WashU Expert: Work vs. private email — even at the White House
Employees can lose control over who has access to their information if it’s not sent over a secure email system
Members of the House Oversight and Government Reform Committee plan to investigate the use of private email services at the White House, in the wake of news regarding Ivanka Trump’s email trail, and it may have some people asking, What’s the big deal?
Maybe you’ve intentionally or accidentally sent an email containing work information from your Yahoo or Gmail account. To a Washington University in St. Louis cybersecurity expert, there is a reason many companies’ workplace rules forbid employees from sending work-related emails from a private account: security risks.And the consequences of breaking the rules intentionally or accidentally can be all the more perilous when that employee works for the federal government.
“The security risk is really a loss of control over who has access to that info,” according to Patrick Crowley, professor of computer science & engineering at the Washington University School of Engineering & Applied Science.
Crowley, who is also the founder and chief technology officer of a cybersecurity firm, said there is always a risk that an employee can lose control over who has access to their information if it’s not sent over a secure email system. When a person sends an email using Yahoo, for instance, the email is first sent to a Yahoo server before being delivered to the intended recipient.
“If that third-party service got hacked and some criminal broke into their system and started stealing attachments, or an employee abusing privileges and sifting through emails, that would be bad,” Crowley said.
“We only want to share information that’s appropriate to share,” Crowley said. “When someone is using a personal email account to share personal news or information, it is up to that person to decide what’s appropriate.”
At work, however, an employee typically agrees to adhere to the rules about who owns what information, what can be shared outside of the company and what information must remain internal. There also is usually technology in place to detect when sensitive information has been wrongfully shared.
In contrast to a personal email account, Crowley said, “when you’re using work email and sharing work information, it’s generally subject to rules beyond your own personal judgment.”
For the extremely special and sensitive case of federal employees and officials — particularly those who have access to or work with defense or intelligence operations — “the rules, expectations and indeed the laws around classification and who can share what information are very, very real.”
Crowley may be reached for further comment at pcrowley@wustl.edu.
The McKelvey School of Engineering at Washington University in St. Louis promotes independent inquiry and education with an emphasis on scientific excellence, innovation and collaboration without boundaries. McKelvey Engineering has top-ranked research and graduate programs across departments, particularly in biomedical engineering, environmental engineering and computing, and has one of the most selective undergraduate programs in the country. With 165 full-time faculty, 1,420 undergraduate students, 1,614 graduate students and 21,000 living alumni, we are working to solve some of society’s greatest challenges; to prepare students to become leaders and innovate throughout their careers; and to be a catalyst of economic development for the St. Louis region and beyond.
