Homeless in Arizona

We Now Know Hillary Lied Multiple Times About Her Email Server

REUTERS/Randall Hill

By Edward Morrissey

May 26, 2016

Ever since news broke that Hillary Clinton used an unauthorized and unsecured private e-mail server for all of her correspondence as secretary of state, she has defended herself with several arguments. None of the information transmitted through the server was classified, Clinton insisted at first, a claim that has been proven false in well over a thousand instances.

Even after that fell apart, Clinton claimed that the use of private e-mail for official business fell within the rules of the State Department and that she had ensured that the server met the department’s security requirements.

Finally, Clinton insisted that she and her team complied with the Federal Records Act by making sure that their correspondence got copied to other State Department addresses. Clinton explained this decision by insisting that she wanted the most efficient method of handling electronic communications, even if in retrospect that decision turned out to be regrettable.

Regrets should be coming, but not in the way Clinton has suggested. State’s Inspector General released the long-awaited report into Clinton’s use of a private e-mail server – and it contradicts every excuse Clinton has offered over the last fifteen months.

The use of private e-mail might have been interpreted to be acceptable prior to 2009, when Clinton first assumed office as secretary of state, but by then, “the department’s guidance was considerably more detailed and sophisticated,” the IG concludes. From 2005 forward and for at least two years into her tenure, State had issued a number of memoranda detailing the need – nay, the “obligation” – to use the department’s own communications systems, even for sensitive-but-unclassifed (SBU) material.

If a need arose to use an outside communications channel to transmit SBU data, then Clinton should have “requested a solution” from within the department. Instead, the IG found “no evidence that Secretary Clinton ever requested such a solution, despite the fact that emails exchanged on her personal account regularly contained information marked as SBU.”

The IG also rebutted claims that Clinton ever put “robust protections” on her server, claims that appear on Clinton’s website. State’s information-management groups told the IG that Clinton had never checked with them at all. Neither her server nor the mobile device Clinton used to access it had ever been certified to meet standards established before Clinton took office. Furthermore, no official recalled Clinton ever checking to ensure that the use of the server was acceptable – and that such a request would have been rejected outright had she made one.

Perhaps most notably, officials at State issued multiple warnings about records retention in relation to Clinton’s use of the private server, especially given the need for FOIA and Congressional access to official State business. In 2010 and in 2011, the issue arose, but in both cases the discussion got shut down.

The first query was dismissed by Clinton’s deputy chief of staff, claiming that the requirement to use two devices for official and personal e-mail “didn’t make a lot of sense.” Staffers raised concerns again the next January, but were told by a director that Clinton had received approval for her private server, even though she never requested it. Furthermore, the same official “instructed the staff never to speak of the Secretary’s personal e-mail system again.”

To recap: Clinton lied about having approval for the system. She lied about saying it was within the rules to use it, and that she had brought the server up to State Department security standards. Contrary to multiple statements from her team, not only did warnings arise about the use of that system during her tenure, those who raised the red flags were told to shut up about them. And despite assurances that Clinton would cooperate in reviews of her use of the private e-mail system, the IG report pointedly notes that “[t]hrough her counsel, Secretary Clinton declined OIG’s request for an interview.”

For someone who’s been insisting since the beginning that she was allowed to operate her own e-mail system, that refusal is stunning all on its own.

That also contradicts more recent Clinton statements. The FBI has begun to interview Clinton’s inner circle, a sign that the investigation is coming to a conclusion. Two weeks ago, Clinton told CBS News’ Face the Nation host John Dickerson that the FBI had not yet requested an interview, but that she would be “more than ready to talk to anyone, anytime.” The IG report clearly shows that as another lie, and if her attorneys kept her from talking with State Department investigators, it’s almost certain that she’d pass on an FBI “interview” as well.

The new IG report gives clarity to the screamingly obvious. Hillary Clinton used an unauthorized and unsecured private e-mail server to avoid compliance with legitimate Congressional oversight and Freedom of Information Act requests. Under her leadership, the State Department misled several courts and a number of Congressional inquiries about the existence of Clinton’s e-mails.

In doing so, she allowed the system to transmit and retain highly classified information relating to intelligence and national security, putting that data and those responsible for collecting it in danger. Clinton did so recklessly, negligently, and in violation of 18 USC 793 and 18 USC 1924 – statutes that identify such transgressions as felonies.

What happens if the FBI investigation goes to a grand jury? We might have the spectacle of a major-party nominee getting subpoenaed to testify in a criminal inquiry – and taking the Fifth to avoid self-incrimination. And that might be the most honest statement that Clinton would have made about her secret e-mail server in the past fifteen months.

Hillary Clinton's private server doesn't look like an honest mistake

Commentary: Hillary Clinton's private server doesn't look like an honest mistake

Megan McArdle

Bloomberg View

The State Department's Office of Inspector General has released its report about Hillary Clinton's use of a private email server while she was secretary of state. Though the report uncovers no smoking guns — no records of Clinton saying "Heh, heh, heh, they'll never FOIA my emails NOW!!!!" — what it does lay out is deeply troubling, even though her supporters have already begun the proclamations of "nothing to see here, move along."

It lays to rest the longtime Clinton defense that this use of a private server was somehow normal and allowed by government rules: It was not normal, and was not allowed by the government rules in place at the time. "The Department's current policy, implemented in 2005, is that normal day-to-day operations should be conducted on an authorized Automated Information System (AIS), which "has the proper level of security control to … ensure confidentiality, integrity, and availability of the resident information."

Clinton violated email policy: inspector general Hillary Clinton broke the rules in her use of a private email server while serving as secretary of state, according to a report by the State Department's inspector general May 25, 2016. (Reuters)

It also shreds the defense that "Well, Colin Powell did it too" into very fine dust, and then neatly disposes of the dust. As the report makes very clear, there are substantial differences between what the two secretaries of State did:

- Powell says he set up a private email account, in addition to his internal account, because at the time the State Department "email system in place only only permitted communication among Department staff. He therefore requested that information technology staff install the private line so that he could use his personal account to communicate with people outside the Department." This is a quite plausible reason that, around the turn of the millennium, a secretary of state would have wanted to use his own account. Powell seems not to have done enough to ensure that those records were maintained, which is a problem (though it's not clear that he was aware that he should have turned those emails over). But as far as I can tell, the most plausible explanation of Clinton's behavior is that she set up her email server expressly to keep those emails from being archived as records (and subject to Freedom of Information Act requests), which is a great deal more problematic than setting up an inadequately archived email system because there's no other way to use an increasingly vital communications technology.

- Powell had an outside line set up in his office, into which he plugged a laptop, which he used alongside his State Department computer. The IT department was, in other words, aware that this was going on, and it seems to have come up in discussions of his drive to get everyone at State access to the Internet at their desk. While the quality of information about Powell's Internet usage is not as high as it is about Clinton's (after 10 years, memories fade, people become hard to contact, and records degrade), there's no indication that he was less than transparent with staff. But folks at State clearly had no idea what was going on with Clinton's email server and, troublingly, at least two people who asked about it were apparently told to shut up and never raise the subject again.

- Three things have changed pretty dramatically since Powell's day: the magnitude (and appreciation) of cybersecurity threats, the quality of the State Department systems and government rules surrounding both recordkeeping and cybersecurity. One can argue that Powell should not have used a private computer during his tenure, but he seems to have done so in consultation with the IT folks, at a time when the policy surrounding these things was "very fluid" and the State Department "was not aware of the magnitude of the security risks associated with information technology." By 2009, the magnitude of the risks was clear, and the policy was also much clearer. As far as the OIG could determine, Clinton took no action to ensure that she was in compliance with that policy, which, in fact, she emphatically was not. Officials at State told the OIG in no uncertain terms that they would not have approved her reliance on a personal email server.

- The OIG found only three instances in which State employees had relied exclusively on personal email: Powell, Clinton and Ambassador J. Scott Gration, U.S. emissary to Kenya from 2011 to 2012. Gration, who served under Clinton, was in the middle of a disciplinary process initiated against him for this email use (among other things) when he resigned. So it is impossible to argue not only that this was somehow in compliance with State's guidelines but also that Clinton might have thought it was in compliance, unless she somehow failed to notice when or why her ambassador to Kenya went missing.

- The OIG found evidence that the server was attacked and that Clinton's staff members (and presumably Clinton herself) were aware of it. (Clinton at one point seems to have expressed concern that people might be trying to hack her email.) These incidents should have been reported to computer security personnel, but OIG found no evidence that they were. Clinton's supporters have offered the wan defense that "attacked" doesn't mean "actually hacked," but of course, since they didn't report it, there was no timely investigation, so we don't really know what happened, or even whether her server setup and/or server administrator were sophisticated enough to detect a penetration had one taken place.

- This is the most profoundly amazing part of the whole story: Clinton's server administrator was hired by State as a political appointee, from which position he continued to provide support to Clinton's private email server during working hours, without telling anyone this was happening:

"The DCIO and CIO, who prepared and approved the Senior Advisor's annual evaluations, believed that the Senior Advisor's job functions were limited to supporting mobile computing issues across the entire Department. They told OIG that while they were aware that the Senior Advisor had provided IT support to the Clinton Presidential campaign, they did not know he was providing ongoing support to the Secretary's email system during working hours. They also told OIG that they questioned whether he could support a private client during work hours, given his capacity as a full-time government employee."

Clinton apparently paid him for the work, but it is impossible to believe that she didn't know this was happening (if her email malfunctioned during the workday, did she expect to wait until 8 or 9 that night for it to come back up?) or that she thought it was OK to hire your private server administrator as a political appointee (a diplomatic political appointee in the IT department?) and then have him keep an eye on your private server from his government office. This has an unpleasant whiff of Tammany Hall about it.

It's really hard to come away from reading this report thinking "Yup, just an honest mistake." Or indeed, "just a mistake, no big deal." Or even "no worse than others have done." I worked in bank IT for several years before I went to business school, and when this story first broke, I enjoyed an amusing hour or so envisioning what regulators would have said if we'd tried any of these sorts of excuses on them. Since then, I've had several such conversations with folks who are still laboring in the trenches of the securities industry, and their bitter laughter still rings in my ears. Why is Clinton being held to a lower standard?

Well, because she's a Clinton, and the Clintons have always acted as if the rules applied only to others. And given that Democrats boxed themselves into her name on the ticket so early on, Team Blue had little choice but to rally around and pretend that this is just a minor peccadillo, like forgetting to date the signature on your FEC filings. Lord knows, this election cycle, there's good reason to view this sort of behavior as the lesser of two evils.

But it isn't minor. Setting up an email server in a home several states away from the security and IT folks, in disregard of the rules designed to protect state secrets and ensure good government records, and then hiring your server administrator to a political slot while he keeps managing your system on government time is unacceptable behavior in a government official. If Clinton weren't the nominee, or if she had an R after her name rather than a D, her defenders would have no difficulty recognizing just how troubling it is.

That doesn't mean you necessarily have to prefer Donald Trump to her. Back when I was surveying #NeverTrump voters, I heard from more than one conservative intelligence type who basically said "I think Clinton should be in jail for what she did, and I still think she's a better choice than Trump for the presidency."

Politics is not simply a team sport, and good government is possible only if we're willing to call out misbehavior no matter who does it. Even if we still hold our nose and pull the lever for the misbehaver come November.

Bloomberg View

Megan McArdle is a Bloomberg View columnist writing on economics, business and public policy.

State Dept. watchdog: Clinton violated email rules

State Dept. watchdog: Clinton violated email rules

By RACHAEL BADE, JOSH GERSTEIN and NICK GASS 05/25/16 09:46 AM EDT Updated 05/25/16 03:05 PM EDT

Share on Facebook Share on Twitter A State Department watchdog concluded that Hillary Clinton failed to comply with the agency’s policies on records while using a personal email server that was not — and, officials say, would never have been — approved by agency officials, according to a report released to lawmakers on Wednesday.

The long-awaited findings from the State Department inspector general, which also revealed Clinton expressing reluctance about using an official email account, were shared with Capitol Hill Wednesday, a copy of which was obtained by POLITICO. The report detailed how some employees who questioned the wisdom of the homegrown setup were told to stop asking questions, and the audit confirmed apparent hacking attempts on the private server.

It's the latest turn in the headache-inducing saga that has dogged Clinton's campaign. While the report concludes that the agency suffers from "longstanding, systemic weaknesses" with records that "go well beyond the tenure of any one Secretary of State,” it specifically dings Clinton for her exclusive use of private email during her four years at the agency.

“Secretary Clinton should have preserved any Federal records she created and received on her personal account by printing and filing those records with the related files in the Office of the Secretary,” the report states. “At a minimum, Secretary Clinton should have surrendered all emails dealing with Department business before leaving government service and, because she did not do so, she did not comply with the Department’s policies that were implemented in accordance with the Federal Records Act." The report also notes that she had an "obligation to discuss using her personal email account" but did not get permission from the people who would have needed to approve the technology, who said they would not have done so, if they had been asked.

"According to the current [chief information officer] and assistant secretary for diplomatic security, Secretary Clinton had an obligation to discuss using her personal email account to conduct official business with their offices, who in turn would have attempted to provide her with approved and secured means that met her business needs," the report reads. "However, according to these officials, [the relevant people] did not — and would not — approve her exclusive reliance on a personal email."

The watchdog also "found no evidence that the Secretary requested or obtained guidance or approval to conduct official business via a personal email account on her private server." The watchdog’s findings could exact further damage to Clinton’s campaign, and they provide fresh fodder for Donald Trump, who has already said he will go after Clinton for the email scandal “bigly.” And it could reinforce another problem for the Democratic frontrunner: her persistently high unfavorability ratings, driven by a swath of voters who say they don’t trust her. The report represents the latest pushback — in this case by a nonpartisan government entity — against her campaign’s claim that she did not break any rules and that her use of a private server was completely allowed.

Clinton Campaign spokesman Brian Fallon in a statement predicted that "political opponents of Hillary Clinton are sure to misrepresent this report for their own partisan purposes," but argued that "in reality, the Inspector General documents just how consistent her email practices were with those of other Secretaries and senior officials at the State Department who also used personal email."

"The report shows that problems with the State Department's electronic recordkeeping systems were longstanding and that there was no precedent of someone in her position having a State Department email account until after the arrival of her successor," Fallon continued. "Contrary to the false theories advanced for some time now, the report notes that her use of personal email was known to officials within the Department during her tenure, and that there is no evidence of any successful breach of the Secretary's server."

Investigators also concluded that former Secretary of State Colin Powell, who used a personal email as well, likewise did not follow record keeping laws. However, the report notes significant difference in their circumstances: During Powell's tenure, State's capacity to email people outside the department was limited. He said he needed it to reach people who didn't work at State. The IG also noted that he used email less frequently than Clinton and top technology officials were aware of his personal email use. State Department officials who briefed journalists about the report would not say directly whether they agreed with the inspector general’s finding that Clinton’s use of email violated State policies.

“The policies on email evolved over time and our guidance to officials on how to comply with them evolved and improved over time,” said one senior State official, who spoke on condition of anonymity. “There was no absolute prohibition [on use of person email] during this or any other tenure — administration.”

“It may have been difficult” to get approval of a set-up like Clinton’s, the official acknowledged, while emphasizing that the report and the National Archives have found that Clinton “mitigated” the impact of her use of a private system by turning over some of her emails to the department in late 2014.

“It’s clear from the report that the Department could have done a better job preserving emails and records of secretaries of state,” another senior state department official. “The department is much better situated today….This has high-level attention.”

Clinton and her top staff did not cooperate with the investigation, which was requested by current Secretary of State John Kerry. She, her former chief of staff Cheryl Mills and top deputies Jake Sullivan and Huma Abedin are among those who declined interviews. Kerry and his predecessors Powell, Madeleine Albright, and Condoleezza Rice, however, did answer questions.

According to the report, some State Department technology staff said they were instructed to not talk of Clinton’s email set-up after they raised concerns about the unusual arrangement. One employee told investigators that he or she "raised concerns that information sent and received on Secretary Clinton’s account could contain Federal records that needed to be preserved in order to satisfy Federal recordkeeping requirements,” the document states.

But they were told to drop it: "According to the staff member, the Director stated that the Secretary’s personal system had been reviewed and approved by Department legal staff and that the matter was not to be discussed any further. As previously noted, OIG found no evidence that staff in the Office of the Legal Adviser reviewed or approved Secretary Clinton’s personal system.” A 2012 directory lists John Bentel as the director of the office that handles information technology for the Office of the Secretary. Bentel no longer works for State and has refused to answer Congressional investigators' questions on this matter.

Another staff member from office handling information technology recounted the hushed nature of the email arrangement, the report says: “According to the other [IT] staff member who raised concerns about the server, the Director stated that the mission of S/ES-IRM is to support the Secretary and instructed the staff never to speak of the Secretary’s personal email system again."

While Clinton has often said she used a personal email out of "sheer convenience," one email in the report suggests she was also worried about her privacy. In the revealing November 2011 exchange, Clinton's right-hand staffer Huma Abedin discussed with her the possibility of putting her on a State Department email because her messages were not being received by State staff.

“We should talk about putting you on [S]tate email or releasing your email address to the department so you are not going to spam,” she wrote.

Clinton responded: “Let’s get separate address or device but I don’t want any risk of the personal being accessible.”

The report details numerous laws and regulations that govern government communications and security of emails, assessing how each administration lived up to those standards. The bulk of the report, however, centered on Clinton. According to the report a non-State adviser to Bill Clinton, who was the original user of the server later taken over by Hillary Clinton, shut down the server in early 2011 because of hacking concerns. While unnamed in the report, previous news reports have identified longtime Clinton staffer and Teneo employee Justin Cooper as the man who registered Clinton's email address. According to the report, the individual who registered the address was the same person who reported the hacking.

Cooper, according to the report, reached out to Huma Abedin on Jan. 9, 2011 to notify her of the hacking problem, an occurrence that happened twice that day. He said he "had to shut down the server because he believed ‘someone was trying to hack us and while they did not get in i didnt [sic] want to let them have the chance to,’” the report says.

“Later that day, the advisor again wrote to the Deputy Chief of Staff for Operations, ‘We were attacked again so I shut [the server] down for a few min,’” the report reads. That matter should have been reported, the IG report says, but was not.

“Notification is required when a user suspects compromise of, among other things, a personally owned device containing personally identifiable information,” it says. “However, OIG found no evidence that the Secretary or her staff reported these incidents to computer security personnel or anyone else within the Department.”

State has deemed more than 2,000 of Clinton's messages as classified, including 22 that were upgraded to the most sensitive national security classification, "top secret." And the FBI is still probing whether any laws were broken laws by putting classified information at risk — or whether her staff improperly sent sensitive information knowing it wasn't on a classified system.

At the very least, State’s inspector general says Clinton didn’t do what she was supposed to, though it also notes widespread email issues across the tenures of five secretaries of state, not just Clinton. The report found top staffers frequently used personal emails too.

"OIG recognizes that technology and Department policy have evolved considerably since Secretary Albright’s tenure began in 1997. Nevertheless, the Department generally and the Office of the Secretary in particular have been slow to recognize and to manage effectively the legal requirements and cybersecurity risks associated with electronic data communications, particularly as those risks pertain to its most senior leadership," the report concluded. "OIG expects that its recommendations will move the Department steps closer to meaningfully addressing these risks."

Clinton and her allies have contended she did nothing illegal by choosing to set up a private email server and account at her Chappaqua, New York, home, and that she was not trying to evade public records requests. Instead, Clinton has said she was motivated by the desire for convenience, though she has conceded it was not the best choice.

Clinton says is cooperating with the FBI investigations. In late 2014, they turned over 30,000 of her emails, and while there were no apparent bombshells in the content of the messages, the number of emails later deemed classified has raised questions about the security of the set-up.

Clinton has also faced scrutiny for instructing her staff to delete about 32,000 messages deemed personal by her team. It’s unclear how many of those emails the FBI may have been able to recover from her server — which was turned over to authorities last August — or whether those messages will eventually be made public. The report gives more details of the under-the-radar work of Clinton’s top technology staffer, Bryan Pagliano, whom she paid to maintain her private email server. State’s chief information officer and deputy chief information officers, Pagliano’s direct bosses, told investigators that he never informed them of his side duties. They “believed that Pagliano’s job functions were limited to supporting mobile computing issues across the entire Department.”

“They told OIG that while they were aware that the Senior Advisor had provided IT support to the Clinton Presidential campaign, they did not know he was providing ongoing support to the Secretary’s email system during working hours,” the report reads.

The top technology officers also told investigators they “questioned whether he could support a private client during work hours, given his capacity as a full-time government employee.”

Pagliano invoked his right to avoid self-incrimination and refused to answer questions on the matter before Congress but received immunity from the FBI to talk about the email arrangement. Lawmakers on Capitol Hill have been eager to question him on whether Clinton intentionally used private email because she didn’t want anyone getting access to her messages.