Most of the criticism following the revelation that Hillary Clinton used a personal email account for official business as Secretary of State has been based on suspicions that she was trying to evade transparency laws that require federal officials to preserve their communications.
But the more serious problem with Clinton's do-it-yourself approach to email isn't about transparency. It's about national security. Creating a secure email system is difficult, and it's unlikely that Clinton's homebrew email system was as secure as the official email system that would have been provided to her by the State Department.
That means that for four years — years when she was involved in numerous high-stakes negotiations — she was communicating in a way that made it easier for foreign intelligence services to keep tabs on her. We don't know if any foreign spy agencies took advantage of this opportunity. But it was reckless to give them the opportunity.
Running a secure email service is hard
According to an Associated Press story published this morning, Hillary Clinton didn't just have her own, private email address. She set up a private system to host her email. The AP suggests this server may even have been located in her house in New York.
Running a secure online service is difficult no matter who you are. Online security is an arms race: hackers are constantly discovering new security flaws, while software makers are rushing to patch them before they can be used to hack into vulnerable software. This is why big software companies like Google and Microsoft have hundreds of people on staff who do nothing but deal with security threats.
Most people who run their own email servers have one big advantage: no one is likely to target them personally. But of course Hillary Clinton wasn't an ordinary person between 2009 and 2013. She was the top diplomat of the most powerful country in the world. Every foreign intelligence service on the planet was interested in her private communications.
And securing a server against foreign governments is a lot more difficult than securing it against garden-variety hackers. Foreign countries like China and Russia have their own versions of the National Security Agency — agencies full of smart hackers who have spent years studying how to break into computer systems. It's likely that these governments — like the NSA — have an inventory of security vulnerabilities that haven't yet been discovered by the broader hacker community (information about flaws in popular software can be purchased in underground markets).
And while the federal government is not generally known for its IT savvy, the feds do take IT seriously when it comes to issues of national security. It's likely the NSA has worked with the State Department to ensure that agency's email is as secure as possible.
We asked a Clinton spokesman if she had taken measures to secure the domain against foreign attackers. He answered with a single word: "absolutely." But he didn't provide details.
Of course, it's possible that Clinton hired a small army of computer security experts to administer her server, and they made it just as secure as Gmail or the State Department's email system. But it's not very likely. And more to the point, it would have been hard for Clinton — who is not, herself, an expert on computer security — to know whether she had taken sufficient precautions.
It doesn't matter if Clinton sent out classified information
The Clinton camp has emphasized that Clinton did not send any classified information from her personal email address. Even if this is true, it doesn't excuse Clinton's decision to use a personal email address for official business.
During her time as Secretary of State, Clinton was intimately involved in a wide variety of sensitive negotiations with foreign governments. In this type of high-stakes negotiation, seemingly mundane information can provide valuable insights.
For example, the tone of emails she sent could give insight into the Secretary's mood, which could inform decisions about when to push for a deal and when to delay negotiations. Information about how frequently Clinton met with different aides could give insight into whose advice she trusted most (and therefore what the US negotiating posture was likely to be). Similarly, information about which domestic interest groups got meetings with the Secretary could provide valuable information about US priorities.
In short, knowledge is power. By creating her own personal email server, Clinton took the risk that America's adversaries could gain invaluable information about her private communications. That was a big mistake.