When I heard about the deletion of the Whitehouse emails back in April, and Karl Rove's use of a private email account, my first thought was 'wow, they must really struggle to keep that secure'. It's not often my technical research leads to a question of national security, but it turns out they don't struggle, they just leave a large part of their email system unsecured!
Emails that travel outside of an organization to a private email account like Karl's go through an unencrypted, plain text transport system, SMTP. In simple terms, a text document is passed from server to server until it reaches its destination. In theory, anybody who's sitting on the network can see the contents of those messages. Normally, this isn't a big issue, since emails are low value (typically not containing credit card numbers or other information valuable to hackers) and there's so many flying around, just being in the right place to sniff it and picking an interesting one out from the noise is tough.
David Gewirtz, a techie who runs OutlookPower magazine, has spent months researching the technical aspects of the Whitehouse's email use. He's now published a book, and it's scary reading for anyone who cares about America's security. You can read extracts from it at this site, but I recommend looking through the original articles too. Start with "Prepare to be freaked out" to understand how serious the consequences of their poor technology decisions could be. This isn't a partisan or crazy conspiracy book, email is something that every Executive in the last 20 years has made serious mistakes with, and David ends with recommendations on how to improve the current dire situation.
Buy the book, but here's a full list of the related articles:
- Technical analysis: the White House email controversy
- The White House email controversy: who runs GWB43.COM?
- The White House email controversy: a detour into mob journalism
- The White House email controversy: the nightmare scenario
- The White House email controversy: an archiving plan only FEMA could love
- 'Deep Mail' on the White House email controversy
- The White House email controversy: migrating from Notes to Outlook
- The White House email controversy: why does Karl Rove keep losing his BlackBerry?
- The White House email controversy: help us find those missing messages
- The White House email controversy: a historical perspective
- The White House email controversy: prepare to be freaked out
- The White House email controversy: understanding the root causes
- The White House email controversy: our formal recommendations
- The White House email controversy: the final questions