Ed. note: I generally avoid politics on Blog Fiasco, and this post is about the technical angle more than any political implications. The comments section will be moderated accordingly.
It seems that when Hillary Clinton was secretary of state, she used a personal email address instead of a .gov. While this was apparently legal at the time she held that office, it’s not good. For one, using the same account for both personal and business email is a bad idea (full disclosure: I used to do that. More on that later.) If email records for one need to be obtained (e.g. as evidence in a court action), messages for the other will at least be examined and may find themselves caught up in the same net. It also makes it harder to stop being at work when you’re not at work. (Of course, high-ranking government officials rarely get such opportunity.)
For public office holders, there’s an additional dimension. Public records are an important part of our history and our democratic and legal processes. When records such as emails are outside the purview of the appropriate custodians, it’s much easier for them to become intentionally or accidentally lost.
Again returning to the general case, every such incident is a indictment of the services the business offers. My first foray into using an external email service was in my first job. I had a lot of automated and non-automated email and the University’s mail system didn’t offer me much room. I created a dedicated GMail account to serve as a storage and search facility for old messages.
In a later role, I had roughly 50x as many machines, plus commit messages from our Subversion server, Nagios alerts, and the like. So, like many of my colleagues, I forwarded my work email to my personal GMail account in order to take advantage of the powerful filtering.
I didn’t have to deal with sensitive information as part of my daily work, but others on campus did. There were frequent discussions in various circles expressing concern about allowing users to forward email to arbitrary, potentially poorly-maintained mail servers (this concern never went so far as to actually disable the ability to set a forwarding address).
In most cases, people who forwarded their email off campus were doing so to overcome a perceived pain of using the campus systems. I don’t know why Hillary Clinton used a private email address, but I’m sure it was due to some perceived shortcoming (technical, usability, or political) in what the State Department made available. When we discover shadow IT systems, the best response is to figure out what drove the user away from our service in the first place.