Throughout the course on the Clinton emails scandals, she and her supporters have claimed she did no wrong that prior Secretaries hadn’t done, that she asked for and got permission to use her private server, that if she did do anything wrong they were simply inadvertent errors.
Now that the IG’s report has been released, we discover that those were all lies, and her server situation was at least in part motivated by a desire to avoid the requirements of the FOIA.
Secretary Clinton:By Secretary Clinton’s tenure, the Department’s guidance was considerablymore detailed and more sophisticated. Beginning in late 2005 and continuing through 2011, the Department revised the FAM and issued various memoranda specifically discussing the obligation to use Department systems in most circumstances and identifying the risks of not doing so. Secretary Clinton’s cybersecurity practices accordingly must be evaluated in light ofthese more comprehensive directives.Secretary Clinton used mobile devices to conduct official business using the personal email account on her private server extensively, as illustrated by the 55,000 pages of material making up the approximately 30,000 emails she provided to the Department in December 2014.Throughout Secretary Clinton’s tenure, the FAM stated that normal day-to-day operations should be conducted on an authorized AIS, yet OIG found no evidence that the Secretary requested or obtained guidance or approval to conduct official business via a personal email account on her private server. According to the current CIO and Assistant Secretary forDiplomatic Security, Secretary Clinton had an obligation to discuss using her personal email account to conduct official business with their offices, who in turn would have attempted to provide her with approved and secured means thatmet her business needs. However, according to these officials, DS and IRM did not—and would not—approve her exclusive reliance on a personal email account to conduct Department business, because of the restrictions in the FAM and the security risks in doing so.During Secretary Clinton’s tenure, the FAM also instructed employees that they were expected to use approved, secure methods to transmit SBU information and that , if they needed to transmit SBU information outside the Department’s OpenNet network on a regular basis to non-Departmental addresses, they should request a solution from IRM. However, OIG found no evidence that Secretary Clinton ever contacted IRM to request such a solution, despite the fact that emails exchanged on her personal account regularly contained information marked as SBU.Similarly, the FAM contained provisions requiring employees who process SBU information on their own devices to ensure that appropriate administrative, technical, and physical safeguards are maintained to protect the confidentiality and integrity of records and to ensure encryption of SBU information with products certified by NIST. With regard to encryption, Secretary Clinton’s website states that“robust protections were put in place and additional upgrades and techniques employed over time as they became available, including consulting and employingthird party experts.” Although this report does not address the safety or security of her system, DS and IRM reported to OIG that Secretary Clinton never demonstrated to them that her private server or mobile device met minimum information security requirements specified by FISMA and the FAM.In addition to interviewing current and former officials in DS and IRM, OIG interviewed other senior Department officials with relevant knowledge who served under Secretary Clinton, including the Under Secretary for Management, who supervises both DS and IRM; current and former Executive Secretaries; and attorneys within the Office of the Legal Adviser. These officials all stated that they were not asked to approve or otherwise review the use of Secretary Clinton’sserver and that they had no knowledge of approval or review by other Department staff. These officials also stated that they were unaware of the scope or extent of Secretary Clinton’s use of a personal email account, though many of them sent emails to the Secretary on this account.…OIG did find evidence that various staff and senior officials throughout the Department had discussions related to the Secretary’s use of non-Departmentalsystems, suggesting there was some awareness of Secretary Clinton’s practices. For example:• In late-January 2009, in response to Secretary Clinton’s desire to take her BlackBerry device into secure areas, her Chief of Staff discussed with senior officials in S/ES and with the Under Secretary for Management alternative solutions, such as setting up a separate stand-alone computer connected to the Internet for Secretary Clinton “to enable her tocheck her emails from her desk.” The Under Secretary’s response was “the stand-alone separate network PC is [a] great idea” and that it is “the best solution.” According to the Department, no such computer was ever set up.• In November 2010, Secretary Clinton and her Deputy Chief of Staff for Operationsdiscussed the fact that Secretary Clinton’s emails to Department employees were not being received. The Deputy Chief of Staff emailed the Secretary that “we should talk about putting you on state email or releasing your email address to the department so you are not going to spam.” In response, the Secretary wrote, “Let’s get separate address or device but I don’t want any risk of the personal being accessible.” (bolding added)• In August 2011, the Executive Secretary, the Under Secretary for Management, and Secretary Clinton’s Chief of Staff and Deputy Chief of Staff, in response to the Secretary’s request, discussed via email providing her with a Department BlackBerry to replace her personal BlackBerry, which was malfunctioning, possibly because “her personal email server is down.” The then-Executive Secretary informed staff of his intent to provide two devices for the Secretary to use: “one with an operating State Department email account (which would mask her identity, but which would also be subject to FOIA requests), and another which would just have phone and internet capability.” In another email exchange, the Director of S/ES-IRM noted that an email account and address had already been set up for the Secretary and also stated that“you should be aware that any email would go through the Department’s infrastructure and subject to FOIA searches.” However, the Secretary’s Deputy Chief of Staff rejected the proposal to use two devices, stating that it “doesn’t make a whole lot of sense.” OIG found no evidence that theSecretary obtained a Department address or device after this discussion.• OIG identified two individuals who provided technical support to Secretary Clinton. Thefirst, who was at one time an advisor to former President Clintonbut was never a Department employee, registered the clintonemail.com domain name on January 13, 2009. The second, a Schedule C political appointee who worked in IRM as a Senior Advisor from May 2009 through February 2013, provided technical support for BlackBerry communications during the Secretary’s 2008 campaign for President. OIG reviewed emails showing communications between Department staff and both individuals concerning operational issues affecting theSecretary’s email and server from 2010 through at least October 2012. For example, in December 2010, the Senior Advisor worked with S/ES -IRM and IRM staff to resolve issues affecting the ability of emails transmitted through the clintonemail.com domain used by Secretary Clinton to reach Department email addresses using the state.gov domain.• Two staff in S/ES-IRM reported to OIG that, in late 2010, they each discussed theirconcerns about Secretary Clinton’s use of a personal email account in separate meetings with the then-Director of S/ES-IRM. In one meeting, one staff member raised concerns that information sent and received on Secretary Clinton’s account could contain Federal records that needed to be preserved in order to satisfy Federal recordkeeping requirements. According to the staff member, the Director stated that the Secretary’s personal system had been reviewed and approved by Department legal staff and that the matter was not to be discussed any further. As previously noted, OIG found no evidence that staff in the Office of the Legal Adviserreviewed or approved Secretary Clinton’s personal system. According to the otherS/ES-IRM staff member who raised concerns about the server, the Director stated that the mission of S/ES-IRM is to support the Secretary and instructed the staff never to speak of the Secretary’ s personal email system again.• On January 9, 2011, the non-Departmental advisor to President Clinton who provided technical support to the Clinton email system notified the Secretary’s Deputy Chief of Staff for Operations that he had to shut down the server because he believed “someone was trying to hack us and while they did not get in i didnt [sic] want to let them have the chance to.” Later that day, the advisor again wrote to the Deputy Chief of Staff for Operations, “We were attacked again so I shut [the server] down for a few min.” On January 10, the Deputy Chief of Staff for Operations emailed the Chief of Staff and the Deputy Chief of Staff for Planning and instructed them not to email the Secretary “anything sensitive” and stated that she could“explain more in person.”
That is the main portion relevant to Clinton, although there is a lot more bad stuff concerning her in the report.
Now on to what intelligence professionals think of it, this is a portion of an open letter to Obama:
...She knew the rules and yet as Secretary she handled classified information carelessly after a deliberate decision to circumvent normal procedures for its safeguarding, thus making it vulnerable to foreign intelligence, as well as to criminal hackers.
Anyone who has ever handled classified material knows that there are a number of things that you do not do. You do not take it home with you, you do not copy it and share it with anyone who does not have a clearance and a need-to-know, you do not strip off the classification marks and treat it as unclassified, and you do not transfer it to another email account that is not protected by a government server.
If you have a secured government computer operating off of a secure server that means that what is on the computer stays on the computer. This is not a matter of debate or subject to interpretation. It is how one safeguards classified information, even if one believes that the material should not be classified, which is another argument that has been made in Clinton’s defense. Whether or not the classification is unnecessary is not your decision to make.
Apart from the guidelines for proper handling of classified information, outlined in Executive Order 13526 and 18 U.S.C Sec. 793(f) of the federal code, there is some evidence of a cover-up regarding what was compromised. This itself would be a violation of the 2009 Federal Records Act and the Freedom of Information Act.
Numerous messages both in New York and in Washington have reportedly been erased or simply cannot be found. In addition, the law cited above explicitly makes it a felony to cut and paste classified information removing its classification designation. Retaining such information on a private email system is also a felony. In one of Secretary Clinton’s emails, she instructed her staff simply to remove a classification and send the information to her on her server.
So the question is not whether Secretary Clinton broke the law. She did. If the laws are to be equally applied, she should face the same kind of consequences as others who have been found, often on the basis of much less convincing evidence, guilty of similar behavior. (bolding added)
Possibly Still Worse Ahead
You might give some thought, Mr. President, to a potentially messy side of this. What is already known about NSA’s collect-it-all electronic practices over the past several years strongly suggests that NSA, and perhaps the FBI, already know chapter and verse. It is virtually certain they know what was in Secretary Clinton’s emails – including the ones she thought she had deleted. It is likely that they have also been able to determine which foreign intelligence agencies and other hackers were able to access the emails.
One ignores this at one’s peril. Secretary Clinton’s security violations can have impact not only on whether she becomes your successor, but also on whether she would, in that case, be beholden to those who know what lies hidden from the rest of us – perhaps even from you.
Intelligence professionals (in contrast to the occasional political functionary) take the compromise of classified information with utmost seriousness. More important: this is for us a quintessentially nonpartisan issue. It has to do, first and foremost, with the national security of the United States.
We are all too familiar with what harm can come from blithe disregard of basic procedures designed to protect sensitive intelligence and other national security information. Yes, the lamentable unevenness in how such infractions are handled is also an important issue – but that is not our main focus in the present context.
The Truth Will Out
Not all workers at the NSA or the FBI are likely to keep their heads in the sand, as they watch very senior officials and politicians with their own agendas disregard laws to safeguard the nation’s security. We know what it is like to do the difficult, disciplined work of protecting information from being compromised by strictly abiding by what often seem to be cumbersome rules and regulations. We’ve been there; done that.
If you encourage the Department of Justice and the FBI to continue slow-walking the investigation, there is a good chance the truth will come out anyway. As you are aware, the Justice Department, the FBI, and NSA have all yielded recent patriots who, in such circumstances, decided that whistleblowing – rather than silence – was the only way to honor the oath we all swore – to support and defend the Constitution.
To sum up our concern regarding how all this plays out, if you order the Justice Department and FBI to pursue the investigation with “all deliberate speed,” so to speak, and Secretary Clinton becomes president, the juicy email secrets in the hidden hands of the NSA and FBI are likely to give those already powerful institutions a capacity for blackmail that would make J. Edgar Hoover’s mouth water. In addition, information hacked by foreign intelligence services or Guccifer-like hackers can also provide useful grist for leverage or blackmail. (bolding added)
Lest you think it was penned by some right-wing nut cases, look at who created and signed it:
For the Steering Group, Veteran Intelligence Professionals for Sanity (VIPS)
William Binney, Technical Director, NSA; co-founder, SIGINT Automation Research Center (ret.)
Thomas Drake, Senior Executive, NSA (former)
Philip Giraldi, CIA, Operations Officer (ret.)
Former Sen. Mike Gravel, D, Alaska; earlier, Adjutant, top secret control officer, Communications Intelligence Service, special agent the Counter Intelligence Corps.
Matthew Hoh, former Capt., USMC, Iraq & Foreign Service Officer, Afghanistan (associate VIPS)
Larry C. Johnson, CIA & State Department (ret.)
Michael S. Kearns, Captain, USAF Intelligence Agency (ret.), ex-Master SERE Instructor
John Kiriakou, Former CIA Counterterrorism Officer
Ray McGovern, former US Army infantry/intelligence officer & CIA analyst (ret.)
Elizabeth Murray, Deputy National Intelligence Officer for Middle East, CIA (ret.)
Todd Pierce, MAJ, US Army Judge Advocate (ret.)
Scott Ritter, former MAJ, USMC, former UN Weapon Inspector, Iraq
Diane Roark, DOE, DOD, NSC, & professional staff, House Intelligence Committee (ret.)
Robert David Steele, former CIA Operations Officer
Peter Van Buren, U.S. Department of State, Foreign Service Officer (ret.) (associate VIPS)
Kirk Wiebe, former Senior Analyst, SIGINT Automation Research Center, NSA, (ret.)
Ann Wright, U.S. Army Reserve Colonel (ret) and former U.S. Diplomat
Given these revelations, and given that intelligence professionals familiar with the laws involved see her as having committed felonies, her candidacy, weak and in trouble before, becomes less and less viable.
If her supporters still refuse to admit how serious the email scandal is, and how compromised she is as a candidate, then truly they deserve the tag of cultists.