Virtru Security Insights

A Memo on Encryption to Hillary Clinton

On March 10th, Hillary Clinton told reporters that it “would have been better” to use her State Department email account instead of her own private account. The email scandal, which began earlier in March after it was revealed that the former secretary of state hosted her own email server running in her New York home, has started an intense debate about transparency, security, and how public officials should use email.

While perhaps all of that is worth discussing, we’re left perplexed for an entirely different reason: if Mrs. Clinton really wanted to have safe, secure email, she could’ve gotten it with a lot less hassle.

Working Around an Insecure World

Although all of us have to keep up with a growing volume of email while maintaining the security of our information, most of us don’t have to deal with a spotlight constantly shining on us. There’s no doubt that a legion of hackers would’ve loved to get their hands on Mrs. Clinton’s inbox — or any other government official’s inbox, for that matter. You never can be sure who is watching, or who is simply trying to pry their way in. As a result, having a secure inbox just makes sense. It’s a goal we think everyone should have.

Yet, Mrs. Clinton’s choice to host her own mail server at home is perplexing. Setting up your own secure mail server is difficult, to say the least. For organizations that want their own mail server, this means having IT and security experts set up and maintain the infrastructure. Keeping ahead of the hackers is a full time occupation. It’s clear that Mrs. Clinton’s team had not checked all the boxes. According to the security firm Venafi, Mrs. Clinton wasn’t using proper encryption certificates for at least three months, leaving the server vulnerable to attack.

Instead, a growing number of organizations delegate this work to cloud providers and use services like Google Apps for Work (now known as G Suite). This allows the average person or organization to leverage the expertise of hundreds of security engineers. This would have been a more logical choice for Mrs. Clinton in our book.

Beyond setting up and maintaining the server, the issue of personal data security is also problematic. It is unclear from public reports whether Mrs. Clinton used any form of encryption for her email. Considering the average user (and even many advanced users) don’t bother with the two most popular forms of email encryption, PGP and S/MIME specifically, due to how complicated they are to set up, we can’t say that we’re surprised. But it doesn’t have to be this way!

It’s All About Convenience

In her press conference, Mrs. Clinton noted that her email decisions were guided by convenience. We get it. With thousands of messages to manage each week, convenience is a priority. But so is security, especially when you’re a high profile official.

But (shameless plug here), Mrs. Clinton could have saved herself a lot of damaging press simply by using Virtru. Regardless of whether she used her own on-premise email server or went with a cloud provider, she could have had client-side encryption. Only her intended recipients could have decrypted and read her messages.

And if she had secured her messages with Virtru, even if she sent the wrong message to the wrong foreign minister by mistake, she could have revoked it in one click – even if it had already been opened. Freedom of Information Act requests wouldn’t be much of a hassle either, as Mrs. Clinton would simply have to hand over the requested email along with her encryption key, removing any questions about transparency.

We’ve made Virtru easy enough for everyone, and powerful enough for the world’s most sensitive information. Set up Virtru in less than a minute and start protecting your sensitive information today.

We bet Mrs. Clinton wishes she had used Virtru.