Reckless users and antiquated technology represent the federal government's most critical cybersecurity vulnerabilities, House Oversight Chairman Rep. Jason Chaffetz said on Wednesday, a problem he said was exemplified by Hillary Clinton's practice of buying Blackberry devices from eBay.
"We have a huge problem with personnel," Chaffetz said at a forum in Washington, D.C. "I don't want to get into this too much, but part of what was happening with the secretary of state was, she was acquiring technology that wasn't even supported by Blackberry. You couldn't buy it. She was actually buying this stuff off of eBay because somebody was selling their old machine. That's what she liked, so she did. It creates this huge vulnerability. And it's unnecessary."
Notes released on Friday by the FBI revealed that Clinton used 13 personal devices as secretary of state, including eight Blackberrys. Chaffetz, a Utah Republican, is leading a congressional investigation into information the agency obtained from Clinton during an inquiry into her personal network setup.
Chaffetz's remarks, delivered during an appearance at the American Enterprise Institute, came the same day his committee released a report detailing failures that led up to a breach at the Office of Personnel Management in 2015.
He added that the same conditions enabling that breach still exist across the federal government, fueled fundamentally by old technology and too many people who have access to critical systems. "One of my concerns at the Department of Education is, you have more than 90,000 people authorized to go into the system. Tell me all 90,000 of them have a clean bill of health. That's just not realistic.
"If someone were to fire missile at us, we'd fire a missile back," Chaffetz said. "So if we know a hack is happening at a particular location, and we can pinpoint it, what do you do about it? What do you about it if it's coming out of Russia? I don't know, but we've got to prosecute this.
"I think the administration's sending all the wrong signals," Chaffetz added. "When you take all this classified information at the State Department, and you take four years of federal records, and you put them in a nonsecure location, you give 10 people or so access to all this information who don't have the proper security clearance, what do you think is going to happen?"