Anyone who has ever worked in IT has had at least one client who has worn their nerves down to fiery nubs; someone they had a difficult time empathizing with for lack of understanding of how computers and computer resources work. Those people, the kind who genuinely believe shutting off a monitor also powers down a separate CPU, are why I never pursued a career in tech support. It also happens to be why I never wanted to be an elementary school teacher. I barely contain the patience to troubleshoot computer issues with people I wholeheartedly care about, much less professional acquaintances.
While it may seem like quixotic nitpicking to be paying so much attention to some e-mails, Bryan Pagliano took an immunity deal and has now pled the Fifth. And while Hillary Clinton may genuinely believe that using a private server for potentially (but currently unconfirmed as so) “sensitive” State Department e-mail is no big deal, any IT professional would know better. Pagliano knows that the server was vulnerable even if his client may not have fully understood the implications of what she hired him to do.
If you are concerned with information privacy, you need to accept one inalienable truth regarding electronic information: if a device is connected to any communication line, it is vulnerable. Period. The most sophisticated security system in the world can not hedge all possible attacks. The only safe assumption in information security is that there exists at minimum primordial ideas capable of breaching any system. That being said, there are precautions that can at least bring the possibility of a breach down to as close to zero as technology permits. Third-party standards adoption and auditing can be expensive, but common for larger enterprises whose reputation relies on the safety and privacy of their users’ information. Google, for instance, boasts security compliance for seven different standards as well as EU data protection contract clauses. Google also operates at least 15 data centers and infamously recruits only the best and brightest personnel the world has to offer.
These are resources neither Clinton nor Pagliano would have for a “discrete” set-up of a private server. It would be fair to assume that it was simply beyond the capacity of Pagliano, or Clinton’s private budget, to as rigorously maintain and audit the security of a home server against just the one set of standards they were obligated to meet, DITSCAP. Under Department of Defense standards at the time, it really wouldn’t matter whether or not any e-mail was actually hacked as long as it can be established that State Department information had at one point existed on these servers. If the server wasn’t compliant, the wrongdoing was that it wasn’t compliant even if Clinton was just sending cat pictures to diplomats with captions about how they look like other diplomats. And the Federal compliance police do not mess around. The legal measures Pagliano has taken during this investigation would all but confirm that he knows this.
Ultimately, I feel bad for this man. Even if an indictment never comes to fruition based on his testimony, if this case were to result in Hillary Clinton losing the nomination, or worse, losing the General Election to Trump, he’d be making some very powerful enemies. Pagliano is in a lose-lose situation with the granddaddy of nightmare client scenarios. At best his reputation is mud. I wouldn’t even want to indulge a worst case scenario.
Edited 6/3/16 for clarity.