DNC Email Scandal Shows What Must Be Done to Prevent Breaches, Leaks

NEWS ANALYSIS: Once again the Democratic Party has been seriously embarrassed by an email leak scandal. But without the leaks the data breach might have been worse.

As this is written, Debbie Wasserman Schultz, chairwoman of the Democratic National Committee, has resigned under pressure and effectively been forced off the stage of her party's convention.

But the release of thousands of emails from the DNC showing how the party leadership conspired to keep Sen. Bernie Sanders from winning the presidential nomination is not all bad, because it revealed the fact that the breach took place.

While the leak is a huge embarrassment for the party as it prepares to nominate its presidential candidate, it's really mainly a problem for a few people who were most responsible and, therefore, probably deserved it.

What would have been worse is a breach that went undiscovered while the depths of the DNC's email were secretly mined indefinitely for information useful by its opponents, foreign or domestic. But perhaps more serious is the ongoing myth that email is somehow private or secret.

So let's put that misconception to rest immediately. Email is not secure and it's not private, and acting as though it is will only get you into a world of hurt. The DNC should have figured this out from the woes of Hillary Clinton and her now-public emails that gained her a shaming from the director of the Federal Bureau of Investigation (FBI).

In that case, former Secretary of State Clinton set up her own email server at her home, in an apparent effort to bypass federal archiving rules and to make her immune from Freedom of Information Act requests by the news media.

That effort backfired, and while her emails may not have been taken by hackers, they were taken by the FBI and subsequently released. While this was going on the DNC was operating its own email server and, as the released documents from WikiLeaks show, party officials were plotting the downfall of Clinton's only serious challenger. This time the email wasn't taken by the FBI but apparently by the Russian government, although so far that hasn't been proven entirely.

But the real issue isn't who took the emails, but rather the fact that they were taken. Once their contents were released it was clear the information in those emails had been treated with little respect by the people who compiled that archive of messages. Apparently, both the DNC and Clinton had just assumed that they would never come to light. So they had done nothing to protect them.

This is the lesson for everyone in government, business or private individuals. These two examples should show just how insecure email is and how badly it can affect your organization when it turns out that you guessed wrong about email security.

Fortunately, there are things you can do that will prevent email leaks that could embarrass you or damage your organization.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...