Did Clinton Camp Delete Emails Or Wipe Server? The Difference Matters
Hillary Clinton's private server is currently in the possession of the FBI. And while it has been reported that the server was "wiped," what actually happened remains unclear. But not because the term is so hard to understand from a technical standpoint. In fact, wiping is a straightforward process. It's very different from hitting the delete button. And if it happened, experts say, it'll hamper the FBI investigation.
We keep hearing from Clinton and her top brass: They don't know the difference between deleting an email and wiping a computer clean.
"What, like with a cloth or something?" Clinton said to reporters at a news conference last month. "I don't know how it works digitally at all."
Earlier this month, her press secretary, Brian Fallon, was on CNN. Correspondent Brianna Keilar was trying to pin down this very basic detail: Was the server wiped?
Fallon responded: "I don't know what wiped means. There's a — the emails were deleted. The emails were deleted."
You can delete emails. You can also wipe a server. You can do both. But Fallon did not say whether both happened. He did repeat a talking point: "I don't know what wiped means. Literally the emails were deleted off the server. That's true."
On March 19, members of Congress requested that Clinton make her server available for inspection by an independent third party. In response, her lawyer, David Kendall, wrote that no Clinton emails during her tenure at the State Department "reside on the server or on any back-up systems associated with the server." In an August letter, Kendall again stated the server "no longer contains data" from Clinton's email account.
He did not indicate whether the data was "deleted" or "wiped" in either correspondence.
A Distinction With A Difference
There's a big difference between the two. Let's start with what it means to delete.
Computer expert Angela Knox, with Cloudmark, says a computer is like a library with a bunch of files — or books — in it. "You know which shelf the book you're looking for is on by looking at the index of the library," she explains.
Books are stored in the back. Index cards at the front counter tell you where exactly. And if people throw a card in the trash, "they're not actually deleting the book from the library. They're just deleting it from the index."
To get rid of a file altogether, you have to overwrite or wipe it. Let's use another analogy. A computer stores data in bits — all 1s and 0s. It's like a row of lightbulbs that are either on or off.
"The pattern on which they're on or off tells you something," Knox says. It tells you the specific characters and sentences in a file, the font, when the file was created and modified, which users accessed it.
"When you want to wipe out that information, you could either turn all the lights off, or you could turn all the lights on, or you could just add a random pattern of on and off lights over the top, and then you wouldn't know what was there before," she says.
(Note: When you switch the lightbulbs off, some will still be warm. That's why adding a random pattern is important.)
The more you write over with a bunch of 1s and 0s, the harder it is to know the original 1s and 0s — the emails, the Word documents, the Excel spreadsheets. If you wipe several times, Knox says, "It will be almost impossible for anybody to collect any data from that drive."
Way More Than Classified Emails At Stake
It turns out, any data means a whole lot more than emails.
Dave Aitel is a former employee of the National Security Agency and currently CEO of the security firm Immunity. He has a prediction about what the FBI is investigating: "It's really probably less about the content of the emails, and more about looking for traces of intrusion on the server itself."
Hackers from Russia or China, he says, could have targeted Clinton and sent her innocent-looking emails with malicious software attached to break in.
The FBI's ability to investigate depends on how the data was removed. Aitel explains:
Clinton's lawyer has stated there's no evidence a breach occurred. But her campaign declined to provide NPR with any details about how the server was protected.
Aitel says Clinton's server was more vulnerable to attack than ones in the State Department because the private server didn't have access to a major federal program called Einstein. It can't stop all attacks, but the cyber-defense effort has blocked a lot of them by looking for intrusions and sending alerts to public agencies.
"There's reasons you don't hire FedEx to move your top secret material around. They don't have the capability to protect it," Aitel says.
He says given all the hacks that have happened — Target, Sony Pictures, the Office of Personnel Management — the next president needs to understand cybersecurity issues, not shrug at the difference between deleting and wiping.
An Enigmatic Statement
A former State Department employee who worked on Clinton's server, Bryan Pagliano, says he will invoke the Fifth Amendment in response to congressional inquiries about his services to her.
Clinton subsequently hired the IT company Platte River Networks to manage the server. Public statements from that firm have been enigmatic. Spokesman Andy Boian told NPR: "Platt River Networks has no knowledge of the server being wiped." Interestingly, however, he was unwilling to say that no one at Platte River wiped the server. (Boian also told The Washington Post: "All the information we have is that the server wasn't wiped.")
"It certainly begs the question why won't you confirm that," says Robert Hansen, a vice president at WhiteHat Security. "If you'll admit you have no knowledge of it, why won't you admit no one has done it?"
It could be nothing; or it could be that a manager told an underling, "Sure would be nice if that server got wiped, but I'm not telling anyone to do it."
The public does not know. Hansen says there's a good chance the Clinton campaign does.
Copyright 2020 NPR. To see more, visit https://www.npr.org.