Email Security Lessons from Gov. Sarah Palin

After Sarah Palin's email account was breached, the McCain campaign promised swift retribution. The hammer of justice fell last week on David Kernell, the son of a Tennessee state lawmaker. The 20 year-old University of Tennessee student accessed Palin's email account by successfully guessing a number of password reset questions, the answers to which were easily found online ("Where did you meet your spouse?" was among them).

Kernell might've gotten away with the crime too, but for the fact that he shared all the sordid details of his illegal Internet intrusion on the popular website 4chan.org, which is a haunt for weird web addicts of all sorts. After he changed Palin's password to "popcorn," many other 4chan enthusiasts accessed the account as well. That's when it started to get messy. As the snowball effect took hold over the story, the FBI and Secret Service got word and got cracking. It apparently wasn't hard to crack the case; authorities were searching Kernell's apartment within days of the leak. An indictment wasn't handed out until last week, and Kernell turned himself in to Federal Court.

Yes, Palin's email security was compromised. Yes, it was an unwanted breach of Palin's privacy. Yes, it was a dumb move by a bored college kid. But was it a "hack?" No. Was it anything other than a geeky student exploiting Yahoo's awful security standards for free email? No. There are two clear lessons to draw from this leak. First, if you're a politician it's best to stick with protected email courtesy of Uncle Sam. That's a no-brainer. If you are going to do it, at least pick a service with a little bit of security behind it (like Gmail). Not only is it illegal to conduct government-related communication on anything other than official email accounts, it is also incredibly risky. In Palin's case, she set herself up for easy poaching by not keeping the alternate email address under extremely tight wraps.

The second lesson is perhaps the more fundamental one -- always keep your identity verification information extremely personalized, in case your secret under-the-table email address gets leaked. Kernell correctly guessed that Sarah and Todd Palin met at "Wasilla High," though it admittedly took him a "few tries." Even Joe Six-pack could have figured that one out, since Palin's life history has been an open book since she was announced as Sen. McCain's VP nominee. The ID verification answer should have been something that only Gov. Palin would know (favorite teacher, frequent flier mile ID, etc.).

But the real question that begs asking is this: why do figures like Palin use private email for official business? Perhaps there are nefarious deals that require an incognito approach to communication; perhaps not. Perhaps she simply likes Yahoo. The point, though, is clear -- politician or not, it's always important to keep personal email accounts secure. You never know who might be looking.

- Brendan Collins

Add New Comment

0 Comments