her. That is a VERY BIG mistake and as the Sec of State she signed a document saying she understood the rules and agreed to play by them. She did not and removing state secrets from their secure location is a very serious matter. Wether you put the actual file in your briefcase or have them sitting in electronic version on your server.

Second, she signed a document saying she would return any and ALL documents and copies of documents pertaining to the State Department with 30 (or 60 I can't remember) of leaving. The documents on her server, again electronic copies of the top secret files, where not returned for 2 years. Thats a huge violation.

Finally, there is a clause in classification that deals with the information that is top secret by nature. Meaning regardless of wether its MARKED classified or not the very nature of the material would be apparent to a senior official that it was classified and appropriate action would have to be taken. She she either knew and ignored or did not know...and both of those scenarios don't give me a lot of confidence.

Finally the information that was classified at the highest levels means exposure of that material would put human operatives lives at risk. Something she accused Snowden of doing when she called him a traitor. By putting that information outside the State Department firewall she basically put peoples lives at risk so she could have the convenience of using one mobile device.


Wallabyfan -> MtnClimber 29 Jan 2016 18:10

Sorry you can delude yourself all you like but Powell and Cheney used private emails while at work on secure servers for personal communications not highly classified communications and did so before the 2009 ban on this practice came into place . Clinton has used a private unsecured server at her home while Sec of State and even worse provided access to people in her team who had no security clearance. She has also deleted more than 30,000 emails from the server in full knowledge of the FBI probe. You do realise that she is going to end up in jail don't you?

MtnClimber -> boscovee 29 Jan 2016 18:07

Are you as interested in all of the emails that Cheney destroyed? He was asked to provide them and never allowed ANY to be seen.

Typical GOP

Dozens die at embassies under Bush. Zero investigations. Zero hearings.
4 die at an embassy under Clinton. Dozens of hearings.

OurNigel -> Robert Greene 29 Jan 2016 17:53

Its not hard to understand, she was supposed to only use her official email account maintained on secure Federal government servers when conducting official business during her tenure as Secretary of State. This was for three reasons, the first being security the second being transparency and the third for accountability.

Serious breach of protocol I'm afraid.

Talgen -> Exceptionalism 29 Jan 2016 17:50

Department responses for classification infractions could include counseling, warnings or other action, officials said. They wouldn't say if Clinton or senior aides who've since left government could face penalties. The officials weren't authorized to speak on the matter and demanded anonymity."

You need to share that one with Petraeus, whos career was ruined and had to pay 100k in fines, for letting some info slip to his mistress..

Wallabyfan 29 Jan 2016 17:50

No one here seems to be able to accept how serious this is. You cant downplay it. This is the most serious scandal we have seen in American politics for decades.

Any other US official handling even 1 classified piece of material on his or her own unsecured home server would have been arrested and jailed by now for about 50 years perhaps longer. The fact that we are talking about 20 + (at least) indicates at the very least Clinton's hubris, incompetence and very poor judgement as well as being a very serious breach of US law. Her campaign is doomed.

This is only the beginning of the scandal and I predict we will be rocked when we learn the truth. Clinton will be indicted and probably jailed along with Huma Abedin who the FBI are also investigating.


HiramsMaxim -> Exceptionalism 29 Jan 2016 17:50

http://freebeacon.com/wp-content/uploads/2015/11/HRC-SCI-NDA1.pdf


OurNigel 29 Jan 2016 17:42

This is supposed to be the lady who (in her own words) has a huge experience of government yet she willingly broke not just State Department protocols and procedures, by using a privately maintained none secure server for her email service she also broke Federal laws and regulations governing recordkeeping requirements.

At the very least this was a massive breach of security and a total disregard for established rules whilst she was in office. Its not as if she was just some local government officer in a backwater town she was Secretary of State for the United States government.

If the NSA is to be believed you should presume her emails could have been read by any foreign state.

This is actually a huge story.


TassieNigel 29 Jan 2016 17:41

This god awful Clinton family had to be stopped somehow I suppose. Now if I'd done it, I'd be behind bars long ago, so when will Hillary be charged is my question ?

Hillary made much of slinging off about the "traitor" Julian Assange, so let's see how Mrs Clinton looks like behind bars. A woman simply incapable of telling the truth !

Celebrations for Bernie Sanders of course.


HiramsMaxim 29 Jan 2016 17:41

They also wouldn't disclose whether any of the documents reflected information that was classified at the time of transmission,

Has nothing to do with anything. Maybe the author should read the actual NDA signed by Mrs. Clinton.

http://freebeacon.com/wp-content/uploads/2015/11/HRC-SCI-NDA1.pdf


beneboy303 -> dusablon 29 Jan 2016 17:18

If every corrupt liar was sent to prison there'd be no one left in Washington, or Westminster and we'd have to have elections with ordinary people standing, instead of the usual suspects from the political class. Which, on reflection, sounds quite good !


In_for_the_kill 29 Jan 2016 17:15

Come on Guardian, this should be your lead story, the executive branch of the United States just confirmed that a candidate for the Presidency pretty much broke the law, knowingly. If that ain't headline material, then I don't know what is.


dusablon -> SenseCir 29 Jan 2016 17:09

Irrelevant?

Knowingly committing a felony by a candidate for POTUS is anything but irrelevant.

And forget her oh-so-clever excuses about not sending or receiving anything marked top secret or any other level of classification including SAP. If you work programs like those you know that anything generated related to that program is automatically classified, whether or not it's marked as such. And such material is only shared on a need to know basis.

She's putting out a smokescreen to fool the majority of voters who have never or will never have special access. She is a criminal and needs to be arrested. Period.

Commentator6 29 Jan 2016 17:00

It's a reckless arrogance combined with the belief that no-one can touch her. If she does become the nominee Hillary will be an easy target for Trump. It'll be like "shooting fish in a barrel".

DismayedPerplexed -> OnlyOneView 29 Jan 2016 16:40

Are you forgetting W and his administration's 5 million deleted emails?

http://www.salon.com/2015/03/12/the_george_w_bush_email_scandal_the_media_has_conveniently_forgotten_partner/

Bob Sheerin 29 Jan 2016 16:40

Consider that email is an indispensable tool in doing one's job. Consider that in order to effectively do her job, candidate Clinton -- as the Secretary of State -- had to be sending and receiving Top Secret documents. Consider that all of her email was routed through a personal server. Consider whether she released all of the relevant emails. Well, she claimed she did but the evidence contradicts such a claim. Consider that this latest news release has -- like so many others -- been released late on a Friday.

It is obvious that the Secretary of State and the President should be communicating on a secure network controlled by the federal government. It is obvious that virtually none of these communications were done in a secure manner. Consider whether someone who contends this is irrelevant has enough sense to come in out of the rain.

[Jun 26, 2016] Hillary Clinton email scandal shines light on specter of shadow IT

Notable quotes:
"... Surely, The State Department had an enterprise-grade email solution in place in 2013. We can only hope that Clinton protected her personal accounts with something more sophisticated than "Chelsea1980". ..."
"... 52% of IT executives said they don't have processes in place to manage outside sources, such as Dropbox in Vision Solutions' 2015 State of Resilience Report . Meanwhile, 70% of employees that use Dropbox do so solely for work, according to a 2013 Forrester report, and shadow IT appeared as a concern for the first time in the 2015 SIM IT Trends Study . ..."
"... Former FBI Director Robert Mueller said in 2012, "There are only two types of companies: those that have been hacked and those that will be." ..."
"... What kind of security risks does shadow IT create for your organisation? What happens when an employee uses the same password for both personal and enterprise accounts and hackers target that person's personal account? ..."
"... Their low-security Google Drive password just created a big headache for your organisation. ..."
"... Sourced from Bob Dvorak, founder and president, ..."
Mar 6, 2015 | Information Age

Consumer-grade and insecure applications can make headlines – and not in a good way

...This revelation should have public and private sector IT pros questioning their policies and practice around shadow IT – those programs outside of the formal control of the information technology department.

The Times wrote: "Her expansive use of the private account was alarming to current and former National Archives and Records Administration officials and government watchdogs, who called it a serious breach."

Surely, The State Department had an enterprise-grade email solution in place in 2013. We can only hope that Clinton protected her personal accounts with something more sophisticated than "Chelsea1980".

IT has an important job, and keeping tabs on the personal email accounts of executives or high-ranking officials should be the least of their worries. However, with 783 reported data breaches in 2014, according to The Identity Theft Resources Center, shadow IT is a strategic IT issue that is too important to ignore.

The topic raises an important issue around policy and practice of shadow IT, individual or departmental use of consumer-grade applications, such as personal email accounts, and cloud storage, departmental (or individual) SaaS accounts, even employee social media activity. All fall within this category in an age where the lines between work life and personal life are increasingly blurred.

While there may be individual, departmental or even organisational benefits to some elements of shadow IT, there are both operational and security risks associated with it and professionals' use of consumer grade tools for email, cloud storage and other services. CIOs and IT leaders need to be vigilant in developing, instituting and enforcing corporate IT governance policies and procedures.

52% of IT executives said they don't have processes in place to manage outside sources, such as Dropbox in Vision Solutions' 2015 State of Resilience Report. Meanwhile, 70% of employees that use Dropbox do so solely for work, according to a 2013 Forrester report, and shadow IT appeared as a concern for the first time in the 2015 SIM IT Trends Study.

...Gartner reported in its 2015 CIO Agenda that shadow IT consumes as much as 20% of a company's IT resources and, for the first time, respondents to the SIM IT Trends Study included shadow IT among their list of management concerns.

So what happens when Dropbox experiences downtime, as it did in January of last year? How do businesses react? What happens to the customer data, financial data or important documents they stored there?

When nearly two-thirds of organisations using the cloud reported not having HA or DR solutions for their enterprise applications, according to Vision Solutions, you can imagine how low the number must be for companies actively able to recover from, or are even monitoring, employee activity in the cloud.

The small matter of security

Former FBI Director Robert Mueller said in 2012, "There are only two types of companies: those that have been hacked and those that will be."

What kind of security risks does shadow IT create for your organisation? What happens when an employee uses the same password for both personal and enterprise accounts and hackers target that person's personal account?

Their low-security Google Drive password just created a big headache for your organisation.

You may not face a public records request that brings the specter of shadow IT in your organisation to light, but publicly traded corporations have internal control requirements to consider and private companies are notoriously protective of their intellectual property and confidential information.

All it takes is one instance and your company can be front-page news – and not in a good way.

Sourced from Bob Dvorak, founder and president, KillerIT

[Jun 26, 2016] Hillary Clinton takes shadow IT mainstream

Notable quotes:
"... Now let's strip away all the politics, sniping and legality over Clinton's email practices. What you have is shadow IT for official business and a State Department without the IT clout to stop it. You could argue with all the NSA snooping that Clinton's own email infrastructure was warranted. ..."
"... Security issues often are tossed aside for convenience. For Clinton it was a homemade email server. For the rest of us it's a personal cloud storage account. ..."
"... In the end, the Clinton email flap will play out for months. There will be hearings and non-stop election coverage about it. Just keep in mind what you're witnessing is shadow IT at a grand scale ..."
March 4, 2015 | ZDNet / Between the Lines

Hillary Rodham Clinton is in one big email mess, but if you zoom out and look at her as any other employee you have a leading example of shadow IT at play.

Hillary Rodham Clinton reportedly ran her own email server out of her house and now is in the middle of political firestorm. For our purposes, Clinton has provided us with the most high-profile case of shadow IT practices. And the first lesson of shadow IT is that the techies aren't going to push around the top execs. For the folks in business tech, the concept of shadow IT isn't exactly new. You're the CIO. Your other C-level peers have had their own cloud services provisioned for years. Developers have Amazon's cloud on a corporate Amex. It started with an innocuous printer under a desk. Then went to a server. Then smartphones to cloud services. People bring their own devices, apps and business practices with them to work.

Hell, the poor CIO is just finding out about some of these things.

Enter Clinton. According to the Associated Press, Clinton ran her own email as a Cabinet-level official. Enter records laws and all sorts of concerns. On the bright side, Clinton at least wasn't using a public email server. She at least earns some techie props for that.

Now let's strip away all the politics, sniping and legality over Clinton's email practices. What you have is shadow IT for official business and a State Department without the IT clout to stop it. You could argue with all the NSA snooping that Clinton's own email infrastructure was warranted.

Boil this down to Clinton as an employee and you have the following.

  1. Clinton was a top exec and those folks often get to push IT around. How do you think the iPad and iPhone became an enterprise juggernaut? You guessed it. The CEO wanted one.
  2. The email infrastructure Clinton ran was techie, but how many of you are conducting work on personal accounts? Thought so. You may not have federal records laws, but you're ignoring IT policies almost daily.
  3. Security issues often are tossed aside for convenience. For Clinton it was a homemade email server. For the rest of us it's a personal cloud storage account.

In the end, the Clinton email flap will play out for months. There will be hearings and non-stop election coverage about it. Just keep in mind what you're witnessing is shadow IT at a grand scale

[Jun 26, 2016] Hillary clintons private email account hacked the perils of shadow IT

www.tripwire.com

According to the Washington Post, the worst scenario may have come true when hacker "Guccifer" reportedly released several emails pertaining to Benghazi, which appear to be between Sidney Blumenthal and Hillary Clinton at the "clintonemail.com" domain. The domain was registered January 2009 through Network Solutions.

clintondomain

Looking a bit deeper at the MX records for the domain they map to a service run by McAfee:

clintonemail2

MX Logic was acquired by McAfee in June of 2009 and is now part of McAfee's SaaS offerings. So, it looks like someone knew what they were doing at some level to modify the MX records to use McAfee's service.

However, the risk of this email account being compromised is significant and one wonders who else aside from Guccifer may have had access to sensitive communications.

Before we pick on Hillary Clinton too much, we should evaluate how common this practice is. If the goal is to circumvent a regulatory requirement and is putting communications at risk, these shadow IT practices should be evaluated government-wide.

tonyE

This is a security breakdown at a very high level.

From personal experience I can tell you that any emails that are classified MUST be routed via very specific networks.

For the SecState to use a private network is a breakdown of security at the HIGHEST LEVEL.

She is guilty of a very serious crime, there is simply no way for her to excuse herself.

Also, how about all the people who were communicating with her? Surely they knew they were breaking the law... ( and I&#039m not talking about the records, I&#039m talking about a security breach at the highest level of our nation).

[Jun 26, 2016] Hillary releases twenty thousand spam e mails from old navy

Notable quotes:
"... Hoping to quell the controversy over e-mails missing from her private account, the former Secretary of State Hillary Clinton on Wednesday released twenty thousand spam e-mails she received from Old Navy. ..."
"... "In an effort to be transparent, I have gone above and beyond what is required of me by law and released every last e-mail I received from this retailer," she told reporters. "Now I think we can all consider this case closed." ..."
March 11, 2015 | The Borowitz Report

Hoping to quell the controversy over e-mails missing from her private account, the former Secretary of State Hillary Clinton on Wednesday released twenty thousand spam e-mails she received from Old Navy.

"In an effort to be transparent, I have gone above and beyond what is required of me by law and released every last e-mail I received from this retailer," she told reporters. "Now I think we can all consider this case closed."

The e-mails reveal an extensive one-way correspondence between Clinton and Old Navy, as the retailer sometimes contacted her up to a dozen times in a single day to inform her of sales and other offers.

"This is one of the main reasons I set up a private e-mail account," she said. "I did not want spam from Old Navy clogging up the State Department servers."

But if the former Secretary of State thought that she could end the controversy swirling around her e-mail account by releasing the Old Navy spam, she may have miscalculated.

Representative Trey Gowdy, the Republican chairman of the House Benghazi select committee, questioned why Clinton would let twenty thousand spam e-mails from Old Navy accumulate rather than simply unsubscribe. "It doesn't pass the smell test," he said.

Responding to that allegation, Clinton said, "I want the American people to know that, on multiple occasions, I tried to unsubscribe from Old Navy, and my requests were ignored. The most frustrating part of this whole affair is that I've never even bought anything from Old Navy."

Get news satire from The Borowitz Report delivered to your inbox.

[Jun 25, 2016] A Very Clinton E-Mail Scandal

The New Yorker

A more responsible accounting of another scandal that has dogged Hillary Clinton came this week from the State Department's inspector general, who was tasked with looking into the propriety of Clinton's use of a personal e-mail account while she was Secretary of State.

The I.G.'s eighty-three page report, "Office of the Secretary: Evaluation of Email Records Management and Cybersecurity Requirements," is one of the more comprehensive examinations the government has ever issued on proper document-retention habits in the federal bureaucracy. Skip to page forty-two if you want the scintillating conclusion:

Longstanding, systemic weaknesses related to electronic records and communications have existed within the Office of the Secretary that go well beyond the tenure of any one Secretary of State. OIG recognizes that technology and Department policy have evolved considerably since Secretary Albright's tenure began in 1997. Nevertheless, the Department generally and the Office of the Secretary in particular have been slow to recognize and to manage effectively the legal requirements and cybersecurity risks associated with electronic data communications, particularly as those risks pertain to its most senior leadership. OIG expects that its recommendations will move the Department steps closer to meaningfully addressing these risks.

...The fact that Clinton did not fully cooperate with the I.G. investigation (she declined to be interviewed, for example) does not inspire confidence that her Administration would be a model of transparency

...The fact that Clinton did not fully cooperate with the I.G. investigation (she declined to be interviewed, for example) does not inspire confidence that her Administration would be a model of transparency

[Jun 25, 2016] Clinton's e-mail scandal another case of the entitled executive syndrome

Notable quotes:
"... And lest we forget, well before Clinton came to the State Department, members of the George W. Bush administration used a private e-mail server (at gwb43.com) run and paid for by the Republican National Committee-at least 88 accounts were set up for Bush administration officials in order to bypass the official White House e-mail system and avoid the regulations around presidential record retention, the Federal Records Act, and the Hatch Act (which bans the use of government e-mail accounts for political purposes, among other things). In the process of using that system, more than 5 million e-mail messages were "lost," which led to the resignation of a number of White House officials, including Deputy Chief of Staff Karl Rove. None of the e-mails for 51 of the 88 accounts was preserved by the RNC. ..."
"... Clinton was well aware of the Bush administration e-mail fiasco before she was nominated and confirmed as Secretary of State. She even told the State Department's assistant secretary for diplomatic security that she "gets it" after being briefed on why there were problems with her using a BlackBerry. ..."
"... Sure, the State Department's IT support is not exactly customer-centric. But its IT department has supported BlackBerry devices for unclassified e-mail in the past, and if Clinton could have dealt with sticking to using a computer while inside the State Department secure compartmented information facility (SCIF) and using a BlackBerry for unclassified e-mail, the State Department could have probably accommodated her. It was purely about Clinton's discomfort about using a PC for e-mail and her desire to use e-mail just like she did while running for office. ..."
"... So, as the State Department Office of the Inspector General reported, she paid a State Department staffer (who had worked for her directly in the past) off the books to create a shadow e-mail service of her own, and she used a personal BlackBerry not configured to State Department security standards to carry out official business. Having had a BlackBerry and the full control offered by private e-mail service during her presidential campaign in 2008, Clinton knew what she wanted, and she was going to have it whether it was approved or not. And she provided the same shadow e-mail service to her core staff as well-taking all of their communications off the grid and out of federal oversight. ..."
"... Besides, Clinton's excuse basically boils down to this: other people broke the rules, so she should have been allowed to as well. It's the entitled executive syndrome writ large. ..."
arstechnica.com

A certain class of executives wants a specific phone supported or special IT support for their chosen staff, and they want it now, rules and regulations be damned. "Yes" is the only answer they ever hear, and they will keep asking until they hear it-either from the IT department or from someone who will do it for them on the side. When I worked in IT, particularly when I moved up to a role as a "director of IT strategy" at a previous employer, these requests for special treatment happened so frequently we started calling it the "entitled executive syndrome." No matter how many times I explained the laws of physics and the limits of our budget and capabilities, I was told to find a way to make it happen… or come up with a creative workaround.

Sure, there's often a reason for dissatisfaction with the organizational norm. But skirting the norm can create all sorts of regulatory and legal headaches-Sarbanes-Oxley-related ones are the most common in the corporate IT world. Looking at the government sector, shadow IT has constantly gotten people in trouble for a host of other reasons: federal records laws, Federal Information Security Management Act (FISMA) violations, and privacy violations. For example, in 2010, doctors at a Department of Veterans Affairs got caught using Google and Yahoo cloud calendar services to schedule surgeries, breaching the security of health care data. They used it because it was more convenient than the VA's internal shared calendar system.

And lest we forget, well before Clinton came to the State Department, members of the George W. Bush administration used a private e-mail server (at gwb43.com) run and paid for by the Republican National Committee-at least 88 accounts were set up for Bush administration officials in order to bypass the official White House e-mail system and avoid the regulations around presidential record retention, the Federal Records Act, and the Hatch Act (which bans the use of government e-mail accounts for political purposes, among other things). In the process of using that system, more than 5 million e-mail messages were "lost," which led to the resignation of a number of White House officials, including Deputy Chief of Staff Karl Rove. None of the e-mails for 51 of the 88 accounts was preserved by the RNC.

Clinton was well aware of the Bush administration e-mail fiasco before she was nominated and confirmed as Secretary of State. She even told the State Department's assistant secretary for diplomatic security that she "gets it" after being briefed on why there were problems with her using a BlackBerry.

As previous e-mails obtained through Freedom of Information Act requests have shown, Clinton pushed hard to get the State Department's information security officers to approve her use of a mobile device for e-mail and do it from inside the State Department's secure executive suite-largely on the grounds that she was uncomfortable using a PC. The National Security Agency suggested she use an approved secure device capable of doing Secret-level classified e-mail as well as official unclassified e-mail. But the State Department was unprepared for the cost of supporting such a device, and its IT department didn't have the resources (nor, likely, the skills) in-house to support it.

Sure, the State Department's IT support is not exactly customer-centric. But its IT department has supported BlackBerry devices for unclassified e-mail in the past, and if Clinton could have dealt with sticking to using a computer while inside the State Department secure compartmented information facility (SCIF) and using a BlackBerry for unclassified e-mail, the State Department could have probably accommodated her. It was purely about Clinton's discomfort about using a PC for e-mail and her desire to use e-mail just like she did while running for office.

So, as the State Department Office of the Inspector General reported, she paid a State Department staffer (who had worked for her directly in the past) off the books to create a shadow e-mail service of her own, and she used a personal BlackBerry not configured to State Department security standards to carry out official business. Having had a BlackBerry and the full control offered by private e-mail service during her presidential campaign in 2008, Clinton knew what she wanted, and she was going to have it whether it was approved or not. And she provided the same shadow e-mail service to her core staff as well-taking all of their communications off the grid and out of federal oversight.

Clinton's excuse for her decision, which she now calls a mistake, was:

But no other secretary of state before her used e-mail as heavily, and the regulations regarding preserving e-mail records have changed over the past two decades. Condoleezza Rice did not use a personal e-mail account, according to the OIG report; she used a BlackBerry, but it was State Department issued. Madeline Albright never even sent e-mails. And while Colin Powell did use a personal e-mail account, the State Department was just getting Internet-connected e-mail at the time (on a system called OpenNet).

Besides, Clinton's excuse basically boils down to this: other people broke the rules, so she should have been allowed to as well. It's the entitled executive syndrome writ large.

[Jun 25, 2016] Clinton email flap highlights issues of shadow IT

Notable quotes:
"... "The reality is that every organization has a BYOD program - whether they think they do or not," Stevens said. "Now's the time to shore up the systems and enable mobility without sacrificing security." ..."
March 4, 2015 | .federaltimes.com

"I can recall no instance in my time at the National Archives when a high-ranking official at an executive branch agency solely used a personal email account for the transaction of government business," former NARA Director of Litigation Jason Baron told the Times.

While pundits and politicians are debating the ethics and legality of this, it also raises questions about the security of Clinton's communications.

"This news is yet another example of the lines blurring between work and personal lives and should serve as a wake-up call to federal IT departments," said Bob Stevens, vice president of federal systems at Lookout. "This trend towards mobility has clear benefits but it also adds a nuanced layer to not just email security, but all security."

Stevens noted that mobile devices, by their nature, move about and touch multiple networks as they do so. Since some networks are less secure than others, it becomes even more important to use secure programs and services to communicate.

"The reality is that every organization has a BYOD program - whether they think they do or not," Stevens said. "Now's the time to shore up the systems and enable mobility without sacrificing security."

Subsequent reports revealed that Clinton maintained her own server, but whether that server was more or less secure than commercial or federal email offerings is still unknown.

[Jun 25, 2016] The Perils of Shadow IT Your Most Senior Executives Are Doing It

Notable quotes:
"... In fact, according to the survey respondents, the average company already uses 20+ SaaS applications - think about it: Asana, Dropbox, Skype, Basecamp, Apple iCloud, Gmail, LastPass, not to mention your Facebooks and Twitters. But of those 20 or so SaaS platforms, more than 7 are non-approved. So, "…upwards of 35 percent of all SaaS apps in your company are purchased and used without oversight." ..."
"... Instead of losing sleep over perceived risk, companies must develop clear and concise policies governing cloud computing and SaaS usage. And don't stone me for saying it, but IT departments shouldn't exclusively own this exercise. Today, most executive level employees are well versed in SaaS, and they are probably well aware of what systems and platforms their teams are using day to day. ..."
duckduckgo.com
They say any press is good press, and the ruling is still out as to whether or not Hillary Clinton knowingly broke any laws when she used a private, home based email account for official State business as Secretary of State. She admitted on Tuesday that she had made a mistake and should've created two email accounts: a government one and a personal one. Still, one thing is clear: When the story broke last week, the entire world was talking about the latest threat to corporate security: shadow IT.

For those of you heavily immersed in the tech side of running a business, this won't be news to you. But for many business executives and CEOs the idea of classified information being run through outside servers or software can be chilling.

Basically, Shadow IT, also known as Stealth IT, describes solutions and SaaS, specified and deployed by departments other than the organizations own IT department.

As far back as 2012, IT research and advisory company Gartner was predicting that 35 percent of enterprise IT expenditures for most organizations would be managed outside the IT department's budget by 2015. Surely today, based on the innovations in technology which have occurred in 2012, that number's even higher.

And if you think the blame lies with those hipster millennials and their "always on" lifestyle, you would be wrong.

The Enemy Is Us

According to a 2014 study by Stratecast and Frost & Sullivan and based on input from organizations in the United States, United Kingdom, Australia and New Zealand, the biggest users of Shadow IT services are IT executives and employees.

Now extrapolate that fact across your organization, to other executives, managers, and employees, and you can see just how quickly those numbers begin to add up.

In fact, according to the survey respondents, the average company already uses 20+ SaaS applications - think about it: Asana, Dropbox, Skype, Basecamp, Apple iCloud, Gmail, LastPass, not to mention your Facebooks and Twitters. But of those 20 or so SaaS platforms, more than 7 are non-approved. So, "…upwards of 35 percent of all SaaS apps in your company are purchased and used without oversight."

So, if you can't blame the millennials, who or what can you blame?

You can blame technology.

Get Off'a My Cloud

More to the point, you can blame the rise of cloud computing. As with most things in life, that which can benefit us the most, can also harm us.

With more and more companies adopting BYOD policies (often also referred to as BYOC, or cloud), it's no surprise that Shadow IT isn't really in the shadows anymore. Which probably isn't news to any of you.

In fact, as the study discovered, Shadow IT is now being perceived as an important step in innovation, opening new channels of development for businesses, and reducing overall costs.

Here's why:

Of course, these are in addition to the direct benefits to a corporate IT department: No monies paid out in development costs, maintenance, testing, upgrades capacity planning, or performance management. Plus, backup and recovery of data and infrastructure is generally also the responsibility of the platform's vendor.

Manage Your Risk

So, where does that leave us? With remote working, job sharing, file sharing, and BYOD policies becoming commonplace, along with the rise of mobile and the ever evolving technological advances happening around us daily, it's a little too late to shut that barn door.

And, contrary to how nefarious the term Shadow IT "feels," it appears most employees who "go rogue" and use unapproved SaaS during work hours are doing so with the best of intentions: They simply want to do their jobs, as efficiently and as cost effectively as possible. What's not to like about that?

They're not doing it just because, either. These are generally speaking a smart group of people who want to get things done. They cite reasons like quickly gaining access to the right tools, overall comfort level with certain apps and platforms, and, perhaps most importantly, the desire to avoid a steep learning curve and the waste of time conquering such a learning curve entails if forced to adopt something new.

I think the responsibility today in handling cloud computing and unregulated corporate SaaS usage lies squarely with each organization. As we need to look inward to see who's really performing this Shadow IT (our own executive, managers, and IT people), we also need to look inward when it comes to corporate policies and guidelines. Because most companies today don't have any.

Instead of losing sleep over perceived risk, companies must develop clear and concise policies governing cloud computing and SaaS usage. And don't stone me for saying it, but IT departments shouldn't exclusively own this exercise. Today, most executive level employees are well versed in SaaS, and they are probably well aware of what systems and platforms their teams are using day to day.

The ideal approach to Shadow IT is to collaborate. We've got to break down silos between IT and the rest of the organization, and involve all areas of your organization to work together to create best practices and help put the right policies in place to minimize corporate risk. Think outside the box. Remain flexible. Be prepared to drop old-school "firewall" thinking. And remember, the end-goal really is to improve business outputs and add to the bottom line of the organization.

Was Clinton breaking the law with her Shadow IT efforts? I don't know. The State Department's email system is known to be vulnerable to hackers. But what I do know is she was leaps and bounds ahead of Romney and Palin, who conducted official business on free email services from Microsoft Corp. and Yahoo Inc.

Sometimes, perspective really is everything.

What do you think? Are you aware of any Shadow IT occurring in your organization? What do you think would be the most important things to include in policies and guidelines supporting SaaS usage? I would love to know your thoughts in the comment section.

This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. For more on these topics, visit Dell's thought leadership site PowerMore . Dell sponsored this article, but the opinions are my own and don't necessarily represent Dell's positions or strategies.

[Jun 25, 2016] Hillary Clinton's Shadow IT Problem

Notable quotes:
"... Again, the point here is not that Clinton should have ditched the secure, government system in order to use her phone of choice. In her circumstances, the security concerns should have outweighed her personal comfort. But for many, the desire to stick with tech that they know and love is often counter to logic, efficiency, security and policy. And most of us work in environments where bucking the system isn't quite as dire as it could be for the nation's top diplomat. ..."
"... " Shadow IT " is technology that users install without company approval because they prefer it to what's offered. What I know is that I can't secure my network if it's packed with technology that my users hate. ..."
March 20, 2016 | Techcafeteria
...Judicial Watch, a conservative foundation looking for evidence that Clinton broke laws in her handling of the email, received some fascinating information in response to a recent FOIA request.

Upon joining the State Department in early 2009, Clinton immediately requested a Blackberry smartphone. Having used one extensively during her 2008 Presidential campaign, she, like almost every attorney in that decade, had fallen in love with her Blackberry, hence the request. After all, Condoleezza Rice, her predecessor as Secretary of State, had used one. President Obama had a special secure one that the NSA had developed for him. But they said no. Even after being called to a high level meeting with Clinton's top aide and five State Department officials, they still said no.The NSA offered Clinton an alternative. But it was based on Windows CE, a dramatically different, less intuitive smartphone operating system. A month later, Clinton started using her own server. Judicial Watch claims that this info proves that Clinton knew that her email was not secure, but I think that she has already admitted that. But it also reveals something much more telling.

As a three plus decade technology Director/CIO (working primarily with Attorneys), I can tell you that people get attached to specific types of technology. I know a few Attorneys who still swear to this day that Wordperfect 5.1 for DOS was the best word processing software ever released. And there are millions who will tell you that their Blackberry was their virtual right arm in the 2000's.

How devoted are people to their favorite applications and devices? I worked for a VP who was only comfortable using Word, so when she did her quarterly reports to the board, she had her assistant export huge amounts of information from our case management system. Then she modified all of it in Word. Once delivered, she had her assistant manually update the case management system in order to incorporate her changes. Efficient? Not at all. But she loved herself some Word. I've seen staff using seven year old laptops because they know them and don't want to have to learn and set up a new one. And it wasn't until the bitter end of 2014 that both my boss and my wife finally gave in and traded up their Blackberries for iPhones.

Again, the point here is not that Clinton should have ditched the secure, government system in order to use her phone of choice. In her circumstances, the security concerns should have outweighed her personal comfort. But for many, the desire to stick with tech that they know and love is often counter to logic, efficiency, security and policy. And most of us work in environments where bucking the system isn't quite as dire as it could be for the nation's top diplomat.

"Shadow IT" is technology that users install without company approval because they prefer it to what's offered. What I know is that I can't secure my network if it's packed with technology that my users hate. Smart people will bypass that security in order to use the tools that work for them. An approach to security that neglects usability and user preference is likely to fail. In most cases, there are compromises that can be made between IT and users that allow secure products to be willingly adopted. In other cases, with proper training, hand-holding, and executive sponsorship, you can win users over. But when we are talking about Blackberries in the last decade, or the iPhone in this one, we have to acknowledge that the popularity of the product is a serious factor in adoption that technologists can't ignore. And if you don't believe me, just ask Hillary Clinton.

[Jun 25, 2016] How to Turn Hillary Clintons Shadow IT Habits into Opportunity

Notable quotes:
"... Hillary Clinton has quickly become the public face of so-called "shadow IT" practices, which already affects almost every organization ..."
"... In other words, shadow IT is the unapproved, unmanaged solution that frustrated employees (and government officials) turn to when official systems don't meet their needs. In Chua's view, it's simply a good idea to take this bull by the horns, identify the pain points people are trying to avoid, and meet those needs through official channels instead. ..."
"... "Heavy-handed approaches are not going to eliminate shadow IT, it'll just go farther underground," ..."
"... In other words, a light touch might do wonders to tame the shadow IT beast even where strict policy edicts fail. And this lesson needs to be absorbed by a very large audience. ..."
The Motley Fool

... there's also a big upside to Clinton's home-brew email solution getting national attention. Hillary Clinton has quickly become the public face of so-called "shadow IT" practices, which already affects almost every organization -- from small and medium businesses to enterprise-class giants, and onward to the government behemoth. It's high time investors and business managers take a closer look at this trend, so let's thank her for opening the debate.

... ... ...

"I think we're at a point in time where companies can no longer ignore shadow IT," Chua said. "They need to put official policies in place, start talking to employees about what they need, make sure that these needs are aligned with the business.

"If they don't, then people can start creating their own solutions and create this whole shadow IT problem."

In other words, shadow IT is the unapproved, unmanaged solution that frustrated employees (and government officials) turn to when official systems don't meet their needs. In Chua's view, it's simply a good idea to take this bull by the horns, identify the pain points people are trying to avoid, and meet those needs through official channels instead.

"This is definitely an opportunity to sit up and take action," Chua explained. "The IT industry is moving away from cookie-cutter solutions with help desk tickets and red tape around everything. This debate gives IT departments a chance to say, 'Hey, different business units have different needs. I'm going to create a baseline framework, but I'll be agile and respond to the various needs of different units.'"

Chua's comments underscore a growing sentiment among IT industry professionals. Talking to the CIO magazine this week, Deputy Chief Technology Officer Steve Riley of data networking specialist Riverbed Technology (NASDAQ:RVBD) expanded on the problem. "Heavy-handed approaches are not going to eliminate shadow IT, it'll just go farther underground," Riley said. "There's no positive outcome for being a disciplinarian about something like this. You might end up with services that are even more dangerous, where people now actively seek to circumvent policies."

How the solutions fit the problem

In other words, a light touch might do wonders to tame the shadow IT beast even where strict policy edicts fail. And this lesson needs to be absorbed by a very large audience.

According to Softchoice's data collection, over 80% of organizations -- businesses, corporations, churches, you name it -- already see some members stepping outside the formal IT structure to enjoy the convenience of cloud-based public services.

Google (NASDAQ:GOOG) (NASDAQ:GOOGL) is a popular provider with tools including Gmail, Google Docs, and Google Calendar. Microsoft (NASDAQ:MSFT) might lose some software license sales to other cloud providers, but its Windows Azure and SkyDrive services are also leaders in their own right.

Sure, some of these service choices already have the official support of the IT department. But one-third of all users in a large Softchoice audit program recently reported employing tools such as SkyDrive or Google Calendar at work -- without so much as notifying the IT department.

The shadow IT market seems to open up a very large business opportunity for software-as-a-service providers such as Google and Microsoft. Managing these tools in a properly approved and budgeted fashion will help in closing boatloads of security and transparency concerns. And that way, they could soak up the demand for unofficial email servers and unapproved data warehouses running in some random employee's garage, beyond the reach of corporate firewalls.

Final words

A flexible approach to systems management can help businesses and government agencies make the most of their resources. There will always be rogue systems and maverick users, but acknowledging this reality can help contain the problem -- and maybe turn it into a strength instead.

Sweeping shadow IT under the rug, on the other hand, only opens up the door to more security leaks and the next Clinton-style transparency scandal.

[Jun 23, 2016] Clinton's email server ran without security software, new records reveal

Notable quotes:
"... Just a month before the email issue arose, in November 2010, Abedin and Clinton discussed that department employees were not receiving emails sent by then-secretary, the newly-released emails indicate. ..."
"... "We should talk about putting you on state email or releasing your email address to the department so you are not going to spam," Abedin wrote to Clinton on November 13, 2010. ..."
"... Another email shows that John Bentel, then the technical support director, warned Clinton that if she opted to use the official email box, "any email would go through the Department's infrastructure and subject to FOIA searches." ..."
"... After Abedin reported the technical problem, the State Department technical staff suggested that "turning off the anti-spam filter" would resolve the problem. ..."
"... As shutting down the security software didn't appear to be helpful, one email recommended turning off two of the three anti-phishing filters that protect personal data from identity thieves and cybercriminals "in order to eliminate the categorizer." ..."
Jun 23 , 2016 | www.rt.com

Hillary Clinton's private server was temporarily unprotected by security features in December 2010, when the then-secretary of state had technical problems with her email. In 2011, Clinton's server was hacked multiple times, newly-disclosed papers show.

On Wednesday, the legal advocacy group Judicial Watch published a batch of back-and-forth emails between high-level State Department technical support and Clinton staffers as they tried to fix a serious problem with the secretary's private home email server.

Democratic U.S. presidential candidate Hillary Clinton. © Lucas JacksonHacker 'Guccifer 2.0' publishes DNC campaign docs with strategies for defending Clinton
According to December 2010 emails, one of Clinton's closest aides, Huma Abedin, reported that some people within the State Department, using the state.gov domain, were not receiving emails sent from the Clintons' private clintonemail.com server.

"There are many messages and responses not received," one of the officials, Cindy Almodovar, wrote to S/ES-IRM staff, delivering Huma's complaint.

Just a month before the email issue arose, in November 2010, Abedin and Clinton discussed that department employees were not receiving emails sent by then-secretary, the newly-released emails indicate.

"We should talk about putting you on state email or releasing your email address to the department so you are not going to spam," Abedin wrote to Clinton on November 13, 2010.

In response, the secretary wrote: "Let's get separate address or device but I don't want any risk of the personal being accessible."

Another email shows that John Bentel, then the technical support director, warned Clinton that if she opted to use the official email box, "any email would go through the Department's infrastructure and subject to FOIA searches."

After Abedin reported the technical problem, the State Department technical staff suggested that "turning off the anti-spam filter" would resolve the problem.

However, after the Trend Micro Inc. security software installed on Clinton's server was turned off, a senior State Department official, Thomas W. Lawrence, wrote: "We view this as a Band-Aid and fear it's not 100 percent fully effective. We are eager for TrendMicro to fully resolve, quickly."

A screenshot of TrendMicro's 'ScanMail for Exchange' in one of the emails showed the anti-spam disabled.

As shutting down the security software didn't appear to be helpful, one email recommended turning off two of the three anti-phishing filters that protect personal data from identity thieves and cybercriminals "in order to eliminate the categorizer."

However, in his response, Lawrence did not support the idea, saying that both "content-filtering and anti-virus checking… has blocked malicious content in the recent past."

Another set of emails from January 2011, just mere weeks after attempts to fix Clinton's email server, reveal that someone tried to compromise it.

"Someone was trying to hack us and while they did not get in i didnt [sic] want to let them have the chance to," the non-departmental advisor to President Bill Clinton, who provided technical support, told the State Department's deputy chief of staff for operations on January 9, 2011.

"We were attacked again so I shut [the server] down for a few min," he wrote later that day.

The next day, Abedin instructed Clinton's chief of staff and deputy chief of staff for planning not to email the secretary "anything sensitive" and stated that she could "explain more in person."

Clinton, now the presumptive Democratic nominee for president, has repeatedly denied that her private email server was ever breached.

In late May, the State Department's Office of the Inspector General released a scathing report largely concerning Clinton's email use, saying that unsecured communications at such a high level created "significant security risks."

This most recent release of Clinton-linked records by Judicial Watch referred to that report. The group requested the emails and was granted the right to obtain the records under a June 14, 2016 court order by Judge Emmet G. Sullivan.

Clinton's use of a private email server has been a major headache for her presidential campaign.

[Jun 08, 2016] Hillary Clinton and the FBI Primary

Fox News

Blakeman says the FBI has deliberately waited to interview Hillary Clinton until after the primaries because the bureau did not want to interfere with the nominating process. He thinks the FBI is "likely" to recommend to the Department of Justice whether or not she should be indicted for violating what she says are agency rules and what others call the law between now and the Democratic National Convention in Philadelphia, which begins July 25.

If she is indicted before the convention, Blakeman says, it will give the party an opportunity to make changes in the rules that could result in an alternate nominee.

[Jun 08, 2016] Hillary Clinton Emailed Names of US Intelligence Officials, Unclassified

Notable quotes:
"... Hillary's emails contain at least three separate, specific instances where she mentioned in an unclassified email transmitted across the open Internet and wirelessly to her Blackberry the names of CIA personnel. ..."
"... These redactions point directly to violations of specific laws. It is not a "mistake" or minor rule breaking. ..."
"... These redactions strongly suggest that the Espionage Act's standard of mishandling national defense information through "gross negligence" may have been met by Clinton. ..."
"... There is no ambiguity in this information, no possible claims to faux-retroactive classification, not knowing, information not being labeled, etc. Clinton and her staff know that one cannot mention CIA names in open communications. ..."
"... Exposing these names can directly endanger the lives of the officials. It can endanger the lives of the foreigners they interacted with after a foreign government learns one of their citizens was talking with the CIA. It can blow covers and ruin sensitive clandestine operations. It can reveal to anyone listening in on this unclassified communication sources and methods. Here is a specific example of how Clinton likely compromised security. ..."
"... These redactions show complete contempt on Clinton's part for the security process. ..."
"... A Personal Aside: I just remain incredulous about these revelations seeming to mean nothing to the world. They're treated in the media as almost gossip. ..."
"... It seems that HRC may become POTUS, thanks to the actions of DNC, DWS and the MSM and the inaction of the FBI and DOJ - much to the relief of the MIC, CIA and NSA and the satisfaction of the TBTF banks and the RDA (* I made this one up; it stands for "Revolving Door Apparatchiks".) ..."
"... An external IT audit is necessary in this case, if it hasn't already been ordered. Who gave the approval to set this thing up? Where is the documentation requesting access to the State's servers? Who signed off on that? Who verified that approval? Who processed the request and what verification did the approvals undergo? ..."
"... An IT auditor would rip State several new orifices with which to excrete solid waste matter. ..."
June 06, 2016 | Antiwar.com

These are facts.

You can look at the source documents yourself. This is not opinion, conjecture, or rumor. Hillary Clinton transmitted the names of American intelligence officials via her unclassified email.

From a series of Clinton emails, numerous names were redacted in the State Department releases with the classification code "B3 CIA PERS/ORG," a highly specialized classification that means the information, if released, would violate the Central Intelligence Act of 1949 by exposing the names of CIA officials.

How FOIA Works

The Freedom of information Act (FOIA) requires the government to release all, or all parts of a document, that do not fall under a specific set of allowed exemptions. If information cannot be excluded, it must be released. If some part of a document can be redacted to allow the rest of the document to be released, then that is what must be done. Each redaction must be justified by citing a specific reason for exclusion.

But don't believe me. Instead, look at page two of this State Department document which lists the exemptions.

Note specifically the different types of "(b)(3)" redactions, including "CIA PERS/ORG." As common sense would dictate, the government will not release the names of CIA employees via the FOIA process. It would - literally - be against the law. What law? Depending on the nature of the individual's job at CIA, National Security Act of 1947, the CIA Act of 1949, various laws that govern undercover/clandestine CIA officers and, potentially, the Espionage Act of 1917.

Names of CIA, NSA Officials Mentioned, Now Redacted

Yet Hillary's emails contain at least three separate, specific instances where she mentioned in an unclassified email transmitted across the open Internet and wirelessly to her Blackberry the names of CIA personnel. Here they are. Look for the term "(b)(3) CIA PERS/ORG" Click on the links and see for yourself:

There are also numerous instances of exposure of the names and/or email addresses of NSA employees ("B3 NSA"); see page 23 inside this longer PDF document.

Why It Matters

BONUS: There is clear precedent for others going to jail for exposing CIA names. Read the story of John Kiriakou .

A Personal Aside: I just remain incredulous about these revelations seeming to mean nothing to the world. They're treated in the media as almost gossip.

Peter Van Buren blew the whistle on State Department waste and mismanagement during Iraqi reconstruction in his first book, We Meant Well: How I Helped Lose the Battle for the Hearts and Minds of the Iraqi People . His latest book is Ghosts of Tom Joad: A Story of the #99 Percent . Reprinted from the his blog with permission.

Tonyandoc

It seems that HRC may become POTUS, thanks to the actions of DNC, DWS and the MSM and the inaction of the FBI and DOJ - much to the relief of the MIC, CIA and NSA and the satisfaction of the TBTF banks and the RDA (* I made this one up; it stands for "Revolving Door Apparatchiks".)

The rest of us are FUCD.

Tired_of_poor_healthcare

The media has been bought and paid for. There is no longer news reporting, only propaganda recitation. Statistically, most people are followers. Let's hope there are a few principled public servants at the FBI to help save our country.

liveload

An external IT audit is necessary in this case, if it hasn't already been ordered. Who gave the approval to set this thing up? Where is the documentation requesting access to the State's servers? Who signed off on that? Who verified that approval? Who processed the request and what verification did the approvals undergo?

An IT auditor would rip State several new orifices with which to excrete solid waste matter.

[May 28, 2016] Did the Clinton Email Server Have an Internet-Based Printer?

Notable quotes:
"... the DoS requires workers to print out each email sent or received, and file it in a box, which is preserved. In general, these printouts, when done at all, are "filed" in printout order, making them difficult to search (which may be the intent, given the historic hostility to FOIA requests). ..."
"... Also, wasn't mail.presidentclinton.com used for the emails of the Clinton Foundation aides? Doesn't this mean the FBI likely now has very precise timing of both Hillary's SoS travel communications and Bill Clinton's speaking fee arrangement and Clinton Foundation donation emails, due to the emails likely having timestamps from a common clock? ..."
"... Assuming the ISP has decent security.. https://www.youtube.com/watch?v=XGmDBo-00mY ..."
"... That is a GREAT Youtube video. I've only gotten through the first 10 and a half minutes of it so far, and I had to stop watching it for a bit, because I was laughing my ass off so hard that tears were rolling down my cheeks. ..."
"... So let me get this straight, she COULD have been sending stuff involved with Black ops over an unencrypted link, and POTENTIALLY those files could have been printed off ANYWHERE in the world, and people are STILL defending her actions! Did it happen – IRRELEVANT! The very notion that she made it POSSIBLE means she breached national security! ..."
"... if I was an attacker, with or without the backing of a foreign government, I'd have been poking at THE PRINTER in the first instance, because (a) its security is likely to be weaker and also (b) its entirely less likely that there would be any logs produced or kept of my poking around. ..."
"... Now you're saying that not only was a printer available on this subdomain, and there was no firewall and no encrypted transport, but it was actually one of a particular series of HP LaserJet printers that allowed for a firmware upgrade upon receiving a new print job? ..."
"... 24.187.234.188 sounds very much like it was from the optimum online network block, and a quick whois shows that currently it does belong to them. ..."
"... he is not an engineer. Just a Manager that worked for a year 'managing' remote connectivity for foreign Embassies…. he did not go to school for CS or engineering and he has no training either. He was given immunity by the Justice Dept and was then fired by the State Dept so obviously he did something wrong. If you read Brian's post on FB - all of this is explained in the comments below his post with citations/links. ..."
"... The AP and Wired news stories about this whole issue (of the security of the server) catalog an entire boat load of security screw ups. They don't exactly inspire confidence in the competence of the people who set this stuff up. ..."
"... Interesting footnote: On tonight's NBC Evening Nudes, they mentioned that the FBI had seized Clinton's server, and also a USB thumb drive in August of last year. No mention of any PRINTERS being seized. (Typical incompetent FBI, still operating in the Louis Freeh era. The man didn't even know how to use a computer, and didn't want to.) ..."
"... like most hackers, hes a pathological liar. Its in their nature. He came out real quick to brag and prove how he hacked a clinton aid. But didn't want to tell anybody until he went to jail and she runing for president that that he hacked clintons emails? I call total BS. ..."
"... Did the sysadmin(s) who set up the mail and printer systems have security clearance(s) to read all the Mrs. Clinton's mail and print jobs? ..."
"... Because she certainly gave the sysadmin(s) the ability to read her mail and print jobs. archive the data, and transport the data anywhere. If that was not all done by State Department IT employee(s). how is this not a punishable offense? ..."
"... My understanding is that the same person who set up Bill Clinton's website and email after he left office set up Secretary Clinton's; hence, the shared IP addresses for similarly worded domains. Also, wasn't the same server used for both? ..."
"... I say follow the money. Look at the links between Clinton Foundation and classified information. ..."
"... She setup a private email server knowingly to exempt her from compliance. Now, the after the fact doesn't really matter. And she knows that… A .gov address would have full rights to all corispondance as the information belongs the the government and can be requested by ant civilian… ..."
May 28, 2016 | krebsonsecurity.com
Johnny Mnem, May 28, 2016 at 2:25 pm

It has, I think, been shown by Venafi that there was for some time in 2012 and 2013 a VPN running on the clintonemail.com domain. However, that certificate expired. Running a directly Internet connected printer seems more a security threat than simply a chance of sniffing printer queues as modern printers sometimes have their own vulnerabilities.

Venafi's posts (first story has information about VPN):

https://www.venafi.com/blog/post/new-data-confirms-venafi-analysis-on-clinton-email-server/
https://www.venafi.com/blog/post/what-venafi-trustnet-tells-us-about-the-clinton-email-server
https://www.venafi.com/webinars/view/on-demand-clinton-email-server-security-lapses
Benjamin Lim , May 29, 2016 at 7:42 am

I don't see why she requires a publicly routable IP address for a mail server, print server and VPN server. It can easily be NATed behind a router on a single public IP.

JL, May 29, 2016 at 4:21 pm

On a show last week, Rachel Maddow did a segment on the Department of State's official archive policy.

According to Maddow, the DoS requires workers to print out each email sent or received, and file it in a box, which is preserved. In general, these printouts, when done at all, are "filed" in printout order, making them difficult to search (which may be the intent, given the historic hostility to FOIA requests).

This reminded me that the DoS was dismayed at not finding Brian Pagliano's .pst file, indicating they did not expect to find his emails on any server-side backup. Presumably, no server-side DoS email backup capability exists.

Also, wasn't mail.presidentclinton.com used for the emails of the Clinton Foundation aides? Doesn't this mean the FBI likely now has very precise timing of both Hillary's SoS travel communications and Bill Clinton's speaking fee arrangement and Clinton Foundation donation emails, due to the emails likely having timestamps from a common clock?

Email Server Software Management, May 30, 2016 at 12:28 pm
Well, there are many printers have more than one port and protocols in use which means many different ways of establishing a connection to that printer and not just layer 2.
Whoever, May 31, 2016 at 7:37 am

Yes, there are so many printers with integrated frame relay ports.

Jim, May 31, 2016 at 10:35 am

Loved all the arguments, but, show me in the laws where it was illegal, for Hillery, to have a second E-mail address? And that it was illegal to use it on government time. Or to have a printer hooked to that account? But, I will tell you what was illegal. The employees using that address to send classified information too. You shouldn't worry about Hillery, but the useful idiots.

Ken, May 31, 2016 at 11:17 am

There are some registrars that setup DNS by way of a template and assign A record subdomains by default to make it easier….such as MX, www, etc. Not excusing it as you need to be way more careful when you are the state department…but this is hardly the worst thing Clinton has done.

Karen Bannan, June 1, 2016 at 1:48 pm

I'm not surprised since people don't realize how much of a security risk a printer can be - and how to protect themselves and their network. Great white paper about printer and network security written by a third party here: bit.ly/1sq1kyG

I also just read a story about printers and security on Computerworld.

http://www.computerworld.com/article/3074902/security/printer-security-is-your-companys-data-really-safe.html

–Karen Bannan, commenting for IDG and HP

Joe, May 26, 2016 at 7:52 pm

The printer queue to a pimple faced hacker wouldn't be of interest but for a state intelligence agency it would be a jackpot. Some of the greatest intelligence is gathered from the trash still today. Don't think that the printer queue would not be interesting to a knowledgeable party.

Joe, May 27, 2016 at 7:09 am

So… You want me to believe that Hillary's personal email server sat behind MILLIONS of dollars of security infrastructure to keep it protected? And that it employed D.O.D. grade 2 factor authentication, disk encryption, and had a team of the worlds best security professionals monitoring all traffic to/from the server and the network itself?

I doubt it.

IMorgan59, May 27, 2016 at 2:43 pm

Secure, nonsecure, whatever. If she had used State's email server, then 1) copies would have been on their server when she left office, 2) the Benghazi Commitee would have been able to wrap up its investigation 2 years ago, 3) if State's computers were hacked, that wouldn't be her responsibility, and 4) due to her choices, she's on the hot seat insisting she didn't do anything wrong. She made her bed and now has to sleep in it.

Winston, May 27, 2016 at 2:24 pm

The C-SPAN interview with former U.S. Attorney for the District of Columbia Joseph diGenova I linked to above was a real eye opener for me to how HUGE this scandal actually is.

Once one is aware of the details, one can easily see through all of the many intentional red herrings and half truths thrown out on this by Clinton and her campaign. What is absolutely, positively amazing to me is how they have been able to get away with it since it really doesn't take much investigative effort at all to expose their spin job for what it is.

Some of the lame excuses now coming from the State Department are a hint that officials there are also vulnerable to the very major repercussions that SHOULD come from this.

Every one of the 127 to 150 (depending upon who you listen to) FBI agents investigating this and every person in the intel community knows darn well that if any one of them had done even the tiniest fraction of what has been done by Clinton and her crew, their security clearance would have been immediately revoked, they would have been indicted and, most likely, imprisoned.

That is why, as revealed in the C-SPAN interview with Joseph diGenova who has a current Top Secret clearance himself and has his ear to the conversation within the retired DOJ and intel community in DC, there would likely be a revolt within the FBI and intel community if there are no indictments on this. Why?

Well, first, there is that "Think of what would have happened to ME if I'd done even a tiny fraction of this." Second, the failure to indict and prosecute would set a dangerous precedent that would make the successful prosecution of anyone guilty of the mishandling of classified materials and avoidance of public record FOIA inquiries difficult if not impossible.

herunobfuscatedemails, May 27, 2016 at 1:21 pm

@notme and other defending Hillary Fanbois: There is tons of evidence it was not way more secure than a DOD platform and she didn't use a qualified individual to set up the email server.

It was an out of the box config with little or no effort to obfuscate the domain / service. I highly doubt the server or IIS had been harden and I'd have to profile it was out of ignorance. No doubt all default vulnerabilities where unaddressed and patches weren't in effect if a reboot was necessary

How do we know this??? Just a little recon. As you know whatever you post may never go away… Same goes for domains. Enter one of my favorite Internet recon tools The Way Back Machine. If you don't know it, search for it and do a little research.

When the default IIS page comes up for the mail domain and the auth login page shows up for at the default OWA address, we can comfortably conclude this was a lame chatty effort. At least ssl was being used (by default no doubt):
https://mail.clintonemail.com/owa/auth/logon.aspx

Had someone intended to provide a layer of security by hiding her email, it never EVER would've been via that silly domain. An obfuscated domain would've been irrelevant and distasteful i.e. openmalwarehere.com

Mark M, May 27, 2016 at 1:47 am

Assuming the ISP has decent security.. https://www.youtube.com/watch?v=XGmDBo-00mY

Ron G, May 27, 2016 at 6:44 pm

That is a GREAT Youtube video. I've only gotten through the first 10 and a half minutes of it so far, and I had to stop watching it for a bit, because I was laughing my ass off so hard that tears were rolling down my cheeks.

Looking forward to the additional amazing absurdities revealed in the NEXT 40 minutes of this video.

You can't make stuff like this up.

Robert, May 26, 2016 at 8:48 pm

Could also DNS poison. They are not connecting to the printer via IP probably if they are setting up A records for it. Also don't underestimate how many routers on the web are hacked, and I am talking up stream core routers.

But why are we even talking about eavesdropping a connection? You can usually trivially compromise a printer (likely default admin creds) and just capture each print job that is sent to the printer using the printer itself. Copy each job onto the filesystem memory on the device and FTP it out. Most all HP and other network capable printers support it or just upload your own firmware.

psgm, May 27, 2016 at 2:20 am

So let me get this straight, she COULD have been sending stuff involved with Black ops over an unencrypted link, and POTENTIALLY those files could have been printed off ANYWHERE in the world, and people are STILL defending her actions! Did it happen – IRRELEVANT! The very notion that she made it POSSIBLE means she breached national security!

Would anyone else who did this be allowed in public yet alone to run for POTUS!?

Why haven't the DNC disqualified her already?

She is DONE

onasty, May 26, 2016 at 6:39 pm

The intercepting of data is also somewhat unlikely. Without knowing how they got internet access you can't say infallibly if it was sniffable. Over a fiber circuit she likely had a CIDR block and there wouldn't have been anyone else to sniff it. Over DOCSIS they would need to break BPI+, and be on the local RF segment. Both create extraordinarily unlikely scenarios for sniffing.

Also you sent me on a confusing wild IP goose chase… You have both 24.187.234.188 and 24.197.234.188 listed in the story.

Ron G, May 26, 2016 at 6:47 pm

An interesting report from 2011:

http://www.nbcnews.com/business/consumer/exclusive-millions-printers-open-devastating-hack-attack-researchers-say-f118851

"In one demonstration, Cui printed a tax return on an infected printer, which in turn sent the tax form to a second computer playing the part of a hacker's machine. The latter computer then scanned the document for critical information such as Social Security numbers, and when it found one, automatically published it on a Twitter feed…"

So, um, leaving aside the narrow possibility of printer traffic sniffing, I believe that it might be accurate to say that most printers these days have memory… lots of it… and thus, it would seem to be not entirely beyond the realm of the possible to imagine a scenario in which a less-than-perfectly-secured printer which happened to also have a PUBLIC internet address, might perhaps be induced to give up its secrets to some remote attacker, e.g. the last five or ten documents that were printed.

The media and the Republicats are all gaga about the security of THE SERVER, but if I was an attacker, with or without the backing of a foreign government, I'd have been poking at THE PRINTER in the first instance, because (a) its security is likely to be weaker and also (b) its entirely less likely that there would be any logs produced or kept of my poking around.

name, May 26, 2016 at 9:01 pm

Now you're saying that not only was a printer available on this subdomain, and there was no firewall and no encrypted transport, but it was actually one of a particular series of HP LaserJet printers that allowed for a firmware upgrade upon receiving a new print job?

After a few ifs, I agree this could look bad. But, Ron, you're piling on the if after if after if and stating factually that this was bad. Again, what we have is a subdomain with printer as the name. There's a ton of things in between that what you're trying to have poor Brian conclude.

Directly connecting a computer to the internet without any firewall or hardening, bad idea. Directly connecting a printer to the internet without any firewall or hardening, yes, this too is a bad idea. Too bad we're playing hopscotch because of a subdomain name. Not like this: http://210.125.31.xxx/hp/device/this.LCDispatcher?nav=hp.EventLog

Nixie, May 26, 2016 at 6:50 pm

Check this interesting Wayback Machine history out. Looks like the Clinton server was hosting adware, possible malware, on February 7, 2011.

https://web.archive.org/web/form-submit.jsp?type=prefixquery&url=https://clintonemail.com/

Ron G, May 26, 2016 at 7:23 pm

Ummm… Maybe advertising.

This brings up another interesting thing I just learned about the clintonemail.com domain. The FSI passive DNS data bases knows of about 10,000 subdomains of that domain. I was flaberghasted by this at first, but then I realised the real reason for this. (No, that domain DOES NOT actually have anywhere near that many REAL subdomains):

http://serverfault.com/questions/582962/unused-domain-name-getting-routed-to-double-click

http://www.theregister.co.uk/2008/04/11/network_solutions_sub_domain_parking/

The simple answer is that NetworkSolutions points your parked domains at their advertising. (That's not actually remarkable at all. That's just what pretty much every company that does domain parking does.)

The more interesting thing is that in the cases of your live/active/non-parked domains for which NetSol provides DNS, they wildcard these domains, so that any time anybody punches in a misspelled subdomain name, they end up at NetSol's advertising partner, DoubleClick.

This is arguably an underhanded thing for NetSol to be doing, but hey! It's (apparently) in the contract, so it _is_ explicit to the customer, and NetSol isn't in business for its health. It's a commecial enterprise, so they can't be blamed for trying to make a buck, here and there.

But all this info about the DNS really brings up some other issues. Let's say, just for the sake of argument, that Hillary's server was, in actual fact, as tight as a snare drum with respect to security. There's still the question of her login credentials for her NetSol account. If those had gone walkaround… well… you can imagine the scenarios.

Nixie, May 27, 2016 at 1:41 pm

The Wayback links I provided are NOT for subdomains or parked domains. They are for the clintonemail.com domain, for the time period in question that a breach may have occurred. The URL strings captured show (at least) questionable adware running on this box, and I'm really surprised no one is looking at that. The &poru= string is tied to some very dubious adware, for example.

Chris, May 26, 2016 at 7:02 pm

So no evidence except wild speculation based on a sub domain name? I used to have a few sub domains such as router.mydomain voip.mydomain admin.mydomain netgear.mydomain setup as a honeypots. My plan was to script any ips buzzing them had all their future traffic dropped for several days. But alas I never got around to completing it.

Ron G, May 26, 2016 at 7:50 pm

Gosh! I had no idea, up until this moment, that Hillary was so sophisticated that she was even running her own honeypots!

Returning to this planet for the moment, I'd just like to emphasize that, as I told Brian, there are really two core points here:

1) Assigning a *public* IPv4 address to a printer opened up at least the theoretical possibilities that either (a) printer traffic could be sniffed or (b) that the printer itself could be compromised. We can debate all day the actual pragmatic level of risk associated with each of these two possibilities, but I think that it is non-zero in both cases, and in any case, perhaps this all misses the point.

2) Perhaps even MORE importantly, the assignment of a static public IP address to the printer speaks to the general level of network security competence (or lack thereof) of whoever was setting up and maintaining this equipment for the Clintons. And what it says is not good at all. I don't think that many either would or could disagree with that. And this is the more troubling aspect of the whole story. If the Clinton's sysadmin messed up even this simple and obvious thing, then what ELSE did he or she mess up, security-wise?

Ron G, May 27, 2016 at 7:25 pm

"Putting anything on the internet opens up the theoretical possibility that's its traffic could be sniffed. So, unless that's the threshold, in which case she's as secure as anything else on the internet, what's the point of the outrage?"

Actually, yea, you've made a good point. But let's dissect it a bit.

In theory, at least, server-to-server e-mail transmission can be protected from prying eyes via TLS encryption. I personally don't know how well deployed that (TLS) is at the present moment, but let's just say for the sake of argument that it's 50/50, i.e. half the time Hillary's inbound and outbound messages, e.g. to various world potentates, were protected in transit from sniffing and/or MITM attacks, and the other times they weren't.

More to the point, let's assume, for the sake of argument, that she at least understood the possibilities of her e-mails being spied upon… which, in the post-Snowden era, at least, she certainly should have understood… and as a result, she was at least smart enough not to send out e-mails like "Yea, let's drop those bombs now Bibi!" as some clever wag here said.

Contrast this with her probable level of caution when it came to simply *printing* some draft document… which could be equally or perhaps even more revealing and/or inflamatory… to the printer sitting right there next to her desk in her home office.

(As someone suggested, it is at least theoretically possible that data transport to the printer might be encrypted, but in practice, probably not.)

So Hillary is sitting there, and she prints a draft of a document she's working on called "State Department Post-Invasion Plan for Crimea". She doesn't worry about the security implications of "sending" that document out over the Internet, because, as far as she knows, it is actually just going from the screen on the physical desk right in front of her just over to the printer which is sitting right at her elbow. As far as her (possibly technically naive) perceptions go, the document is just being printed, and isn't ever even leaving the room she is sitting in. So her _perception_ is that printing the document is utterly safe and secure.

But this is the whole point here. Maybe that document could be sniffed. Even if that's not a realistic possibility, the printer itself could be directly compromised, and made to give up its secrets.

The apparent high probability that (a) she had a home printer and that (b) this printer had a public Ipv4 address… which was ridiculously easy to find, by the way… and that (c) she probably was NOT just using that printer as a paperweight or a doorstop and (d) the undeniable possibility that said printer could perhaps have been "hacked"… perhaps even via something as simple as remote login using admin/admin… all adds up to what, in my book at least, seems to be a "Holy s**t!" type of scenario.

The fact that the FBI apparently didn't bother to impound her printer when it impounded the rest of her gear is perhaps even more troubling.

For all we know, as we speak, that printer may be sitting exposed in some landfill somewhere in the hills of Westchester County, just waiting for some dumpster diver with an eye for valuable e-waste to come along, fish it out, plug it in, login with admin/admin, and then print out copies of the last 20 documents.

I think that it is safe to say that such a scenario probably would not be fully conformant with State Department rules & regulations with respect to the security of electronic documents.

Name, May 26, 2016 at 7:27 pm

Subdomain names mean little to nothing. Someone could guess what an IP address served based upon the subdomain name, or the domain name itself, but that is silly.

What exactly is an "internet based printer"? I'm not sure if there's a technical person trying to sound not technical and using random jargon or if it's a non-technical person trying to sound technical. Let's try and define some terms maybe?

24.187.234.188 sounds very much like it was from the optimum online network block, and a quick whois shows that currently it does belong to them. That sounds about right because they provide services around the area Hillary Clinton called home. Optonline does provide static IP addresses. But I have to wonder, are these terminated in the house? Do we know if the email server everyone is so hip to talk about was actually located at Clinton's house or was it in a DC (rack, not washington)? If it was in her house what was the connection? Did this IP reside on a cable modem? Was it a DSL line? Fiber? That area wasn't know for it's way updated and trendy transport. Did the carrier provide the equipment? Did Clinton hire a complete idiot to put the email server directly connected to the internet or was there a firewall in front of it?

How likely is it that there was a firewall of sorts in front of the mail server and any printers that were likely there? Pretty damn likely. She didn't buy services from Stooges r Us. And even if she did, they would probably set up a firewall. That's all saying that the vendor supplied equipment didn't perform some firewalling technology. Anyone in the IT field would see this as not very likely outside of pre mid 90s.

For the printer subdomain name, we think that the printer actually had IPP or something? LPD? Are you suggesting, but not saying, that Clinton set up a printing device directly on the internet so that while she was traveling around wherever she was when not at home and printing to that printer? That doesn't even make sense. Or are you suggesting, but not saying, she decided this fancy new printer she saw at Office Depot would look nice with a subdomain sitting next to her email server? And, now she could actually print stuff while she was outside in the yard or upstairs in the bedroom? Oh, it was connected to the internet? Really? "I didn't know it was on the internet even though I somehow called and registered a subdomain so I could get an external IP address for it. And I just plugged this big old CAT5(e)/6 cable into my printer directly from the wall???"

Factually we can say the following: 4 subdomains pointed to 2 IPs. 2 subdomains use the English word "mail" and 2 subdomains use the English word "printer".

Do we know that some mail transfer agent was listening on the mail domain? I assume someone knows this, but I've not seen any documentation on this, haven't looked, barely care. Do we have any open ports on this other IP? Did anyone do some research? Why don't you contact Robert Graham and ask him if masscan hit those IPs and what ports were open. Maybe he doesn't like reporters, but you can ask nicely. Tell him some guy on the internet told you about masscan and that Rob probably had some port information about those IPs.

Ron G, May 26, 2016 at 10:41 pm

"Do we know if the email server everyone is so hip to talk about was actually located at Clinton's house or was it in a DC (rack, not washington)? If it was in her house what was the connection? Did this IP reside on a cable modem? Was it a DSL line? Fiber? That area wasn't know for it's way updated and trendy transport. Did the carrier provide the equipment? Did Clinton hire a complete idiot to put the email server directly connected to the internet or was there a firewall in front of it?"

These are all GREAT questions, many of which the FBI, in its usual half-assed manner, is probably not even thinking about, let alone actually asking. Do you have any of the answers to any of the questions that you yourself have raised? I mean DEFINITIVE answers, rather than just your personal speculations?

"How likely is it that there was a firewall of sorts in front of the mail server and any printers that were likely there? Pretty damn likely."

And you are basing that opinion/supposition on what, exactly?

"She didn't buy services from Stooges r Us."

Ummm… she did, actually:

As detailed in both of the above news stories, whoever set up Clinton's network was probably a relative of Professor Irwin Corey.

Jen, May 27, 2016 at 11:43 am

She used a SUPER USER from State to set it up for her… he is not an engineer. Just a Manager that worked for a year 'managing' remote connectivity for foreign Embassies…. he did not go to school for CS or engineering and he has no training either. He was given immunity by the Justice Dept and was then fired by the State Dept so obviously he did something wrong. If you read Brian's post on FB - all of this is explained in the comments below his post with citations/links.

Dan Riley, May 26, 2016 at 8:01 pm

Yes, she had a CIDR block:

https://whois.arin.net/rest/net/NET-24-187-234-184-1

The CIDR block 24.187.234.184/29 was allocated to Clinton's home. If the network was configured following standard practices, traffic between systems inside that CIDR block would not have left Clinton's LAN, and most definitely would not have been "sent out over the Internet". Guilmette's comments about vulnerabilities and wasting toner assume incompetence and a total absence of firewalls. What evidence we have is that the people who setup Clinton's home LAN knew enough to configure a router, a firewall, a VPN, and some basic CIDR netmasks.

NAT is not a security fix-all, not using NAT is not a sign of vulnerability or incompetence.

Ron G, May 26, 2016 at 11:01 pm

"If the network was configured following standard practices, traffic between systems inside that CIDR block would not have left Clinton's LAN…"

And if perchance it WASN'T configured following standard practices, what then?

Does the FBI know what how the network was actually configured? Does anybody?

"Guilmette's comments about vulnerabilities and wasting toner assume incompetence and a total absence of firewalls."

Absolutely. Is there any publically known reason to grant the sysadmin(s) who set this stuff up any more generous assumptions vis a vis their competence? The AP and Wired news stories about this whole issue (of the security of the server) catalog an entire boat load of security screw ups. They don't exactly inspire confidence in the competence of the people who set this stuff up.

"What evidence we have is that the people who setup Clinton's home LAN knew enough to configure a router, a firewall, a VPN, and some basic CIDR netmasks."

I can teach an 8th grader of average intelligence how to do all that stuff in 1/2 hour. Teaching him/her how to do it SECURELY takes a bit longer.

The good news is that people with no more intelligence that a bag of hammers can nowadays wander down to the local BestBuy, purchase a network printer and a router, take them both home, plug them in, and they just seem to work. The bad news is that people with no more intelligence than a bag of hammers can nowadays wander down to their local BestBuy, purchase a network printer and a router, take them both home, plug them in, and they just SEEM to work.

The mere existance of this network isn't proof that it was secure in any sense. It isn't even evidence of that.

Blake, May 27, 2016 at 9:42 am

Agreed. The information in this article is largely speculation based on one piece of information meta data (a DNS record).

Whether a printer existed is speculation; Whether said printer was connected to the internet is speculation (having an IP does not equal internet connectivity); If said printer existed, and if said printer was internet connected, any vulnerabilities in the printer itself or in the communications path are also speculation.

Fred, May 26, 2016 at 8:16 pm

It gets better. Do a dig mx clintonemail.com. You'll see that the machine's incoming email was filtered by mxlogic.net, a spam filtering service that works by received all your emails, filtering out the spam, and forwarding you the rest.

This is because the hosting provider, Platte River Network, sold a package along with the hosting. The package included spam filtering and full-disk off-site backup (since then seized by the FBI).

So every email received by Clinton was going through many unsecured places, including a spam filtering queue, a backup appliance and an off-site backup server. Which has already been documented.

Ron G, May 26, 2016 at 10:24 pm

"It gets better. Do a dig mx clintonemail.com. You'll see that the machine's incoming email was filtered by mxlogic.net, a spam filtering service that works by received all your emails, filtering out the spam, and forwarding you the rest."

That arrangement appears to have only been in effect since circa June, 2013. We should think also about the time BOTH before and after that.

;; bailiwick: clintonemail.com.
;; count: 5454
;; first seen: 2013-06-24 21:27:43 -0000
;; last seen: 2016-05-26 12:57:43 -0000
clintonemail.com. IN MX 10 clintonemail.com.inbound10.mxlogic.net.
clintonemail.com. IN MX 10 clintonemail.com.inbound10.mxlogicmx.net.

"This is because the hosting provider, Platte River Network, sold a package along with the hosting. The package included spam filtering and full-disk off-site backup (since then seized by the FBI)."

Was that all in the report? I guess I'll have to go and read that whole thing now.

Interesting footnote: On tonight's NBC Evening Nudes, they mentioned that the FBI had seized Clinton's server, and also a USB thumb drive in August of last year. No mention of any PRINTERS being seized. (Typical incompetent FBI, still operating in the Louis Freeh era. The man didn't even know how to use a computer, and didn't want to.)

"So every email received by Clinton was going through many unsecured places, including a spam filtering queue, a backup appliance and an off-site backup server. Which has already been documented."

Um, yep. You're right. Arguably, the security of Clinton's e-mails were even WORSE after the switch in June, 2013, than it had been before that.

And let's not forget that the Stored Communications Act makes it perfectly legal for any service provider who happens to have YOUR e-mails on THEIR hard drives to peek at those e-mails, pretty much as they see fit, as long as doing so is ostensibly or arguably for "technical" reasons having to do with the management of the service they are providing.
(Google goes further and has software that looks at everything, for marketing/advertising purposes. All 100% legal, based on their end luser contracts, I'm sure.)

So this is basically like when some NSA people got caught peeking at the NSA's records on their love interests. When they get caught, they just shrug, promise never to do it again, and nobody goes to jail.

How many sysadmins at MXLogic had access to Clinton's emails? If the one lone guy who pulled the graveyard shift poked around into those e-mails, at say 3AM, would anybody even know that had happened? (Even the NSA didn't know what Snowden had looked at until he was already long gone, and even then, they weren't entirely sure.)

Bruce Hobbs, May 26, 2016 at 9:10 pm

Ah, Brian, it appears that both the Chinese and the Russians had complete access to Hillary's rogue mail server going back to 2013. I'm not sure there's any point in talking about the printer.

A Romanian cab driver, known as Guccifer and now sitting in a U.S. jail, claimed to have found her mail server and gotten complete access to it in 2013, up to two years before Farsight discovered it in March 2015.

But there is a subsequent story that claimed that Guccifer tried to hack into Russian systems which the Russians discovered. They, in turn, planted malware on Guccifer's computer that allowed them to see everything that he was able to hack into. It's likely that the Russians have every piece of email that went through Hillary's server. If there are any missing, we should ask them about it.

http://www.wsj.com/articles/hillary-gets-guccifered-1462487970

cooloutac, May 26, 2016 at 11:12 pm

like most hackers, hes a pathological liar. Its in their nature. He came out real quick to brag and prove how he hacked a clinton aid. But didn't want to tell anybody until he went to jail and she runing for president that that he hacked clintons emails? I call total BS.

Ron G, May 26, 2016 at 11:26 pm

Nobody with any brains believes the recent headline-grabbing pronouncements from this criminal Guccifer. He's pretty obviously just failing around and hoping that he can come up with some topical story that will get him in the newspapers and maybe… if they are really dumb… entice his prosecutors into cutting him some sort of a deal if he "talks" about his alleged break-in to the Clinton server. But so far, he hasn't produced a single shred of credible evidence to back up his wild claims, and as someone pointed out, it is really rather absurd, even or especially for someone in his position, to VOLUNTARILY cop to yet another federal felony.

The smart money says that if anyone ever did compromise any part of Clinton's network, that party will be smart enough to NEVER talk about that, except to his paymasters, or to whoever is willing and able to purchase the exflitrated data, with utmost confidentiality and discretion, obviously.

Chief V, May 26, 2016 at 10:44 pm

I assume that when China, Russia, Israel, Germany, Britian, India, Pakistan, etc… reconnoitered Secretary Clinton's web presence and discovered her use of a private email server and printer, they would have devoted the required time and resources to compromise them, one way or the other. That's what state-sponsored intelligence services do. If I were either Clinton, I would assume my email was compromised and assume my nation-state adversaries have everything … just the same as if I used the State Department's email system.

Ironically, she would have been better off using the State Dept. email system: she would have known from the start that eventually every message would be in the hands of our adversaries.

twinmustangranchdressing, May 27, 2016 at 5:12 am

When she was Secretary of State, Hillary Clinton worked and lived in Washington, DC. Why would she have wanted to print out emails in Chappaqua, NY?

jb, May 27, 2016 at 7:40 am

The printer could have resided anywhere. Just because the IP is hosted in NY, doesn't mean the printer is there, just the print queue

Algo Rythm, May 27, 2016 at 11:39 am

Two points:

1. DOCSIS – LOL. While her cable company's DOCSIS 3.1 does have encrypted features to prevent someone on the copper from doing the equivalent of ARP poisoning to pretend to be her gateway, I have not yet – anywhere in New England or the Mid Atlantic – found those encryption features enabled. They are left off intentionally by every provider I have tested probably for bandwidth profit reasons. Her packets were sniffable. Period.

2. FOX level hypocrisy detected.

Let's not forget that Rove and Cheney ran the US government for years during a time of war using an Exchange 2003 RNC server. When called on it, suddenly (Oopsy, TeeHee!) all the millions of those email messages – and their backups – got 'accidentally' deleted rather than letting the world + dog see what those two chimps were trusting Microsoft security to keep safe. Any talk of Orange suits needs to put those two at the front of the line.

As far as I'm concerned with Hillary, I'd like to see her precedent more widely adopted – hardened personal mail stores to restore privacy. Screw the folks who think snooping everyone's email is their personal right under some secret law.

brea, May 27, 2016 at 1:08 pm

"More importantly, any emails or other documents that the Clintons decided to print would be sent out over the Internet - however briefly - before going back to the printer. And that data may have been sniffable by other customers of the same ISP, Guilmette said."

How/why would this be the case?

I can see if we make the assumption of all machines using internal IPs so packets headed to 24.187.234.188 would route out then bounce back in … but if it was local net, or if it was defined in hosts or the router (also assumptions) then it would never have to bounce out except for a a lookup.
or am I missing something here ..?

vb, May 27, 2016 at 1:24 pm

Did the sysadmin(s) who set up the mail and printer systems have security clearance(s) to read all the Mrs. Clinton's mail and print jobs?

Because she certainly gave the sysadmin(s) the ability to read her mail and print jobs. archive the data, and transport the data anywhere. If that was not all done by State Department IT employee(s). how is this not a punishable offense?

It boggles my mind to think that anyone could defend Mrs. Clinton for this blatant breach of national security.

KrebsonSecurityFan, May 27, 2016 at 3:15 pm

My understanding is that the same person who set up Bill Clinton's website and email after he left office set up Secretary Clinton's; hence, the shared IP addresses for similarly worded domains. Also, wasn't the same server used for both?

I think this person was granted immunity.

Worrying about whether an indictment is in the future is like wondering what verdicts a jury is going to return. That is something that I learned from a veteran attorney.

CD, May 27, 2016 at 3:53 pm

So I am in the printer industry, and this story is interesting for a couple of reasons.

1) Most IP based printers (read connected via ethernet card rather than USB "local" connection) allow for users and administrators to log in to the printer via the IP address and adjust settings, install new firmware, and so forth. For a state hacker, this could be gold – and the default "service" logins and passwords can typically be found in service manuals readily available on the web.

2) On that issue, one of the things that a lot of multi function devices ("all in one") allow for is "multi plexing". "Multi plexing" is performing multiple functions with a single job submission. For example, there are machines that can receive an incoming fax, print that fax out, forward the fax using SMB to an archive (typically, but not always on the same subnet), forward that fax via email to a recipient, forward that fax to another fax machine using telephony, forward that fax to a fax server using LAN faxing, and so on. You can see how tempting a multifunction machine would be to a a state intelligence service.

3) All the components in a machine are commercially available, from limited manufacturers – there are only so many manufacturers for memory, motherboards, etc. For a state intelligence service with a lot of money – setting up a clone in a lab to use as a template to re-engineer would be relatively cheap.

4) Many PostScript enabled printers allow for firmware upgrades as a PostScript print submission – so the printer could be reprogrammed with new firmware (essentially re engineered) remotely by anyone with access to the IP. Essentially, the multi plexing could be reprogrammed to sent print submissions out to a server controlled by a foreign intelligence service. Now, this isn't something that a pimply faced hacker could do. Too expensive, and too time consuming. But if you had an organization that could figure out how to reprogram centrifuges…

5) Many printers by default "assign themselves" ports with known weaknesses (I'm looking at you, Port 8xxx), and open those ports up to allow communication over a network – for example, the "flag" that pops up on your computer to let you know the printer is out of paper. Depending on how a printer is set up for internet printing, this may or may not apply. Experienced IP administrators will go back, and change the port settings – if they think of it. But in many cases it is not something that they are thinking about.

Shift4, May 27, 2016 at 4:29 pm

I say follow the money. Look at the links between Clinton Foundation and classified information.

She setup a private email server knowingly to exempt her from compliance. Now, the after the fact doesn't really matter. And she knows that… A .gov address would have full rights to all corispondance as the information belongs the the government and can be requested by ant civilian…

[May 09, 2016] Hillary Clinton demonstrated gross negligence in handling classified information - former FBI agent

Notable quotes:
"... There are really two prongs to this investigation: the sensitive handling or mishandling of classified information in the form of emails. But there is also another aspect of this and that is the significant monies that came to the coffers of the Clinton Foundation while Mrs. Clinton held a high cabinet-level political position. And it is a violation of the law for political officials to accept money. This is somewhat of a grey area. But there are indications that part of the investigation is not only looking at the handling or mishandling of classified information… but, on the second hand, is an individual in an official capacity accepting money or favors on behalf of their position with the US government. ..."
"... When I was an FBI agent and I worked overseas, I was not able to accept anything that had a value over 25 dollars… So, there is a big question about not only the handling of information, but also the accepting of gifts. There has been anecdotal information that upwards of $57 million went into the coffers of the Clinton Foundation while Mrs. Clinton was Secretary of State. So, that is something that the investigation will look at. ..."
"... Could that be an obstruction of justice? Interesting to see. Were emails destroyed? That is a violation of the law in terms of destruction of evidence ..."
"... I think there is a gross negligence of the handling of classified information that protects our national security. ..."
"... They take their orders from the owners of government just like all federal employees. Military included! Oaths mean NOTHING to US government employees. You swear to uphold the constitution and when or if you do you end up like snowden or manning. You collect your pay and your benefits and do as your told otherwise your dealt with like they deal with any citizen that disobeys, they destroy your life one way or another. ..."
"... The handling of Hillary's email is the least of her crimes. She was essentially running a regime change for profit using the US military during her tenure as secretary of state. ..."
"... I had not heard the regime-change-for-profit angle. Fascinating. Hideous. ..."
"... Hillary Clinton taking advantage of her power in such a blatant way setting up a home server for a top US office is beyond poor judgement. That says she believes she is above the law. ..."
"... Hillary Clinton and Donald Trump are both narcissistic without forethought. They both do what they want and either get out of the way or suffer the cc consequences. They both believe they can do anything. The sad part is the other political powers are either an ally or afraid of them. The media, politicians, corporate executives are either afraid of them or part of corruption. ..."
"... We'll see if the FBI has any balls or just talk. ..."
"... ...and yet, Donald Trump did not set-up a private server system just to get around the rules of being Secretary of State. Why find a roundabout way to have Trump share blame with Clinton for her dishonest behavior and poor choices? He wasn't the one who made them: She did. ..."
"... Their shady deals were made behind closed doors with the only witnesses being those who would, themselves, be implicated if word got out. I'm currently reading "Clinton Cash" and it just blows my mind. Those two are the absolute epitome of corruption. ..."
"... i dont know about this if she has jeopadised national security then she is no different to bradley manning the fbi plays no favourites although bradley manning did everyone a favour by what he did but hillary did it to put herself into the white house ..."
May 8, 2016 | RT Op-Edge

Clinton faces questioning over her handling of classified information in emails, as well as funds received by the Clinton Foundation while she was in high office, James Conway former FBI agent and Managing Director of Global Intel Strategies told RT.

CBS News reported that Democratic presidential hopeful Hillary Clinton will be interviewed by the FBI in the near future regarding messages sent and received on her private email server.

RT: What kind of steps may we expect to see taken by the FBI with regards to Hillary Clinton and her email controversy? Will she receive some sort of special privilege due to her high-ranking position?

James Conway: I do know the protocols and standards the FBI follows when it comes to serious violations of the law. First of all, the FBI is an apolitical organization that has nothing to do with politics. Agents of the FBI and support employees of the FBI take an oath to uphold the law. And that's regardless of who may have committed violations of the law.

It is immaterial whether it is the First Lady, or it is the lady down the street, or it is the mayor of a city - it doesn't matter. The FBI has a long history of enforcing the law. And sometimes people who are subjects to those investigations happen to be high-level political officials. So, it has happened a number of times. Just two years ago David Petraeus was charged, former general and former Director of the CIA was charged with violations of the law as it pertains to the protection or the passage of sensitive, classified information which is somewhat the subject of this ongoing investigation or the allegations that have been brought forward against the former First Lady and current candidate for the president of the US.

RT: Does the investigation pose a threat to Clinton's presidential aspirations?

JC: Political commentators have said this. The FBI has said nothing. The FBI's investigation is extremely complex. They are looking at years of activity; they are looking at thousands and thousands of transactions in cyberspace. There are really two prongs to this investigation: the sensitive handling or mishandling of classified information in the form of emails. But there is also another aspect of this and that is the significant monies that came to the coffers of the Clinton Foundation while Mrs. Clinton held a high cabinet-level political position. And it is a violation of the law for political officials to accept money. This is somewhat of a grey area. But there are indications that part of the investigation is not only looking at the handling or mishandling of classified information… but, on the second hand, is an individual in an official capacity accepting money or favors on behalf of their position with the US government.

When I was an FBI agent and I worked overseas, I was not able to accept anything that had a value over 25 dollars… So, there is a big question about not only the handling of information, but also the accepting of gifts. There has been anecdotal information that upwards of $57 million went into the coffers of the Clinton Foundation while Mrs. Clinton was Secretary of State. So, that is something that the investigation will look at.

RT: How serious are the charges that Hillary Clinton faces?

JC: Personally, I know that the handling of classified information is extremely sensitive. And it is viewed by the courts and by national security folks […] as extremely valuable and important. And those who violate those laws and rules are subject to severe penalties. And sometimes, in the case of David Petraeus, he passed some sensitive information, not official documents, but in the forms of notes to Paula Broadwell who was writing a book about him […]. In this particular case that everybody is talking about in America, because it is within the context of the ongoing presidential campaign here, Hillary Clinton didn't use a State Department closed email system […] Mrs. Clinton had her own public server and that is how she was communicating with her associates and others within the government. To me, that's a clear problem. She has been asked to provide all of that traffic and there have been instances during the course of the investigation that maybe she didn't hand over all those documents, all of that email traffic. Could that be an obstruction of justice? Interesting to see. Were emails destroyed? That is a violation of the law in terms of destruction of evidence. So, there are a lot of problems here. I think there is a gross negligence of the handling of classified information that protects our national security.

The statements, views and opinions expressed in this column are solely those of the author and do not necessarily represent those of RT.

@PeteSanger, ·8 May

"Agents of the FBI and support employees of the FBI take an oath to uphold the law."

If that were the case then they would have reopened the investigation of the so called terrorist attacks on 9/11.

They take their orders from the owners of government just like all federal employees. Military included! Oaths mean NOTHING to US government employees. You swear to uphold the constitution and when or if you do you end up like snowden or manning. You collect your pay and your benefits and do as your told otherwise your dealt with like they deal with any citizen that disobeys, they destroy your life one way or another.

@Emmett647, 8 May

The handling of Hillary's email is the least of her crimes. She was essentially running a regime change for profit using the US military during her tenure as secretary of state.

@LouCoatney -> @Emmett647, ·8 May

I had not heard the regime-change-for-profit angle. Fascinating. Hideous.

@CarolOrcutt, 8 May

Hillary Clinton taking advantage of her power in such a blatant way setting up a home server for a top US office is beyond poor judgement. That says she believes she is above the law. There is a pattern of her apologizing after she makes thoughtless decisions and many when she was Secretary of State and first lady. Her holding these positions does not make her a better candidate. Hillary Clinton and Donald Trump are both narcissistic without forethought. They both do what they want and either get out of the way or suffer the cc consequences. They both believe they can do anything. The sad part is the other political powers are either an ally or afraid of them. The media, politicians, corporate executives are either afraid of them or part of corruption.

We'll see if the FBI has any balls or just talk.

@MidnightAndLulu -> @CarolOrcutt, 9 May

...and yet, Donald Trump did not set-up a private server system just to get around the rules of being Secretary of State. Why find a roundabout way to have Trump share blame with Clinton for her dishonest behavior and poor choices? He wasn't the one who made them: She did.

@Andy007, ·8 May

On RT German I read an article (inspired by Seymour Hersh), that Hillary Clinton supported an secret CIA operation in Libya in 2012, to let steal sarin gas stocks from Gaddafi Regime, to bring it to Syria, and gave it to islamist rebels, who use it to kill thousands of Syrian people. In the world's press Asssad was the mass murderer, the offender. I'm not sure if there are some evidence. But is it clever to support Hillary Clinton, when there are so sensible allegations against her? Perhaps it is gossip perhaps not. For the Democrats it could be painful, if Hillary get president and someday in future she must resign, when she get an indictment and must go into prison. For the Democrats is now the time to clear if it's true or not. Sure I like Bernie Sanders more than Hillary Clinton, he is a good man. But this is not the point. If Mrs. Clinton was part of a criminal mission the Democrats must clear it, or bear up the consequences in future.

@ChristinaJones, 9 May

Unfortunately I doubt anything will come of this. They (both Bill and Hillary) have been able to successfully skirt the law for a very long time now. They have amassed power and wealth by exploiting their positions and connections and have committed their offenses and done their dirty deeds right under everyone's noses. It disgusts me. I'm sure there are those in law enforcement who would love to take them down, are fully aware of their crimes, but, alas, our legal system requires definitive proof of any wrongdoings regardless of how obvious they are. There would have to be a recording of a conversation or an email (perhaps among 30,000 deleted?) That proves, without a doubt, that promises were made and delivered on in exchange for "contributions". The Clintons aren't stupid, especially Hillary.

Their shady deals were made behind closed doors with the only witnesses being those who would, themselves, be implicated if word got out. I'm currently reading "Clinton Cash" and it just blows my mind. Those two are the absolute epitome of corruption. Maybe, just maybe, this whole email situation is the break many have been looking for. If there is any justice at all in America the Clintons will be exposed for all they truly are and brought up on charges, convicted. I have my doubts though. I think what's most sickening is how they (Hillary) has exploited Americans gullibility by playing the victim in this tiresome "that evil GOP is always out to get me!" narrative. Wake up, people! The proof is there, all you have to do is look. I'm not anywhere close to a Republican and I see it. That's because I bothered to look.

@WayneJohnson -> @ChristinaJones, 9 May

i dont know about this if she has jeopadised national security then she is no different to bradley manning the fbi plays no favourites although bradley manning did everyone a favour by what he did but hillary did it to put herself into the white house

@Venom88, 8 May

The wicked witch of the west. Check how's she walks it's so odd...

[Mar 11, 2016] Hillarys Other Server Scandal

Notable quotes:
"... Bernie Sanders keeps refusing' to hit Hillary Clinton over her email. Or so it seems. But maybe the Vermont senator's relentless assault on Mrs. Clinton's corporate ties is about her email after all. Maybe Mr. Sanders is betting that Hillary has a bigger problem than classified information... ..."
www.wsj.com

The focus is on state secrets in her email - but what personal favors lay within?

Bernie Sanders keeps refusing' to hit Hillary Clinton over her email. Or so it seems. But
maybe the Vermont senator's relentless assault on Mrs. Clinton's corporate ties is about
her email after all. Maybe Mr. Sanders is betting that Hillary has a bigger problem than
classified information...

[Feb 27, 2016] As One Clinton Email Nightmare Nears an End, Another Begins

finance.yahoo.com

Meanwhile, a federal judge ruled this week that Clinton and her top aides should be questioned under oath about her email arrangement, signaling the start of an entirely new legal headache for the now White House contender and her campaign team.

The lawsuit, brought by the conservative watchdog group Judicial Watch, will pick up again in a few weeks in mid-March when the group files its preliminary plan for the questioning. State has until Apr. 5 to respond, and then Judicial Watch gets 10 days to file a reply.

The legal maneuvering means that Clinton aides could be deposed during the dog days of summer and potentially well into the general election. Another months-long round of questions about her emails could drag her entire campaign down as it did last year and give Sanders another shot at the nomination or hobble her in a contest against the GOP nominee.

[Dec 04, 2015] Heres Why the Media Stopped Reporting on Clintons New Emails

Notable quotes:
"... This week, though, the media appeared curiously incurious about the latest tranche of e-mails from the Clinton server. In the largest release yet, State unveiled 7,800 pages of e-mails, of which 328 e-mails were redacted for containing classified information. ABC News dutifully reported on that addition to the refutation of Clinton's claims, and noted that the number of e-mails that contained classified information has reached 999 in total – with about a third of the communications left unpublished for now. ..."
"... Very few news outlets found it newsworthy that the number of classified messages had jumped nearly 50 percent with this release, and none pondered what that meant to Hillary Clinton's credibility. ..."
"... The collective yawn from the media after this week's release gives us an indication of the level of media interest we can expect, as Hillary Clinton gets closer to the nomination. They want to keep that narrative going rather than look at the thousand ways Clinton lied about her e-mail system and risked national security in order to thwart legitimate oversight into the State Department's performance. ..."
finance.yahoo.com

This week, though, the media appeared curiously incurious about the latest tranche of e-mails from the Clinton server. In the largest release yet, State unveiled 7,800 pages of e-mails, of which 328 e-mails were redacted for containing classified information. ABC News dutifully reported on that addition to the refutation of Clinton's claims, and noted that the number of e-mails that contained classified information has reached 999 in total – with about a third of the communications left unpublished for now.

Oddly, though, the media outlet that broke the story didn't seem interested in pursuing that aspect of it. The New York Times report on the latest tranche didn't bother to mention that any e-mails had been classified. Its lead on the release instead noted that one e-mail which had been previously considered classified had been declassified for this release…which presumably kept Clinton from hitting 1,000 refutations to her claims.

The rest of the media didn't take much more of an interest in the implications of this development, either. Most of the focus fell on Philippe Reines' effort to get advice from the NFL for Clinton's "cracked head," as she self-effacingly described her concussion and its aftermath. Others found it amusing that Clinton was a fan of the TV series Homeland but didn't recall which channel to watch for it. Very few news outlets found it newsworthy that the number of classified messages had jumped nearly 50 percent with this release, and none pondered what that meant to Hillary Clinton's credibility.

This lack of interest seems to be of a piece with the narrative that emerged in late October, after the Democrats' first presidential debate and Clinton's testimony to the House Select Committee on Benghazi. They rushed to declare that time frame "the best ten days of the Clinton campaign," even though as Marco Rubio pointed out in a subsequent debate , the testimony actually demonstrated that Clinton lied about Benghazi.

In an e-mail uncovered in the scandal, she told her family within hours of the attack on the consulate that it was an organized terrorist operation, while insisting for the next two weeks that it was a spontaneous demonstration in response to an obscure YouTube video.

Still, ever since then the narrative has had Clinton recovering her bearings and moving past the e-mail scandal even as the FBI probe continues and more classified information is redacted. The collective yawn from the media after this week's release gives us an indication of the level of media interest we can expect, as Hillary Clinton gets closer to the nomination. They want to keep that narrative going rather than look at the thousand ways Clinton lied about her e-mail system and risked national security in order to thwart legitimate oversight into the State Department's performance.

[Oct 14, 2015] Security farce at Datto Inc that held Hillary Clintons emails revealed

Notable quotes:
"... But its building in Bern Township, Pennsylvania, doesn't have a perimeter fence or security checkpoints and has two reception areas ..."
"... Dumpsters at the site were left open and unguarded, and loading bays have no security presence ..."
"... It has also been reported that hackers tried to gain access to her personal email address by sending her emails disguised parking violations which were designed to gain access to her computer. ..."
"... a former senior executive at Datto was allegedly able to steal sensitive information from the company's systems after she was fired. ..."
Oct 13, 2015 | Daily Mail Online

Datto Inc has been revealed to have stored Hillary Clinton's emails - which contained national secrets - when it backed up her private server

The congressional committee is focusing on what happened to the server after she left office in a controversy that is dogging her presidential run and harming her trust with voters.

In the latest developments it emerged that hackers in China, South Korea and Germany tried to gain access to the server after she left office. It has also been reported that hackers tried to gain access to her personal email address by sending her emails disguised parking violations which were designed to gain access to her computer.

Daily Mail Online has previously revealed how a former senior executive at Datto was allegedly able to steal sensitive information from the company's systems after she was fired.

Hackers also managed to completely take over a Datto storage device, allowing them to steal whatever data they wanted.

Employees at the company, which is based in Norwalk, Connecticut, have a maverick attitude and see themselves as 'disrupters' of a staid industry.

On their Facebook page they have posed for pictures wearing ugly sweaters and in fancy dress including stereotypes of Mexicans.

Its founder, Austin McChord, has been called the 'Steve Jobs' of data storage and who likes to play in his offices with Nerf guns and crazy costumes.

Nobody from Datto was available for comment.

[Oct 13, 2015] Hillary Clintons private server was open to low-skilled-hackers

Notable quotes:
"... " That's total amateur hour. Real enterprise-class security, with teams dedicated to these things, would not do this" -- ..."
"... The government and security firms have published warnings about allowing this kind of remote access to Clinton's server. The same software was targeted by an infectious Internet worm, known as Morta, which exploited weak passwords to break into servers. The software also was known to be vulnerable to brute-force attacks that tried password combinations until hackers broke in, and in some cases it could be tricked into revealing sensitive details about a server to help hackers formulate attacks. ..."
"... Also in 2012, the State Department had outlawed use of remote-access software for its technology officials to maintain unclassified servers without a waiver. It had banned all instances of remotely connecting to classified servers or servers located overseas. ..."
"... The findings suggest Clinton's server 'violates the most basic network-perimeter security tenets: Don't expose insecure services to the Internet,' said Justin Harvey, the chief security officer for Fidelis Cybersecurity. ..."
"... The U.S. National Institute of Standards and Technology, the federal government's guiding agency on computer technology, warned in 2008 that exposed server ports were security risks. It said remote-control programs should only be used in conjunction with encryption tunnels, such as secure VPN connections. ..."
Daily Mail Online

Investigation by the Associated Press reveals that the clintonemail.com server lacked basic protections

... ... ...

Clinton's server, which handled her personal and State Department correspondence, appeared to allow users to connect openly over the Internet to control it remotely, according to detailed records compiled in 2012.

Experts said the Microsoft remote desktop service wasn't intended for such use without additional protective measures, and was the subject of U.S. government and industry warnings at the time over attacks from even low-skilled intruders.

.... ... ...

Records show that Clinton additionally operated two more devices on her home network in Chappaqua, New York, that also were directly accessible from the Internet.

" That's total amateur hour. Real enterprise-class security, with teams dedicated to these things, would not do this" -- Marc Maiffret, cyber security expert

'That's total amateur hour,' said Marc Maiffret, who has founded two cyber security companies. He said permitting remote-access connections directly over the Internet would be the result of someone choosing convenience over security or failing to understand the risks. 'Real enterprise-class security, with teams dedicated to these things, would not do this,' he said.

The government and security firms have published warnings about allowing this kind of remote access to Clinton's server. The same software was targeted by an infectious Internet worm, known as Morta, which exploited weak passwords to break into servers. The software also was known to be vulnerable to brute-force attacks that tried password combinations until hackers broke in, and in some cases it could be tricked into revealing sensitive details about a server to help hackers formulate attacks.

'An attacker with a low skill level would be able to exploit this vulnerability,' said the Homeland Security Department's U.S. Computer Emergency Readiness Team in 2012, the same year Clinton's server was scanned.

Also in 2012, the State Department had outlawed use of remote-access software for its technology officials to maintain unclassified servers without a waiver. It had banned all instances of remotely connecting to classified servers or servers located overseas.

The findings suggest Clinton's server 'violates the most basic network-perimeter security tenets: Don't expose insecure services to the Internet,' said Justin Harvey, the chief security officer for Fidelis Cybersecurity.

Clinton's email server at one point also was operating software necessary to publish websites, although it was not believed to have been used for this purpose.

Traditional security practices dictate shutting off all a server's unnecessary functions to prevent hackers from exploiting design flaws in them.

In Clinton's case, Internet addresses the AP traced to her home in Chappaqua revealed open ports on three devices, including her email system.

Each numbered port is commonly, but not always uniquely, associated with specific features or functions. The AP in March was first to discover Clinton's use of a private email server and trace it to her home.

Mikko Hypponen, the chief research officer at F-Secure, a top global computer security firm, said it was unclear how Clinton's server was configured, but an out-of-the-box installation of remote desktop would have been vulnerable.

Those risks - such as giving hackers a chance to run malicious software on her machine - were 'clearly serious' and could have allowed snoops to deploy so-called 'back doors.'

The U.S. National Institute of Standards and Technology, the federal government's guiding agency on computer technology, warned in 2008 that exposed server ports were security risks.

It said remote-control programs should only be used in conjunction with encryption tunnels, such as secure VPN connections.

[Sep 10, 2015] Hillary Clinton admits private email server was a mistake

Notable quotes:
"... The woman is a hawk and a warmonger. In a sane world she would be ineligible on her voting record and likely foreign policy, not down to some technicality about her email address. ..."
"... The fact that she posted almost identical language on Facebook as she used in the Muir interview certainly suggests that the "apology" was carefully written and likely tested in focus groups. ..."
"... Read the dreadful facts (warning: lolcatz spoiler): http://www.bubblews.com/posts/hillary-email-the-horrid-facts ..."
"... An FBI investigation whilst running to be your party's presidential nominee, let alone running for president in the real thing next year, is never a good look. ..."
"... Agreed. I don't much care about this "classified or not" kerfuffle. I am much more concerned about the Nixonian scrubbing of the email server, when Clinton KNEW her work emails were subpoenaed by the House Benghazi committee. That says GUILTY in no uncertain terms. And I don't think we're ever going to receive an "apology" for those deletions. ..."
"... More than a mistake I'm afraid. At best it is a career ending error of judgment. At worst a deliberate and cynical attempt to maintain personal control of data so none of it could come back to damage her presidential campaign. Anyway, she should be finished. ..."
"... Her "We came, we saw, ..." laughter is inappropriate, especially in light of the turmoil resulting from a power vacuum which we are still witnessing today. But I don't know the context of why everyone in the room is in such a jovial mood. ..."
"... She has no ability, but for deception, no intelligence, unless someone "advises" her beforehand, but she DOES have much experience at deception, and commitment only to herself. Certainly not presidential material. She should just drop and let Bernie take the lead. Of course, her dear friend Wasserman-Shultz, would not allow that to happen. ..."
"... It becomes a matter of criminal conspiracy because Clinton did not just use a private email address. This was a conspiracy to avoid monitored email and a matter of legal public record, arranged as a conspiracy between Clinton's desire to maintain secret communications hidden from the rest of government and the person who did the work of setting up the server with knowledge of how it would be used and the network administrators who allowed it to exist in what should have been a secured network location, knowing how it would be used. So not the childish lie of "I did it but I didn't mean to", but the reality of a conspired plan to thwart record keeping, discussed and implemented with purposeful intent and with no question that it was to hide intended criminal activity. ..."
"... Obviously her "apology" was dragged out of her and is completely insincere. This is the track record of H Clinton - arrogant; power hungry; untrustworthy; unscrupulous; unprincipled; 100% insincere; can't we do any better than this? ..."
"... HRC is aiding her own demonization and I honestly think she's going to lose to whomever/whatever clown emerges from the Right Wing. ..."
"... It's not about leaving an opening for her adversaries, it's is about destroying the public record of the Secretary of State. In the US, government communications belongs to the government and to the people. ..."
"... Sanders is the better person but he will never get nominated. So it's either Hillary or some GOP nutbag. Easy vote. Not optimal, but still an easy choice. ..."
"... the private server was not an error --it was a coup of genius-- since it allowed "the candidate" to hand over only the harmless emails after erasing(?) the damning ones (e.g., those with the quid-pro-quo negotiation of UKR-neonazi donations to the clinton foundation before the 2014 UKR coup d'etat). ..."
"... Hillary has learnt a lot from the old Bill. Denial first step: Bill, I did not have sexual relation with that woman. And I need to go back to work for the American people. ..."
"... Admission second step: Bill admitted in taped grand jury testimony on August 17, 1998, that he had had an "improper physical relationship" with Lewinsky. ..."
"... Clinton consistently acts with arrogant denial when confronted with wrong-doing, and throughout her career there have been repeated situations, each marked by the same denial, arrogance. ..."
"... She believes she'll be anointed and begrudgingly goes on the stump, showing no joy in meeting regular folks and getting huffy when reporters dare ask her questions. ..."
"... The US hasn't been a democracy since day 1. Never meant to be. It was/is a carpetbagger's club. The only thing that's changed is the voters are dumber and the pizazz is crappier (to match the candidates). Why is this even discussed? ..."
"... Then again we are talking about an oligarch aiming to retake the presidential office for her wing of the national aristocracy. What else would one expect. ..."
"... I read where Carl Rove deleted 13,000 emails during the bush horror years. It pisses me off that she apologized for this non-issue because of political pressure. I'm voting for Bernie. ..."
"... Mrs. Clinton has the most unappetizing combination of qualities to be met in many days' march: she is a tyrant and a bully when she can dare to be, and an ingratiating populist when that will serve. She will sometimes appear in the guise of a 'strong woman' and sometimes in the softer garb of a winsome and vulnerable female. She is entirely un-self-critical and quite devoid of reflective capacity, and has never found that any of her numerous misfortunes or embarrassments are her own fault, because the fault invariably lies with others. And, speaking of where things lie, she can in a close contest keep up with her husband for mendacity. Like him, she is not just a liar but a lie; a phony construct of shreds and patches and hysterical, self-pitying, demagogic improvisations." (p. 123) ..."
"... Snowden on Clinton: If an ordinary worker at the State Department or the Central Intelligence Agency were sending details about the security of embassies, meetings with private government officials, foreign government officials and the statements were made over unclassified email systems, they would not only lose their jobs and lose their clearance, they would very likely face prosecution for it. (condensed quotation) ..."
Sep 08, 2015 | The Guardian

MasalBugduv -> MasalBugduv 9 Sep 2015 09:18

Killary? Ha ha. Well she is a bit of a warmonger, isn't she?

dawkinsbulldog 9 Sep 2015 08:50

The woman is a hawk and a warmonger. In a sane world she would be ineligible on her voting record and likely foreign policy, not down to some technicality about her email address.

It's like rejecting Pinochet as Chilean president because he once farted in mixed company.

TamLin -> Oldiebutgoodie 9 Sep 2015 07:43

Great post! For those who don't have time to watch the entire Jim & Hillary interview, the real fun begins just after the 24 minute mark, when Jim says of Iran, "...or they will be taken out", and Hillary responds by into an orgasm of laughter.

NottaBot steveji 9 Sep 2015 07:23

The fact that she posted almost identical language on Facebook as she used in the Muir interview certainly suggests that the "apology" was carefully written and likely tested in focus groups.

ProgRock 9 Sep 2015 07:22

Read the dreadful facts (warning: lolcatz spoiler): http://www.bubblews.com/posts/hillary-email-the-horrid-facts

callaspodeaspode 9 Sep 2015 07:16

An FBI investigation whilst running to be your party's presidential nominee, let alone running for president in the real thing next year, is never a good look.

Added to this is that if anything is calculated to motivate the movement conservative base to its highest ever turnout, it's Hillary Rodham Clinton running for president.

I'm mildly (only mildly) surprised there aren't more senior Democrats out there who can see what a liability she is.

Although I'll say this, if Bernie Sanders gets the nomination, the Republican candidate is going to end up with double the money from billionaires and corporate lobbyists, the cash normally being shared between the two candidates from the Republicrat Party.

Mind you, that will just prove Senator Sanders' point.

NottaBot -> ninjamia 9 Sep 2015 07:09

Agreed. I don't much care about this "classified or not" kerfuffle. I am much more concerned about the Nixonian scrubbing of the email server, when Clinton KNEW her work emails were subpoenaed by the House Benghazi committee. That says GUILTY in no uncertain terms. And I don't think we're ever going to receive an "apology" for those deletions.

thesweeneytodd -> Mark Forrester 9 Sep 2015 06:44

Some perspective please. Dubya caused total mayhem and catastrophe with his ill judged and utterly illegal war in Iraq. His lack of intervention in Katrina resulted in misery and death for many in New Orleans. The most unpopular US president perhaps of all time.

Hilary ran a private email server that was perhaps ill judged.

Like I say, some perspective please.

Mark Forrester 9 Sep 2015 06:38

More than a mistake I'm afraid. At best it is a career ending error of judgment. At worst a deliberate and cynical attempt to maintain personal control of data so none of it could come back to damage her presidential campaign. Anyway, she should be finished.

Oldiebutgoodie -> Oldiebutgoodie 9 Sep 2015 03:54

The interview about Diplomacy with Charlie Rose took place June 2012 - prior to the Benghazi fiasco.
https://www.youtube.com/watch?v=vpJWsryvVrc

Both James Baker and Hillary basically admit to forcing Assad out and causing 'regime change' in Syria.

Oldiebutgoodie -> makaio 9 Sep 2015 03:24

Nov. 2009
Hillary on Channel l3, NY's Charlie Rose show - Text of interview.
Subject: Iran, Afghanistan
http://iipdigital.usembassy.gov/st/english/texttrans/2009/11/20091110130524xjsnommis0.1892206.html#axzz3lDt0HNg2

Hillary & Jim Baker interviewed must see laughing about provoking war with Iran
October 2012
https://www.youtube.com/watch?v=vpJWsryvVrc

makaio -> TamLin 9 Sep 2015 01:38

Thanks for the previously unknown to me information.

Her "admission" is sarcasm, which is preceded by a quick note that she was not involved and her visit was unrelated.

Her "We came, we saw, ..." laughter is inappropriate, especially in light of the turmoil resulting from a power vacuum which we are still witnessing today. But I don't know the context of why everyone in the room is in such a jovial mood.

It's hard to get facts on the unfortunate and disastrous consequences of Gaddafi's assassination. I don't directly blame the U.S., but my sense in that our government wrongly gave it a go-ahead.

Timothy Everton -> Hin Leng 9 Sep 2015 01:32

She has no ability, but for deception, no intelligence, unless someone "advises" her beforehand, but she DOES have much experience at deception, and commitment only to herself. Certainly not presidential material. She should just drop and let Bernie take the lead. Of course, her dear friend Wasserman-Shultz, would not allow that to happen.

Rob Jenkins 9 Sep 2015 01:02

American politics is depressing again for me. All realistic candidates seem to be a retrograde step.

Clinton appears to be a moderate Republican from the 90s and has no feasible opponents whilst the GOP primary is a clown car filled with buffoons, crooks and religious zealots.

Where do you go now America?

Hin Leng 9 Sep 2015 00:58

Clearly America has caught a new cultural-political disease called "The Tall Poppy Syndrome". Cut down anyone with ability, intelligence, experience , commitment and vision. Find any excuse for doing it - email server, age, gender, hairstyles, anything whatsoever. Meanwhile give some blatantly nonsensical candidates for its presidency plenty of oxygen and headline space. Is this how an empire expire ? How a hegemon self-destruct ? It is worrying to the extreme.


vr13vr 9 Sep 2015 00:47

"I'm sorry about that. I take responsibility."

How is that taking responsibility after half a year of denial and fighting the allegations? Outside of the lingo of politicians, this doesn't even look like taking responsibility. A phrase, "I finally decided to admit the wrong doing," is much more appropriate at this point.

rtb1961 -> Asok Smith 9 Sep 2015 00:43

It becomes a matter of criminal conspiracy because Clinton did not just use a private email address. This was a conspiracy to avoid monitored email and a matter of legal public record, arranged as a conspiracy between Clinton's desire to maintain secret communications hidden from the rest of government and the person who did the work of setting up the server with knowledge of how it would be used and the network administrators who allowed it to exist in what should have been a secured network location, knowing how it would be used.

So not the childish lie of "I did it but I didn't mean to", but the reality of a conspired plan to thwart record keeping, discussed and implemented with purposeful intent and with no question that it was to hide intended criminal activity.


Merveil Meok 8 Sep 2015 23:36

Obama and Hillary Clinton were bitter rivals until the end of the primaries in 2008. When Obama suggested that Mrs. Clinton be his Secretary of State, I thought it was a trap and a dangerous proposition for Hillary's future bids to the presidency, because foreign policy was a mess after George W. Bush and anything going wrong in the world would be blamed on her. It looks like the GOP didn't need to work that hard.

p4451d 8 Sep 2015 23:08

Obviously her "apology" was dragged out of her and is completely insincere. This is the track record of H Clinton - arrogant; power hungry; untrustworthy; unscrupulous; unprincipled; 100% insincere; can't we do any better than this?

whereistheend 8 Sep 2015 23:00

I'd never vote for a Republican, but if she didn't have Bill Clinton's last name, she'd be out of the picture, and maybe Elizabeth Warren, or Bill Bradley, or Howard Dean (or Bernie) would have the nomination- any of those names could beat any Republican, but HRC is aiding her own demonization and I honestly think she's going to lose to whomever/whatever clown emerges from the Right Wing. Yes, I think she's going to lose to a clown, and that's depressing, and it's because she has no charm to handle her mistakes, and no judgment to avoid some of them (the 'wiping' comment was sickeningly stupid), and she's sucking up all the coverage so no one else is getting the air they need; most of the discussion is over this BS instead of actual issues and that's not all on Fox News.

Elias Vlanton -> seehowtheyrun 8 Sep 2015 22:47

It's not about leaving an opening for her adversaries, it's is about destroying the public record of the Secretary of State. In the US, government communications belongs to the government and to the people. This is not about what is illegal or not, it is about whether officials can be held accountable for their actions. By destroying the public record, Hillary Clinton wanted to avoid that accountability. That's the real travesty.

Kevin Reuter -> LostLake 8 Sep 2015 22:39

The corporate-run media would like us all to believe that Bernie doesn't stand a chance. Since he has such strong policy suggestions and is demanding such attention, the only possible way to stop him is to flood people's minds with rhetoric such as "he can't win!"

Hillary herself has now been championing policy ideas that Bernie started, such as repealing Citizens United, and $15 minimum wage!

LostLake 8 Sep 2015 21:55

Sanders is the better person but he will never get nominated. So it's either Hillary or some GOP nutbag. Easy vote. Not optimal, but still an easy choice.

sashasmirnoff -> erpiu 8 Sep 2015 21:09

As the "Guardian view" is unfailingly wrong on anything it opines on (proven track record), and it's fully endorsing this scum's candidacy, I can only conclude that she merits life in prison at the least, as opposed to high office. That no media organ is questioning her claim of the deleted emails as being purely "personal" speaks volumes as to the sorry state of journalism in this era, as you point out.
Great post!


erpiu 8 Sep 2015 20:28

the private server was not an error --it was a coup of genius-- since it allowed "the candidate" to hand over only the harmless emails after erasing(?) the damning ones (e.g., those with the quid-pro-quo negotiation of UKR-neonazi donations to the clinton foundation before the 2014 UKR coup d'etat).

yes, those erased emails that, let's see... the guardian never mentions, preferring to direct the suckers' attention to the leftover emails selected by billary for regular release. Great diversion job, guardian!

the NSA has hillary's erased emails! When is the MSM going to request that the NSA gives its copies of the erased h.clinton emails to the feds for official archiving and future declassification?


Confucion 8 Sep 2015 20:06

In an interview with ABC News's David Muir which aired on Tuesday, the former secretary of state said: "That was a mistake. I'm sorry about that. I take responsibility."

Hillary has learnt a lot from the old Bill. Denial first step: Bill, I did not have sexual relation with that woman. And I need to go back to work for the American people.

Admission second step: Bill admitted in taped grand jury testimony on August 17, 1998, that he had had an "improper physical relationship" with Lewinsky.

Hilary is the best Bill's disciple in his trickery, lies and contempt of people from whom they are seeking employment and benefit.


FugitiveColors kenalexruss 8 Sep 2015 19:56

That's wishful thinking. The Judge ordered a release of more emails every 30 days until they are all released. It won't be over in 3 months much less 3 weeks. They say til February. There are 55,000 emails and those are just ones she didn't delete. She deleted 35,000 emails that will dog her forever.

When she finally gives up the ghost, I hope you will consider voting for the honest, scandal free candidate.
Bernie Sanders.

EarthyByNature -> Davinci Woohoo 8 Sep 2015 19:54

It's about trust, stupid.
Not being able to trust the potential President of the United States is a huge issue, for everyone on the planet.

1) Clinton consistently acts with arrogant denial when confronted with wrong-doing, and throughout her career there have been repeated situations, each marked by the same denial, arrogance.

2) Everyone's entitled to make mistakes in life and to beg forgiveness. When it happens repeatedly trust evaporates. I am no longer able to trust Hillary Clinton, no more no less that any other behaving the same way, Dem or Republican.

allymaxy -> danceoutlook 8 Sep 2015 19:47

Re: the Secretary of State position: Hillary didn't have to campaign for the job, she was appointed. Her problem is she's making the same mistakes running for CinC that she made in 2008.

She believes she'll be anointed and begrudgingly goes on the stump, showing no joy in meeting regular folks and getting huffy when reporters dare ask her questions.

Remember the recent rope line where she corralled the press in a noose of ropes to keep them away from her?

She is a poor candidate - always was and she hasn't learned anything from losing. She repeats the same mistakes and only changes her policies when focus groups chime in.

If Elizabeth Warren declared tomorrow, Hillary would be long forgotten and not missed.


Joe Stanil -> JoeBursudge 8 Sep 2015 19:47

The US hasn't been a democracy since day 1. Never meant to be. It was/is a carpetbagger's club. The only thing that's changed is the voters are dumber and the pizazz is crappier (to match the candidates). Why is this even discussed?

Ziontrain 8 Sep 2015 19:24

"Full responsibility" would actually mean admitting that she lacks the integrity to be president and withdrawing her candidacy.

But we live in an era where there is no shame, so "full responsibility" is not more like "yeah, I did it. So what? Nothing changes".

Then again we are talking about an oligarch aiming to retake the presidential office for her wing of the national aristocracy. What else would one expect.

JoeBursudge -> NeverLie 8 Sep 2015 19:22

A carpetbagger in a dress. Tony Blair and the Clintons - just goes to show it isn't country specific.

Though he didn't know them, these are the people Kim Beazley Snr was talking about when he said [the Left] went from being represented by the cream of the working-class to being led by the dregs of the middle-class.

Let's face it: the mere fact that Trump and Clinton are being discussed as a possible President is all the proof you need that America's democracy is stuck with a broken model. It's doubtful that the average Yank is up to fixing it.

Not that we can talk, of course, our system is looking sicker by the day. That a fool like Abbott can commit our troops to war without Parliamentary discussion is a pretty clear signal that our 19th century democratic architecture, too, is in need of renovation, if not a complete re-build.

jozzero -> gwpriester 8 Sep 2015 19:20

I read where Carl Rove deleted 13,000 emails during the bush horror years. It pisses me off that she apologized for this non-issue because of political pressure. I'm voting for Bernie.

OneTop 8 Sep 2015 18:42

Christoper Hitchens summed up HRC as well as anyone.

Mrs. Clinton has the most unappetizing combination of qualities to be met in many days' march: she is a tyrant and a bully when she can dare to be, and an ingratiating populist when that will serve. She will sometimes appear in the guise of a 'strong woman' and sometimes in the softer garb of a winsome and vulnerable female. She is entirely un-self-critical and quite devoid of reflective capacity, and has never found that any of her numerous misfortunes or embarrassments are her own fault, because the fault invariably lies with others. And, speaking of where things lie, she can in a close contest keep up with her husband for mendacity. Like him, she is not just a liar but a lie; a phony construct of shreds and patches and hysterical, self-pitying, demagogic improvisations." (p. 123)


Berkeley2013 williamdonovan 8 Sep 2015 18:35

Thank you; there are many more but this is a good start.

As the story unravels, many of there earlier HC rationalizations will require scrutiny--things that seemed innocuous to the average person will require intense scrutiny.

"I deleted e-mails that were personal."

This sounds anodyne enough on first read. Who wants to read billet doux between B and H?

Once people realize that she had no right to mix personal and professional and it certainly wasn't up to any one person what to delete, then even bigger troubles will start for the former SOS.

Sooner or later some of the deleted e-mails will begin to circulate.

At that point...


David Egan 8 Sep 2015 18:15

What gets me about this whole issue is the fact that she is still maintaining that "she did what was allowed" which is a bold faced lie!!! All she is doing right now is continuing to "circle her wagons" around this issue.... I'll bet right now she is trying to figure out how to bribe Pagliano to take the fall for her, stating that she knew nothing about what he did to maintain her ILLEGAL email account. They both knew it was ILLEGAL!!! Clinton and Pagliano should be brought up on charges, the sooner the better!!

Her utter contempt for the investigation makes me laugh, she really thinks she did nothing wrong, and to say something as totally ignorant like "It was allowed by the State Dept. and the State Department CONFIRMED that" is beyond belief and borderlines the definition of psychosis. The State Department is actively investigating Shrillary and her accomplice Bryan Pagliano. I'll bet Pagliano goes to prison.....Any takers?


CNNEvadingTheTopic 8 Sep 2015 18:11

Stand With Bernie, compare, follow, spread the word, donate, help in campaign.
https://berniesanders.com/ (Meet Bernie, Learn Issues/Events, Volunteer, Donate…)
https://www.facebook.com/berniesanders
https://twitter.com/berniesanders (#FeelTheBern)
https://www.reddit.com/r/SandersForPresident (Become Part Of A Bernie Community)
https://www.reddit.com/r/CodersForSanders (Help Create Bernie Websites & Apps)
http://voteforbernie.org/ (How To Vote In Primaries For Bernie By State, Learn Deadlines)
http://feelthebern.org/ (Bernie On The Issues)
Bernie2016tv = https://www.youtube.com/channel/UC_yPTb_MIzNt725QKVW_y9A
http://www.bernie2016.tv / (Discuss Bernie & View Campaing Rallies)

Bernie 2016, Feel The Bern!

zyxzyxzyx 8 Sep 2015 18:05

Snowden on Clinton:

If an ordinary worker at the State Department or the Central Intelligence Agency were sending details about the security of embassies, meetings with private government officials, foreign government officials and the statements were made over unclassified email systems, they would not only lose their jobs and lose their clearance, they would very likely face prosecution for it. (condensed quotation)

Clinton on Snowden:

I think turning over a lot of that material-intentionally or unintentionally, because of the way it can be drained-gave all kinds of information, not only to big countries, but to networks and terrorist groups and the like.

macktan894 8 Sep 2015 17:54

Poor Hillary. If she had just said this in the beginning instead of all the bs about how what she did wasn't a prosecutable offense and then tried to defend her behavior by comparing herself to the Republicans, she might have nipped much of this in the bud. Instead, she stonewalls for months, re-enacts her husband's insistence that "he didn't have sex with that woman, Ms Lewinsky," and arrogantly believes that voters will accept that all this is a vast right wing conspiracy that no one gives a hoot about.

Now she admits sorrow over her choice after practically being beat down about it. The main point is that people don't want to re-elect the same o same o. I for one am not looking forward to ranting on a forum about what happened to this promise, to that one. Oh, right. The Republicans. I don't want to hear another Dem try to persuade me that cutting measly social security and Medicare benefits are the way to save the system while at the same time the budget for defense, foreign aid, and mass govt surveillance go up so much that much of it is redacted.

I've heard too much of this before and have no interest in hearing it again. Vote for Bernie Sanders who believes open and transparent govt is worth a little inconvenience.

williamdonovan 8 Sep 2015 17:41

Great now tell it to the Judge. Because as I have stated from the very start these acts were and are Illegal. And Hillary Clinton new it at time she the secret server set up or should have known it.

Title 18, U.S. Code Section 641 - Public Money, Property or Records
793 - Gathering, Transmitting or Losing Defense Information
794 - Gathering of Delivering Defense Information to Aid Foreign Govt.
798 - Disclosure of Classified Information
952 - Diplomatic Codes and Correspondence
1905 - Disclosure of Confidential Information
2071 - Concealment, Removal, or Mutilation of Records

Title 50, U.S. Code
Section 783 (b) - Communication of Classified Information by Government Officer or Employee 783(d) - Penalties for Violation

Title 42, U.S. Code
Section 2272 -Violation of Specific Sections
2273 - Violation of General Sections
2274 - Communication of Restricted Data 2275 - Receipt of Restricted Data
2276 - Tampering With Restricted Data 2277 - Disclosure of Restricted Data

[Aug 19, 2015] Platte river networks: Clinton e-mail server was never in Denver

Notable quotes:
"... "There never was, at any time, data belonging to the Clintons stored in Denver. Ever," said Dovetail Solutions CEO Andy Boian, who added that Clinton's server was always in a New Jersey data center. "We do not store data in any bathrooms." ..."
"... "We were literally hired in June 2013," Boian said, "and because we use industry best practices, we had (Clinton's) server moved to a data center in New Jersey. It remained in that spot until last week," when the FBI picked it up Aug. 12. ..."
"... "The role of Platte River Networks was to upgrade, secure and manage the e-mail server for both the Clintons and their staff beginning June 2013. Platte River Networks is not under investigation. We were never under investigation. And we will fully comply with the FBI," he said. ..."
"... Platte River Networks opened in September 2002, offering information technology services to small businesses. Services included computer maintenance, virus and malware control, and emergency technical support, according to an archive of its old website. ..."
"... Two years later, the company moved into a condo owned by company co-founder Treve Suazo at Ajax Lofts, 2955 Inca St., a few blocks from the South Platte River. ..."
"... A year later, the company began offering cloud-based services, which makes company data available online so employees can access software and services from any device. ..."
"... Platte River continues to win awards and has grown. Last week, it was named, for the fourth consecutive year, to CRN's Next-Gen 250 . The list highlights companies that are " ahead of the curve " in their IT offerings. ..."
Aug 19, 2015 | denverpost.com

And when Platte River became the latest name to emerge in the Clinton e-mail controversy, the company maintained its silence - until last week, when it hired a crisis-communications expert to defend against political innuendo, death threats and allegations that it stored her e-mail in the bathroom of a downtown Denver loft.

"There never was, at any time, data belonging to the Clintons stored in Denver. Ever," said Dovetail Solutions CEO Andy Boian, who added that Clinton's server was always in a New Jersey data center. "We do not store data in any bathrooms."

Platte River Networks had no prior relationship with Hillary Clinton, said Boian, whose online biography says he served on Bill Clinton's 1992 presidential transition team.

Hillary Clinton's decision to have an employee set up a private e-mail server in her New York home in 2008 has plagued the former secretary of state's presidential campaign.

The FBI is investigating whether any of her private e-mails contained sensitive information and should have been classified - and not stored on a computer inside her house.

Private e-mail servers are unusual because they carry greater risks of getting hacked, said Scott W. Burt, president and CEO of Integro, a Denver e-mail management company.

"There are a lot of people you could hire, and they would set up (an e-mail server) and run it. That's not hard. But there's no real reason to do that," Burt said. "The main motivator is you're nervous about what is in your e-mail. It's a control thing."

Boian said Platte River had nothing to do with Clinton's private home server.

Platte River, which submitted a bid for the e-mail job, stepped in four months after Clinton left the secretary job on Feb. 1, 2013, and three months after Sidney Blumenthal, a former Clinton White House staffer, reported that his e-mail account had been hacked, exposing messages sent to Clinton.

"We were literally hired in June 2013," Boian said, "and because we use industry best practices, we had (Clinton's) server moved to a data center in New Jersey. It remained in that spot until last week," when the FBI picked it up Aug. 12.

Platte River also is not in possession of any Clinton e-mail backups, he said.

"The role of Platte River Networks was to upgrade, secure and manage the e-mail server for both the Clintons and their staff beginning June 2013. Platte River Networks is not under investigation. We were never under investigation. And we will fully comply with the FBI," he said.

Clinton did not respond to requests for comment, but she has publicly expressed regrets for using a private e-mail server for her work as secretary of state. She has handed a portion of the e-mails to the State Department but deleted others. Asked about it this week by reporters in Las Vegas, Clinton responded, "Nobody talks to me about it other than you guys," she said.

Who are they?

Platte River Networks opened in September 2002, offering information technology services to small businesses. Services included computer maintenance, virus and malware control, and emergency technical support, according to an archive of its old website.

Two years later, the company moved into a condo owned by company co-founder Treve Suazo at Ajax Lofts, 2955 Inca St., a few blocks from the South Platte River.

A year later, the company began offering cloud-based services, which makes company data available online so employees can access software and services from any device.

Today, Platte touts itself as a full-service IT management firm.

It also lists Suazo, its CEO, and Brent Allshouse, its chief financial officer, as co-founders. According to industry publication CRN, Platte River expected to grow to $6 million in sales in 2014, from $4.7 million a year earlier.

But as early as 2006, Tom Welch was listed as a partner, the same title given to Suazo and Allshouse.

Welch, who now runs Colorado Cloud Consulting, declined to comment. But he told the United Kingdom's Daily Mail that Platte River Networks had retrofitted a bathroom in the loft to be the server room.

Fast growth

Before the Clinton scandal blew up, Platte River Networks welcomed attention. David DeCamillis joined the company in 2008 and, as its director of business development, became its public face, using news releases to promote industry awards and appearing on Fox31 Denver's "Good Day Colorado" as a tech expert.

In 2012, Platte River was named Ingram Micro's Rainmaker of the Western Region, an honor that California technology distributor gives its fastest-growing business partners based on revenue, peer-to-peer leadership and use of Ingram Micro's cloud services.

That same year, the company won the Denver Metro Chamber of Commerce's Small Business of the Year award. The award is vetted by the chamber and independent judges, said Abram Sloss, executive director of the chamber's small-business development center.

"We really look for companies that have a good chance for a strong uptick and have solid growth," Sloss said. While the chamber can offer advice to members who suddenly are thrown into the media spotlight - for good or bad - Sloss said he has not heard from the company.

"Gosh, if I was the company who the Clintons hired, it'd be hard not to say, 'We are a trusted provider that one of the influential families in the United States hired,' " Sloss said.

Platte River continues to win awards and has grown. Last week, it was named, for the fourth consecutive year, to CRN's Next-Gen 250 . The list highlights companies that are " ahead of the curve" in their IT offerings.

In June, it moved to a 12,000-square-foot building at 5700 Washington St. A photo on Platte River's blog shows 30 people posing in the new building.

Platte River did not make DeCamillis, now its vice president of sales and marketing, available for comment.

But DeCamillis told The Washington Post that no one at the company had expected this kind of attention, which he said included death threats that caused the company to pull employee information from its website.

If they had, he said, "we would never have taken it on."

Platte River Networks timeline

[Aug 18, 2015] Mom and pop shop Clintons private emails housed on server in a bathroom closet - report

It is not true that server was ever was located in "Bathroom closet". But the nickname stick...
Notable quotes:
"... At the time I worked for them they wouldn't have been equipped to work for Hilary Clinton because I don't think they had the resources, they were based out of a loft, so [it was] not very high security, we didn't even have an alarm," ..."
"... "I don't know how they run their operation now, but we literally had our server racks in the bathroom. I mean knowing how small Platte River Networks... I don't see how that would be secure [enough for Clinton]." ..."
"... Last week, Intelligence Community Inspector General Charles McCullough III told Congress that at least five emails from Clinton's private server contained classified information. ..."
"... "top secret," ..."
"... "I'm not sure how that all happened, all I know he was saying he had the opportunity to make quite a bit of money doing it," ..."
"... "Our internal network was extremely secure. At the time Inca St was a relatively obscure location, second floor office. The technology we had in place was pretty good. The security we had in place at the office was really good to protect our well-being." ..."
"... "what changed after I left the company I have no idea, I really could not comment on that. I don't know." ..."
"... "subject to a criminal investigation for the potential release of classified material." ..."
Aug 18, 2015 | RT America

A small IT management firm employed by presidential candidate Hillary Clinton kept its servers containing her private emails in a bathroom closet of its loft-apartment office, according to a new report, in another absurd twist to the Democrat's 2016 run.

TagsElection, Hillary Clinton, Politics

Platte River Networks, based in Denver, Colorado, was hired in mid-2013 by then-US Secretary of State Hillary Clinton to maintain her old email server, according to the company's lawyer.

Until this summer, Platte River Networks' office was a loft apartment in downtown Denver, and the servers were stored in a bathroom closet, former employees told the Daily Mail.

The company recently told ABC News it is "highly likely" a full backup copy of the server was made, meaning emails deleted by Clinton could still exist.

Clinton handed the servers to federal investigators last week. Experts believe more than 60,000 emails deleted by Clinton could be recoverable.

Clinton, presumed the frontrunner for the Democratic presidential nomination in 2016, tasked Platte River Networks with protecting her personal email account long before any scrutiny surfaced over Clinton's handling of classified information on private servers.

One former employee described Platte River Networks as a "mom and pop shop" that seemed unlikely to be a go-to cybersecurity firm for a top government official to house state secrets. Few employees knew that Clinton was a client, the Daily Mail reported.

"At the time I worked for them they wouldn't have been equipped to work for Hilary Clinton because I don't think they had the resources, they were based out of a loft, so [it was] not very high security, we didn't even have an alarm," said Tera Dadiotis, a customer relations consultant between 2007 and 2010.

"I don't know how they run their operation now, but we literally had our server racks in the bathroom. I mean knowing how small Platte River Networks... I don't see how that would be secure [enough for Clinton]."

Platte River Networks moved into a larger workspace earlier this year.

Last week, Intelligence Community Inspector General Charles McCullough III told Congress that at least five emails from Clinton's private server contained classified information. The messages, dating from 2006 and 2008, contained signal intercepts and surveillance photos from Keyhole satellites operated by the CIA and the Pentagon. Two of the emails were labeled "top secret," according to Senate Judiciary Committee chair Chuck Grassley.

Clinton has said nothing in the content of the emails was classified at the time that she received them. According to court documents more than 300 emails have been flagged for "further inspection."

How did Platte River Networks, a small but reputable IT management company in Denver, receive such a prized contract? Ex-employees said David DeCamillis, the company's vice-president of sales and marketing, was active in Democratic Party circles and may have pursued her business.

Platte River co-founder Tom Welch said DeCamillis hoped to rent his home to vice president candidate Joe Biden during the 2008 Democratic Convention in Denver, according to Daily Mail. But Biden didn't take the deal, said Welch, who sold his third of the company in 2010.

"I'm not sure how that all happened, all I know he was saying he had the opportunity to make quite a bit of money doing it," Welch said.

Since Clinton's server did not encrypt emails, critics have also raised concerns over the possibility that hackers may have obtained classified information from her official correspondence. The Clinton campaign maintains there had been no breaches in security.

Welch said the company's servers were secure when he was involved.

"Our internal network was extremely secure. At the time Inca St was a relatively obscure location, second floor office. The technology we had in place was pretty good. The security we had in place at the office was really good to protect our well-being."

He added that "what changed after I left the company I have no idea, I really could not comment on that. I don't know."

New polls coming out of New Hampshire and other early primary states suggest Clinton would lose not just to her primary rival for the party nomination, Vermont Senator Bernie Sanders, but also to some Republican contenders. Her favorability and trustworthiness ratings continue to be low.

A poll by Monmouth University, released before the server handover, showed that 52 percent of respondents thought the emails should be "subject to a criminal investigation for the potential release of classified material."

READ MORE: Headache for Hillary as classified emails draw FBI probe

[Aug 16, 2015] Liar, Liar, Pantsuit On Fire

Notable quotes:
"... And we are expected to believe that there were no data backups? So if in the (Not too uncommon) event that she had a hard drive fail, the US Secretary of State would have been totally unable to function? ..."
"... The fact that she chose not to do so strongly suggests that she made the choice knowing in advance that she was always going to delate anything she wanted. ..."
"... Civil Forfeiture is the thing the Clintons fear the most. Hillary could do a Martha Stewart on her head just as long as she knew ther'd be a couple hundred mil waiting for her when she got out. Bill is a trinket. ..."
"... The archivist for state makes that decision. A half a dozen statutes she ignored and trust me she knew better. Using private email she was supposed to either forward it to her govt account (she didn't have) or print out a hard copy and present to archivist within 20 days. The other gem when she put out the memo not to use personal emails to everyone in state, while she was using personal emails....a goodie. ..."
"... You obviously didn't live through Bills Presidency.... Clintons THRIVE on scandal... they overload the publics senses with so much scandal people start to believe none of it is true. ..."
"... I wonder if she doesn't actually escape this. The intelligence community takes security very seriously, and her crimes are both serious and numerous. Her breaches were so reckless and incompetent (both the deliberate and unintentional ones) that the odds that all of her emails have been compromised by at least Russia and China (and who knows who else) are just under 100%. The IC knows this already. So while laws are normally for the little people I have a hard time believing the IC will look the other way when, were she to win the office, it's a near certainty she's going to get blackmailed, and blackmailed effectively. ..."
Zero Hedge

TeamDepends

... won't care because truth is subordinate to the cause.

philipat

And we are expected to believe that there were no data backups? So if in the (Not too uncommon) event that she had a hard drive fail, the US Secretary of State would have been totally unable to function?

Yeah, sure....And also, having decided to operate as she did, then ALL of the data on that server belongs to the Government and it is for the Government, not Hilary, to decide what is personal and can be returned to her.

Many of us in business use two email accounts, one for business and one (Generally in the cloud) for personal mails so not backed-up with Company data.

The fact that she chose not to do so strongly suggests that she made the choice knowing in advance that she was always going to delate anything she wanted.

I also wonder which data is potentially the most embarassing for Hills, is it the details of the CIA operation in Benghazi or her correspondence with Huma?

TruxtonSpangler

Believe me yet that shes throwing the election, giving her superpac money to Fauxcahontas in exchange for not being investigated when Warren is Pres?

philipat

Now that WOULD be ironic because most of that money came from Wall St and the same Banks that Pocahontas would (Hopefully) go after......

TheReplacement

You don't know that Fauxbaby made her money representing those Wall Streeters in court? All this drama is just entertainment for the masses. It means nothing. No matter who wins, the bankers will still be in control.

Wake up. Ain't nobody gonna go after anybody unless it is us.

TruxtonSpangler

Fauxcahontas wont go after wallstreet, that's all populist rhetoric. Same shit, different politician. This time is different!

macholatte

Civil Forfeiture is the thing the Clintons fear the most. Hillary could do a Martha Stewart on her head just as long as she knew ther'd be a couple hundred mil waiting for her when she got out. Bill is a trinket.

Is that the smell of another Presidential Pardon?

Obama and the Clintons: Top Dems mingle on Martha's Vineyard

http://hosted.ap.org/dynamic/stories/U/US_DEM_2016_CLINTON_OBAMA?SITE=AP...

PlayMoney

with a couple of decades with the feds you are correct she cannot determine what to delete.

The archivist for state makes that decision. A half a dozen statutes she ignored and trust me she knew better. Using private email she was supposed to either forward it to her govt account (she didn't have) or print out a hard copy and present to archivist within 20 days. The other gem when she put out the memo not to use personal emails to everyone in state, while she was using personal emails....a goodie.

JustObserving

The NSA has something on everyone on this planet. Bernie is doomed for his position on Snowden:

Vermont Sen. Bernie Sanders said Edward Snowden was defending Americans' freedoms when he leaked classified information about the National Security Agency's intelligence gathering.

http://www.usatoday.com/story/news/nation/2014/01/06/snowden-clemency-sa...

FireBrander

You obviously didn't live through Bills Presidency.... Clintons THRIVE on scandal... they overload the publics senses with so much scandal people start to believe none of it is true.

Funny.... twice I typed "Clintons" and then 'sc' and the autocomplete suggested 'scandal' :)

ebworthen

"I did not have sex with that Woman."

you enjoy myself

I wonder if she doesn't actually escape this. The intelligence community takes security very seriously, and her crimes are both serious and numerous. Her breaches were so reckless and incompetent (both the deliberate and unintentional ones) that the odds that all of her emails have been compromised by at least Russia and China (and who knows who else) are just under 100%. The IC knows this already. So while laws are normally for the little people I have a hard time believing the IC will look the other way when, were she to win the office, it's a near certainty she's going to get blackmailed, and blackmailed effectively.

Plus, how is the IC going to maintain info security discipline when everyone sees that someone basically crapped all over every law/policy related to classified material, but got off because of who she is. That's not going to go over well even someone as revered as Gen Petraeus gets prosecuted for a fraction of what Hillary did.

[Aug 09, 2015] Hillary Clinton State Department Emails, Mexico Energy Reform, and the Revolving Door

Notable quotes:
"... By Steve Horn, a Madison, WI-based Research Fellow for DeSmogBlog and a freelance investigative journalist. He previously was a reporter and researcher at the Center for Media and Democracy. Originally published at DeSmogBlog . ..."
"... Originally stored on a private server , with Clinton and her closest advisors using the server and private accounts, the emails confirm Clinton's State Department helped to break state-owned company Pemex 's (Petroleos Mexicanos) oil and gas industry monopoly in Mexico, opening up the country to international oil and gas companies. And two of the Coordinators helping to make it happen, both of whom worked for Clinton, now work in the private sector and stand to gain financially from the energy reforms they helped create. ..."
"... The appearance of the emails also offers a chance to tell the deeper story of the role the Clinton-led State Department and other powerful actors played in opening up Mexico for international business in the oil and gas sphere. That story begins with a trio. ..."
"... David Goldwyn , who was the first International Energy Coordinator named by Secretary of State Hillary Clinton in 2009, sits at the center of the story. As revealed by DeSmog, the State Department redacted the entire job description document for the Coordinator role. ..."
"... The emails show that, on at least one instance, Goldwyn also used his private " dgoldwyn@goldwyn.org " (Goldwyn Global Strategies) email address for State Department business. ..."
"... It remains unclear if he used his private or State Department email address on other instances, as only his name appears on the other emails. But Cheryl Mills, a top aide to Secretary Clinton at the time, initiated the email that he responded to on his private account. ..."
naked capitalism
By Steve Horn, a Madison, WI-based Research Fellow for DeSmogBlog and a freelance investigative journalist. He previously was a reporter and researcher at the Center for Media and Democracy. Originally published at DeSmogBlog.

Emails released on July 31 by the U.S. State Department reveal more about the origins of energy reform efforts in Mexico. The State Department released them as part of the once-a-month rolling release schedule for emails generated by former U.S. Secretary of State Hillary Clinton, now a Democratic presidential candidate.

Originally stored on a private server, with Clinton and her closest advisors using the server and private accounts, the emails confirm Clinton's State Department helped to break state-owned company Pemex's (Petroleos Mexicanos) oil and gas industry monopoly in Mexico, opening up the country to international oil and gas companies. And two of the Coordinators helping to make it happen, both of whom worked for Clinton, now work in the private sector and stand to gain financially from the energy reforms they helped create.

The appearance of the emails also offers a chance to tell the deeper story of the role the Clinton-led State Department and other powerful actors played in opening up Mexico for international business in the oil and gas sphere. That story begins with a trio.

The Trio

David Goldwyn, who was the first International Energy Coordinator named by Secretary of State Hillary Clinton in 2009, sits at the center of the story. As revealed by DeSmog, the State Department redacted the entire job description document for the Coordinator role.

Goldwyn now runs an oil and gas industry consulting firm called Goldwyn Global Strategies, works of counsel as an industry attorney at the law firm Sutherland Asbill & Brennan, and works as a fellow at the industryfunded think tanks Atlantic Council and Brookings Institution.

The emails show that, on at least one instance, Goldwyn also used his private "dgoldwyn@goldwyn.org " (Goldwyn Global Strategies) email address for State Department business.

It remains unclear if he used his private or State Department email address on other instances, as only his name appears on the other emails. But Cheryl Mills, a top aide to Secretary Clinton at the time, initiated the email that he responded to on his private account.

[Jul 27, 2015] Clinton Favorability Plunges, Sanders Surges Amid Classified Emails Scandal

www.zerohedge.com

Zero Hedge

Despite all her proclamations of new fairness doctrines, false promises of her truthfulness, and exclamations of 'everyday Americanism' Hillary Rodham Clinton is seeing her favorability ratings collapse. As populist as she dares to be, in the face of her donating captors, it appears the everyday American just isn't buying it as Gallup reports just 43% Americans view her favorably (down from 66% just a few years ago) while none other than Bernie Sanders is bounding up the popularity ladder, rising from 12% to 24% favorability in recent weeks.

Via Gallup,

Vermont Sen. Bernie Sanders' favorable rating among Americans has doubled since Gallup's initial reading in March, rising to 24% from 12% as he has become better known. Hillary Clinton's rating has slipped to 43% from 48% in April. At the same time, Clinton's unfavorable rating increased to 46%, tilting her image negative and producing her worst net favorable score since December 2007.

JustObserving

just 43% Americans view her favorably

Isn't that 44% too many?

Obama is always the most admired man in this world in Gallup polls

We will never run out of idiots in the land of the free.

Psychopath Hillary sees great humor in Gaddafi's gruesome death: We came, we saw, he died
https://www.youtube.com/watch?v=Fgcd1ghag5Y

ebworthen

Time for another "dark horse" (pun intended) DEM candidate to steal Hillary's thunder.

Younger, female, and with hints of pan-sexuality...Susan Rice?

Ralph Spoilsport

This guy at the NY Post thinks she's toast. He thinks Valerie Jarret was the leak about the emails and that the White House let her do it.

http://nypost.com/2015/07/26/hillary-has-a-dangerous-enemy-in-the-obama-...

Berspankme

I am sure the leaks come from the white house too. They own the MSM and nothing gets printed without white house okay. They don't want hilary and they are determined to deep six the bitch

LetThemEatRand

"Sanders is still an unknown to a majority of Americans, with just 44% able to rate him compared with Clinton's 89%."

I wonder why. Even ZH barely covers him. I've seen probably 10 Trump stories in the last week here, several Clinton stories, and zero (hedge) Sanders stories until now.

theTribster

Yep, exactly what I've been thinking. Would be nice to see a little love in Bernie's drection, a man with integrity (and lots of it) and some good ideas - but mostly a guy that listens to and works for us.

LetThemEatRand

My interest in Bernie is the same as Trump. They are both spoilers, and they say some truth in the process (Trump very obviously ignores the Fed and is a NeoCon, and Bernie has the problem of thinking taxation is the answer to everything). I'd like to see the MSM and certainly alternative media like ZH give both good coverage so people can hear what they are saying. Maybe someone worth electing would emerge if the vote for the banker candidates were truly split among both Teams.

CHC

I would absolutely LOVE to see Hillary just totally crash and burn! I'd be delighted if she's actually charged with violating a federal law - that would be so damn awesome. That would definitely do something to restore a little faith in our judicial system, but I'm definitely not holding my breath on that. CRASH AND BURN YOU TELETUBBY!

LetThemEatRand

Assume for a moment that Trump is the Ross Perot of the Red Team candidate this election (think George Bush against Bill Clinton). Sanders could play the same role for Hillary or other Blue Team candidate, splitting the Blues. MSM including Fox and other supposedly conservative media can't get enough of Trump (same for ZH for that matter). Not so much for Bernie. What does that tell you about who "they" want to win.

Baby Eating Dingo22

Funny how Sanders gest bashed here

He represents everything that most here clamor for


1.He is not a sell-out to party or lobbyists
2.He has been honest and consistent about his position his entire career
3.He will out the Fed
4.He will out the banksters
5.He will FINALLY aim the printers where they should have ben aimed 10 years ago. Directly at Americans and not to Wall Street

The ones that don't support him seem to think that someone should come in and stop the printing and we'll be on way to recovery. That's wrong. We're broke 20 times over. The debt's NEVER being paid back.

Let Bernie print until the reset. At least the banksters and Fed will be cut down to size and the 99% can prosper in the meantime

theTribster

Agrred. There is a lot more to this country's problems then our financial system, military - healthcare - good jobs - judicial - corruption everywhere, etc. There is no reason he can't win - it isn't all about money, he needs enough to communicate nationally which he has and more is coming. An amazing fact, there is a national Bernie meeting on the 29th, I looked at how many places around my zip (outside Philly within 50 miles) where the meeting was being held - 192! That's incredible. I then looked at our other locations (Wildwood Crest, Key Colony Beach) and both had 96 and 52 respectively. That is amazing, there is a lot more to Bernie then we know - the polls are corrupt (no surprise) as is the media - Lies and omissions...

Berspankme

Bernie and Trump tapping into pissed off americans

Nutflush60

George Will once called George Wallace's 68 campaign a warnings signal for Deomcrats. Both parties are now warnedt there are lot of angry people out there.

She has the money and organization, but I think the phoniness of Hillary will be so evident to her borderline supporters as time goes on,

Would love to see Kasich pick up mometum for the Repubs.

Bazza McKenzie

Jarrett is busy doing that. The Obama crime family is in the process of obliterating the older Clinton crime family. Then they'll pop up Joe as the Obama family's candidate.

Clinton can either sulk off with her corrupt millions or get charged. That's the path they're taking her down. And that's why the MSM is running stories critical of Clinton. They would be too afraid to do so if they thought there was any chance of her getting the nomination and being elected.

holdbuysell

To dog pile on the rabbit:

Hillary Clinton Exposed:

https://www.youtube.com/watch?v=1mYW5nmS9ps&feature=youtu.be

PlayMoney

This is why we need her http://sweetness-light.com/archive/barbara-olson-on-hillarys-cattle-futures

[Jul 24, 2015] Justice Dept. Is Asked to Investigate Clinton Email

Jul 24, 2015 | nytimes.com

Two inspectors general asked the Justice Department to investigate whether Hillary Clinton mishandled sensitive information on a private account, senior officials said.

[Jul 24, 2015] Hillary Legal Troubles

Notable quotes:
"... "It is not clear if any of the information in the emails was marked as classified by the State Department when Mrs. Clinton sent or received them." But since Clinton privatized her server, it's a fair point that the potential is there. ..."
www.nytimes.com

"Criminal Inquiry Is Sought in Clinton Email Account" [New York Times].

National security stuff, of course, not privatization or corruption.

"It is not clear if any of the information in the emails was marked as classified by the State Department when Mrs. Clinton sent or received them." But since Clinton privatized her server, it's a fair point that the potential is there.

[Jul 10, 2015] Hillary Clinton emails reveal Cherie Blair acted as go-between for leading Qatari and the-then US Secretary of State

Notable quotes:
"... When Mrs Clinton finally agreed to meet with Middle East royal, who Mrs Blair referred to as "My friend from Q", she replied to the green light, stating: "Great… when I see what a difference you are making it reminds me why politics is too important to be left to bad people ..."
Jul 10, 2015 | independent.co.uk

The wife of the former British prime minister, Tony Blair, lobbied Mrs Clinton, then US Secretary of State, for a "woman-to-woman" meeting in the American capital with Sheikha Mozah bint Nasser al-Missned.

Sheikha Mozah's son is the current ruling emir of Qatar, Sheikh Tamin bin Hamad al-Thani.

Using the close relationship that her husband and Bill Clinton built up during their respective years in Downing Street and the White House, Mrs Blair exchanged a series of 19 emails in 2009 asking Mrs Clinton to help Sheikha Moser improve Qatar's relationship with the US.

Although the meeting was aimed primarily on the Qatari royal's charitable interests, Mrs Blair admitted to the US Secretary of State that "I am sure the conversation would not be confined to these interests [disability charities] but would be about the US/Qatar relationship generally."

When Mrs Clinton finally agreed to meet with Middle East royal, who Mrs Blair referred to as "My friend from Q", she replied to the green light, stating: "Great… when I see what a difference you are making it reminds me why politics is too important to be left to bad people."

[Mar 30, 2015] IRS Scandal Deja Vu Hillary Clintons Email Server Wiped Clean

Notable quotes:
"... This appears to have taken place after the first production request had come in, which means that Clinton may well be guilty of destruction of evidence. ..."
"... it appears she made the decision after October 28, 2014, when the Department of State for the first time asked the Secretary to return her public record to the Department." ..."
"... It is time for the Committee to stop this political charade and instead make these documents public and schedule Secretary Clinton's public testimony now. ..."
www.zerohedge.com
Mar 28, 2015 | Zero Hedge

If, as one claims, one is innocent of i) using a personal email account to send out confidential information and/or to take advantage of one's political position to abuse opponents and ii) deleting said confidential emails against government regulations, what would one do when faced with a government subpoena demand? If one is the IRS' Lois Lerner, one would claim, against subsequently revealed facts, that a hardware error led to a permanent loss of all demanded emails, even though by email protocol definition, said emails are always stored on at least one off-site server. Or, if one is Hillary Clinton, one would just format the entire server.

This, according to the Hill, is precisely what Hillary Clinton has done as the recent clintonemail.com scandal continues to grow bigger and impair ever more the already frail credibility and decision-making skills of the former first lady and democratic presidential hopeful. According to the head of the House Select Committee on Benghazi says former Secretary of State Hillary Clinton has erased all information from the personal email server she used while serving as the nation's top diplomat.

"We learned today, from her attorney, Secretary Clinton unilaterally decided to wipe her server clean and permanently delete all emails from her personal server," Rep. Trey Gowdy (R-S.C.) said in a statement Friday.

What difference does it make if she deleted all her emails?

Apparently a lot.

The key question is when said server formatting took place. This appears to have taken place after the first production request had come in, which means that Clinton may well be guilty of destruction of evidence. He said while it's "not clear precisely when Secretary Clinton decided to permanently delete all emails from her server, it appears she made the decision after October 28, 2014, when the Department of State for the first time asked the Secretary to return her public record to the Department."

What's worse, the evidence destroyed officially is US government property, since it was all created when Clinton was an employee of Uncle Sam.

Last week, Gowdy sent a letter to Clinton's attorney asking that the email server be turned over to a third party in the hopes that an investigation could recover about 30,000 emails that her team deleted before turning the rest over to the State Department.

Gowdy said "it is clear Congress will need to speak with the former Secretary about her email arrangement and the decision to permanently delete those emails."

"Not only was the Secretary the sole arbiter of what was a public record, she also summarily decided to delete all emails from her server, ensuring no one could check behind her analysis in the public interest," Gowdy said.

Those intent on defending the former Secretary of State, such as the panel's top Democrat, Elijah Cummings may have their work cut out for them but that doesn't stop them from trying: Cummings said the letter the select committee received from Clinton's attorney detailing what happened the server proves she has nothing to hide.

"This confirms what we all knew - that Secretary Clinton already produced her official records to the State Department, that she did not keep her personal emails, and that the Select Committee has already obtained her emails relating to the attacks in Benghazi," he said in a statement.

"It is time for the Committee to stop this political charade and instead make these documents public and schedule Secretary Clinton's public testimony now."

Clinton has maintained that the messages were personal in nature, but Gowdy and other Republicans have raised questions over whether she might have deleted messages that could damage her expected White House run in the process.

"I have absolute confidence that everything that could be in any way connected to work is now in the possession of the State Department," Clinton said during a press conference in New York earlier this month.

Sadly, there is nothing but her word to go by at this moment: a word whose credibility has now been fatally compromised by her recent actions.

She said she had culled through more than 60,000 emails from her time at State and determined that roughly 30,000 of them were public records that should have been maintained.

Gowdy said given Clinton's "unprecedented email arrangement with herself and her decision nearly two years after she left office to permanently delete" information, his panel would work with House leadership as it "considers next steps."

Speaker John Boehner (R-Ohio), Gowdy and other members of the Benghazi panel in the past have hinted that the full House could issues a subpoena for Clinton's server.

The Hill concludes by treating the population to the next upcoming kangaroo court: House Oversight Committee Chairman Jason Chaffetz (R-Utah) has suggested his panel could hold hearings over Clinton's use of private email, emphasizing his panel's jurisdiction over violations of the Federal Records Act.

Will anything change as a result? Of course not, because the real decision-maker has already hedged its bets. Recall Blankfein has already indicated that despite his strong preference for a democrat president, one which would perpetuate the Fed's policies, "he would be fine with either a Bush or Clinton presidency." Which in a country controlled and dominated by lobby interests, and which happens to be the "best democracy that money can buy" is all that matters.

Au Member

https://www.youtube.com/watch?v=LihB7ZoGf4c

All you need to know about this toxic duo right there.

[Mar 21, 2015] The NSA's plan: improve cybersecurity by hacking everyone else by Trevor Timm

The key problem with new NSA toys and methods is that they will be replicated, possible on a better technological level. Then what ?
Mar 21, 2015 | The Guardian
The National Security Agency want to be able to hack more people, vacuum up even more of your internet records and have the keys to tech companies' encryption – and, after 18 months of embarrassing inaction from Congress on surveillance reform, the NSA is now lobbying it for more powers, not less.

NSA director Mike Rogers testified in front of a Senate committee this week, lamenting that the poor ol' NSA just doesn't have the "cyber-offensive" capabilities (read: the ability to hack people) it needs to adequately defend the US. How cyber-attacking countries will help cyber-defense is anybody's guess, but the idea that the NSA is somehow hamstrung is absurd.

The NSA runs sophisticated hacking operations all over the world. A Washington Post report showed that the NSA carried out 231 "offensive" operations in 2011 - and that number has surely grown since then. That report also revealed that the NSA runs a $652m project that has infected tens of thousands of computers with malware.

And that was four years ago - it's likely increased significantly. A leaked presidential directive issued in 2012 called for an expanded list of hacking targets all over the world. The NSA spends ten of millions of dollars per year to procure "'software vulnerabilities' from private malware vendors" – i.e., holes in software that will make their hacking much easier. The NSA has even created a system, according to Edward Snowden, that can automatically hack computers overseas that attempt to hack systems in the US.

Moving further in this direction, Rogers has also called for another new law that would force tech companies to install backdoors into all their encryption. The move has provoked condemnation and scorn from the entire security community - including a very public upbraiding by Yahoo's top security executive - as it would be a disaster for the very cybersecurity that the director says is a top priority.

And then there is the Cybersecurity Information Sharing Act (Cisa) the downright awful "cybersecurity" bill passed by the Senate Intelligence Committee last week in complete secrecy that is little more than an excuse to conduct more surveillance. The bill will do little to stop cyberattacks, but it will do a lot to give the NSA even more power to collect Americans' communications from tech companies without any legal process whatsoever. The bill's text was finally released a couple days ago, and, as EFF points out, tucked in the bill were the powers to do the exact type of "offensive" attacks for which Rogers is pining.

While the NSA tries to throw every conceivable expansion of power against the wall hoping that something sticks, the clock continues to tick on Section 215 of the Patriot Act – the law which the spy agency secretly used to collect every American's phone records. Congress has to re-authorize by vote in June or it will expire, and as Steve Vladick wrote on Just Security this week, there seems to be no high-level negotiations going on between the administration and Congress over reforms to the NSA in the lead-up to the deadline. Perhaps, as usual, the NSA now thinks it can emerge from yet another controversy over its extraordinary powers and still end up receiving more?

Chad Castellano -> Kevin OConnor 21 Mar 2015 13:58

Actually it doesn't matter if it is an American phone or computer. The NSA actually has no laws stopping them from doing this to foreign companies. The tens of thousands of computers they hacked in this article are computers outside US jurisdiction. And they have put hardline taps on companies overseas. So right now the only computers or phones with any legal protections are the ones in the U.S. The rest of the world is a legal target for the NSA. Always have been.

What we need is to disband the NSA and replace it with a 100% transparent agency not made up of megalomaniacs.


Kevin OConnor 21 Mar 2015 13:46

After reading this article , you need to ask yourself...
Anybody want to buy an American computer ?
How about an American phone ?
No ?

Hmm...I see an economic problem here ...

Mike5000 21 Mar 2015 13:34

The West has transitioned from democracies and republics to criminal empires run by spook gangs.

With total information comes total blackmail capability. Lawmakers and judges are puppets.

Fictional 007 was licensed to kill. Real spook gangs get away with murder, kidnapping, torture, blackmail, commercial espionage, narcotics, and arms trafficking.

ondelette -> zelazny 21 Mar 2015 12:29

Do tell. And when did stopping teenagers from joining ISIS become a problem of analyzing vacuumed foreign intelligence data? Do you really want the government to be the party making decisions for teenagers and sorting them out into ones who should be changed and ones who are safe the way they are? Based on surveillance?

The purpose of the government isn't to act as in loco parentis in place of idiots who don't know what to do with a child once it's not a cute baby anymore.

thankgodimanatheist -> zelazny 21 Mar 2015 11:41

You are assuming that the real powers in the world want to stop Daesh (ISIS) and other groups like that.

What if it is all a drama (a bizarre disgusting TV reality show) to keep us (the 99.9999999%) scared (terrorized) so we allow them to spend more money on arms (including more money for the NSA) and forget about real issues such as the fact that in the USA the net worth of the 6 children of Sam Walton is more than that of 50% of us (while our real incomes goes down every day - for the 95% of us) and in the world 80 people's net worth is more than that of 50% of the world population.

Be afraid, don't think, be very afraid...
That's their mantra!

Gary Paudler 21 Mar 2015 11:18

Not that surprising, when was the last time the Department of Defense did something that wasn't entirely offensive on some other country's soil?

mikedow -> Delaware 21 Mar 2015 11:15

You can left-click on that pop-up and nuke it if you have Adblocker. I had fun with Rusbridger's Coal Divestment Promo, by blasting it.

Eric Moller 21 Mar 2015 11:02

Why discuss anything .. The GOP has already shown a willingness to hand the NSA illegal powers under the table so to speak .. and even if the deadline for section 215 of the ( Benedict Arnold Act) expires it's not a problem ..

One thing Obama and Congress can agree on is the Continuation of our Tax dollars being spent on our Government spying on us .. The People .. They seem to be in lock step on that illegality .. Kinda like the Hitler High step ..


Quadspect -> zelazny 21 Mar 2015 11:00

Theoretically, NSA, in all its cyber-omniscience, watched arms smuggling by various governments into countries with factions that wanted to kill each other, watched the increasing justifiable fury at being droned and bombed and politically and economically interfered with that caused formation of terrorist groups --- Hardly an institution bent on protecting the 99 percent. NSA is up to Something Else Other Than National Security.

zelazny 21 Mar 2015 09:58

The NSA has learned that despite its ability to vacuum up massive amounts of data, it lacks the intelligence to sort it out and analyze it. Garbage in, garbage out.

Take for example the inability of the GCHQ or the NSA to stop teenagers, including teen age girls, from attempting, and actually succeeding, in joining ISIS and other groups.

They may have everyone's information, but they can't sort out the "good" guys from the "bad" guys.

So instead, they will do what the USA always has done -- attack the innocent to make sure they pose no threat, even if they never would pose a threat.

robtal 21 Mar 2015 09:40

Let the NSA do all the hacking they want if your so out of it you put sensitive stuff anywhere on a computor your loss.

Eccles -> whatdidyouexpect 21 Mar 2015 09:25

Using the standard US definition of terrorism they have had them for some decades. Using them, for example, to program missile targets, control drones, communicate, and hack fellow UN diplomats.

And your point is?

[Mar 14, 2015] Clinton defence of personal email server fails to placate critics

Mar 14, 2015 | The Register

Phil Barnett, a VP at mobile device management vendor Good Technology, questioned Clinton's data management practices.

"Personal and highly sensitive corporate data are very different and should be treated as such," Barnett said. "But that's not to say you can't have them on the same device. The user experience must be high quality to keep data secure – if your corporate security model is too heavy, people will find a way around it.

"Separating and containerising sensitive data allows one device to do both jobs while balancing usability and security. And the more sensitive the data, the more critical this approach becomes," he added.

The affair has created issues around using personal vs. government issued e-mail addresses, as well as the preservation requirements that apply to each case. The incident has also thrown up regulatory, compliance and storage/e-discovery issues.

Mark Noel, a former litigator for Latham & Watkins who went on to co-found an electronic discovery software firm before moving onto Catalyst Repository System, is more sympathetic to Clinton's DIY email set-up, arguing that there's a good chance that historically significant data will be recovered one way or another.

"The use of a personal email account doesn't necessarily mean there's any intent to hide things," Noel said. "It's very common for busy professionals to try to funnel everything into one email account or one device, because multiple devices or accounts are too much of a pain to deal with and take up way too much time. When the government or corporate system isn't set up to allow that kind of efficiency, people often craft their own solutions purely for the sake of getting their jobs done."

Emails sent or received by Clinton might still be accessible even if here or her staff either deleted or lost them for any reason. There are always copies at the other end, the managing director of professional services at Catalyst Repository System pointed out.

"Analysts who are complaining that 'there's no way we can know if there's anything missing' aren't quite right," Noel said. "We do this all the time in civil litigation and government investigations. Emails tend to leave copies on every server they touch, so even if a sender doesn't keep a copy of it, the receiver's email system probably did. If Ms. Clinton emailed other government issued accounts, those emails are very likely preserved – just in a different location."

Gaps in the record might also be revealed via practices common in commercial litigation, according to Noel.

"Additionally, there are other types of analysis, such as 'gap analysis' that can reveal whether email is likely missing, based on the usual pattern and quantities of email and whether there appear to be 'holes' in the emails that are preserved. These types of analyses are also quite common in civil litigation and government investigations where it is suspected that someone is intentionally hiding or deleting evidence," he concluded. ®

[Mar 14, 2015] http://www.theguardian.com/us-news/2015/mar/14/hillary-clinton-arkansas-friends

From comments:: She's not a computer tech and hasn't got a clue as to whether security was breached. If the hackers can invade gov't websites (wikileaks) and major corporations, it's not only possible but very likely that her security was breached.
Mar 14, 2015 | The Guardian

flatulenceodor67 -> J.K. Stevens 14 Mar 2015 12:33

"She was on a secured server and has already confirmed that security was not breached."

What an ASININE statement believing a compulsive/corrupt KNOWN LIAR! I guess it takes one to know one.

Spanawaygal -> J.K. Stevens 14 Mar 2015 12:12

She's not a computer tech and hasn't got a clue as to whether security was breached. If the hackers can invade gov't websites (wikileaks) and major corporations, it's not only possible but very likely that her security was breached.

[Mar 14, 2015] How your phone and fitness band could end up giving evidence against you by Ben Lovejoy

Your email records are a goldmine. There’s the obvious stuff – who you were in contact with when, and what was said – but there’s so much more than that to be gleaned. ...Your phone does regular, automatic backups to Apple or Google servers, and with the right software, anyone can download and access them.
| The Guardian

A criminal suspect can’t be forced to divulge their phone passcode, a US circuit court judge ruled in October 2014. Yet law enforcement officials can compel a suspect to provide a fingerprint – which they can then use to unlock the phone and obtain data which may prove the case against them.

In an ongoing Canadian civil case, activity data from a Fitbit fitness band is being used to determine the truthfulness of an accident victim’s claim that she is less active now than before the accident.

And in another civil case, where a plaintiff argued that his injuries meant he was no longer able to operate a computer for lengthy periods of time, a court ruled that the defendants had a right to access metadata from his hard drive that showed how often the claimant had used his PC.

Keeping in mind David Cameron’s suggestion in January that there should be no such thing as private messaging, how much of this is reasonable? How do we strike a balance between the privacy of the individual and the state’s interest in justice being served?

It might be reasonably argued that the degree of intrusion should be proportional to the seriousness of the accusation. But this principle can easily take us into very grey territory.

Suppose the police and intelligence services are investigating a terrorist attack – a tube bombing. Ten people died: it’s clearly a very serious crime. The authorities know that the bomb was placed on the station platform sometime between 7:13am, when CCTV footage shows the bag definitely wasn’t there, and 7.23am, when the explosion occurred. Is it reasonable to pull the Oyster data from 7am to 7.23am, to identify all the people who entered the station between those times and cross-reference with police and security services files to search for anyone known or suspected to have terrorist links?

What if they do that and draw a blank? They will now want to know more about all those people who entered the first tube station between 7am to 7.23am. More than 250 people per minute enter a busy station during rush hour, so that’s 5,750 suspects. They’re pretty sure from the CCTV footage that the suspect is male, so they narrow it down to 2,875 people. And that’s all there is to go on so far. One of those men is our bomber, the other 2,874 of them are innocent.

Is it reasonable to get a blanket court order to examine the ISP and mobile phone records of all 2,875 people? With that many people, all the authorities are going to do is run a simple search of the metadata – the who-contacted-who part – and see if any of them have been in contact with any known or suspected terrorists. They’re not spying on your sexts to your girlfriend or emails from your credit card company querying a missed payment, they’re just looking at who you might have been in touch with.

No matches. But the explosive used in this attack was found to have been stolen from a demolition company in Leeds one week before the attack. A court order to run a search of the 2,875 suspects’ email records for train bookings to or from Leeds during that week is readied, and their car registration numbers are obtained, to see whether any of them were logged on any ANPR systems on the M1 during that time. That’s all. No other email content will be looked at, nor any other details of their driving history; just those two straightforward searches. Fair enough?

The suspects are narrowed down to 47 people whose cars were spotted at least once on the M1 at some point between London and Leeds during that week. There is got nothing else to go on, so the authorities now need to take a deeper dive into the online lives of those 47 people.

What could that involve? Most of us leave a pretty comprehensive digital footprint these days. Your fitness bank or sleep-tracking app logs the time that you woke up. Your ISP logs show which websites you visited, even which stories you read on Guardian.com over breakfast.

Phone GPS and wi-fi logs can enable your movements to be tracked to within tens of metres: your route to the tube station can easily be mapped. Oyster data logs the details of the subsequent tube journey: stations, dates, times.

Your email records are a goldmine. There’s the obvious stuff – who you were in contact with when, and what was said – but there’s so much more than that to be gleaned.

Ever had a password reminder emailed to you for iCloud or Google? Deleted the mail but failed to empty your trash can? Not an issue if you switched on two-factor authentication, but if you didn’t, the authorities now have remote access to the content of your phone. The entire content. Your phone does regular, automatic backups to Apple or Google servers, and with the right software, anyone can download and access them.

Your contacts. Your calendar. Your photos. Your notes. And more.

Collating the addresses of your contacts with your Oyster data tells us who you’ve been visiting, and how often. The authorities would soon know more about those 47 people than almost any of their friends.

What if they had been left not with 47 suspects but 200? 500? Where do we draw the line?

What if, instead of an actual bombing, it was an aborted attempt at the same, but without hard-and-fast proof – how does that change the equation of what is and isn’t acceptable?

These will always be difficult judgment calls, but while the individual decisions may need to be made in secret, it does not mean that the principles governing these decisions should themselves be secret or – worse – left to the whim of individual judges in individual cases.

It may not be possible to formulate hard-and-fast rules covering every eventuality, but there is every reason to set out clear and transparent guidelines within which decisions can be made – and no reason why the debate to determine these guidelines should not take place in public and in parliament.

[Mar 12, 2015] Hillary Clinton is now the face of shadow IT CIO

Notable quotes:
"... Usually, employees who decide to engage in shadow IT don't have bad intentions. They do so because what they're getting from corporate IT isn't good enough: Corporate-issued devices and apps are clunky, enterprise security measures ruin the user experience, IT is too slow to respond to requests. ..."
"... Battling on another front, CIOs should reach out to shadow IT vendors with an olive branch. While it's reactionary to slam vendors for bypassing IT, this won't stop them from selling directly to employees. Instead, CIOs should focus on building a relationship with vendors so that their services can spread throughout the organization on a long-term basis rather than sold to individuals and business units on an ad hoc basis, Riley says. ..."
"... Even if the political furor over Clinton's private email system subsides and continued debate shows shadow IT as a common practice -- "Colin Powell, Rick Perry and Jeb Bush used private email" for government business, Riley says -- this doesn't mean there aren't severe consequences. ..."
"... CIOs hope these fears have lasting effects, at least in the workplace. Clinton proved that she wasn't able to get away with her personal email system, and the fallout to her career can be great. Her situation should sound a warning to employees about the dangers of shadow IT. ..."
"... "The message is, if you try to circumvent us, then you're going to cause pain for yourself," Riley says. "But if you work with us, we're more than willing to give you whatever you need." ..."
Mar 12, 2015 | www.cio.com
"Heavy-handed approaches are not going to eliminate shadow IT, it'll just go farther underground," says Deputy CTO Steve Riley at Riverbed, an enterprise software vendor. "There's no positive outcome for being a disciplinarian about something like this. You might end up with services that are even more dangerous, where people now actively seek to circumvent policies."

Usually, employees who decide to engage in shadow IT don't have bad intentions. They do so because what they're getting from corporate IT isn't good enough: Corporate-issued devices and apps are clunky, enterprise security measures ruin the user experience, IT is too slow to respond to requests.

CIOs need to change this perception but not in an antagonistic way. Riley advises CIOs to work with employees in areas where shadow IT tends to start and spread, such as file sharing and instant messaging. It's easier to rein in data from five services than 30, Riley says.

Battling on another front, CIOs should reach out to shadow IT vendors with an olive branch. While it's reactionary to slam vendors for bypassing IT, this won't stop them from selling directly to employees. Instead, CIOs should focus on building a relationship with vendors so that their services can spread throughout the organization on a long-term basis rather than sold to individuals and business units on an ad hoc basis, Riley says.

CIOs can use Clinton case as a teachable moment

Ironically, the Clinton case might help CIOs fight against shadow IT by spurring employees to police themselves. Even if the political furor over Clinton's private email system subsides and continued debate shows shadow IT as a common practice -- "Colin Powell, Rick Perry and Jeb Bush used private email" for government business, Riley says -- this doesn't mean there aren't severe consequences.

There will likely be inquiries about whether or not Clinton broke the law. Her reputation as someone to be trusted has been tarnished. Her peers might think twice about lending their support if she put her political party at risk. If a smoking-gun email surfaces or a national security breach comes to light, Clinton will be under fire.

CIOs hope these fears have lasting effects, at least in the workplace. Clinton proved that she wasn't able to get away with her personal email system, and the fallout to her career can be great. Her situation should sound a warning to employees about the dangers of shadow IT.

"The message is, if you try to circumvent us, then you're going to cause pain for yourself," Riley says. "But if you work with us, we're more than willing to give you whatever you need."

[Mar 10, 2015] CIA sought to hack Apple iPhones from earliest days The Intercept

Reuters

CIA researchers have worked for nearly a decade to break the security protecting Apple (AAPL.O) phones and tablets, investigative news site The Intercept reported on Tuesday, citing documents obtained from NSA whistleblower Edward Snowden.

The report cites top-secret U.S. documents that suggest U.S. government researchers had created a version of XCode, Apple's software application development tool, to create surveillance backdoors into programs distributed on Apple's App Store.

The Intercept has in the past published a number of reports from documents released by whistleblower Snowden. The site's editors include Glenn Greenwald, who won a Pulitzer Prize for his work in reporting on Snowden's revelations, and by Oscar-winning documentary maker Laura Poitras.

It said the latest documents, which covered a period from 2006 to 2013, stop short of proving whether U.S. intelligence researchers had succeeded in breaking Apple's encryption coding, which secures user data and communications.

Efforts to break into Apple products by government security researchers started as early as 2006, a year before Apple introduced its first iPhone and continued through the launch of the iPad in 2010 and beyond, The Intercept said.

Breeching Apple security was part of a top-secret program by the U.S. government, aided by British intelligence researchers, to hack "secure communications products, both foreign and domestic" including Google Android phones, it said.

Silicon Valley technology companies have in recent months sought to restore trust among consumers around the world that their products have not become tools for widespread government surveillance of citizens.

Last September, Apple strengthened encryption methods for data stored on iPhones, saying the changes meant the company no longer had any way to extract customer data on the devices, even if a government ordered it to with a search warrant. Silicon Valley rival Google Inc (GOOGL.O) said shortly afterward that it also planned to increase the use of stronger encryption tools.

Both companies said the moves were aimed at protecting the privacy of users of their products and that this was partly a response to wide scale U.S. government spying on Internet users revealed by Snowden in 2013.

An Apple spokesman pointed to public statements by Chief Executive Tim Cook on privacy, but declined to comment further.

"I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services," Cook wrote in a statement on privacy and security published last year. "We have also never allowed access to our servers. And we never will."

Leaders including U.S. President Barack Obama and British Prime Minister David Cameron have expressed concern that turning such privacy-enhancing tools into mass market features could prevent governments from tracking militants planning attacks. The CIA did not immediately reply to a request for comment.

[Mar 10, 2015] Killary Clinton faces new questions over personal emails she 'chose not to keep' by Jon Swaine

This case convincingly demonstrates to the world not only that Hillary is an a very weak politician, but also that she is uncapable to attract decent experts.
10 March 2015 | The Guardian

The former secretary of state said she had preserved official communications but her office said she ‘chose not to keep her private, personal emails’

Hillary Clinton failed to quell mounting criticism over her controversial private email account on Tuesday evening after her office suggested she had erased more than half of her emails before turning them over for release to the American public.

In a statement released after a press conference intended to end a week-long controversy, Clinton’s office said that she did not preserve 31,830 of the 62,320 emails she sent and received while serving as Barack Obama’s secretary of state from 2009 to 2013.

“After her work-related emails were identified and preserved, Secretary Clinton chose not to keep her private, personal emails that were not federal records,” her office said, in a defiant nine-page explanation for the unusual arrangement that has put her under political fire.

Republicans accused Clinton of blocking transparency. It could not be confirmed whether the deleted archives included messages sent and received by Clinton relating to her family’s philanthropic foundation. Donations to the foundation by foreign governments and corporations are the subject of a separate ongoing controversy.

The continuing saga threatened to complicate the plans for her expected second campaign for the US presidency, which were thought to be in their final stages in advance of an announcement in April.
Criticism has grown since it was revealed last week that Clinton did not use an official government email address during her four years at the State Department. She instead conducted all official business using a private address under the ClintonEmail.com domain.

Clinton conceded at a press conference in New York on Tuesday afternoon that she had erred and “it would have been better” to have used separate email accounts for work and personal matters. However, she insisted she had used a single account on one mobile phone for “convenience”, adding: “I thought using one device would be simpler, and obviously, it hasn’t worked out that way.”

The former secretary’s office said she had turned over all 30,490 of her sent and received emails that related to her work to the State Department. They manually searched her archive, the statement said, first by finding all emails involving people with government email addresses, then searching for some people by name and for topics such as Libya.

All these are expected to be published. “You will see everything from the work of government, to emails with State and other administration colleagues, to LinkedIn invites, to talk about the weather – essentially what anyone would see in their own email account,” her office said.

In further defiant remarks on the emails that Clinton will not turn over, her office insisted that none contained material relevant to her work in four years leading Foggy Bottom.

“These were private, personal messages, including emails about her daughter’s wedding plans, her mother’s funeral services, and condolence notes, as well as emails on family vacations, yoga routines, and other items one would typically find in their own email account, such as offers from retailers, spam, etc,” it said.
But the Republican party, which accused Clinton of “putting our national security at risk for ‘convenience’” by operating the private email server, said there could be no independent verification that Clinton had preserved all messages related to her work.

“Because only Hillary Clinton controls her personal email account and admitted she deleted many of her emails, no one but Hillary Clinton knows if she handed over every relevant email,” Reince Priebus, the chairman of the Republican National Committee, said in a statement.

Clinton rejected suggestions that an independent monitor could review her email server to examine emails not turned over. “I believe that I have met all of my responsibilities and the server will remain private,” she said at the press conference.
Despite separately indicating all personal messages were erased, she said the server “contains personal communications from my husband and me”. Clinton’s spokesman did not respond to an email seeking clarification on what precisely had been erased.

Other critics pointed to remarks made by Clinton at an onstage interview last month, in which she said she used both an iPhone and a Blackberry. Discussing devices later in the conversation, Clinton said, “I don’t throw anything away, I’m like two steps short of a hoarder.” It was not clear when Clinton began using two devices.

The statement from Clinton’s office addressed other questions raised by the news of her email server – several relating to security and her interaction with foreign governments. The statement said her team’s review of Clinton’s email archive “revealed only one email with a foreign (UK) official”. It clarified that “during her time at State, she communicated with foreign officials in person, through correspondence, and by telephone”.

Clinton said during her press conference that she had never used the email account to send classified material. She insisted that the server had been secure by being placed on property protected by the secret service and claimed to know that the system had never been breached.

[Mar 08, 2015] Clinton email domain shows effort for security and obscurity, say experts

Notable quotes:
"... Doesn't the FBI, NSA, or some part of Homeland Security vet what government agencies are doing with their computer security? ..."
"... And how could Obama not know about this, unless he never exchanged e-mail with Hillary, which seems unlikely. ..."
"... I also wonder why Kerry would not question the absence of Clinton's correspondence when he took office? Doesn't he, as the successor, have to establish a historical record? Wouldn't her communications be part of that process? ..."
"... The main focus of the controversy comes because she could have deleted any emails she wanted to. ..."
"... Funny, we're back to paper as the only secure way to communicate anything (as in Roman Polanski's The Ghost). ..."
"... Despite the fact that digital record keeping continues to advance, the record keeping requirements go back to the early 50's and there is simply no reason that she should now be in possession of these records instead of either the State Department or the National Archives. ..."
"... The fact that she has criminally violated at least a dozen US Federal laws has nothing to do with the fact that she is lower than pond scum. God help us if she gets elected to POTUS! ..."
"... Her dishonesty and corruption already have been well documented for many decades, and she has proven that despite all her "image makeovers", she is the same untrustworthy person we always knew she was. ..."
"... It is not her decision to create her own web accounts to avoid public scrutiny. This is exactly what is wrong with Washington. No accountability or transparency. ..."
"... Bottom line if official State Department business was being routed through a personal email system she needs to go down for it. I work a mundane middle class job as a data analyst and my employer would be furious and fire me instantly if I routed work related emails and attachments through my personal email so why should Hillary get off the hook? ..."
"... The fact that the email traffic isn't encrypted makes this strictly amateur hour. ..."
"... The fact that the email isn't immediately controlled and discoverable by the govt is appalling enough. The fact it's apparently secured using small business standards just makes it worse. ..."
"... Was there any footnotes or exceptions noted concerning use of a private email server ? If not, then we should get our money back from auditing contractor. If they didn't discover and report it as an exception, then they should be barred from federal contracting for gross incompetence or complicity in this deception. ..."
"... "Dick Cheney in a pantsuit" is gonna live forever, or at least as long as she remains in the public arena ..."
"... Not having encryption (google smtps), which is easily determined if the mail server is still running, is a very bad sign. ..."
"... If Clinton is using Internap right now, that should be the subject of ridicule, not praise. ..."
"... People lost their jobs when Hillary was in charge over there for doing the EXACT SAME THING. ..."
"... The ruling elite plays by their own rules. ..."
"... Actually, the rules were there before. ..."
"... It is the Department's general policy that normal day-to-day operations be conducted on an authorized AIS, which has the proper level of security control to provide nonrepudiation, authentication and encryption, to ensure confidentiality, integrity, and availability of the resident information. ..."
Mar 08, 2015 | The Guardian

captainjohnsmith 2015-03-07 18:06:55

Questions, questions. Doesn't the FBI, NSA, or some part of Homeland Security vet what government agencies are doing with their computer security? Wouldn't that have turned up Hillary's private scheme? And how could Obama not know about this, unless he never exchanged e-mail with Hillary, which seems unlikely.

kgb999again -> BeckyP

Hillary Clinton was not serving as a politician. She was serving as a high official in a non-elected office of the U.S. Government. She is required by law to maintain accessible records within the government of every meeting and communication she conducted - for both accountability and historic legacy reasons.

If she wanted to behave as a politician, she shouldn't have accepted the role of Secretary of State.

macktan894

The basic question is still: why would she do such a thing? Why would she insist that all her email and that of her principal staff be handled by this private server?

And I guess I would also wonder how this could go undetected and unscrutinized for so long? Why would not anyone receiving email from the Clinton people wonder why they were getting email from an account that was non government in its address?

I also wonder why Kerry would not question the absence of Clinton's correspondence when he took office? Doesn't he, as the successor, have to establish a historical record? Wouldn't her communications be part of that process?

I recall when Obama won the nomination in 2008, he had a meeting with Clinton re her appt to sec of state. He was surprised when she turned up with a "contract" that listed items she needed him to agree to if she were to join his administration. Was this server business in that contract?

Why do I have these questions but reporters do not?

thegradycole -> macktan894

Why does anybody do it? Jeb Bush used a personal server while he was governor of Florida and then handed over 275,000 emails, of course just like Clinton he didn't release those that he determined were of a personal nature. Kerry is the first SOS to use the official .gov server.

The main focus of the controversy comes because she could have deleted any emails she wanted to. But I always thought that nothing could really be deleted. If they have the server don't they have everything?

This whole thing better be more than the usual it-looks-bad-but-we-can't-find-anything. It gets to the point where the appearance of impropriety becomes a conspiracy, they add "gate" to it and it has a life of its own. If there's something there let's see it. Scott Walker and Chris Christie have similar problems as their emails are part of criminal investigations.

Funny, we're back to paper as the only secure way to communicate anything (as in Roman Polanski's The Ghost).

BradBenson -> chiefwiley 8 Mar 2015 06:48

Well yes, in theory. In actual practice Freedom of Information Requests were always treated with disdain by the agencies. Since I left Government in 1999, it has gotten much worse.

You are absolutely correct that she should not be mixing official and private business or the servers, which carry them. All of her official correspondence should have been retained in a Government Server.

Despite the fact that digital record keeping continues to advance, the record keeping requirements go back to the early 50's and there is simply no reason that she should now be in possession of these records instead of either the State Department or the National Archives.

FloodZilla 8 Mar 2015 06:43

The fact that she has criminally violated at least a dozen US Federal laws has nothing to do with the fact that she is lower than pond scum. God help us if she gets elected to POTUS!

Anne Vincent 8 Mar 2015 03:19

If she was too insecure to utilize the US Government's own computer system, then she is too insecure to reside in the White House or to work as a US Government official. She needs to "move on".

Her dishonesty and corruption already have been well documented for many decades, and she has proven that despite all her "image makeovers", she is the same untrustworthy person we always knew she was.

David Egan 7 Mar 2015 22:34

Mayer added that speculation that Clinton had created a "homebrew" internet system was "plainly inaccurate", at least when talking about the current configuration of the service.

Newsflash!!! Hillary had no business, legal or otherwise, to create her own network!!

This way she has total control over the e-mails that she wants to make public.... GET IT.....??

David Egan -> anthonylaino 7 Mar 2015 22:28

I agree!!! The elitist one percent have made billions and knowingly sent tens of thousands of people to their deaths, just for a buck (ok, well, lots of bucks) and to further their jack boot on the throat of the average citizen from any country...

Financial Bondage For Everyone!!!!

Zooni_Bubba 7 Mar 2015 20:58

Maybe Clinton had security and maybe she didn't. It is not her decision to create her own web accounts to avoid public scrutiny. This is exactly what is wrong with Washington. No accountability or transparency. When someone under investigation gets to decide what to supply, they not the authorities control the evidence.

Stephen_Sean 7 Mar 2015 20:25

Bottom line if official State Department business was being routed through a personal email system she needs to go down for it. I work a mundane middle class job as a data analyst and my employer would be furious and fire me instantly if I routed work related emails and attachments through my personal email so why should Hillary get off the hook?

Dems better start looking for an alternative. Hillary isn't the one you want answering the phone at 3am.

Trixr -> Miles Long 7 Mar 2015 19:54

From a technical point of view, saying it's a 'high security' system is cobblers. Anti malware is the LEAST you can do for email security in a corporate system. Having a domain registered in one location and traffic coming from another means absolutely nothing in these days of shared hosting and dynamically-provisioned server farms. No-one puts their personal details on a WHOIS these days. I don't, and I just have a dinky little personal domain.

The fact that the email traffic isn't encrypted makes this strictly amateur hour.

The fact that the email isn't immediately controlled and discoverable by the govt is appalling enough. The fact it's apparently secured using small business standards just makes it worse.

And this 'expert' is an idiot, or not giving the full story.

John Hemphill -> imipak 7 Mar 2015 19:12

Just curious if know by chance, how did the State Department do in their last couple ot FISMA audits ?

Was there any footnotes or exceptions noted concerning use of a private email server ? If not, then we should get our money back from auditing contractor. If they didn't discover and report it as an exception, then they should be barred from federal contracting for gross incompetence or complicity in this deception.

ElmerFuddJr -> MakeBeerNotWar 7 Mar 2015 18:37

"Dick Cheney in a pantsuit" is gonna live forever, or at least as long as she remains in the public arena.!.

MakeBeerNotWar -> ElmerFuddJr 7 Mar 2015 18:48

- yes but one risks the label of misogynist by her many followers. Cheney is a true psychopath tho and Clinton could reach being one thus why the Dems who really care about our country need to find an alternate candidate so HRC will not be given the chance to start another idiotic fraud war that benefits Wall $t, I$rael and the MIC.

GuardianIsBiased127

What a bunch of liberal spin by ABC. I've run mail servers for 20 years. Scanning for viruses etc is trivial and every email provider does it. Not having encryption (google smtps), which is easily determined if the mail server is still running, is a very bad sign.

macktan894 -> GuardianIsBiased127

Agree. Saying that her system scanned for viruses and was therefore "secure" is a laugh. My computer scans for viruses, too, as do most computers. We all know that does not equate with topnotch security. I also use an Apple. Still, the NSA or any other cyberterrorist can easily hijack my computer if that's the goal.

ludaludaluda

"internap" is not a good company by any measure -- my company has been a client for years.

If Clinton is using Internap right now, that should be the subject of ridicule, not praise.

bbuckley

Look, let's be clear. People lost their jobs when Hillary was in charge over there for doing the EXACT SAME THING.

Where's the email that has Hillary wanting these poor people being brought back to work. Hillary has in the past spoken of the danger of using a private domain.

This is once again the rules don't apply to Clintons. And I'm going to tell Ya all something: the investigators will be going to gmail, or yahoo, or whoever, and making 100% sure they get it all. I truly do not care for this woman. I find her to be a shifty giant egoed elitist. However, I'm not ready to yell guilty. Decency and fair play require that I see the pudding before I declare the truth. But, she damn well knew the rules, so why hide the emails? It won't be a mystery lover, that's for sure. She didn't want them seen, there's gotta be a reason for that.

Danish5666

The ruling elite plays by their own rules.

Kelly Kearns -> Miles Long

Actually, the rules were there before.

12 FAM 544.2 Automated Information System (AIS)
Processing and Transmission
(CT:DS-117; 11-04-2005)

November 4, 2005 above.

http://www.state.gov/documents/organization/88404.pdf

Kelly Kearns -> imipak

"12 FAM 544.3 Electronic Transmission Via the Internet
(CT:DS-117; 11-04-2005)
a. It is the Department's general policy that normal day-to-day operations be conducted on an authorized AIS, which has the proper level of security control to provide nonrepudiation, authentication and encryption, to ensure confidentiality, integrity, and availability of the resident information. The Department's authorized telework solution(s) are designed in a manner that meet these requirements and are not considered end points outside of the Department's management control. "

http://www.state.gov/documents/organization/88404.pdf

[Mar 07, 2015] Email scandal Hillary Clintons impulse to secrecy

Quotes: ...Indeed, Clinton herself was once worked up about this very issue. "We know about the secret wiretaps, the secret military tribunals, the secret White House email accounts," she said back then. ...So far, the explanation from Clintonworld about the failure to comply with this basic rule of modern archiving has been inadequate and unpersuasive. ...This has the distinct odor of hogwash. First, the basic rule that government business is to be transacted from government accounts doesn't have a well-we'll-capture-it-anyway exception.
Notable quotes:
"... "We know about the secret wiretaps, the secret military tribunals, the secret White House email accounts," she said back then. ..."
"... the email domain clintonemail.com that she appears to have been using was created on Jan. 13, 2009, the very day Clinton's confirmation hearings began. ..."
"... So far, the explanation from Clintonworld about the failure to comply with this basic rule of modern archiving has been inadequate and unpersuasive. ..."
"... First, the basic rule that government business is to be transacted from government accounts doesn't have a well-we'll-capture-it-anyway exception. ..."
"... What is the legitimate reason for conducting official business on a personal back-channel? Why, if not for purposes of secrecy, would Clinton choose to operate that way? ..."
March 3, 2015 | delawareonline.com

Hillary Clinton may not have a serious opponent for the Democratic nomination – except herself.

The Clintons' unfortunate tendency to be their own worst enemy is on display, again, with reports that, as secretary of state, Hillary Clinton conducted official business solely from a personal email account.

This is a problem – and not only because it presents a particularly unflattering contrast with the move by former Florida Gov. Jeb Bush to release a flood of official emails. It illustrates Clinton's reflexive impulse to secrecy over transparency, a tendency no doubt bolstered by the bruising experience of her White House years, yet one that she would be well advised to resist rather than indulge.

Indeed, Clinton herself was once worked up about this very issue. "We know about the secret wiretaps, the secret military tribunals, the secret White House email accounts," she said back then.

So what to make of the revelation that Clinton avoided official email entirely while at State? This had to be a deliberate decision. After all, the issue of the Bush emails was still in the news.

And, as The Washington Post's Philip Bump reports, the email domain clintonemail.com that she appears to have been using was created on Jan. 13, 2009, the very day Clinton's confirmation hearings began.

To back up: The Federal Records Act requires agencies to maintain records of official business, including emails. The National Archives, which oversees such collection, had this to say in 2013 about the use of personal email accounts:

"While agency employees should not generally use personal email accounts to conduct official agency business, there may be times when agencies authorize the use of personal email accounts, such as in emergency situations when federal accounts are not accessible or when an employee is initially contacted through a personal account. In these situations, agency employees must ensure that all federal records sent or received on personal email systems are captured and managed in accordance with agency recordkeeping practices."

Italics mine.

So far, the explanation from Clintonworld about the failure to comply with this basic rule of modern archiving has been inadequate and unpersuasive.

Clinton spokesman Nick Merrill "declined to detail why she had chosen to conduct State Department business from her personal account," reported The New York Times, which broke the story.

This has the distinct odor of hogwash. First, the basic rule that government business is to be transacted from government accounts doesn't have a well-we'll-capture-it-anyway exception.

Second, the government records to be retained aren't only intra-agency communications. If Clinton is emailing with world leaders or others about official business, the entire point of the Federal Records Act is to ensure that those communications are captured for history.

This should have been clear. Certainly, the intersection of email and federal records law has been evolving. Former Secretary of State Colin Powell writes about his effort to use "the then-newfangled email system" to communicate with counterparts overseas. His successor, Condoleezza Rice, rarely used email to transact business but employed her government address when she did.

What is the legitimate reason for conducting official business on a personal back-channel? Why, if not for purposes of secrecy, would Clinton choose to operate that way?

That Clinton has recently turned over 55,000 pages of email records in response to an overdue burst of documentary housekeeping by State does not excuse her lack of compliance while in office.

That her proto-campaign describes her activities as complying with "both the letter and spirit" of the rules would be jaw-dropping, if it weren't so sadly familiar.

Ruth Marcus' email address is ruthmarcus@washpost.com.
Is Hillary Clinton's challenge that she's been set up for failure, or for success?

We may need a new metaphor to describe the situation Clinton faces now.

See also

  • Hillary Clinton, too cautious for her own good Her secretive ways with official e-mail repeats the same mistake she has made for nearly a quarter-century. Dana Milbank | Opinions | Mar 6, 2015
  • What Democrats are missing about Hillary Clinton The Hillary Clinton e-mail scandal is not just about rule-breaking. Jennifer Rubin | Opinions | Mar 6, 2015
  • The 'Texts from Hillary' meme isn't so funny anymore. An image that evoked Clinton as a boss has taken on new meaning following her e-mail controversy. Hunter Schwarz | Politics | Mar 6, 2015
  • House committee subpoenas Clinton emails in Benghazi probe. A House committee investigating the Benghazi, Libya, attacks issued subpoenas Wednesday for the emails of Hillary Rodham Clinton, who used a private account exclusively for official business when she was secretary of state - and also used a computer email server now traced back to her family's New York home. Associated Press | Technology | Mar 5, 2015
  • House committee subpoenas Clinton emails in Benghazi probe. A House committee investigating the Benghazi, Libya, attacks issued subpoenas Wednesday for the emails of Hillary Rodham Clinton, who used a private account exclusively for official business when she was secretary of state - and also used a computer email server now traced back to her family's New York home. Associated Press | Technology | Mar 4, 2015
  • White House says Clinton did not heed e-mail policy. Hillary Clinton's official e-mail habits once again draw attention to her penchant for secrecy - a trait that has created political problems since her years as first lady.

[Mar 07, 2015] Under the Radar, Big Media Internet Giants Get Massive Access to Everything About You By Jeffrey Chester

March 5, 2015 | alternet.org

A White House-backed bill would give the corporate elite control over how our data is used.

Editor's note: The following is the latest in a new series of articles on AlterNet called Fear in America that launched this March. Read the introduction to the series.

The Internet and our digital media are quietly becoming a pervasive and manipulative interactive surveillance system. Leading U.S. online companies, while claiming to be strong supporters of an open and democratic Internet, are working behind the scenes to ensure that they have unlimited and unchecked power to "shadow" each of us online. They have allied with global advertisers to transform the Internet into a medium whose true ambition is to track, influence and sell, in anever-ending cycle, their products and political ideas. While Google, Facebook and other digital giants claim to strongly support a "democratic" Internet, their real goal is to use all the "screens"we use to empower a highly commercialized and corporatized digital media culture.

Last Thursday was widely viewed as a victory for "Internet Freedom" and a blow to a "corporatized" Internet as the Federal Communications Commission (FCC) endorsed a historic public utility framework for Network Neutrality (NN). It took the intervention of President Obama last year, who called for "the strongest possible rules to protect net neutrality," to dramatically transform the FCC's plans. Its chairman, Thomas Wheeler, a former cable and telecom lobbyist, had previously been ambivalent about endorsing strong utility-like regulations. But feeling the pressure, especially from the president, he became a "born again" NN champion, leading the agency to endorse "strong, sustainable rules to protect the Open Internet."

But the next day, the Obama White House took another approach to Internet Freedom, handing the leading online companies, including Google, Facebook, and their Fortune-type advertising clients, a major political victory. The administration released its long-awaited "Consumer Privacy Bill of Rights" legislation. The bill enables the most powerful corporations and their trade associations to greatly determine what American privacy rights will be. By giving further control over how data are gathered and used online, the administration basically ceded more clout to a corporate elite that will be able to effectively decide how the Internet and digital applications operate, today and in the near future.

How do privacy rules impact the openness of the Internet, and the ability to promote and sustain progressive and alternative perspectives? While much of the public debate on pervasive data mining has focused on the role of the NSA and other intelligence agencies that were exposed by Edward Snowden, there has not been as much discussion on the impact of the commercial data system that is at the core of the Internet today. Google, Facebook, and others use our data as the basis of an ever-expanding global system of commercial surveillance. This information is gathered from our mobile devices, PCs, apps, social networks, and increasingly even TVs—and stored in digital profiles. These far-reaching dossiers—which can be accessed and updated in milliseconds—can include information on our race/ethnicity, financial status, health concerns, location, online behavior, what our children do, whom we communicate with on social media, and much more.

The major online companies are continually expanding their commercial data gathering practices. They now merge and use our online and offline data (what we do online and information collected from store loyalty cards, etc.); track us across all the devices we use (PCs, mobile, etc.); and amass even more data about us supplied by a vast network of data broker alliances and partnerships (such asFacebook with its myriad of data partners, including Acxiom and Epsilon). A U.S. digital data industry "arms race," with companies vying to own the most complete set of records on every consumer, has also led to a wave of mergers and acquisitions, where companies that have already compiled huge datasets on Americans (and global consumers) being swallowed up by even larger ones.

Leading corporations are investing vast sums to harvest and, in their own words, make "actionable" information we now generate nearly 24/7. So-called "Big Data" technologies enable companies to quickly analyze and take advantage of all this information, including understanding how each of us uses online media and mobile phones. A score of "Math Men and Women"-led advertising-technology companies have pioneered the use of super fast computers that track where we are online and, in milliseconds, crunch through lots of our data to decide whether to target us with advertising and marketing (regardless of whether we use a PC or mobile device and, increasingly, using our geolocation information).

These machines are used to "auction" us off individually to the highest bidder, so we can be instantly delivered some form of marketing (or even political) message. Increasingly, the largest brands and ad agencies are using all this data and new tactics to sell us junk food, insurance, cars, and political candidates. For example, these anonymous machines can determine whether to offer us a high-interest pay day loan or a lower interest credit card; or an ad from one political group versus another.

But it's not just the ability to harvest data that's the source of increased corporate clout on the Internet. Our profiles are tied to a system of micro-persuasion, the 21st century updating of traditional "Madison Avenue" advertising tactics that relied on "subliminal" and cultural influence. Today, online ads are constructed by connecting our information to a highly sophisticated digital marketing apparatus. At places like Google's BrandLab, AT&T's Adworks Lab, or through research efforts such as Facebook IQ, leading companies help their well-heeled clients take advantage of the latest insights from neuromarketing (to deliberately influence our emotions and subconscious), social media monitoring, new forms of corporate product placement, and the most effective ways to use all of our digital platforms.

The online marketing industry is helping determine the dimensions of our digital world. Much of the Internet and our mobile communications are being purposely developed as a highly commercialized marketplace, where the revenues that help fund content go to a select, and largely ad-supported, few. With Google, Facebook, major advertisers and agencies all working closely together throughout the world to further commercialize our relationship to digital media, and given their ownership over the leading search engines, social networks, online video channels, and how "monetization" of content operates, these forces pose a serious obstacle to a more democratic and diverse online environment.

One of the few barriers standing in the way of their digital dominance is the growing public concern about our commercial privacy. U.S. companies have largely bitterly opposed proposed privacy legislation—in the U.S. and also in the European Union (where data protection, as it is called, is considered a fundamental right). Effective regulations for privacy in the U.S. would restore our control of the information that has been collected about us, versus the system now in place that, for the most part, enables companies to freely use it. But under the proposed Obama plan, Google, Facebook and other data-gathering companies would be allowed to determine the rules. Through a scheme the White House calls a "multi-stakeholder" process, industry-dominated meetings—with consumer and privacy groups vastly outnumbered and out-resourced—would develop so-called self-regulatory "codes of conduct" to govern how the U.S. treats data collection and privacy. Codes would be developed to address, for example, how companies can track and use our location information; how they compile dossiers about us based on what we do at the local grocery store and read online; how health data can be collected and used from devices like Fitbit; and more. This process is designed to protect the bottom line of the data companies, which the Obama White House views as important to the economy and job growth. (Stealing other people's data, in other words, is one of America's most successful industries). Like similar self-regulatory efforts, stakeholder codes are really designed to sanction existing business practices and enable companies to continue to accumulate and use vast data assets unencumbered. The administration claims that such a stakeholder process can operate more effectively than legislation, operating quickly in "Internet time." Dominated by industry as they are, stakeholder bodies are incapable of doing anything that would adversely impact their own future—which currently depends on the ability to gather and use all our data.

The administration's bill also strips away the power of the Federal Trade Commission (FTC), which now acts as the leading federal watchdog on privacy. Instead of empowering the FTC to develop national rules that enable individuals to make their own privacy decisions, the bill forces the agency to quickly review (in as little as 90 days) the proposed stakeholder codes—with little effective power to reject them. Companies become largely immune to FTC oversight and enforcement when they agree to abide by the self-regulatory policies their lobbyists basically wrote. In a rare rebuke to the administration, the FTC, leading Congressional Democrats, and the majority of consumer and privacy organizations rejected the White House's privacy plan. But the administration does not appear to be willing, for now, to change its support for the data companies; and as we know, Silicon Valley and their business allies have strong support in Congress that will prevent any privacy law from passing for now.

To see how the online lobby has different views on Internet Freedom, compare, for example the statements of the "Internet Association"—the lobbying trade organization that represents Google, Facebook, Amazon and dozens of other major online data-gathering companies—on last week's two developments. It praised the FCC NN decision for creating "strong, enforceable net neutrality rules … banning paid prioritization, blocking, and discrimination online." But the group rejected the Administration's privacy proposal, as weak as it was, explaining that "today's wide-ranging legislative proposal outlined by the Commerce Department casts a needlessly imprecise net." At stake, as the Internet Association knows, is the ability of its members to expand their businesses throughout the world unencumbered. For example, high on the agenda for the Internet Association members are new U.S. brokered global trade deals, such as the Transatlantic Trade and Investment Partnership, which will free our digital giants from having to worry about strong privacy laws abroad.

While the NN battle correctly viewed Comcast, Verizon, and other cable and phone giants as major opponents to a more democratic digital media environment, many of the online companies were seen as supporters and allies. But an "open" network free from control of our cable/telco monopolies is just one essential part for a more diverse and public interest-minded online system. Freedom must also prevent powerful interests from determining the very structure of communications in the digital age. Those companies that can collect and most effectively use our information are also gatekeepers and shapers of our Internet Future.

The NN victory is only one key step for a public-interest agenda for digital media. We also must place limits on today's digital media conglomerates, especially their ability to use all our data. The U.S is one of the only "developed" countries that still doesn't have a national law protecting our privacy. For those concerned about the environment, we must also address how U.S. companies are using the Internet to encourage the global public to engage in a never-ending consumption spree that has consequences for sustainability and a more equitable future.

There is ultimately an alignment of interests between the so-called "old" media of cable and the telephone industry with the "new" online media. They share similar values when it comes to ensuring the media they control brings eyeballs and our bank accounts to serve them and their advertising clients. While progressive and public interest voices today find the Internet accessible for organizing and promoting alternative views, to keep it so will require much more work.

Jeffrey Chester is executive director of the Center for Digital Democracy ( www.democraticmedia.org).

[Feb 17, 2014] NetAppVoice Why You Can't Fight BYOD

Aug 05, 2013 | Forbes
The BYOD trend (bring your own device): There’s no use debating it. It’s here to stay. And it’ll get worse before it gets better.

You need to stop fighting it. Here’s why.

BYOD has plagued IT departments since the 1970s. Annoyance at the dawn of BYOD seems quaint when you consider the problems it causes today.

BYOD makes IT’s work more difficult, creates security and privacy liabilities and potentially causes a wide range of problems and risks for IT systems management—in fact, for the company as a whole.

Advice for fixing or preventing these BYOD problems is beyond the scope of this post. But I will say this: Doing nothing about BYOD is crazy talk.

Get Used To It

The reason BYOD is here to stay is psychological. It’s less about technology and more about culture—or even anthropology. It’s about a belief of what is “me” and what is “not me.”

[See also: BYOD: It's A Question Of Lust (And Trust)]

In the old days, the kinds of devices that could be connected inside the firewall were tools or office equipment.

Today, smartphones—and to a lesser extent, tablets and other devices—aren’t categorizable as tools, but instead are part of the employee.

When you hire an employee, you’re nowadays hiring an augmented human. There are things required for work that the employee pays for, and that enhance that employee’s mind and body. They are associated with that employee’s personal self-identity.

... ... ...

For many employees, smartphones are part of their brains, and also part of their identities. Even the simple act of scanning these devices for viruses feels to some employees like an outrageous violation of privacy. That will not change in our lifetimes.

What will change is that even more personal and more problematic BYOD gadgets will be flooding into the office, and soon.

... ... ...

It’s also important to remember that, even as technology advances, the biggest threat remains the lowest-tech threats, such as USB thumb drives and, most of all, employees themselves.

The strongest policy and the strongest password is useless if an employee is socially engineered into giving it away.

The Bottom Line

At the highest level, there are three important things to know about BYOD.

  1. It’s here to stay and will grow.
  2. The potential risks are real, so require mitigation.
  3. It can’t be ignored or wished away.

[Oct 21, 2013] Is BYOD the Problem By Simon Bain, Founder and CTO, Simplexo

03.05.2013 | Website Magazine

There is a great deal of talk about Bring Your Own Device (BYOD) and a lot of statistics suggesting that it is a huge phenomenon taking place across the corporate world. Redshift Research, in a report it delivered for Cisco, tells us that “95 percent of organizations allow employee-owned devices in some way, shape or form in the workplace” with 84 percent of these saying that they provide support for these devices.

However, most instances of BYOD currently relate to people’s use of their own smartphones to connect to the Internet or email to access company documents. Five years ago people simply had two mobile phones – one personal and one issued by work. Today, these two devices have merged into one.

However, remote access to office files using personal devices is not really the issue. What has really got IT decision-makers excited is their increasing difficulty to be able to track company data and understand what is happening to it outside of the enterprise environment.

BYOD is not the problem, cloud storage is. It is now very simple for employees to store documents, for free, using any number of file storage providers such as Dropbox or Google drive. There is also an increasing number of applications that can be downloaded that help with office work. Where data is stored and how securely within these applications is often a mystery. In either case, once out of the enterprise IT environment it becomes impossible for CIOs to know where company data is or who has access to it.

However, it is not just technology, but rather the changing relationship we are having with it as a society that is the real driver of change. For the first time, IT decision-makers are no longer in charge of how IT is used in organizations.

Very quickly, we have all got used to being able to easily choose from a limitless supply of applications in our personal lives, all at little or no cost. This is the antithesis to the corporate environment, which has deployed software and services in a top-down and inflexible manner, giving employees little or no choice. This new and growing consumer-based culture allows for IT services to grow organically to meet the ever-changing demands of the enterprise. So on one level this is all very good news. However, the result is that those entrusted with responsibility for IT have a growing lack of control over data and how it is used.

The fact is, IT departments are never going to be able to compete with the simplicity and ease-of-use that comes from having an instantly downloadable application. This needs to be accepted by enterprise organizations at the earliest possible opportunity as it is only in doing so that they will be able to change their own worldview and work with the new consumer-led culture of IT deployment that is growing at an ever-increasing pace.

I expect to see an explosion in enterprise-grade applications in the next 18 months as the market recognizes the growth in demand from enterprise organizations and IT decision-makers recognize that they need to give their staff a choice of technology within controlled environments.

We could well see, for example, enterprises partnering with third-party app stores that only allow applications that keep data in a recognized and controlled environment. Employees will benefit from having access to a shopping cart of applications to choose from and IT departments will know that they have tight service level agreements with providers detailing required security and data locations. Developers will have clear instructions as to what data security and other hoops that they need to jump through to have access to the market created by the third-party app provider. This is just one possible outcome of many in what is a rapidly changing and volatile market.

Such paradigm shifts will not be an easy process for many organizations. Staff will still complain that the tools they really want to use sit outside any secure environment and will be tempted to use them. The trick will be to have both sticks and carrots - firm and enforceable data control policies and a never-ending search for the best range of applications to meet changing demands.

Cloud computing has been spoken of as the most revolutionary thing to happen in IT for a generation. However, this is only true for the IT department. The most visible revolution is just around the corner as employees take full control of how they use technology to meet their daily needs in work. BYOD smartphones are just the tip of the iceberg.

About the Author: Simon Bain is the founder and CTO of Simplexo Ltd's software solutions

[Dec 02, 2011] The Other One Percent: Corporate Psychopaths and the Global Financial Crisis

Anyone who has ever worked in a large corporation has seen the empty suits that seem to inexplicably rise to positions of power. They talk a great game, possessing extraordinary verbal acuity, and often with an amazing ability to rise quickly without significant accomplishments to positions of great personal power, and often using it ruthlessly once it is achieved.
Their ruthless obsession with power and its visible rewards rises above the general level of narcissism and sycophancy that often plagues large organizations, especially those with an established franchise where performance is not as much of an issue as collecting their rents.
And anyone who has been on the inside of the national political process knows this is certainly nothing exclusive to the corporate world.
Dec 02, 2011 | Jesse's Café Américain

Anyone who has ever worked in a large corporation has seen the empty suits that seem to inexplicably rise to positions of power. They talk a great game, possessing extraordinary verbal acuity, and often with an amazing ability to rise quickly without significant accomplishments to positions of great ards rises above the general level of narcissism and sycophancy that often plagues large organizations, especially those with an established franchise where performance is not as much of an issue as collecting their rents.

And anyone who has been on the inside of the national political process knows this is certainly nothing exclusive to the corporate world.

Here is a paper recently published in the Journal of Business Ethics that hypothesizes along these lines. It is only a preliminary paper, lacking in full scholarship and a cycle of peer review.

But it raises a very important subject. Organizational theories such as the efficient markets hypothesis that assume rational behavior on the part of market participants tends to fall apart in the presence of the irrational and selfish short term focus of a significant minority of people who seek power, much less the top one percent of the psychologically ruthless.

Indeed, not only was previously unheard of behavior allowed, it became quite fashionable and desired in certain sections of American management where ruthless pursuit of profits at any cost was highly prized and rewarded. And if caught, well, only the little people must pay for their transgressions. The glass ceiling becomes a floor above which the ordinary rules do not apply.

If you wish to determine the character of a generation or a people, look to their heroes, leaders, and role models.

This is nothing new, but a lesson from history that has been unlearned. The entire system of checks and balances, of rule of law, of transparency in government, of accountability and personal honor, is based on the premise that one cannot always count on people to be naturally good and self-effacing. And further, that at times it seems that a relatively small group of corrupt people can rise to power, and harm the very fabric of a society.

‘When bad men combine, the good must associate; else they will fall one by one, an unpitied sacrifice in a contemptible struggle.’

Edmund Burke

'And remember, where you have a concentration of power in a few hands, all too frequently men with the mentality of gangsters get control. History has proven that.'

Lord Acton

These things tend to go in cycles. It will be interesting to see how this line of analysis progresses. I am sure we all have a few candidates we would like to submit for testing. No one is perfect or even perfectly average. But systems that assume as much are more dangerous than standing armies, since like finds like, and dishonesty and fraud can become epidemic in an organization and a corporate culture, finally undermining the very law and principle of stewardship itself.
'Our government...teaches the whole people by its example. If the government becomes the lawbreaker, it breeds contempt for law; it invites every man to become a law unto himself; it invites anarchy.'

Louis D. Brandeis

MF Global, and the reaction to it thus far, is one of the better examples of shocking behaviour that lately seems to be tolerated, ignored, and all too often met with weak excuses and lame promises to do better next time, while continuing on as before.
"These corporate collapses have gathered pace in recent years, especially in the western world, and have culminated in the Global Financial Crisis that we are now in.

In watching these events unfold it often appears that the senior directors involved walk away with a clean conscience and huge amounts of money. Further, they seem to be unaffected by the corporate collapses they have created. They present themselves as glibly unbothered by the chaos around them, unconcerned about those who have lost their jobs, savings, and investments, and as lacking any regrets about what they have done.

They cheerfully lie about their involvement in events are very persuasive in blaming others for what has happened and have no doubts about their own continued worth and value. They are happy to walk away from the economic disaster that they have managed to bring about, with huge payoffs and with new roles advising governments how to prevent such economic disasters.

Many of these people display several of the characteristics of psychopaths and some of them are undoubtedly true psychopaths. Psychopaths are the 1% of people who have no conscience or empathy and who do not care for anyone other than themselves.

Some psychopaths are violent and end up in jail, others forge careers in corporations. The latter group who forge successful corporate careers is called Corporate Psychopaths...

Psychologists have argued that Corporate Psychopaths within organizations may be singled out for rapid promotion because of their polish, charm, and cool decisiveness. Expert commentators on the rise of Corporate Psychopaths within modern corporations have also hypothesized that they are more likely to be found at the top of current organisations than at the bottom.

Further, that if this is the case, then this phenomenon will have dire consequences for the organisations concerned and for the societies in which those organisations are based. Since this prediction of dire consequences was made the Global Financial Crisis has come about.

Research by Babiak and Hare in the USA, Board and Fritzon in the UK and in Australia has shown that psychopaths are indeed to be found at greater levels of incidence at senior levels of organisations than they are at junior levels (Boddy et al., 2010a). There is also some evidence that they may tend to join some types of organisations rather than others and that, for example, large financial organisations may be attractive to them because of the potential rewards on offer in these organizations."

Clive R. Boddy, The Corporate Psychopaths Theory of the Global Financial Crisis, Journal of Business Ethics, 2011

[Nov 11, 2011] The Rise of Shadow IT By Hank Marquis

Sep 19, 2006 | CIO Update

The loss of competitive advantage from IT may not be entirely due to its commoditization. It is starting to become clear that at least some of the responsibility lies with business activities taking place outside of the control of IT. Today, business users and knowledge-workers create and modify their IT infrastructures using “plug-and-play” IT products. These commodity IT products are now so easy to use, cheap, and powerful that business users themselves can and do perform much of the work traditionally done by IT.

But without the planning and wider view into the ramifications of their actions provided by IT this often results in disastrous consequences. Forrester Research found 73% of respondents reported incidents and outages due to unplanned infrastructure modifications.

Welcome to the gritty reality of commodity IT. Aside from the opportunity costs and operational losses resulting from this uncontrolled plug-and-play free-for-all, many companies are missing out on the competitive advantage potential that harnessing commodity IT delivers.

Within this disturbing new reality lie both the seeds of competitive advantage and a viable model for 21st century IT. In the Summer 2006 issue of MIT Sloan Management Review , I proposed in “Finishing Off IT” that even though IT is now a commodity it can and does enable significant competitive advantage. Resource dependency creates complex relationships between consumers and providers.

Post a comment Email Article Print Article Share Articles Digg DZone Reddit Slashdot StumbleUpon del.icio.us Facebook FriendFeed FurlThese interdependent relationships in turn produce organizational problems that require organizational solutions. Offered as a solution was the notion that management and organizational structure, not technology, hold the promise of sustainable competitive advantage from IT, and that manufacturing process control techniques hold a viable model for the future of IT.

21st Century IT

To visualize how a 21st century IT organization could look, it helps to consider the production and consumption of IT services as a manufacturing micro-economy.

IT manufactures information processing, communication, and collaboration products that underpin nearly all business operations. Knowledge-workers consume these IT products in pursuit of business objectives using everything from simple emails to more complicated core activities like forecasts and audits.

A deeper exploration of what actually occurs within the IT micro-economy helps to further clarify the issue. Based on real events I documented between December 2005 and July 2006, the following dramatization presents a composite of the experiences reported by a number of mid-to-senior IT managers.

On the way to the office your Blackberry vibrates. It’s a message from your staff. Users on the east side have been tech-swapping again. You know how it goes: “I’ll trade you this color printer for your wide screen monitor.” You know this is going to raise flags with the auditors.

You get to your office and there is a note from the service desk about that system outage on the west side. It turns out the system went down because its users bought some high-resolution scanners and connected them to the system themselves.

You didn’t even know they had scanners until they called demanding support.

Downtown, a group of users decided that to improve performance they needed to regularly transfer gigabytes of video from the main conference room uptown to a storage area network (SAN) they built on their own. As you suspected, these transfers were responsible for slowing down a business-critical application that has managers all over the company grumbling.

An email from the PMO informs you of a new project that will require extra support staffing starting in two weeks; first you've heard of that. You look at the calendar and sigh—budget and staff reductions, increasing user counts, more audits, increased legal regulations, major new and unplanned applications, connectivity and collaboration requirements, and very powerful and unhappy customers to placate.

So much for delivering the IT projects you did know about on-time and on-budget.

This “bad behavior” by the business amplifies the already accelerating velocity of change facing IT whether in-sourced or out-sourced.

The true nature of today's average IT environment is not pretty, and it’s not something most senior executives have fully grasped. It may also turn out to be a critical factor in obtaining competitive advantage from commodity IT.

Rise of the Knowledge-Worker

Post a comment Email Article Print Article Share Articles Digg DZone Reddit Slashdot StumbleUpon del.icio.us Facebook FriendFeed FurlIT commoditization changes the balance of power between IT and the business, and within the business itself. Within the IT micro-economy of plug-and-play commodity IT, the consumer/supplier exchange relationship has shifted. This requires dramatic changes in thinking and management.

Traditional wisdom holds that the consumer for IT services is a functional business unit—sales, marketing, and so on—but, today, the real consumers of IT services are ad-hoc teams of knowledge-workers spanning multiple locations, and crossing business unit and corporate boundaries.

This shift in the exchange relationship has profound implications for the business and IT.

The underlying cause is the unstoppable commoditization of IT as advances accelerate productivity: The ubiquitous availability of information and internet technology is enabling knowledge-workers to traverse geographic, political boundaries, and now functional barriers.

Called “Shadow IT,” they are the millions of knowledge-workers leaping traditional barriers and asserting themselves in ways that challenge traditional IT departments.

Knowledge workers perform vital business functions like numerical analysis, reporting, data mining, collaboration, and research. They use databases, spreadsheets, software, off-the-shelf hardware, and other tools to build and manage sophisticated corporate information systems outside of the auspices and control of traditional IT.

By creating and modifying IT functionality, knowledge-workers are in effect supplanting the traditional role of corporate IT. However, they do so in a management and process control vacuum.

While the business can do these things due to the commoditization of IT, few executives ask if they should do them, and fewer say they must not. Virtually none realize the impact or import. Instead, to the dismay of IT staff, most senior executives and most CIO's condone virtually any demand the business makes.

This lack of control is responsible for many of the problems associated with IT today.

While the IT center-of-gravity has irrefutably shifted to the knowledge-worker, they do not have the long-term vision or awareness of dependencies and planning that IT traditionally provides.

The business wonders why IT doesn’t get "it" and ponders outsourcing when instead they should be taking responsibility for their own IT usage. No product IT can buy, and no outsourced IT utility, can handle these and similar issues encountered in ever-increasing numbers by real IT organizations.

Yet, it is precisely this consumer/supplier shift, increasing dependence upon IT, and the product-oriented nature of commodity IT that provides companies with the opportunity to leverage it for competitive advantage. However many senior executives have so far tipped a blind eye to Shadow IT, implicitly condoning the bad behaviors previously described—and they are throwing away any advantage that IT can provide.

New World Order

This lack of management control over business IT consumption has a tremendous cost. It is partly responsible for loss of the competitive advantage that IT can and does deliver, and is directly responsible for many lost opportunities, increased costs, and service outages.

Over time the erosion of perceived IT quality usually leads to outsourcing, which is increasingly seen as an incomplete solution at best, and a disaster at worst.

In order to recover and expand upon the advantages promised by commodity IT, senior executives have to change their concepts of an IT department, the role of centralized control, and how knowledge workers should contribute. The issue is fundamentally one of management philosophy.

The Nordstrom way promotes a customer/worker management philosophy where management’s first commitment is to the customer. The customer is always right in the Nordstrom way. This accurately reflects is the hands-off position taken by many senior executive leaders with regard to out-of-control Shadow IT practices and bad business behavior.

A better management philosophy for commoditized IT is the ‘Southwest’ way. In the Southwest way, the worker comes first. The customer is not always right, and Southwest has been know to ask misbehaving customers to fly another airline.

Management’s first concern is the worker, because they know that workers following sound processes hold the keys to customer satisfaction, and in turn, competitive advantage.

Making the Southwest model work for 21st century IT requires a more comprehensive view of what constitutes an IT organization, a view that extends well past the borders of what most leaders consider IT.

Shifting Demographics

The rising sophistication and expectations of knowledge workers results in divergence in perceived operational goals between IT and the business—an indicator of task-uncertainty and a key contingency within structural contingency theory.

These changing demographics give new urgency to the need for coordination of knowledge-workers and IT, yet management is trying to centralize IT spend and control via the CIO role.

Instead of embracing Shadow IT, CIOs are trying to shut it down. Consider instant messaging (IM), an application many knowledge worker consider critical. IT's approach to IM is reminiscent of the early days of the Internet.

Instead of realizing the job of IT is to support the needs of knowledge-workers, most IT organizations are trying to stamp out IM—just as they tried to restrict and eliminate Internet access. How will traditional IT respond to Wikis and blogs as corporate IT tools in the future?

The Corporate Executive Board projects that the percentage of IT spend under central control to grow from 50% in 2002, to 95% in 2006, but this does not take into account the knowledge-workers of Shadow IT.

A study by Booze Allen Hamilton found that shadow IT personnel equal as much as 80% of the official IT staff. Clearly, despite the best efforts of senior leaders and IT, the business stubbornly refuses to succumb to centralized IT control.

The problem with the current direction of the CIO role is that is typically has responsibility to support the business without authority to control the business; a classic management mistake leading to the aforementioned dilemmas.

The lure of commodity IT is great. Since shadow IT is a direct result of commoditized IT and resource dependency, it also demonstrates that both corporate IT, and IT utilities, are not delivering the services required by knowledge workers.

However, most IT leaders do not understand the strategic contingencies within the commoditized IT micro-economy. They don’t know their marketplace, and they don’t know who their customer is. In effect, IT is manufacturing the wrong products for the wrong market. IT doesn’t get it either.

[Jan 05, 2011] Shed light on shadow IT

07/13/2004
CmputrAce

They exist for good reasons

As was mentioned in the article, shadow IT exists because the business unit(s) *perceive* that IT is not meeting their needs. Whether or not that is an accurate perception is meaningless, because it is IT's fault that the perception exists.

I was part of a "shadow" IT unit at a major oil company that had (and still has) a monolithic IT department. We built systems in months that would have taken IT the same time just to complete their "JAD" sessions, and one of those projects went on to win the Microsoft Open competition at Comdex in 1993. Our little "shadow" IT unit changed the way Shell did IT - at least for a while. The corporate standard was going to be OS/2 - we demonstrated to them that Windows 3.0 was a better solution for the average desktop. They insisted on buying IBM PS/2's - we proved to them that it was much more economical AND MANAGEABLE to buy less-expensive, more mainstream units (clones). They insisted on buying IBM 8-bit SNA adapters, while we were purchasing Madge 16-bit SNA adapters at almost half the price. We also updated their networks for the whole complex.

At the end of our first year of operations, we had saved the company over $1 million in support costs and were rated the highest support unit in the company.

If you are in IT and have to "deal" with a shadow unit, here's a word of advice. LEARN FROM THEM. They exist for a good reason, and if you want to take them under your wing, let them teach you what they know. Make friends. Work together. Monolithic IT is good at moving slowly, so SLOWLY integrate the shadow units and learn from them.

Cool_Breeez
Your assumptions are as much of the problem.

Your description of local IT organizations as "clandestine," ominous," and "illegitimate" are symptoms of an attitude common among those who work for Central IT organizations. This attitude is often as much or more responsible for the problem as you cast it than all of the issues cited in this article combined.

The author of this article creates a neat self-fulfilling prophecy by relying on opinions from people who sell their services to Central IT Managers. Therefore, the perspective is limited to the very narrow interests of IT manager "afflicted" with the problem of informal IT functions. While security, network administration, and configuration management are critical requirements of any enterprise, they are most often peripheral to the organization's primary goals. In this context, the Central IT function becomes a service to the business and IT Staff serviuce providers who must make their services (security for example) relevant to their "customers." Thus, this article does not address the all too common communications failures of IT groups, the "not invented here syndrome" that almost defines the notion of Centralized IT, and the common lack of business savvy that dominates corporate IT.

This is an entirely superficial and incomplete treatment of one of the most costly aspects of modern business.

Shadow IT (aka Doing What IT Won’t-Can’t) By Eric D. Brown

February 23, 2007 | ericbrown.com

14 Comments

retweet

Shadow IT has been defined by George Spafford in his article titled The Dangers that Lurk Behind Shadow IT as:

groups providing information technology solutions outside of the formal IT organization. Their existence is due to groups thinking they can do things cheaper and/or better than the formal IT group.Also, it may be that the formal group can’t meet their service requirements or the formal group is forced to develop generic applications in an attempt to meet the needs of everyone and controlling costs versus customizing applications to meet the needs of business units.

A few examples:

  • The IT department of a very large wireless telecom company had very strict guidelines about the types of computers that were allowed on their network. A policy of this nature is understandable if the business needs of the company are considered prior to implementing this policy. Engineers, working with their managers, approached IT to ask that a new type of machine be supported so that they could run their engineering software. The request was denied by IT since they only reviewed new computers at the end of the Fiscal year. As it turns out, engineers within this company had to buy, install and support an entire ‘shadow’ network of computers in order to run the software that they needed to run (the software required very high-performance computers).
  • When users within an office of a very large contract manufacturing company needed IT support, they were not able to contact the local IT person who worked with them in the same building, but were required to call a toll-free number that was routed to an IT helpdesk. The helpdesk would then log a ticket and try to help the user, which invariably didn’t resolve the problem. The user would then be told that the local IT rep would be assigned the ticket. After what was usually at least an hour of dealing with the outsourced IT staff, the user would finally be allowed to talk to the local IT rep who would then fix their problem within a few minutes. Eventually, the staff began to ignore the IT helpdesk completely and would resolve their own problems and would even call in an outside IT support person from the local computer store to fix their problems.
  • One of the best examples of Shadow IT occurred at one of my previous employers. Our IT department was outsourced to a large IT firm, who was very responsive to our needs…for the most part. The contract with the IT firm had been negotiated and agreed to without any input from the actual users or departments that would be supported. Since the group that I managed was a software support group, we had a need for quite a number of different computers with different configurations, but none of this information was ever captured in the contract. When it came time to get a few more computers to match the configuration of our new clients’ PC’s, were were told that the contract didn’t allow it and despite my efforts, we were never able to get new PC’s through the IT group…we had to purchase them ourselves and support them ourselves. Shadow IT at its finest.

How do we solve the Shadow IT problem? Mike Schaffner over at Beyond Blinking Lights and Acronyms has a few ideas. In a post titled Shadow IT Revisited, he writes:

The bottom line is we have to figure out a way to provide needed user services while meeting the legitimate IT concerns or the users will by-pass IT and do it on their own.

Mike is right. IT needs to be able to provide services to the business that force the business to never have to think about IT…don’t give IT users the opportunity or reason to look outside of the IT group for support. In other words, provide top-notch support to the business. This may require additional costs in adding headcount, but it might be something to consider if a good portion of the IT groups’ time is spent fighting Shadow IT issues.

Another way to solve the Shadow IT problem is for IT groups and senior leadership to understand the value that the IT group can provide to the organization. IT can do so much more than ‘support computers’…they can provide a strategic advantage as well.

Mike’s post, which describes an article titled “Users Who Know Too Much (And the CIOs Who Fear Them)” on CIO.com provides a great overview of how to solve the Shadow IT problem and is definitely worth jumping over and reading the CIO.com article and Mike’s post.

PS – Mike has another good post titled “IT Needs to Become more like Shadow IT” in which Mike describes more ideas for resolving the Shadow IT problem.

Selected comments
Adam Pacio:
November 1, 2007 at 1:47 pm

I like the name, ‘Shadow IT’. I have to say that I’ve been a part of it in the past, and I’m a part of Shadow IT in my current workplace, too. Partly due to the fact that for a decade I was working as a graphic designer, and company IT has been less than happy with having to work with Macs until relatively recently (the OS X years), so there is a whole generation of the design industry who are accustomed to providing their own network support and troubleshooting.

The other part seems to be the lack of understanding of technology in general from a senior management level. The old guard of managers don’t understand, for example, that it *might* just be a good idea to check with IT before committing to server solutions and rich internet application builds until it’s usually too late.

The upshot of all of this is that the IT Professional can no longer be expected to be the single-source of Information Technology advice. Nowadays you’ve got content managers and enterprise-level tech departments which operate on a P&L bottom line and outside of the traditional IT chain of command. If IT is going to combat the development of ‘shadow IT’ departments, it needs to become much less of a silo and more of a distributed network of knowledge leadership, but also knowledge support.

Which is very plain from the tech person’s POV, but not so much so from Sr. Mgmt or within the legacy hierarchy structures that most companies are struggling to revise or retool.

Shadow IT

Oct 07, 2010 | GovExec.com

America Online, eBay, Google, iTunes, MySpace, instant messaging, Yahoo, YouTube. What would life, or work, be like without these and other popular Internet-driven diversions?

Today's workers are tech savvy, and government employees are no exception. They want and use the latest applications. Whether their information technology administrators like it or not, federal workers are using the software to be more productive or, at times, to be entertained.

These un-approved applications don't come from agency IT shops, though; employees are downloading them directly off the Internet. The practice has become so widespread in all kinds of organizations that it now has its own descriptor: shadow IT.

The problem is that shadow IT poses security risks. The applications could have vulnerabilities that provide the holes hackers need to access employee computers and government networks and steal information or install malware. At a hearing this summer of the House Oversight and Government Reform Committee, security monitoring company Tiversa Inc. testified that it had found 200 government documents during a scan of the top three peer-to-peer software applications, which allow computer users with the same software to share files stored on their PCs or laptops.

Fear of security mishaps has caused some IT managers to ban unapproved technology by issuing strict policies or configuring firewalls to block applications. But how realistic is it to expect users to steer clear of the increasing array of cool technology tools? "Resistance is futile," says Alan Paller, director of research at the SANS Institute, a nonprofit cyber-security research organization in Bethesda, Md.

And fighting shadow IT could be counterproductive. Agencies that institute prohibitive policies will face substantial pushback, Paller predicts. Such policies could radically reduce the convenience of useful information sources and communications platforms, and could make employees less productive in the long run, he says.

Videoconferencing and wireless Internet access, which many agencies initially opposed, serve as examples of how departments could come to accept other new technologies, Paller says. When agencies blocked the use of Wi-Fi, managers sometimes couldn't reach workers, which ushered in the use of wireless technologies.

But the federal government has done little to keep up with the proliferation of applications. The latest policy governing employee use of government-issued PCs or laptops is now eight years old. According to a 1999 report from the interagency Chief Information Officers Council, workers are permitted limited use of office equipment -- including Internet services and e-mail -- for personal needs if it does not interfere with official business and involves minimal expense to the government.

Inappropriate uses are any that could cause congestion, delay or disruption of service to government systems. Creating, downloading, viewing, storing, copying or transmitting materials that are "illegal, inappropriate or offensive to fellow employees or the public" is prohibited as well.

To make sure employees follow proper procedures, some agencies, such as the General Services Administration, inform employees that their computer activities are continuously monitored. But a 16-year GSA veteran, who asked not to be named, says whether managers are "actively doing that is questionable."

The bottom line is "these workstations are not for personal use," he says. Still, this worker routinely checks his personal Yahoo.com e-mail account, which is "unavoidable because you're at work eight or nine hours a day," he says.

Personal applications downloaded from the Internet are widely used in government, including many congressional offices, where instant messaging is practically the primary means of communication. A former chief of staff on the Hill says IM was a necessity in his office. Sometimes he would find himself IMing facts and figures to his press secretary from across the room while his colleague conducted a telephone interview with a reporter.

The frenzy over downloaded software has only just begun, Paller warns. Applications being used without IT managers' blessings are "a tenth of what you'll see in two or three years," he says. The popularity of one of the largest virtual worlds, Second Life, and any number of next-generation Web wonders are going to fuel what he predicts will be an intensely interactive, "high-fidelity, high-bandwidth" culture -- if it hasn't already begun.

Instead of fighting it, Paller advises finding a secure way to allow the technologies. Agencies should embrace the concept of "comply and connect" rather than "scan and block," he says. Since 2005, the Air Force has not allowed any computer to be connected to the Air Force network unless it has a common configuration and all patches and updated security software have been installed, Paller says. In March, the Office of Management and Budget recognized the economic and security benefits of the initiative and issued a similar mandate for all agencies.

Marty Lindner, a senior staffer at Carnegie Mellon University's federally funded Software Engineering Institute, offers a common-sense solution. IT restrictions should be squared with the mission of the agency and the sensitivity of job functions, he says. "If I'm the operator of a nuclear power plant, I don't think anything should be allowed on that [computer] desktop that doesn't have to do with running that power plant," Linder says.

Agencies also should create a detailed policy about what can be loaded onto PCs and laptops. Most important, IT managers then must check individual PCs and laptops to "make sure people are following it," Lindner says. Setting an office policy can define "the things you should not do and the things you're allowed to do based on your business model," he says. "Just highlighting the stuff you cannot do is a bad way to write policy."

One way to let employees know what they can do is to create "white lists" of approved applications and popular Web destinations that employees can download and visit, says Shawn McCarthy, analyst at Government Insights, a Falls Church, Va., IT consulting firm. IT administrators sometimes are reluctant to embrace this approach because it's a big job, and they should not be setting business policies, he says. But the trick, McCarthy says, is to find "the right balance between individual productivity and the needs of the IT department."

Andrew Noyes is a senior writer for National Journal's Technology Daily.

RELATED STORIES

Shedding Some Light on Shadow IT

WorkloadIQ

You’ve no doubt heard about the stealth cloud—people “flying under the radar” consuming IT services without the permission or support of IT. Personally, I call it Shadow IT, because SH**IT happens—and whether you want to admit it or not, it’s happening in your company.

Business users are adopting cloud computing in droves—underground. So what can you do? Embrace it. Well, that is if you want to maintain enterprise security and compliance—and retain your customers. Recently, I read a really interesting article on this very topic—which includes some ideas on how to address this growing challenge. It’s a good article. Give it a read if you have a few minutes.

So why are IT organizations still so averse to cloud computing? Most people today will tell you it all boils down to concerns over security. However, most cloud providers can probably provide better security than most enterprises can. After all, their core business depends on it for survival. So I’ve started to wonder if it isn’t more of a case of insecurity. You see, for as long as I can remember, IT’s perceived role has been one of control. Underground cloud computing takes away virtually all of that control and puts it squarely in the hands of business users.

From what I’ve seen over the years, IT people are often insecure about their jobs or abilities. If they lose control of what goes into the cloud, perhaps they fear they won’t have anything to build or manage, or anyone left to control.

What IT perhaps fails to see is that when a business user goes around them and starts using an unapproved cloud-based app, they’re not doing it out of malice. They’re just trying to get their job done—and they view IT as too inflexible and unresponsive to help them. So they take matters into their own hands. Unfortunately, this underground cloud computing opens the company up to untold risk exposure and compliance issues, which could easily drive away customers if something were to go wrong.

So whether IT likes it or not, the time has come to start embracing cloud computing. IT needs to become more flexible and responsive to keep up with the pace of today’s business. Trust me, it’ll make upper management and your auditors much happier.

Intelligent workload management, infused with identity, can make the process that much more painless. Specifically, Novell WorkloadIQ solutions can help you and your IT organization discover the underground cloud applications that are being used, evaluate them and adopt the ones that make sense for your business. Then, you can build, secure, manage and measure your workloads across physical, virtual and cloud environments quicker and easier—and with confidence.

If your head is in the sand, pull it out—get past the insecurities and shine some light on stealth cloud.


Recommended Links

Softpanorama Top Visited

Softpanorama Recommended

BYOD

Hillary Clinton "bathroom server" scandal




Etc

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit exclusivly for research and educational purposes.   If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner. 

ABUSE: IPs or network segments from which we detect a stream of probes might be blocked for no less then 90 days. Multiple types of probes increase this period.  

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least


Copyright © 1996-2015 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down currently there are two functional mirrors: softpanorama.info (the fastest) and softpanorama.net.

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

Last modified: June 26, 2016