It is a matter of generally accepted practice that when a security professional discovers an exploit in, say, Internet Explorer, the exploit is reported to Microsoft first, giving them a chance to fix the bug. In this way, information about the exploit isn't made public before a patch can be created in the software and users' systems updated with the fixed defensive measure.

Unfortunately, there have been times when tech companies have disregarded critical bug reports from security professionals. In these cases, security professionals have released information to the public as a way to force the bugs to be fixed. Obviously, it's a risk, because then there's an arms race: will the bad guys release an exploit into the wild before the software can be patched to defend against it?

I've debated a similar issue in writing this article series. I've exposed some serious vulnerabilities in how the White House manages email. Unfortunately, based on analysis I did over time, reading over press briefings, Congressional testimony, tracing email flow, and looking at the history of email use at the White House, it became clear just how unlikely it is that any administration will fix their email problems without outside pressure.

Given that we reach more email professionals than any other vehicle, it seemed prudent to publish this series and inform the experts. With an informed expert populace, some of whom work on IT systems for the government, it seemed far more likely that improvements could be made to a clearly broken system.

There's always a balance between too much disclosure and necessary disclosure. The U.S. House Permanent Select Committee on Intelligence performs oversight of the American intelligence community. Much of what they discuss must, of necessity, remain behind closed doors. In this case, there's oversight, but also security. And that's how it should be.

Likewise, while it's important that all White House email be archived, and some of that email be available for disclosure, some may always need to remain secret.

Root causes
After detailed examination, we've determined that there are three root causes for the identified problems with White House email: the nature of politics, the Hatch Act of 1939, and no coherent, administration-spanning IT operations directorate.

The nature of politics
Ain't nothin' going to fix the nature of politics, but the other two stand a chance of correction. In fact, it's our conclusion that both the Hatch Act and a lack of a professional IT agency feed off each other, creating the situation we now find ourselves in.

The Hatch Act of 1939
The Hatch Act is a strange beast. It was originally created as a way to prevent federal employees from joining any organization whose goals included the overthrow of the United States government.

Today, the Hatch Act allows Federal employees to participate in political parties, but prohibits them from engaging in political activity while on duty. The goal behind the use of the Hatch Act was quite honorable, and its goal of preventing federal funds from being used for political purposes is laudable.