The Democrats' Other Server Problem

Read Original Article
Photo: Shutterstock
Media Outlet: Slate

Josphine Wolff writes for Slate that the DNC should have outsourced its email to Google, Yahoo, or another major company.

One unlikely lesson of the 2016 presidential election turns out to be that you simply should not host your own email unless you really know what you're doing. And odds are, if you're running for office, or running a political party, you probably don't.
It's still unclear how exactly the Democratic National Committee email servers were compromised and whether anyone hacked into Hillary Clinton's personal servers. But it seems like everyone's email would probably have been served by letting Google take care of it. (Set aside for a moment the rules governing how public records are stored for government officials. That's an important issue, no doubt, but it's not precisely a question of security.) 
Outsourcing email management to a private company doesn’t solve all potential security threats. It’s still, of course, possible for an adversary to steal credentials and use them to access an individual’s email records. In fact, at least one DNC consultant’s personal email, operated by Yahoo, was reportedly targeted as part of the larger breach. But while corporate email servers and security measures won’t necessarily protect individual accounts from being compromised, they generally do a pretty good job protecting against someone trying to conduct a full sweep of every email on a server.

 

Author:

Josephine Wolff was a Class of 2016 & 2017 Cybersecurity Initiative Fellow at New America, where she will write a book about cybersecurity incidents from the last decade, tracing their economic and legal aftermath and their impact on the current state of technical, social, and political lines of defense.