Slashdot Mirror
Hillary Clinton Used BleachBit To Wipe Emails (neowin.net)
An anonymous reader quotes a report from Neowin: The open-source disk cleaning application, BleachBit, got quite a decent ad pitch from the world of politics after it was revealed lawyers of the presidential hopeful, Hillary Clinton, used the software to wipe her email servers. Clinton is currently in hot water, being accused of using private servers for storing sensitive emails. "[South Carolina Representative, Trey Gowdy, spoke to Fox News about Hillary Clinton's lawyers using BleachBit to wipe the private servers. He said:] 'She and her lawyers had those emails deleted. And they didn't just push the delete button; they had them deleted where even God can't read them. They were using something called BleachBit. You don't use BleachBit for yoga emails or bridesmaids emails. When you're using BleachBit, it is something you really do not want the world to see.'" Two of the main features that are listed on the BleachBit website include "Shred files to hide their contents and prevent data recovery," and "Overwrite free disk space to hide previously deleted files." These two features would make it pretty difficult for anyone trying to recover the deleted emails.
Slashdot reader ahziem adds: The IT team for presidential candidate Hillary Clinton used the open source cleaning software BleachBit to wipe systems "so even God couldn't read them," according to South Carolina Rep. Trey Gowdy on Fox News. His comments on the "drastic cyber-measure" were in response to the question of whether emails on her private Microsoft Exchange Server were simply about "yoga and wedding plans." Perhaps Clinton's team used an open-source application because, unlike proprietary applications, it can be audited, like for backdoors. In response to the Edward Snowden leaks in 2013, privacy expert Bruce Schneier advised in an article in which he stated he also uses BleachBit, "Closed-source software is easier for the NSA to backdoor than open-source software." Ironically, Schneier was writing to a non-governmental audience. Have any Slashdotters had any experience with BleachBit? Specifically, have you used it for erasing "yoga emails" or "bridesmaids emails?"
All indications are she wasn't very careful while actively using the server. However, once she started getting requests to produce data from it, then she suddenly got very careful. Even if she did do nothing wrong, that is a very stark change in behavior that just happened to coincide with legal requests to hand over data.
The wiping just means that she is very secure from her own state interfering with her. But it doesn't say anything about how easy it was for third party states to gain information from her email server before it was wiped. So her servers might be secure from the justice system, but not secure from third parties. Both these aspects are how it shouldn't be.
What about the Freedom of Information Act? Don't secretary of state emails have to be archived?
The big knock against her email server is that any other state employee that ran such a thing would be locked up in jail.
no, the responsible thing to do is to turn it over to the justice department and let them fucking shred it.
Let me try. First, her entire purpose in having said private email server was explicitly to protect her privacy - something she is very sensitive about. The issue, and what separates her situation from that of Colin Powell, is that she used that server for both personal and official email exchanges. This defies both basic common sense and several applicable federal laws - laws which were *NOT* part of the recently concluded FBI investigation. That investigation was about the content of the emails and their classification, NOT - again - the real violation of law and common sense. Bottom line is that her credibility is in question because of a series of actions, all attributable to her paranoia and penchant for secrecy.
Hillary Clinton co-mingled personal and official government communications on her private email server. All of those communications are subject to the Federal Records Act and the Freedom of Information Act.
Her personal emails ceased to be personal when she co-mingled them with official government communications. HRC and her lawyers were not authorized to decide what is relevant to FRA and FOIA and what is not.
HRC and her lawyers deleted 30,000 or so emails that are not recoverable - therefore she is in violation of both the FRA and FOIA.
HRC should be, at the very least, in front of a jury to answer for her actions.
we're also not the ones who mixed her personal and professional lives. she is.
she's the public face of the state department, which has policies in place to make sure that their correspondence are both secure and archived... so people can go back and look into them to make sure everything is aboveboard.
she sacrificed her right to privacy on her private correspondence when she conducted professional business on the same server.
i don't want to see her fucking wedding photos, but i want someone to make sure that she wasn't selling access to the office of the secretary of state of the united states. and if someone with clearance in the justice department needs to comb through 4 years of "private" emails to make sure, then she has only herself to blame.
In the eyes of the law (courts), spoliation of evidence is equivalent to guilt, but perhaps to a lessor degree.
My quibble was the blatant arrogance of the act. That private server was clearly a move to preserve final editing rights of her tenure at the State Department and evade any future FOIA requests that may crop up during her next run for the presidency; and was there ever any doubt that she would run again? The fact that she thought she could get away with it after experiencing the fallout from the exact same move by members of the Bush administration while she was a sitting Senator in Washington reinforces the feeling that her arrogance knows no bounds. She took a page out of the neocon playbook and figured she would show them how it's done.
Did you run shred on a server after the FBI said it wanted the data on it?
Destruction of evidence is itself a crime. The difficulty is always in proving that's what happened - by definition you're missing a key piece of evidence.
This isn't mud slinging. This is technology news about obfuscating forensic evidence in practice on a technology website.
Your statement is mudslinging.
Whether the secure wipe was used as a simple matter of Best Practice, or was done for Nefarious reasons, is not known. So when the article makes judgements such as "When you're using BleachBit, it is something you really do not want the world to see." it becomes a political mudslinging story.
I don't personally use this software, but I personally always securely wipe any drive which I'm done using. Even if there's nothing on there, even if it only contains "yoga emails" or etc.
The disturbing thing to me is that this article is all but using the "If you have nothing to hide, you wouldn't use secure wipe methods" line of bullshit. Using strong encryption, secure wipe software, etc. should not be allowed to be seen as a "shady" or "suspicious" activity- it should rather be seen as the Intelligent and Normal way of doing things.
The FBI found the "key piece(s)". Comey then said "No prosecutor would pursue this case" and dropped it. He was probably right--but only because of her last name. If I did that, I might get out after 5 years or so. Heck, one of my counterparts got in trouble for a single line in a controlled document which had the same info in the public domain. I'm sick of these "Nothing to see here" claims--just look at any security briefing and it's spelled out. We just had another one, and according to it I would be required to report her if she was in my office.
Please state the part of the law on improperly transmitted classified information that talks about ratio of classified material to non classified material.