How safe were Hillary Clinton's emails?
That is the question security experts are asking after The New York Times reported that the former first lady and potential 2016 presidential nominee used a personal email account while serving as secretary of state.
Clinton did not have a government email address during her four years in the State Department, the Times reported. The news surfaced after Clinton's team handed over 55,000 pages of emails in an attempt to comply with State Department regulations.
Hillary Clinton’s Use of Private Email Draws ScrutinyMarch 3, 201502:01
It's not clear what security precautions Clinton took when setting up her personal email account as secretary of state. In 2011, Clinton told NBC News that she had "a lot of security restraints" on her personal email use.
It's important to know what those restraints were, said Michael Ryan, CEO of secure file transfer company South River Technologies.
"If she is just sitting down and logging into Google Mail or Hotmail over public Wi-Fi, that is much different than using a VPN to access a government server over an encrypted connection," Ryan told NBC News. "That is something that needs to be investigated."
Graham Cluley, a well-known independent security expert, agreed.
"We don't know what security Hillary Clinton had running on her personal email, how well it was kept up-to-date, what encryption systems she was using," Cluley said. "But it is hard to imagine that it would be as well thought through as that run by the U.S. State Department, responsible for securing the communications and systems of a key government department."
The "Texts from Hillary" meme might have provoked some laughs. But emailing on mobile devices in foreign countries carries risks — and Clinton traveled to 112 nations during her four years as secretary of state.
"In her role, she travels a lot to of different countries, and a lot of these countries have ways of intercepting information," Ken Westin, senior security researcher at Tripwire, told NBC News. "She has taken it upon herself to act as her own security department and that's very risky."
He wondered why government IT professionals allowed Clinton to use her personal email, noting that they are normally very strict about their security policies.
"Even Obama wasn't able to have an iPhone," he said.
If Clinton was at risk, Westin and Cluley said, then other government officials might have been in danger of having their own communications intercepted. They also could have been tricked into opening malware.
"We've seen plenty of instances where an unofficial email account has been compromised by hackers to dupe contacts into clicking on links or opening dangerous attachments," Cluley said.
Nationwide, private and public sector workers using their own accounts to talk about sensitive information or send sensitive files is a growing problem, Westin said. Clinton, however, was not an ordinary employee, which makes this latest news confusing to some security experts.
"I have a separate work and personal email account," Cluley said. "I don't understand why Hillary Clinton couldn't do the same."