A public records request submitted by IndyStar showed that Mike Pence used his personal AOL account, which was hacked, to discuss security issues with top advisors while he was governor of Indiana.
A recent report from The Indianapolis Star (IndyStar) claims that US Vice President Mike Pence used a private, personal AOL email account to discuss issues of homeland security and other sensitive topics. The report, published Thursday evening, was based on emails released via a public records request, and claims that Pence's personal email account was also hacked in the summer of 2016.
The use of personal email accounts to conduct official government business was one of the most contentious issues of the recent US presidential election, when GOP candidates strongly criticized Hillary Clinton's use of a private email server while she was secretary of state. Being that US president Donald Trump and Pence were so vehemently opposed to Clinton's actions, it's interesting that Pence pursued similar behavior.
Questions of Pence's email use arose back in late 2016, when he was involved in a legal battle over keeping his email private. The Indianapolis Star's recent report sheds light on what was discussed over Pence's personal email account, which included "topics ranging from security gates at the governor's residence to the state's response to terror attacks across the globe," the report said.
The biggest issues presented by the revelations are those of security and transparency. Personal email accounts are often more vulnerable to cybersecurity attacks than those provided by the government or corporate IT. Additionally, as noted in the report, using a personal email address means that Pence's emails weren't as readily accessible via a public records request.
According to the report, the office of current Indiana governor Eric Holcomb made some 29 pages of Pence's AOL emails available, "but declined to release an unspecified number of others because the state considers them confidential and too sensitive to release to the public."
The following response was issued by Pence's office:
"Similar to previous governors, during his time as Governor of Indiana, Mike Pence maintained a state email account and a personal email account. As Governor, Mr. Pence fully complied with Indiana law regarding email use and retention. Government emails involving his state and personal accounts are being archived by the state consistent with Indiana law, and are being managed according to Indiana's Access to Public Records Act."
Despite the alarm that can be raised, cybersecurity expert and president of IP Architects, John Pironti, said that there should be a relative response to the information presented.
"He still followed the archive requirements, he still followed the retention requirements," Pironti said. "What he didn't recognize from what it seems, I don't know factually, is the understanding that certain systems have built-in security measures and capabilities and others don't. Not all email is created equal."
Other cybersecurity experts cited in the Indianapolis Star report were divided on whether or not Pence's actions are worth comparing to Clinton's. Some said that the two actions were very different, and noted that Pence would not have had access to the same kind of federally classified information that Clinton did when she was secretary of state. Pironti said that it's an issue of asset classification, noting that Clinton's information was confirmed to be "classified," while there isn't an indication that the information in Pence's emails was. Others, however, said it was "hypocritical" to consider the cases any different.
Pence's use of a personal email account to conduct state business isn't the first communication scandal for the current administration. In late January 2017, a report claimed that Trump was using an unsecured smartphone while in office, and it was also reported that Trump administration aides were communicating over encrypted messaging apps, possibly violating federal record-keeping laws.
The report highlights key issues for IT leaders regarding corporate email security as well. Along with executive support, IT should craft a corporate email policy that explains what kind of business can be conducted on which accounts and whether or not a personal email account will be supported at all.
Pironti said that business leaders should remember that "personal email accounts, they will be attacked, they will be compromised. Especially in broad spectrum attacks, like the AOL attack and things like that, even if they're not targeted just for them."
The 3 big takeaways for TechRepublic readers
- While serving as governor of Indiana, Mike Pence used a private, personal AOL email account to discuss issues of homeland security, the Indianapolis Star reported.
- Pence's account was hacked in 2016, and raised concerns about its similarity to Hillary Clinton's use of a private email server.
- The news highlights the need for organizations and businesses to write a corporate email policy and work with executive leadership to determine communications policies.
- Will Trump immigration ban affect tech skill shortages at your company? (TechRepublic)
- Trump aides' use of encrypted messaging may violate records law (ZDNet)
- A data visualization of Trump trends on social media (TechRepublic)
- Trump appoints Pai to head FCC and beat-down net neutrality (ZDNet)
- President Trump using unsecured Android phone in office, report says (TechRepublic)