When using your own email server makes sense

When Hillary Clinton served in the Senate beginning in 2001, each senator's office had its own personal computer server and local-area network to manage email and other IT requirements. Lockheed Martin, under contract, supported each senator's personal computer server. A more efficient centralized network serving the 100 senators did not exist.

Today, nothing has changed. Each senator's office is a networked island with about 50 or fewer users. Although they are examples of wasteful inefficiency, those islands also are less vulnerable to hackers.

In 2009, when Clinton moved to the State Department, she was accustomed to controlling her own resources based on her experience in the Senate. She might have changed her approach, but the State Department was a backwater organization in terms of technology.

In 1990, State awarded a five-year, $841 million contract to Wang Laboratories, a word-processing computer company that was unable to make the transition to digital computers. In my oversight role at the General Services Administration, I counseled the Foreign Service officer in charge of the department's technology not to award the contract to Wang because the company's equipment already was nearly obsolete.

State, however, proceeded with the long-term award to Wang one year before the company filed for bankruptcy. State Department employees suffered for 10 years -- until 2000 -- with out-of-date Wang technology while most organizations nationwide introduced modern digital computer technology.

In 2000, the Government Accountability Office reported that a series of reviews highlighted continuing problems with State's information and physical security controls. GAO recommended that State take strong action to ensure that controls were in place and operating as intended to reduce risks to sensitive information assets.

In congressional hearings in 2001, State officials revealed that they were using cumbersome microfiche technology to manage the issuance of visas to foreigners seeking to enter the U.S. As a result, overseas State Department officials issued three visas to Sheikh Omar Abdel Rahman, later indicted for a role in the 1993 World Trade Center bombing.

The inspector general testified that the microfiche system was so time-consuming and cumbersome that it was likely not being checked as required on numerous occasions. At that time, most organizations had already replaced microfiche with computer-based searches.

In 2014, hackers penetrated State's unclassified email systems and apparently used that access to penetrate White House systems. It became evident that the strong action recommended by GAO had not occurred in the intervening 14 years.

In 2015, media sources reported that hacker code remained hidden inside State's systems despite cleanup work by Defense Department and National Security Agency experts. Observers said that by underinvesting in technology and security, State had allowed hackers to penetrate and remain in the unclassified network.

Today, the technology that was available during Clinton's time in the Senate and State Department should be central in the debate about her use of a personal email server while secretary of State. A review of the past 25 years of technology management in the State Department suggests that Clinton did the right thing by choosing to work from a personal email server. The systems in State could not be trusted. The White House likely has learned that lesson.

The Senate model of independent servers for each office provides better security than the central facilities provided for many years by State Department officials.