WEEKEND READ: Hacking Sarah Palin

The hacking of Sarah Palin's email proves that it's not a good idea for politicians to use personal email accounts.

www.slate.com
Sometime on Tuesday, an unknown hacker gained access to gov.palin@yahoo.com, an email account that Sarah Palin has used for personal and possibly also state business in Alaska. The hacker posted the e-mail password to 4Chan, a discussion site known as a haven for Web "trolls," and for a brief while, Palin was an open book.

4Chan readers trudged through her inbox, saving screen shots of her correspondence with friends and supporters, a list of her frequent contacts, and pictures of her family. Then, a good Samaritan reset Palin's password, triggering a Yahoo security measure that alerted Palin to the breach. Soon after, gov.palin@yahoo.com and another account Palin has reportedly used to conduct official business – gov.sarah@yahoo.com – were deleted from Yahoo.

A few screen shots of the messages found in Palin's account have been posted online; they reveal nothing damaging about Palin, other than that she has a penchant for typing in ALL CAPS when exercised. ("Does he want someone OPPOSED to the life issue in Congress?" Palin wrote to Lieutenant Governor Sean Parnell.) In a statement sent to reporters on Wednesday, the McCain campaign called the incident "a shocking invasion of the Governor's privacy and a violation of law."

The Yahoo breach does raise a few questions about Palin's email habits. Why was she using a personal Yahoo account at all? Critics say she was taking a page from Karl Rove, who cooked up the idea of using an off-site email address to confound investigations of his activities in the Bush administration. (In 2007, the White House admitted that Rove and other officials used Republican National Committee addresses for some of their correspondence; as a result, the White House said it couldn't track down a trove of email messages requested by congressional investigators looking into those fishy US attorney firings.)

Palin's email policies do show a certain Rovian or perhaps Cheney-esque partiality for secrecy. The New York Times reported Sunday that shortly after she took office, Palin's aides discussed the benefits of using private email accounts, with one assistant noting that messages sent to Palin's BlackBerry "would be confidential and not subject to subpoena." In June, Andre McLeod, a Republican activist in Alaska, filed a public-records request for copies of all emails sent between two of Palin's aides, Ivy Frye and Frank Bailey. (McLeod had suspected the aides of various ethical violations.) Palin's office parted with four boxes of email, but it refused to disclose more than 1,000 other messages, claiming executive privilege.

Rovian tactics aside, Wednesday's hacking episode proves that it's rather boneheaded to put state business on Yahoo.

True, all email addresses are vulnerable to hacking. But Yahoo is a big target – lots of people spend a lot of time trying to crack Yahoo accounts. Do a quick search for "hack yahoo," and you'll be presented with myriad methods of attack. Alaska's private email system probably does not include a "Did you forget your password?" function. Yahoo, of course, does – and that function presents a key method of entry for hackers.

The forgotten-password system is all the more vulnerable for addresses belonging to public figures like Palin. When you forget your email address, Yahoo asks you a "challenge question" to verify your identity before giving you your password; because we know a great deal about Palin (her kids' names, her husband's favourite sport, her date of birth), the challenge question might not have been much of a challenge for the hacker. Indeed, that was the case in the other celebrity email theft of recent memory: Paris Hilton's cell phone was hacked because the thief knew that her pet Chihuahua was named Tinkerbell.

Palin likely won't be the last politician whose email gets hacked. Until now, this has been rare mainly because big-time pols don't e-mail – despite inventing the BlackBerry, McCain abstains from email, as do George W. Bush and Bill Clinton, who sent just two messages during his time in the White House (and one was a test email).

But other politicians are addicted to email: Barack Obama, Hillary Clinton, Mitt Romney, and Al Gore are always on their BlackBerrys. The BlackBerry is known to be tough to hack; that is, it's shown no major tech vulnerabilities that would allow easy access by intruders. But keeping all devices safe from attackers takes work – choosing strong passwords, changing them often, making sure you haven't left them lying around somewhere. Politicians are probably no better at that than you or I.

And we know all their pets' names.