About the Hillary Clinton email server thing…

I was going to say something about the issue with Hillary Clinton using an email server provided by her own staff for some of her email traffic, rather than one provided by her employer, but @LaneWinree already wrote pretty much what I’d have written, just better than I would have done.

So, I guarantee this is exactly how the email server thing went down.
Whatever internal system the government has set up for email communication is, I guarantee, a total and utter shitshow.
Shitshow as in horrid UI, horrid performance, and just in general unusable. Most business email environments are. Government worse.
Clinton probably complains about this, someone on staff looks into fixing it, someone somewhere thinks “Hey, we could just build a server”
Given that it’s absurdly easy to build an environment to host an email server, a request gets made and some IT guy somewhere says it’s fine
So a server gets built, Clinton uses it, and the whole thing gets overlooked because someone way down the chain doesn’t vette it out
And given the sheer scale of systems the federal government uses, no one audits what systems are running and where
And if you’re Clinton or her staff, you’re thinking if IT signed off on it, it complies with all needed regulations
So where it -should- have been nixed was that federal IT level, where a network specialist sees the request and says “Nope, can’t do it.”
But because it didn’t get nixed there, no one any further up the chain should have any reason to think it’s insecure and against the rules
Here’s the dirty IT secret: This crap happens all the time. Someone at the IT level should know better and deny the request, and that’s it.
And the reason this happened is likely because building a separate environment probably saved a few days work optimizing the existing one
So when Comey says there was no intent to break the law, I totally buy it. Compliance often breaks due to badly optimized systems/processes
Coming from the IT side, I don’t expect mid/upper management to get ANY of these nuances, nor would I find value in explaining it all
So it’s totally reasonable for a manager to assume that if I sign off and build it, I believe it complies with compliance regulations.
Because, well, compliance adherence over IT systems is something -I- should be responsible for. Not a manager. Or Secretary of State.
So the tl;dnr version is a complaint happened, someone put in a request to address the complaint, and IT dropped the ball on compliance.
Yes in IT you want to be helpful and provide solutions, but you MUST know how to comply with IT regulations. That’s on you, not up the chain
I’ve posited this to some friends who also work in IT, and each one of them agrees that this is likely what happened.
Badly optimized legacy systems require a ton of work to fix, IT monkey looks for a shortcut, breaks compliance rules in the process.
@LaneWinree

Related Posts

Technology does not trump policy when it comes to delivery

Recently Ken Magill wrote an article looking at how an ESP was attempting to sell him services based on the ESPs ‘high deliverability rates.’ I commented that Ken was right, and I still think he is.
Ken has a followup article today. In the first part he thanks Matt Blumberg from Return Path for posting a thoughtful blog post on the piece. Matt did have a very thoughtful article, pointing out that the vast majority of things affecting delivery are under the control of the list owner, not under the control of the ESP. As they are both right, I clearly agree with them. I’ve also posted about reputation and delivery regularly.

Read More

Monetizing the complaint stream

What if ESPs (and ISPs, for that matter) started charging users for every complaint generated? Think of it like peak pricing for electricity. In California, businesses can opt for discounted power, with the agreement that they are the first companies shut off if electrical demand exceeds supply. What if ESPs and ISPs offered discounted hosting rates to bulk senders who agreed to pay per complaint?
I see pricing scheme something like this.

Read More

Let's talk CAN SPAM

CheckboxEarlier this week I posted about the increased amount of B2B spam I’m receiving. One message is not a huge deal and I just delete and move on. But many folks are using marketing automation to send a series of emails. These emails often violate CAN SPAM in one way or another.
This has been the law for 13 years now, I find it difficult to believe marketers are still unaware of what it says. But, for the sake of argument, let’s talk about CAN SPAM.

Read More