Part two of Interview with David Gewirtz, Author of Where Have All The Emails Gone? / Updated with Part Three
Joan Brunwasser
How Something as Seemingly Benign as White House Email Can Have Freaky National Security Consequences
We’ve been talking with David Gewirtz, technology expert and author of Where Have All the Emails Gone? Welcome back, David, for the second part of our interview. We’ve already spoken about the cybersecurity situation that President Obama has inherited. Now, let’s go a little further back in time, if you don’t mind.
What was the impetus behind Where Have All the Emails Gone?
>We publish two magazines on email-related topics, one for IBM Lotus professionals and one for Microsoft Outlook and Exchange professionals. Back in April 2007, we ran a news story on the missing email topics. Since it was on-topic for the magazines, I decided I'd write one short article. Nothing made sense. 12 articles and an amazing story later, we decided we had enough for a book. The book was published in late 2007 and now, I've probably written another 12 articles on the continuing saga.
What time period are we talking about and how many emails have gone AWOL?
>I discuss three key issues, only one of which is missing emails. I consider some of the security issues inherent to how the White House manages email a far greater concern. There's a beast called the Hatch Act that can both give plausible deniability to storing email according to the FRA and PRA, and also almost requires insecure email for much of the White House's business.
That said, there are reports of millions of missing messages. The only period for which there is formal confirmation (in the form of testimony to congress by the White House) is for the period March 1, 2003 and May 23, 2003. Full details on this are at:
http://www.outlookpower.com/issues/issue200805/00002168001.html
Why was the Bush administration's explanation for moving away from Lotus implausible?
>The Bush administration claimed Lotus Notes was antiquated and not up to the job. That is categorically incorrect. Lotus Notes is regularly updated and is an IBM flagship products. I have personally seen many extensive, enterprise-grade solutions with Notes that are absolutely best-of-breed. As of today, we've published 10,358 articles about Lotus Notes and it's quite excellent. In particular, Notes is renown for it's security, something not quite as well regarded for Microsoft Outlook. That's not to say Outlook and Exchange (the Microsoft solution) aren't also great, but it's a complete fallacy to claim Lotus isn't up to the job. That's, in fact, what got me curious about the rest of the story.
Does anyone besides for you get the immensity of the problem? If so, who?
>Certainly the IT professionals who read our magazines get it. Some of the folks in DC also get it. The groups who are suing the White House understand part of the problem, but they're forwarding their own agenda and in that agenda, suing the President is more sexy than chasing obscure ISPs in Tennessee or fixing a 1939 law or repairing basic security concerns. People I know in Homeland Security and the FBI, at least at the individual contributor level very much get the security issues. I've met some of the smartest and most impressive people working on the front lines in America's security agencies. The only problem for those guys is they work for politicians.
Are people beginning to pay attention? Have you seen any encouraging signs so far?
>Definitely. I've been interviewed a ton of times. I'm on the radio or in an interview at least once a week on this topic and we've reached, literally, millions of people. A nice side-stream benefit has been that I've also been able to talk about regular Internet security issues and help real people protect their own homes, just as an outgrowth of explaining some of the White House's security problems.
And while I can't take direct credit, we've seen the discussion on both the missing email messages and overall White House IT moved along. It's still problematic, but I think that the book has gained enough attention that people are aware that IT at the White House is a national interest issue.
What would you like people to take away from this book?
>That email at the White House (at least during the Bush administration) is broken and needs to be fixed. It's also likely to be somewhat broken in the Obama administration, because the laws are still in place to tie their hands, but we can be hopeful.
People's eyes tend to glaze over as soon as something technical is discussed. Can you boil it all down to a few, simple points?
>Sure. From a personal point of view, if you don’t pay attention to the security of your computer, you could lose everything. Someone from Belarus could easily pop into your life and take all your money, charge up your credit cards, and cause you no end of hurt. From the perspective of White House security, the last thing we want is an enemy nation or organization to be able to interfere with the secure command and control of our government or, worst case, cause us some grievous harm because they know something they shouldn't.
You write about Blackberrys getting lost or highjacked, putting national security at risk. Karl Rove lost his at least once and maybe as many as five times. With the new president also a Blackberryphile, this problem is not going to go away. You have a few timely suggestions about how to safeguard these "mobile nightmares.” Please share them with us.
>Well, the biggest suggestion is to not hand your phone to anyone else. Make sure you have complete control over it. Don't keep confidential information in it, passwords, etc. For senior government officials, home addresses are also confidential information and shouldn't be in your phone. In the case of White House staffers, if you must give up your phone for a time, only give it to someone you, literally, trust with your life. That'd be members of the Secret Service.
Part of your narrative seems to fit the “well, the genie is out of the bottle” scenario. There’s so much that no one seemed to understand about the ramifications of electronic technology. Were we much ‘safer’ in the pre-computer age?
> Yes, and no. There were always risks of some sort. Our grandparents didn’t have to deal with people from other countries invisibly sneaking into their computers and stealing their life savings, but our parents, even those in their 80s, now do. But hey, back in the Old West, there were gunfights and duels. We don’t have them as often (although we do have our own brand of gang violence).
Fundamentally, when anyone ever says “this is the worst it’s been” the answer is “no, it’s not”. Every generation and age had some really bad elements and some things that were truly beautiful.
That said, cyberthreats are scary, just because they are so incredibly complex to defend against and the tools to launch them are so easy to come by. In the cyberthreat world, weapons of mass destruction (cheap PCs, iPods, flash cards, etc) can be bought at Wal-Mart.
Thank you, David. We'll look forward to the final part of this three-part interview.
David’s website
Read part one of this series:
Exclusive Interview with David Gewirtz, Author of Where Have All The Emails Gone?
Author's Bio: Joan Brunwasser is a co-founder of Citizens for Election Reform (CER) which exists for the sole purpose of raising the public awareness of the critical need for election reform. We aim to restore fair, accurate, transparent, secure elections where votes are cast in private and counted in public. Electronic (computerized) voting systems are simply antithetical to democratic principles.
CER set up a lending library to achieve the widespread distribution of the DVD Invisible Ballots: A temptation for electronic vote fraud. Within eighteen months, the project had distributed over 3200 copies across the country and beyond. CER now concentrates on group showings, OpEd pieces, articles, reviews, interviews, discussion sessions, networking, conferences, anything that promotes awareness of this critical problem. Joan has been Election Integrity Editor for OpEdNews since December, 2005.
www.opednews.com/articles/Interview-with-David-Gewir-by-Joan-Brunwasser-090330-887.html
************************************************
April 2, 2009
Part Three of Interview with David Gewirtz, Author of "Where Have All The Emails Gone?"
By Joan Brunwasser
How Something as Seemingly Benign as White House Email Can Have Freaky National Security Consequences
Welcome back, faithful OpEdNews readers, for the final installment of our interview with technology expert, David Gewirtz.
Let’s see. What haven’t we talked about yet, David? You claim that you have no political/partisan axe to grind. Can you prove that?
>Well, I admit to voting both Democratic and Republican and generally being annoyed by both parties. One way to judge a person is by actions and while I've criticized the Bush administration for management of White House email and security, I also pointed the finger at some of Bill Clinton's policies. I also recently ran an editorial critical of Senator Leahy's call for a truth squad to investigate the Bush administration and I've been regularly critical of the House Oversight Committee for overlooking some key elements of testimony -- when that committee was run by Democrats.
So, basically, I've picked on both sides. What I have found infinitely amusing is that when I've done radio interviews with both whack-job super right-wing Republicans and completely looney-tunes, totally left-wing Democrats, both have thought I was arguing their side. I've also had editorials written on conservative Web sites claiming I was a liberal and liberal Web sites claiming I was forwarding the conservative agenda. My agenda is America's security -- that and a quest for chocolate.
Your two-point agenda sounds reasonable to me. What were you aiming for with Where Have All the Emails Gone?
>My goal for the book is nothing less than fixing serious problems at the White House as it pertains to their IT [Information Technology] policy. I make six strong recommendations, but it really boils down to two key issues: revising the Hatch Act and establishing an administration-spanning professional IT division unrelated to the political process.
On another but related topic: Who are Mike Connell and SmarTech? What do they have to do with the missing emails?
>I covered SmarTech extensively in the book. They're the ISP [Internet Service Provider] I traced much of the RNC [Republican National Committee] and White House email traffic through. Before I go further, I need to say that the forensics I used didn't do any sort of penetration or anything either illegal or unethical. I gathered data from open sources like domain registry information and whois queries -- data that's available to anyone on the Internet. I believe that more than 100 million messages traveled through SmarTech from and to the White House.
I didn't cover Connell much, although the conspiracy theorists are having a field day. Connell was an IT guy for the GOP, designing Web sites and doing other IT stuff. He was involved in an investigation into vote tampering in Ohio in 2004's Presidential election*. The reason the conspiracy people are all wired about this is Connell died in a plane crash right in the middle of the investigation. You can draw your own conclusions, but I, personally, believe this to be just the sad accident it was reported to be.
Is it a strange coincidence that Connell was in charge of the routing of Ohio's votes through Chattanooga, Tennessee on Election Day 2004 and then back to Secretary of State Ken Blackwell's website?
>I don't have any evidence of that, so I can't really discuss it. I did find a few strange coincidences, however. First, I found public-facing evidence of two PDF files belonging to the Office of the Ohio Secretary of State on IP [Internet Protocol] addresses owned and operated by SmarTech (who happen to be in Chattanooga).
It is, however, curious that official state election documents do appear on a server operated by a firm under contract to the RNC. It is also curious that the senior election official in Ohio was also running for Governor of Ohio while this went on. It is further somewhat curious that a finance oversight agency of HUD runs its Web site on SmarTech's servers and that Mr. Blackwell (Ohio's Secretary of State at the time of the 2004 election) was previously undersecretary of HUD. Nothing of this, however, represents anything even close to a smoking gun.
For the record, I've offered the founder of SmarTech the opportunity to tell his side of the story a few separate times, including in the book. The offer has never been accepted.
Why would electronic votes be routed through a third party at all, and especially before the vote count was announced or made official?
>I have no evidence this was done, so I don't have much intelligent to say about it.
Personally, though, as a formally trained computer scientist, the idea of electronic voting machines with no paper trail seems the height of irresponsibility and, frankly, stupidity. First, they're computers, so they could fail. But we also know almost any system is easy to hack and the risk of an unauditable voting machine being hacked and perhaps changing an election is far too high. Let's be clear: people will always try to swing elections -- they always have. But we don't need to make it ridiculously easy for them.
I agree completely with your last point. And that’s an excellent place to wrap up our interview. You’ve been very generous with your time, David. Thank you. I look forward to seeing where your research takes you. All of us have benefited from your extensive investigation of the many unanticipated security risks inherent in the technology we use.
~~~~
*King Lincoln Bronzeville v. Blackwell is an ongoing federal lawsuit challenging voting right violations in Ohio during the 2004 Presidential Election.
Part One of Exclusive Interview with David Gewirtz, Author of Where Have All The Emails Gone?
Part Two of Interview with Gewirtz
David Gewirtz’s website
Where Have All the Emails Gone? website
Author's Bio: Joan Brunwasser is a co-founder of Citizens for Election Reform (CER) which exists for the sole purpose of raising the public awareness of the critical need for election reform. We aim to restore fair, accurate, transparent, secure elections where votes are cast in private and counted in public. Electronic (computerized) voting systems are simply antithetical to democratic principles.
CER set up a lending library to achieve the widespread distribution of the DVD Invisible Ballots: A temptation for electronic vote fraud. Within eighteen months, the project had distributed over 3200 copies across the country and beyond. CER now concentrates on group showings, OpEd pieces, articles, reviews, interviews, discussion sessions, networking, conferences, anything that promotes awareness of this critical problem. Joan has been Election Integrity Editor for OpEdNews since December, 2005.
www.opednews.com/articles/Part-Three-of-Interview-wi-by-Joan-Brunwasser-090402-206.html