John R. Schindler on Clinton's NSA Problem

A veteran of signals intelligence writes on Clinton's other security problem. There are at least two massive issues revealed by the email dumps. The one we knew about -- somehow her confidante Sidney Blumenthal appears to have had access to NSA signals intelligence "somehow," although he had no security clearance at all and had been specifically rejected for government service by the President.

The other one is new, and involves Clinton's personal refusal to be bound by security standards. She wanted a Blackberry that she could take into Secure Compartment Information Facilities (SCIF).
But personal electronic devices—your cellphone, your Blackberry—can never be brought into a SCIF. They represent a serious technical threat that is actually employed by many intelligence agencies worldwide. Though few Americans realize it, taking remote control over a handheld device, then using it to record conversations, is surprisingly easy for any competent spy service. Your smartphone is a sophisticated surveillance device—on you, the user—that also happens to provide phone service and Internet access.

As a result, your phone and your Blackberry always need to be locked up before you enter any SCIF. Taking such items into one represents a serious security violation. And Hillary and her staff really hated that.


[T]here was no problem with Ms. Clinton checking her personal email inside her office SCIF. Hers, like most, had open (i.e. unclassified) computer terminals connected to the Internet, and the Secretary of State could log into her own email anytime she wanted to right from her desk.

But she did not want to. Ms. Clinton only checked her personal email on her Blackberry: she did not want to sit down at a computer terminal...

Why Ms. Clinton would not simply check her personal email on an office computer, like every other government employee less senior than the president, seems a germane question, given what a major scandal EmailGate turned out to be. “What did she not want put on a government system, where security people might see it?” the former NSA official asked, adding, “I wonder now, and I sure wish I’d asked about it back in 2009.”
Recently there was a story about how the FBI was looking at pictures of Clinton using her Blackberry. At the time it was suggested they might be trying to figure out where there were gaps in the email record, as she deleted tens of thousands and never turned them over to the government, claiming they were "personal."

Now it looks like there might be another angle: can they bracket at least some emails as having been sent from the Blackberry while in the SCIF? That would be a demonstrable violation of national security by Clinton herself.


douglas said...

Even with the requirement that personal electronic devices not be brought into SCIFs and locked up, shouldn't SCIFs be shielded to cut off reception to such devices? It's awfully easy to do, and 'trust but verify'. But then, this is the government we're talking about.

Grim said...

It's a good idea, of course, though I'm not sure what the engineering issues are around it. It may be that the technology would scramble something else that they need. I'm not in a position to say.

I do appreciate that it's a huge irritation to have your cell phone locked in a locker outside your office building. Still, somehow thousands and thousands of professionals do it every day.

MikeD said...

I worked in that field in the days before cell phones were a "thing". But EM emissions were something that the No Such Agency was concerned with. And because the example I have is now (somewhat) declassified, I can even share it with you. First peruse this:

The short of it was, the NSA was concerned because it was possible to spy upon what was happening inside a building based upon electromagnetic emissions from that building. So they came up with all manner of devices and procedures to protect their systems from that form of observation. Now, at no point did it devolve into "make the whole building a Faraday cage", but no, I have no idea why not, that seems the simplest solution to me as well. But in any event, TEMPEST security was a thing.

The interesting part, for me, came after the Soviet Union collapsed, and someone thought to ask some former KGB folks about TEMPEST. And they did confirm that the KGB was aware of EMINT, and had toyed with the idea, but basically had come to the conclusion that it was far too expensive to pursue. So we had been securing our systems against a form of signals intelligence that the Soviets basically never bothered to target.

But like I said, that was in the days before widespread cell phone usage (and no cellphone back then had a camera, much less internet capability). So why don't they shield a SCIF? Heck, to be honest, I don't know. I don't even actually know if they don't. I've been out of that game since 1997. But if I were in charge of national security in this day and age, you're damned right my SCIF's would be full on Faraday cages, because as douglas said "trust but verify" was wise advice in the 1980s, and it's still wise advice now.

Ymar Sakar said...

There's a reason why the Left said Snowden was a traitor.

Perhaps it hit a little bit too close to home, same as when Bush II got Saddam Hussein hanged. It scared too many Democrats, who feared Bush might do the same thing to them at home.