Posted on 07/16/2016 6:49:43 PM PDT by scrabblehack
I pointed out in an earlier thread that back in the day, the provider of the information (an employee) bore the responsibility of verifying the clearance of the recipient (also an employee) AND the need to know.
But those were the days before e-mail was widely available.
Surely marking an e-mail with a (C) should not be considered adequate security! Shouldn't every classified e-mail be encrypted, with the decryption key pegged to the employee's security clearance?
I will agree that such a policy would not have prevented Hillary's misdeeds, or Comey's whitewash of them.
But then she couldn't have claimed ignorance either. At some point she would have had to use the decryption program to get her messages - then consciously forwarded them to her own private server.
Thoughts?
Simple...have had a security clearance for many years.
The instructions are ALWAYS the same....treat everything as if it’s classified. Err on the side of caution then you have NO issues
Private emails should be done at home
Rule 1: Do not send classified information over the internet.
Rule 2: DO NOT SEND CLASSIFIED INFORMATION OVER THE INTERNET.
There is SIPRNet for classified information, but you are not going to use it outside of a secured facility. Even in the State Department, Hillary would unlikely have had it at her desk. Instead it would have been in a separate secure room... but then rules like that have never applied to a Clinton.
Right - but face to face you can look at someone’s badge to check their clearance. You can’t do that over e-mail.
How is proper clearance checked?
On the SIPR side, the recipient has to login with a token that ensures they have clearance.
And, there is encryption on the NIPR side.
scrabblehack wrote: “Right - but face to face you can look at someone’s badge to check their clearance. You can’t do that over e-mail.”
No, you cannot determine a security clearance from a person’s badge. The badge only grants access to a facility where multiple clearance levels may be possible.
“But then she couldn’t have claimed ignorance either. At some point she would have had to use the decryption program to get her messages - then consciously forwarded them to her own private server.”
You cannot forward a classified message on the SIPR system to your private server. Cannot happen. The SIPR system is completely independent, stand alone.
Certain things still get done face to face or over the phone
Hillary violated every security rule.
IF you are using the proper system (which everyone but she and her staff did) then you are locked into the servers that your department or agency has. The security is supposedly tightly held....is it? Hillary proved it isn’t The security IT folks complained about it and were ignored
It is rather simple. If you have unclassified to send....you sit down at a NIPR-net machine and do your stuff. If you have Confidential or Secret business to do, you sit at a SIPR machine, and if you have TS business, you sit at a TS terminal. Each has a unique log-in, and a unique background screen.
To gain access....you have to accomplish on day one or in the first week....a simple one hour on-line course, with a test at the end. You pass the test, you get a certificate, and then the security folks turn you on with a password.
Each of the people who cut-and-paste (Hillary NEVER did cut-and-paste) had a clearance for some classified material. There is some evidence that someone did send TS material to Hillary’s account, who did not have a TS clearance...which means they borrowed someone’s log-in and cut-and-paste using their certificate (a big no-no). This person ought to permanently lose their clearance, but so far....no one I know from the dozen-odd characters on her staff....have lost a clearance.
If you want to really dive into this...the chief reason I believe that we got to this point is that she is NOT a multi-task person, and in this computer age....she can’t handle three different systems with differing characteristics. Each has a different feel, and you’d need to log on daily and “play” with each....to grasp those little differences. She’s from another generation where computers are not that easily grasped. So her staff...tried to make this easy....and just send to her unclass account where she’d browse and read from that. As silly as it sounds....they thought they were doing a favor, and as time went by....it just got worse and worse.
Added to this mess is Syd. Syd was supposed to be hired as a GS-employee, and the White House said “NO”...they didn’t want him on the State Department staff. A month later, she tried to hire Syd as a contractor....and the WH said “NO” again. So, because she is not capable of fulfilling the job, and needs Syd to tell her what to say or do....she hires Syd via the Clinton Foundation. Syd then is given read access to the server and her emails.
In a way, it demonstrates an enormous amount of incompetence from Hillary, and the people that she picked to be around her. Ethics training....probably needs to be mandatory for each incoming administration, and become a yearly requirement to fulfill. And at the end of this whole mess...you have to ask the question...what exactly Hillary capable of performing (resume-wise)? Other than making speeches...is there any work-talent that she really has?
I will point this out....for the 99th time...for eight years of service in the Senate....she drafted and got passed...ONLY three pieces of legislation. Go look it up. She named a post office...named a road in NY state...and ID’ed some house for historical preservation. That’s it. There’s nothing remarkable about her eight years except those three things.
Concur. Official email is done on official systems, period. Anything marked classified is treated as such. Those with clearances should be able to recognize classified material, even when it isn’t marked.
Surely marking an e-mail with a (C) should not be considered adequate security! Shouldn't every classified e-mail be encrypted, with the decryption key pegged to the employee's security clearance?
Yes, all classified material SHOULD be sent over a communications link approved for that level or higher. The encryption/decryption device approved by and NSA and using keying material provided from NSA. This was NOT the case with Hillary's e-mail server.
With the possible exception of One Time Pads, keying material is not tied directly to an invidual.
I will agree that such a policy would not have prevented Hillary's misdeeds, or Comey's whitewash of them.
Proper adherence to security regulations would indeed have prevented the exposure of classified material. Two big questions I have are:
1) Who breached the "air gap" between classified and unclassified systems to get the info on Hillary's server. This is a direct violation of the Espionage Act.
2)Why didn't ANYONE who received this material via an unsecured e-mail system report it? If someone did report it, why wasn't the server immediately seized by the FBI?
But then she couldn't have claimed ignorance either. At some point she would have had to use the decryption program to get her messages - then consciously forwarded them to her own private server.
There is no physical way to forward something between secure and unsecure systems. If you are logged into a classified system, there is no way to check your FaceBook page or browse Amazon. That is because of that bulk encrypter I spoke of above. Likewise there is no way to login to your classified work LAN from your home computer. You could login to an unclassified government system but not a classified system.
Thoughts? See above.
"Ceterum censeo Hillary esse delendam."
Garde la Foi, mes amis! Nous nous sommes les sauveurs de la République! Maintenant et Toujours!
(Keep the Faith, my friends! We are the saviors of the Republic! Now and Forever!)
LonePalm, le Républicain du verre cassé (The Broken Glass Republican)
Not true. PKI certs/keys are tied to the person.
“With the possible exception of One Time Pads, keying material is not tied directly to an individual.”
Indeed
While they are fine for most personal and business uses they are too weak for government use.
One of the things that frustrated the Soviets in the 50s & 60s was that we encrypted almost everything at the Top Secret collateral level. They then had to figure out which transmission was really secret and which was a supply request for more toilet paper or a leave request for seaman Schmedlap.
This is one reason why bulk encryption of data (emails, etc) is so important and why Hillary's non-use of a government system is so damning.
"Ceterum censeo Hillary esse delendam."
Garde la Foi, mes amis! Nous nous sommes les sauveurs de la République! Maintenant et Toujours!
(Keep the Faith, my friends! We are the saviors of the Republic! Now and Forever!)
LonePalm, le Républicain du verre cassé (The Broken Glass Republican)
I think they did the work of tie in with the invention and use of the CAC card. They made it the only way to get into the system at any level. I carried one for about four years of the 26 I had access to a government computer. (I retired in 2012.) And just to get in, it required a SAAR report.
The real problem I see is not the aspect of her receiving and sending sensitive material at all levels to be hacked, even though this is a problem, but the report that she was instructing her subordinates in how to use patch and paste to bypass the security system, probably with the removal of the level codes. And as this was done on a “private server” it is more than possible she had no CAC requirement at all. This they re not saying. So this is not a matter of a mistake. This is an intentional effort to bypass the system making it espionage. And by trying to do it to her government, it is treason.
And that is a whole different story than a mistake.
red
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.