There were a number of odd things about the Hillary Clinton e-mail debate, but to me this was the oddest: the widespread conviction that the secretary of state’s communications — personal or otherwise — would have been “safe” in the hands of the State Department. If we have learned nothing else over the past several years, surely it is that the U.S. government, while still devoted in principle to classifying a ludicrous amount of data, is in practice very, very bad at keeping secrets.
Certainly it is no longer possible to argue that information controlled by the federal government is somehow safe because the people devoted to taking care of it are determined to keep it that way. WikiLeaks taught us that low-level Army officers with personal issues are capable of accessing, and distributing, classified diplomatic cables in vast quantities. The Snowden affair taught us that a low-level government contractor with a dubious employment history can easily steal vast quantities of data and then disappear with it to Russia.
But these spectacular stories are nothing beside the humdrum, everyday theft of data that goes on all the time. Last week, even while Clinton was defending her decision to delete her e-mail, the State Department was quietly shutting down its servers in an attempt to clean them, once and for all, of the Russian malware that has plagued the whole system for months. Although the department’s deliberately low-key statement framed this as a “planned outage,” other sources told ABC News that it was dealing with one of the most serious security breaches in the department’s history. Maybe it would have been marginally easier for foreign governments to read Clinton’s e-mail on a private server, but it doesn’t sound like they would have had that much more trouble if she’d been using the same system as everybody else.
Nor is the State Department alone. The White House has admitted that it is subject to frequent cyberattacks, some of which have been serious enough to slow its servers. Sony and JPMorgan Chase are only two of many large and presumably heavily protected companies to fall victim to foreign hacks in recent months. Google now keeps such close tabs on the attempts of “state entities” to break into some of its clients’ Gmail accounts that it sends them regular warnings — as I know, because I get them. Though of course Google is only one of many online companies that also quietly collects massive amounts of data in order to put it to commercial use.
What to do? Increasingly, the answer — not just for government officials but for all of us — is going to be: Don’t use e-mail. Or at least don’t use e-mail for anything that you wouldn’t put on a postcard. And maybe don’t use e-mail for anything that you wouldn’t mind seeing published in a newspaper. Although we are used to thinking of e-mail as a “private” form of communication, it’s just become too easy to steal and will only become more so.
As a result, these methods have become readily available to all kinds of people, not just those who work for governments. The same is true of bugs and recording devices, many of which are now so cheap, small and portable that they don’t require special investment to install, let alone special espionage training. In London, the Sunday Mirror is on trial for hacking into celebrities’ telephones, repeatedly, over many years. If tabloid journalists can do it, anybody can. Recording a telephone conversation is easy, bugging a restaurant or a hotel room even easier. Public officials are just now waking up to the fact that they live in a world of total surveillance. It won’t be long before the rest of us are going to discover the same thing.
Technology may eventually provide solutions, perhaps in the form of user-friendly encrypted e-mail systems, perhaps in the form of new-generation sweepers that can detect the latest bugs. The legal system may eventually catch up, too. But until then, life for anyone who wants to be protected from any kind of prying — from snooping companies, from governments, from media, from ex-spouses — will have to move in the opposite direction and use less technology. If you don’t want to be overheard, it’s not enough anymore to stay away from Facebook: Don’t use e-mail, don’t talk on the phone and do speak in person, preferably outside. Above all, write letters. The postman might read it, but the government, your colleagues and the Sunday Mirror probably won’t.