Hillary Clinton did not encrypt her private email service with a digital certificate for the first three months of her tenure as secretary of State, according to a security research firm
After scanning Clinton’s domain, clintonemail.com, the security firm Venafi found that from January to March 2009, the domain had no digital certificate issued by an authority, which shows a site is secured.
“This means that during the first three months of Secretary Clinton’s term in office, web browser, smartphone and tablet communications would not have been encrypted,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, in a blog post.
According to Clinton’s travel records, she went to China, Egypt, Israel, Japan and South Korea, among other countries, during that time.
“Attackers could have eavesdropped on communications,” Bocek said. “As well, the server would not have been uniquely identified as being clintonemail.com and therefore could have been spoofed — allowing attackers to more easily trick an unsuspecting user of the site to hand over their username and password or other sensitive information.”
Clinton insisted Tuesday that “there were no security breaches” of her email and that the system had “numerous safeguards” in place.