Like many Americans, I’ve been trying to explain and justify the 2016 election cycle. I am not an expert political scientist. I am a software engineer. The question I ask myself is “What role did computer technology play in this election ?” In particular, I want to focus on email.
Email is an insecure medium. Period.
I once attended an HR orientation session where we were told to write our emails in a way that wouldn’t embarrass the company if it showed up on the front page of the New York Times. The reason was that emails are inherently easy to leak. Even without someone hacking the email server (I will discuss this in a bit) it is incredibly easy to mistype an email address or add the wrong person or the wrong group to Cc or Bcc list.
We have all heard stories of someone broadcasting their private emails to entire departments or even entire companies. There are anecdotes of whistleblowers forwarding company emails to the newspapers. And of course, we’ve all heard of the DNC email leaks. Email is simply the wrong mechanism for private and secure communications.
Both the DNC and Hillary Clinton could learn a simple lesson that private sector companies teach their employees: write your emails as if you are writing for the New York Times. This way if the DNC CFO Brad Marshall feels the need to send an anti-Semitic email he will think twice.
DNC used an on-premise Microsoft Exchange
In order to understand what made the DNC email leaks possible and so seemingly trivial I went to Wikileaks and searched for a sample set of emails. In the raw source of the emails there is a clear indication the DNC email system used a custom configured Microsoft Exchange. There are signs that this is an internally setup private server.
I searched long and hard to find out who configured the on-premise Microsoft Exchange server for the DNC and why they did that. Did they properly configure it ? Did they rely on Microsoft alone to secure it ? Has DNC followed the advisories on Outlook and Exchange vulnerabilities ? Is DNC taking advantage of the Exchange compliance and security features ? Why is DNC not using Office365 or Google ?
All you need is a weak link
Any system designed to archive emails is bound to be vulnerable to a leak. A Microsoft Exchange server configured to archive emails is vulnerable to that one administrator user with a poorly chosen password or a phishing attack. Using a cloud provider isn’t going to solve all privacy and security questions. Google’s Vault that is part of the G Suite is subject to the same vulnerabilities.
The implications for transparency and compliance
Knowing that email is an outdated and insecure form of communication, the politicians, public officials, and publicly traded company officers are likely to use end-to-end encrypted means of communication such as Edward Snowden approved Signal. This can weaken and rollback information retention, transparency and disclosure laws such as the [Freedom of Information Act](https://en.m.wikipedia.org/wiki/Freedom_of_Information_Act_(United_States) and Dodd-Frank Act. I worry that the institutions we trust with power will become even less transparent.
Storing sensitive emails on-premises doesn’t make it any more secure
The DNC emails were all leaked from an on-premise private Microsoft Exchange server. Personally identifiable data must meet PCI DSS and HIPAA requirements regardless of where it is stored. Sensitive data should be encrypted. As Edward Snowden and DNC email leaks demonstrated, sensitive data could be leaked from a walled garden environment. Moreover, the leaked documents revealed that NSA was equally harvesting the data from major U.S. companies private data centers and public cloud. Hillary Clinton’s private walled garden email server was not immune from government intrusion or hacking either.
All you need is common sense
You don’t need to abandon email or be in violation with information archival rules in order to feel secure about your communications. Following basic common sense with regards to your data is all that’s needed to avoid disastrous consequences for yourself and others:
- Don’t store anything you would not want to show up on the front page of a major newspaper in an un-encrypted form. This applies to your phone, your laptop, your company’s email server, or cloud. If somebody wants to look at your data, whether they are a government or a hacker, they will have to ask your permission first to unencrypt it.
- Use two-factor authentication. Stealing your password is not enough for a hacker to access your data because they will need a second mechanism to authenticate themselves.
- Do not use the same password for all of your accounts. Use a password manager, such as 1Password to generate and manage random and secure passwords.
- Apply common sense to your emails: do not click on links that look suspicious, verify the URLs before you fill out password forms, and take great care not to accidentally forward your emails to people you don’t trust. In other words, do not fall for phishing.
This article was originally published Dec 20, 2016 on my Cloud Power blog at Computerworld.