Your "should have" statements seem to apply equally to a home and office server. Great advice in general, but I don't see it applicable per "blame math" in this case. H is not a server admin.
Further, how are you defining an "outside server"? If the "office" server is available to the outside Internet, it's just as "outside" as a home server (barring any additional specific details).
As far as sending classified info thru unclassified servers, the devil is in the details, which we don't have. As I mentioned nearby, but if the office server wasn't designed for that, then it's the same "sin level" regardless of which "wrong" server it went through.
I suspect what happened is that somebody copy and pasted classified info withOUT the proper markings/notices into a message(s) bound to non-classified email addresses. When H received, she didn't know it was classified because it was not marked/labelled as such. This probably would have happened even if her home server never existed (unless you invoke the Butterfly Effect). Who sent the mis-marked info, why, and if H is culpable for that mistake is yet to be seen; we don't know those details yet. Innocent until proven guilty.
Either way, that still doesn't seem a home-versus-office-server issue yet. Sending it to Server-X-Not-Designed-For-Classified is just as bad as sending it to Server-Y-Not-Designed-For-Classified, unless we have a reason know that Server X is "leakier" than Server Y, which we don't at this point. Wrong destination is a wrong destination.
We don't have an equivalent analysis of the "regular" gov't office server to compare here. And the comments suggest the home box used typical industry settings of SMTP servers.
I have no reason to believe the "office" (gov't) server would not have typical settings also. Again, it was not designed nor intended for classified info.
They allegedly had another system for classified stuff, but they cannot talk a lot about it for obvious reasons. I'm assuming we are talking about "regular" non-classified emails. If she used the non-classified server/service for classified stuff, it's roughly the same "sin level" regardless of whether it's the wrong office server or home server. It was the "wrong" server either way. (The verdict on the "classified" question and fault is still open.)
Further, the "office" server died and they had insufficient backups. That's indirect evidence is was not heavily cared for and thus probably also had "bland" security attention.
I don't see H's server choice as a security argument. The "regular" office server, the one she should have been using, was not designed for classified info either and there's no evidence it had better general security than her "home" server.
There are plenty of other reasons to criticize her actions, but "security" is not one of them.
I suppose one could argue she was more likely to mix up personal and work email, but that can happen regardless. One can mistype the destination on any device or email service. Such an argument is splitting hairs on what kind of typo is most likely, which is probably personality specific such as to make it highly speculative. The kinds of mistakes I make often have a different pattern than those of others. It's one of the reasons I welcome wide feedback on any of my draft UI designs.
MOST organizations are lacking in this area. I've seen no evidence that the US government is more lax than private industry. If you have reliable stats on that, please show them.
If you want a somebody or something to bash, then bash human nature, not government in particular. Organizations of all types and cultures have consistently sucked on info security.
Those are planted. Most are not there to date real fans, only pretend, for money. And if they are wearing a mask, there is probably a good reason. Paint me skeptical.
Printer companies have been abusing customers for long enough over ink that it's time for anti-trust regulation for them.
I had a printer from a company that sounds like "Mullet Smacker" such that when either the color or black-and-white cartridge was "past the expiration date", you had to answer a notice on the front printer panel to continue printing for each job, even if you didn't use that cartridge for a given job. In other words, it nags you to buy. And you couldn't run it without one or the other: you had to install both cartridges.
Sometimes the "free" market is just plain stupid/evil. If you don't play nice, you get your ass regulated. If you don't like "socialism", don't be a dick.
Part of the problem is that it takes experience to get experience. There are only a few top positions that have access to plenty of resources. Thus, only a few get a chance to learn how to work in such conditions where they have a lot of leverage, meaning those with the talent AND experience leveraging a lot of resources are very limited in number and thus highly sought after. You can't find that combo with a written test.
Warren Buffett can take bigger risks than medium-sized investors, and uses that capability to "gamble smartly" in a way the rest cannot (unless they risk crashing their company). He has the necessary skill, experience, and leverage, putting him at a big advantage over those with just 2 of those traits.
It's a kind of bottleneck at the intersection of skill and experience.
Well, it's like everything else in the US economy: the cream of the crop (real or apparent) get huge options and money, while the rest grovel and scrape for Door #2.
The ENIAC was built in 1946. So if the FERMIAC came after the first bomb, then what did they use for calculations on the first? The GUESSIAC? PAPERIAC?
Your "should have" statements seem to apply equally to a home and office server. Great advice in general, but I don't see it applicable per "blame math" in this case. H is not a server admin.
Further, how are you defining an "outside server"? If the "office" server is available to the outside Internet, it's just as "outside" as a home server (barring any additional specific details).
As far as sending classified info thru unclassified servers, the devil is in the details, which we don't have. As I mentioned nearby, but if the office server wasn't designed for that, then it's the same "sin level" regardless of which "wrong" server it went through.
I suspect what happened is that somebody copy and pasted classified info withOUT the proper markings/notices into a message(s) bound to non-classified email addresses. When H received, she didn't know it was classified because it was not marked/labelled as such. This probably would have happened even if her home server never existed (unless you invoke the Butterfly Effect). Who sent the mis-marked info, why, and if H is culpable for that mistake is yet to be seen; we don't know those details yet. Innocent until proven guilty.
Either way, that still doesn't seem a home-versus-office-server issue yet. Sending it to Server-X-Not-Designed-For-Classified is just as bad as sending it to Server-Y-Not-Designed-For-Classified, unless we have a reason know that Server X is "leakier" than Server Y, which we don't at this point. Wrong destination is a wrong destination.
I avoided a joke about that word on purpose. It looks like you stepped in it instead. (Pun intended but not officially admitted to.)
We don't have an equivalent analysis of the "regular" gov't office server to compare here. And the comments suggest the home box used typical industry settings of SMTP servers.
I have no reason to believe the "office" (gov't) server would not have typical settings also. Again, it was not designed nor intended for classified info.
They allegedly had another system for classified stuff, but they cannot talk a lot about it for obvious reasons. I'm assuming we are talking about "regular" non-classified emails. If she used the non-classified server/service for classified stuff, it's roughly the same "sin level" regardless of whether it's the wrong office server or home server. It was the "wrong" server either way. (The verdict on the "classified" question and fault is still open.)
Further, the "office" server died and they had insufficient backups. That's indirect evidence is was not heavily cared for and thus probably also had "bland" security attention.
It's how the Winnie Industrial Complex started.
I don't see H's server choice as a security argument. The "regular" office server, the one she should have been using, was not designed for classified info either and there's no evidence it had better general security than her "home" server.
There are plenty of other reasons to criticize her actions, but "security" is not one of them.
I suppose one could argue she was more likely to mix up personal and work email, but that can happen regardless. One can mistype the destination on any device or email service. Such an argument is splitting hairs on what kind of typo is most likely, which is probably personality specific such as to make it highly speculative. The kinds of mistakes I make often have a different pattern than those of others. It's one of the reasons I welcome wide feedback on any of my draft UI designs.
MOST organizations are lacking in this area. I've seen no evidence that the US government is more lax than private industry. If you have reliable stats on that, please show them.
If you want a somebody or something to bash, then bash human nature, not government in particular. Organizations of all types and cultures have consistently sucked on info security.
It was an accident. The local pastor forgot to give your teacher the evil eye.
Those are planted. Most are not there to date real fans, only pretend, for money. And if they are wearing a mask, there is probably a good reason. Paint me skeptical.
"I am already out, darling. I'm just hairy."
Beats Apple Watch by 13 days.
A watch patterned after the Naboo Royal Starship could look attractive AND have "nerd cred".
Granted, but why pour gasoline on a fire?
looks like somebody ran over Vader's face--not a chick magnet
I've learned the hard way that scapegoats are in big demand. Just remember to leave your self worth at the door.
Do they offer B1H's over there?
or Pluto if Mars gets too wired
Proof aliens were in control of Steve Jobs to hide.
Printer companies have been abusing customers for long enough over ink that it's time for anti-trust regulation for them.
I had a printer from a company that sounds like "Mullet Smacker" such that when either the color or black-and-white cartridge was "past the expiration date", you had to answer a notice on the front printer panel to continue printing for each job, even if you didn't use that cartridge for a given job. In other words, it nags you to buy. And you couldn't run it without one or the other: you had to install both cartridges.
Sometimes the "free" market is just plain stupid/evil. If you don't play nice, you get your ass regulated. If you don't like "socialism", don't be a dick.
I can live to troll another thousand years!
Part of the problem is that it takes experience to get experience. There are only a few top positions that have access to plenty of resources. Thus, only a few get a chance to learn how to work in such conditions where they have a lot of leverage, meaning those with the talent AND experience leveraging a lot of resources are very limited in number and thus highly sought after. You can't find that combo with a written test.
Warren Buffett can take bigger risks than medium-sized investors, and uses that capability to "gamble smartly" in a way the rest cannot (unless they risk crashing their company). He has the necessary skill, experience, and leverage, putting him at a big advantage over those with just 2 of those traits.
It's a kind of bottleneck at the intersection of skill and experience.
Like the private sector has had a good record on this?
She can peak out her window to see if Putin is trying to log in.
Then MONTIAC. And if you use pencil, it's PONTIAC.
Well, it's like everything else in the US economy: the cream of the crop (real or apparent) get huge options and money, while the rest grovel and scrape for Door #2.
The ENIAC was built in 1946. So if the FERMIAC came after the first bomb, then what did they use for calculations on the first? The GUESSIAC? PAPERIAC?