On “Private” Email Servers

First a brief explanation of why I am writing about this topic. For about 20 years I was employed by the Information Technology services of the University of Michigan. I arrived just as email was taking off as a communications medium. A person who was first my colleague and later my supervisor actually contributed to the sendmail protocol, the messaging component that lies at the root of practically every email, messenger or tweet that has ricocheted around world. My role was, of course, trivial. I was a minor player as a programmer and subsequently I was “kicked upstairs” to be an administrator. But my role as an administrator was to help formulate policy which guided the use of messaging systems and this does make me something of an expert in this forest of confusion about “private” email servers.

The first thing we have to understand is that the word “private” is a misnomer in the context of current events. Most of us have employers. We might work for a corporation, a closely held corporation, an agency of the government, a family business or even be self-employed. In our role as an employee, we have to communicate with our colleagues, employers, and customers. What happens when we want to apply for a job somewhere else or cemailommunicate with a friend on something other than what might be considered appropriate business matters? Chances are, and especially if we are savvy about business and privacy issues, that we will use a different email system than we use for work purposes. We might use Gmail, AOL, Yahoo, Hotmail or any of a large number of other services. Any of these would be “private” in the sense that they separated from our “public” (work) persona.

A few of us might have good reason to go even further than one of these widely known email services. To support the Blog I am writing on, I have leased space on a private server. This provider would be willing to lease the entire server to me for an additional fee. And some people just put up their own server and run it themselves.

From what I understand, Hillary Clinton (hereafter HRC) did that last thing. And I also understand that she did it following the advice of her (Republican) predecessor Colin Powell and also following the practice of Condoleezza Rice. By using an email server she owned and controlled, she was told by her employees that this would be safer and more secure than writing messages on commercial services.

Why would HRC (or Colin Powell, or any other politician) want to write and receive messages on anything other than her governmental account? As I suggested above, there are very simple reasons for this. But one of the most obvious is that politicians are involved in politics, and personal politics should not be supported by governmental resources. A congressional representative can use their “franking privilege” to send out newsletters to their district, but they would cross a line if they turned that into a fundraising appeal. Employees generally try not to get in hot water with their employers by using their company resources for personal gain, and I think it is pretty common these days for people to communicate with their customers over corporate systems, but shift to Yahoo or Gmail if they want to ask their spouse if they want them to bring home any groceries. The reality today is that almost of all us use both an employment and a “private” email service.

There is a problem which afflicts almost everyone who divides their messaging between employer and non-employer (“private”) systems. Can you actually succeed in keeping everything that needs to be separate separate? The truth is that even the most careful person probably makes mistakes in this regard. I would suggest that unless some tangible harm arises from mistakes of this sort we have to let it go. I think that is exactly the situation FBI Director Comey found himself in. HRC was not violating the law by having her own server. Did she make so many mistakes by using that server to transmit messages that might rightfully have belonged on the government server that she compromised national security, revealed state secrets, etc? I suggest his inability to indict is a direct reflection of the fact that he could not.

Recently a faculty friend raised this subject with me. He was troubled by the national security issue and was considering a vote for one of the third party candidates. As it happens, I knew that he commonly wrote to his students using his AOL account and Facebook rather than his institutionally supplied email account. I noted to him that he could easily be guilty of exactly the accusation against HRC and possibly subject to institutional discipline up to and including dismissal despite the fact that he had tenure. His eyes widened. How? There is a federal statute which mandates privacy for teacher/student interactions. It’s part of FERPA, an acronym every teacher comes to understand. I pointed out that if he “shared” communications or if even the student “shared” some of those communications he could easily stray into disseminating federally protected information. Of course he protested that nothing he had written could be construed that way–and I just said, “How can you be sure?”

As an administrator I know that it is impossible to impose full conformity with laws and institutional procedures. And I know that on occasion an employee is going to stray so far that they risk discipline or other legal remedies. Money and sex seem to turn up as the usual suspects in these sorts of problems. So the point is there has to be balance. We need training to teach people how to be sensitive to all these issues. Privacy is important. Behavior is important. Respect is important.

Hillary Clinton is a highly trained attorney with a long public record. She has served with distinction as a legislator and as a Secretary of State. There is not the slightest suggestion that any of her activities has compromised national security. Despite the innuendo about “private email server” there is nothing inappropriate about it. In fact, I’m quite sure it was her sincere attempt at considerable personal cost to ensure that she would be conforming to law and proper practice.

So it amounts to nothing unless HRC’s political opponents are able to capitalize on it. A few elections ago we experienced the infamous “Swift Boat” attack which may have sunk (sorry about the metaphor, or maybe not) another honorable politician’s campaign because of fallacious innuendo. I do hope that HRC does not suffer the same unjust fate.