There is no shortage of punditry about former Secretary of State Hillary Clinton’s homebrew server, and the resulting fallout, aka “Emailgate.” Whether you read the commentary dedicated to killing her candidacy, or calmer voices focused on the bigger picture of national cybersecurity, Secretary Clinton gets failing marks — and rightly so.
Unlike some of Clinton’s critics, I don’t believe that the email controversy is, first and foremost, proof of some deep character flaw that will spell the end of our great nation should she become our 45th president. To be fair, she was not the first secretary of state (indeed the first public official) to engage in this risky behavior. Instead, I view it as the tragic manifestation of where we find ourselves as a nation when it comes to cybersecurity, and precisely why breaches have become the third certainty in life.
President Obama recently unveiled a $19 billion cybersecurity budget for the next fiscal year. This represents a 35 percent increase over the previous year. The White House blueprint is called the Cybersecurity National Action Plan (CNAP). Among many initiatives too numerous to detail here, the White House's roadmap includes $3.1 billion for an Information Technology Modernization Fund — money specifically earmarked to provide a much-needed upgrade to the federal government's woefully outdated legacy IT systems.
According to ABC News, the typical private server can cost anywhere between a few hundred dollars to several thousand. If you could choose between the government’s protections, however flawed, and a private server (and you were a world leader), which would you pick?
While the news media and pundits on both the left and the right have focused on the character issue -- namely, Clinton wasn’t forthcoming about her rationale for opting not to use government systems (was it a Nixonian desire to control and hide information or simply a matter of convenience?) -- a larger more important point went, shall we say, “misunderestimated.” Former President George W. Bush’s “new word” is precisely the right word choice here, because while it is forgivable — or at least to be expected — that a new threat may be underestimated at first (in this case the rise of hackers and mega data breaches), doing so creates vulnerability. Misunderestimation gets at the gooey center of the cybersecurity problems we now face — a lot of them springing from an “It Can’t Happen to Me” attitude. Of course, that is the very thing hackers need their targets to think. As long as the danger of attack is underestimated, the potential for expanding attackable surfaces causing critical exposure of information will remain unchecked.
A Teachable Moment?
There is no getting around a simpler, and at least on the surface, damning fact. A world leader maintained a private email server that stored top secret information. The revelation of this terrible state of cyber affairs in the State Department can only be viewed as an appalling oversight, betraying an imperfect understanding of the threats we currently face as a society. (You can see where all the presidential candidates stand on cyber security here.)
While no one is perfect, data security is an area that requires something verging on perfection. A homebrew server comes nowhere near that level of perfection. The fact that Clinton thought this was an acceptable practice suggests a very concerning interpretation of the cybersecurity problem, as well as an institutional issue, since there should have been a way to force protocol at the State Department.
Here’s the deal: We live in a world where the Office of Personnel Management was breached. We live in a world where the largest corporations in possession of sensitive records pertaining to tens of millions of individuals have been, and continue to be, hacked with more than a billion lives exposed to a host of bad guys in the process and untold amounts of money lost.
And it’s important to remember if you are a consumer, you need to minimize your risk of exposure and do whatever is necessary to detect victimization (for example, checking your credit regularly can be an initial indicator that something’s gone horribly wrong) and put a damage control program in place.
Having said all this, I’m not sure it means that Clinton would make a bad president. While Clinton’s mistake could be viewed as arrogant (at best) and de facto reckless, it is crucial for us to avoid finger-pointing at a time where virtually every digital mishap, data-security giveaway and metadata misfire should be looked at as being so many teachable moments.
The data insecurity quagmire is still in its Wild West infancy, and while it’s easy to throw stones at this glass house, it doesn’t serve to protect us from the dangers posed by hackers.
Levin is chairman and co-founder of Credit.com and IDT911. His experience as former director of the New Jersey Division of Consumer Affairs gives him unique insight into consumer privacy, legislation and financial advocacy. He is a nationally recognized expert on identity theft and credit. His new book, "SWIPED: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves" was released last fall.
Any opinions expressed in this column are solely those of the author.