Clinton’s use of a public server, even if she bothered to use encryption (which so far I haven’t seen any information that she did) means all that data is basically leaked.
*********************************************************
Saw this in an “early” story (March) which may clarify the ‘encryption’ or lack thereof ....
In late March 2009, a “Networks Solutions’ digital certificate and encryption for web-based applications” were installed for the first time on the server, according to Venafi’s research. Then days before the first certificate was set to expire in September 2013, the server got a new certificate from GoDaddy that is valid until 2018. While a step in the right direction, these digital certificates are hardly a reason to celebrate. The encryption didn’t mean that the emails themselves were encrypted—just access to the server.
Link (entire article with more good info): http://www.forbes.com/sites/katevinton/2015/03/11/researchers-say-clintons-email-server-had-no-encryption-for-her-first-three-months-in-office/
Right. If this was Exchange server, and I wanted to set up Outlook Web Access (OWA), Exchange ActiveSync (for smart phones and tablet devices email clients) I’d need to get a certificate for them as they use SSL or TLS.
Of course, I could set up my server to use plain text for these roles, but I do not think such idiots exist in the real world. I’ve done it for demonstration purposes, but generally when I’m just demo’ing I use a self singed or domain certificate from a VM running Active Directory Certificate Services. I’m sure not gonna buy one for a demo!
Anyway, the whole thing stinks, and the fact that no knowledgeable IT person is stating all of this in the media tells me the fix is already in.
Moreover, in my 22 years in the Air Force before my teaching life, I dealt with TS Code Word data every day. I know what improper release should warrant:
Arrest, conviction, imprisonment, fines.
I’m trying to get it out there so others can do so too!