Ask HN: How does the White House prevent Obama's emails from being forwarded?

10 points by fuzzmeister ↗ HN
A recent CNN article describing Obama's new email device had this line: "According to a report in the New York Times, security precautions make it impossible to forward an e-mail from the president."

Does anyone have a guess as to how this works? Perhaps the emails are viewed through a web browser? In any case, it would seem that the analog hole defeats the purpose of the security measure.

10 comments

[ 3.3 ms ] story [ 32.2 ms ] thread
Probably Information Rights Management in Outlook (Office):

http://office.microsoft.com/en-us/help/HA101029181033.aspx

I have no inside knowledge, though, but I doubt they built their own system.

And you can still take a screenshot with a third-party program, and myriad of other ways to get around it. If you read it on the screen, you can forward it -- just takes a little more work.

I think their concern is only aimed toward accidental forwarding of mail anyway, which IRM would take care of. If someone wants to leak info, it's really no longer an IT security issue.
(comment deleted)
I doubt they implement or worry about technology to absolutely prevent anything the president ever emails from ever leaving the office. Copy + Paste into a new email solves that pretty cleanly.

The issue however, is what if someone unknowingly or accidentally forwards something the president wrote? There's easy-to-setup and use technology in pretty much all mail servers to check for and prevent that.

(I'd find it super neat however, if there were a program that took all of the president's emails and inserted extra random spaces/punctuation/etc. so that if there WERE leaks, they'd be identifiable.)

Rather than preventing the emails from ever being forwarded, all incoming emails are probably filtered against a white-list of "accepted" addresses. Otherwise, the emails are probably discarded. So, even if his "private" email address gets out, it doesn't matter. They'd change it, but only to stop people flooding the email server.
They only let him email people with iPhones. That way they fix the copy+paste hole.
(comment deleted)
I bet they told the handful of people who have his email address "Of you every forward a message you will no longer be able to email the President".

That would probably work well enough.

It's never impossible to forward an email. Heck, you can simply take a screenshot and forward that along (or even write down the contents and re-type it). A forwarded email is just as suspect as a screenshot that can be photoshopped.

I think the way that they prevent it is that you'll get fired if you do it. People who work in the White House are usually people who a) want the sitting president to do well and b) want a career path that will get them to even better things than they're at now. A big Obama supporter isn't going to forward an email that might be embarrassing unless it's something like an order for human children to be served at a banquet. Likewise, if you want to someday become a congressperson or become a big(er) deal in DC, you don't want to get a reputation as "that guy that spews everything you don't want public".

So, really, you only need slight precautions to make sure that email isn't forwarded. The kind of precautions that would let a hacker easily bypass it, but you wouldn't accidentally forward something.