Government vs. Corporate vs. Personal vs. Private Emails:
How Secure are they?
March 5, 2015
These past few days there has been a lot of discussion on former Secretary of State Mrs. Hillary
Clinton’s use of a private email system for matters relating to the Department of State between
2009 and 2013. In fact I wrote a short article for the New York Daily News on this topic and
expressed my opinion. While Hillary Clinton is a very intelligent woman and has accomplished a
lot, I believe that what she did was extremely risky from a security point of view while it enabled
her to maintain her privacy. Here is the link to my article in the NY Daily News (a hard copy
version is also attached).
http://www.nydailynews.com/news/politics/hillary-clinton-personal-email-risky-expert-article1.2136848
Since my article appeared the morning of March 4, I have had inquiries as to the differences
between the various email systems. When I wrote the article on March 3 for the NY Daily News,
I was not aware that Mrs. Clinton had created her own private email system with its associated
private servers. Now, whether you have a private server locked up in your room or a public
server stored in Central Park they are both vulnerable to cyber-attacks as long as they are
connected to the Internet. We live in a world where security is not guaranteed. There are too
many risks and our goal is to mitigate them. Mrs. Clinton creating her own email system instead
of using the one provided by the State Department is like her using her own physical security
personnel vs. using the Secret service personnel provided to guard her. Secret service personnel
come with all the special training while the people she hires may not have all the equipment and
training to guard her. Next, what is the difference between creating one’s own email system vs.
using a system provided by say Yahoo or AOL? Well the analogy here is hiring your own
security team vs. contracting your security to say a third party. That is, a third part agency
providing the security guards for you and ensuring the trustworthiness of the guards.
So now lets us examine the cyber security aspects related to each email system. When you use a
government system or even a corporate system, you have extensive protection. There is usually a
dedicated cyber security team trained to carry out penetration testing, managing the firewalls,
tracing the messages to their origin, and carrying out forensics. Such critical services may not be
provided say by the team you have hired to maintain your email system.
Another very important question that arises is what about sensitive or classified emails? It’s a
must that such emails be encrypted and the attachments protected. To encrypt, you absolutely do
not use the default encryption certificates that come with the email system what you set it up.
You have to purchase a certificate through a company such as Symantec. You have to also
ensure that your emails are backed up in a secure manner. While such actions are tedious, they
must be carried out. Handing sensitive and/or classified data with the utmost care is critical.
While government email systems are not tamperproof, and we have heard of many incidents
where such systems have been compromised, its far more risky to set up your own email system.
I strongly urge those who work for the government or a corporation that it’s an absolute must to
use the systems provided by the organizations when dealing with official business matters. Use
your personal email system to communicate withBhavani-5-page-bio-March-2015 your relatives
and friends. As the old saying goes, better safe than sorry.
Here are some techniques for good cyber hygiene.






Use different machines (either virtual or better physical) for different activities; I use
desk top/laptop combination for my personal use to communicate with friends and
relatives, a second desktop/laptop combination for the university work and a third
desktop/laptop combination for my government consulting work. The more sensitive the
information I handle, the more cautions I am with respect to security.
Change passwords frequently (at least once every 3 months), use the latest patches, and
backup the data
Use encryption for all sensitive communication. Encrypt the files and make a backup.
Do not web surf from machines that handle sensitive data. I only web surf from my
personal machines. I also web surf from my university machines if I have to read articles.
I do not web surf on the machines I use for my consulting work.
Use the mail services and systems provided by your organizations for all your business
related matters and communication.
Guard your machines just like you would guard your health.
Messages were
g securit~risk
for i,
are as
emerg._.
brakes (
Rock" co'
·sonal emai/? Very bad move,
against Rc
The personal em ai/ systems that Walmart until c,
.. Clinton. SEE PAGE 26
mosr of us use, such as Yahoo, Gmail days after his p--anniversary gala for th,e pr?or AOL, are extremely convenient but ed. Roper I
extremely unsafe,
ten group Emily's LIst In
with dea,
.shington.
smashup 01.
It was her second public speech
Turnpike last J"
I two weeks, a reemergence in
e
Comedian Jam.
o.lblicsphere after a long perIod
Jimmy Mack) Mc.
.fftheradar.
killed in the crasn
Supporters
said the story
Morgan and two oth
pelled trouble if she did break the
fered devastatir
des,
'1
Why are corporate or government
o
"This could look like the old HI _
email systems Usually more secure?
ary: secretive doesn't trust anyThey have dedicated personnel focusbody, doesn't' play ~y the rules,"
ing on security. They mandate that we
said a longtime Clinton confichange Our passwords, encrypt sensidant. And even if she abided by
STONERS WITH.
tive emails and carry out penetration
State Department
pr.otoc?ls, testing and monitor the systems for
tooth - but we rei
"the Republicans are still ?Olng Possible attacks. Attackers are aware
selves - could be
to use this to say, what ISshe that personal email systems store perbowls of a different kin
hiding, what did she sonal data on their servers. They know
cording to Ben & T
have on there that that the attachments on these systems
The Vermoi
was
deleted? are often not encrypted. AnYone who
cream kings n
From that point sends sensitive messages must Use
to making an
of view, it's hurt- an email system that is secure and
marijuana-'
fu1."
provided by a company or the governifweedw.,
ment. That goes for Hillary Clinton and
Co-fOUL
Colin Powell
for you and me.
told HuffPost
also used
Thuraisingham is executive director
Minkovski th.
personal
of the Cyber Security Research Center
sense to me,"
email on job.
at the University OfTexas at Dallas.
about a cannabis f.
HE NEWS SAYS
0
HILLARY CLINTON'Suse of a personal
email account, not a government
account, while she was secretary of
state may have had serious security
ramifications.
BHAVANI
HURAISIN6HAM
If's Ben t
~------------------
/