By Margaret Wright
— The federal indictment on Thursday, May 30 of Jamie Estrada, Gov. Susana Martinez’ former campaign staffer, reveals how easy it is for otherwise savvy people to be screwed over without careful technical management of their online presence.
It’s likely Estrada’s legal fate will hinge on technical considerations, which I think could be fascinating: There’s not a lot of existing case law when it comes to website hijacking.
Here’s the unfortunate scenario mapped out by the indictment. (Estrada, who is accused of hijacking the governor’s website and lying about it, is innocent until proven guilty.)
As Martinez’ campaign manager, Estrada had the username and password for the domain registration of Susana2010.com. When Estrada left the campaign in December 2009—the guv says he was fired, which he disputes— Martinez asked him to hand over the access info associated with the site. The indictment doesn’t say whether he complied at that time.
After she was inaugurated in January 2011, Martinez and members of her staff continued to use email accounts attached to the campaign website. They did so until July of that year, when they got word that emails sent to Susana2010.com addresses were being bounced back to the sender.
Apparently the website domain, hosted by GoDaddy.com, had expired, but no one could remember the username or password to renew it. The indictment indicates staff contacted Estrada for the information, which he “refused to provide.”
Michael Corwin, a private investigator who worked for Gov. Bill Richardson, has devoted the resources of his political action committee to digging up dirt against the Martinez administration. That dirt included emails leaked from an anonymous source.
One email showed employees from the state education department were directed to create a list of nonunion public school teachers for Martinez’ political adviser Jay McCleskey. It raised ethics questions about public employees using public resources for political activities.
Others revealed inside details about the bidding process for the Downs of Albuquerque racino lease—a deal the Martinez administration says was fair and legal.
In a statement posted on his PAC website the day Estrada was indicted, Corwin pointed out that none of the 12 emails in the indictment were related to official government business.
The indictment says Estrada illegally obtained private emails from accounts associated with the website after he got word that the domain had expired and no one in Martinez’ camp could remember how to access it. It alleges that he used the original username and password to re-register the domain with a pre-paid credit card, then changed the email account settings so incoming mail was filtered into a Gmail account he controlled.
Corwin has said all along that the emails leaked were accessed legally after GoDaddy auctioned off the expired domain. In a post-indictment statement, Estrada said he’d done nothing illegal or improper.
If information in the indictment turns out to be verifiable, though, Estrada’s attorneys may have their work cut out for them—especially if the FBI was able to tap GoDaddy’s records about what went down.
I’m no tech expert—any readers who are, please feel free to chime in here—but is it likely that the email accounts associated with the domain would still be active if it was expired and auctioned off, part and parcel? The indictment says Estrada used the original domain username and password—again, not to buy the site at auction but to re-register it.
One of the other juicy details revealed in emails leaked to Corwin was that executive branch officials regularly conduct official government business using private email accounts. Using private email for public business isn’t illegal, but it can look shady. If a public official really wanted to hide wrongdoing, he or she could do so by avoiding use of their government communications accounts.
Past governors often didn’t use their official email. And as a secret recording of Martinez’s Chief of Staff Keith Gardner revealed last year, many other top operatives don’t either.
Attorney General Gary King has said that private emails are fair game for public records inspection requests if they involve government business—but as Santa Fe Reporter Editor-in-Chief Alexa Shirtzinger pointed out in an online chat with Compass editors, “That’s just the AG’s interpretation. That’s not settled in court, that’s not a law, so it could be up for debate.” Government regs, which still lag behind our Internet-connected, digital reality, aren’t clear when it comes to the use of private email.
In a statement responding to the charges against Estrada, Gov. Martinez pointed out that cybercrime and identity theft affect thousands of New Mexicans every year.
Emailgate may serve as a lesson to all of us. Anyone who isn’t careful about keeping digital passwords and usernames secure leaves their personal information at risk. And anyone—including high-powered members of political and business elite—can have their online brand wrested out of their control if they don’t keep track of boring but basic details like the expiration date of their website domain registration.