Members of the House Oversight and Government Reform Committee plan to investigate the use of private email services at the White House, in the wake of news regarding Ivanka Trump’s email trail, and it may have some people asking, What’s the big deal?Maybe you’ve intentionally or accidentally sent an email containing work information from your Yahoo or Gmail account. To a Washington University in St. Louis cybersecurity expert, there is a reason many companies’ workplace rules forbid employees from sending work-related emails from a private account: security risks.
And the consequences of breaking the rules intentionally or accidentally can be all the more perilous when that employee works for the federal government.
“The security risk is really a loss of control over who has access to that info,” according to Patrick Crowley, professor of computer science & engineering at the Washington University School of Engineering & Applied Science.
Crowley, who is also the founder and chief technology officer of a cybersecurity firm, said there is always a risk that an employee can lose control over who has access to their information if it’s not sent over a secure email system. When a person sends an email using Yahoo, for instance, the email is first sent to a Yahoo server before being delivered to the intended recipient.
“If that third-party service got hacked and some criminal broke into their system and started stealing attachments, or an employee abusing privileges and sifting through emails, that would be bad,” Crowley said.
At work, however, an employee typically agrees to adhere to the rules about who owns what information, what can be shared outside of the company and what information must remain internal. There also is usually technology in place to detect when sensitive information has been wrongfully shared.
In contrast to a personal email account, Crowley said, “when you’re using work email and sharing work information, it’s generally subject to rules beyond your own personal judgement.”
For the the extremely special and sensitive case of federal employees and officials — particularly those who have access to or work with defense or intelligence operations — “the rules, expectations and indeed the laws around classification and who can share what information are very, very real.”
Crowley may be reached for further comment at firstname.lastname@example.org.