Great news: Hillary's e-mail server had a "misconfigured encryption system"

This same Bloomberg article notes that having her own private server meant that Hillary could erase all traces of any e-mail as she saw fit, a luxury not available to someone who uses a commercial e-mail service like Gmail. Google’s servers retain a record of your messages even if you’ve deleted them “permanently” from your trash. Hillary, because she could delete them from her own server, really could make the disappearance permanent. (Well, except for whatever the NSA’s been gathering from her.) Precisely the sort of feature you’d covet if you were a crook looking to keep your official state business away from the prying eyes of the great unwashed you serve.

But all of that was obvious once we knew she was using her own private server. What wasn’t obvious is that she’s a moron who didn’t take basic security precautions to keep hackers away from her files. Remember that 3 a.m. phone call from the 2008 campaign? Presumably there were Russian and Chinese spies listening in because Hillary, the “experienced” candidate, was too much of a goon to use a secure line.

However, when [digital security consultant Alex] McGeorge examined [Clinton’s e-mail] set-up this week he found it used a default encryption “certificate,” instead of one purchased specifically for Clinton’s service. Encryption certificates are like digital security badges, which websites use to signal to incoming browsers that they are legitimate.

“It’s bewildering to me,” he said. “We should have a much better standard of security for the secretary of state.”…

Using a scanning tool called Fierce that he developed, Robert Hansen, a web-application security specialist, found what he said were the addresses for Microsoft Outlook Web access server used by Clinton’s e-mail service, and the virtual private network used to download e-mail over an encrypted connection. If hackers located those links, they could search for weaknesses and intercept traffic, according to security experts…

Those defaults would normally be replaced by a unique certificate purchased for a few hundred dollars. By not taking that step, the system was vulnerable to hacking.

That’s a little like buying software that comes with a default security password of “password” and then never changing it. This isn’t the first time this week that an expert’s claimed that Hillary’s e-mail set-up was insecure either. MKH noted last night that an IT person at the State Department had warned Hillary’s team that a private server wasn’t as secure as federal servers were. You would think that would have raised enough alarm within ClintonWorld, given the political implications of her being hacked, that they at least would have made sure her private server was as secure as it could be. Nope. How come? As things stand now, we have the worst of both worlds — an attempt to conceal records that succeeded in keeping them from interested American citizens but not from interested Russian or Chinese ones.

Is there any way to punish her for this? Maybe, says Shannen Coffin. Probably not. But maybe.

As our friends at Judicial Watch will no doubt remind everyone, there were plenty of Freedom of Information Act requests that would have implicated her e-mails. But they were never searched, even though a reasonable search of all responsive federal records must be made in response to FOIA requests. And the records would have been relevant to congressional inquiries as well, including continuing investigations of the Benghazi attacks.

Why does that matter? Well, a federal criminal law makes it a felony when any custodian of official government records “willfully and unlawfully conceals, removes, mutilates, obliterates, falsifies, or destroys the same.” The crime is punishable by up to three years in prison. And interestingly, Congress felt strongly enough about the crime that it included the unusual provision that the perpetrator shall “forfeit his office and be disqualified from holding any office under the United States.”

You’d need to prove that she concealed her records “willfully and unlawfully” (and you’d need to believe that Loretta Lynch would bring charges, ahem), a standard that might not be met simply by showing that Hillary operated her own e-mail server. “I always intended to turn over records of my correspondence,” she’ll say. “I thought a private e-mail account might be less likely to be noticed by hackers than an official State Department would.” What if, though, you could prove that official correspondence was permanently deleted from her private server, i.e. what if someone sent her an e-mail, produced a copy of that e-mail for the FBI, and then the FBI couldn’t find Hillary’s own copy after a forensic examination of her server? How is that not concealment?

Look on the bright side, though. Even if we can’t recover her correspondence from the server, we could probably get a copy of it from Putin if we ask nicely. Exit question: You know I’m skeptical that an e-mail scandal this far out from the election will hurt Hillary, but one of her core messages in 2016 will be that she knows from hard experience how to handle the world’s miscreants. She’s the security candidate! How’s that going to fly when people realize she willingly made her own State Department correspondence far more vulnerable to hackers than it needed to be?