You are not logged in. LOG IN NOW >

Inbox Zero: Why Hillary Clinton's Email Mess Isn't Over

BY Alex Howard | Tuesday, March 10 2015

Today's press conference at the United Nations will not quell the controversy raised by a report from the New York Times that former Secretary of State Hillary Rodham Clinton exclusively used a personal email account for government business at the State Department from 2009 to 2012. If you missed the political event of the day and want to watch or read it for yourself, unvarnished and unspun, on-demand video is available from C-SPAN and the Washington Post has published a full transcript.

If you're short on time, here's the crux of what she told the public today. First, after an extensive document review by her legal counsel, the personal emails that her office determined not to be related to work were deleted. Second, the server that she used for her email was originally set up for her husband, former President William Jefferson Clinton, and was physically located on their property. Third, she said that she never sent classified information using the email account. Finally, Clinton acknowledged that in hindsight, the choice was less than optimal.

"…looking back, it would've been better for me to use two separate phones and two email accounts," she said. "I thought using one device would be simpler, and obviously, it hasn't worked out that way."

Clinton did not admit to any wrongdoing, holding that her actions were in keeping with the laws governing federal record keeping and personal email use. She defended her actions while she was in public service and in subsequent years, stating that "I have no doubt that we have done exactly what we should have done," holding that she had "responded right away" to a State Department request last year by providing all of her email "that could possibly be work-related," totaling roughly 55,000 printed pages.

Is this enough for the public to trust?

For good or ill, however, Clinton guaranteed eternal doubts will linger in parts of the public's consciousness about what else was in the estimated 62,320 emails sent and received from March 2009 to February 2013, which she said were roughly half (31,830) private and half (30,490) public, when she disclosed that she hadn't retained them.

"At the end, I chose not to keep my private personal emails -- emails about planning Chelsea's wedding or my mother's funeral arrangements, condolence notes to friends as well as yoga routines, family vacations, the other things you typically find in inboxes," she said. "No one wants their personal emails made public, and I think most people understand that and respect that privacy."

(Beyond those domestic topics, Clinton also said that "the server contains personal communications from my husband and me." Given that President Clinton's spokesman told the Wall Street Journal that he still doesn't use email it's hard not to wonder what she was referring to here, if not email. If the former president was the recipient of texts from Hillary, could they also have exchanged instant messages?]

The trouble with that privacy argument is that "most people" aren't the United States Secretary of State, and they aren't conducting affairs of state on their personal email account. Without an independent, trustworthy third-party to audit the entire email archives, like an inspector general, the public is being asked to simply trust her and her staff that no public records ended up dragged to the trash bin of history. The best way to avoid having your personal life be dragged into the public square is to avoid mixing in the people's business with your own.

Was this legal?

In response to legal concerns, Clinton's office stated that "the Federal Records Act puts the obligation on the government official, not the agency or a third party, to determine what is and is not a federal record. The State Department Foreign Affairs Manual outlines guidance “designed to help employees determine which of their e-mail messages must be preserved as federal records and which may be deleted without further authorization because they are not Federal record materials. [5 FAM 443.1(c)]."

Glenn Kessler, the Washington's fact checker, took a look at the timeline of relevant rules and regulations for email archiving at the State Department. As he outlines, the regulations in force when she entered office only allowed the use of personal email accounts for government business if those emails were turned over to be archived, which means that Clinton was violating State Department policy. Politico reported that Clinton violated clearcut State Department guidelines. (These were the same guidelines for the use of personal email that contributed to the resignation of United States Ambassador to Kenya Scott Gration in advance of an audit by the U.S. Department of State's Office of the Inspector General (OIG).) The National Review similarly noted the requirement for official email sent on non-official accounts to be archived.

The definitive analysis, by the National Security Archive, leaves even less room for argument: "there was a law on the books at the time (the Federal Records Act), federal regulations on the books at the time (36 CFR 1263.22), and NARA guidance which the State Department received (NARA Bulletin 2011-03) that should have prevented Clinton’s actions."

Is convenience a bonafide rationale?

Archiving aside, the primary rationale that Clinton cited today for her choice to use a personal email account exclusively as Secretary of State, resulting in this imbroglio, was "convenience," an argument that holds limited water in light of her responsibility to preserve federal records.

When I arrived in Washington in 2009, most senior federal officials and mid-level executives were instantly recognizable because they had multiple mobile devices, generally a government-issued BlackBerry and a personal device, which often tended to be an iPhone or Android. Two devices are the norm in DC because carrying them makes it more convenient, not less, to separate work from personal electronic correspondence and avoid the use of government resources for personal reasons. The Blackberrys available at the time also had the capability to support multiple accounts: as Buzzfeed reported, former Transportation Secretary Ray LaHood used both personal and professional email accounts on a single device, with both accounts getting archived.

Neither the press conference nor the question and answer document that Clinton's office released today told us much more about how her personal email account was setup or configured.

"The system we used was set up for President Clinton's office," said Clinton today, "and it had numerous safeguards. It was on property guarded by the Secret Service, and there were no security breaches." The statement from her office reiterated this point, stating that "the server for her email was physically located on her property."

Was this arrangement secure enough?

The security of such an arrangement has been the subject of growing concern in the press and Congress in the last week. "The focus here really needs to be on the information-security piece," said Chris Soghoian, principal technologist with the American Civil Liberties Union, told National Journal. "It's irresponsible to use a private email account when you are the head of an agency that is going to be targeted by foreign intelligence services."

The trouble is that we still don't really know how safe these emails were. Clinton failed to address security concerns in today's press conference, in answer to questions, and while her office states that there was no evidence of an unauthorized intrusion or breach of the email server, the intelligence services of nation states hostile to American interests that would be interested in the U.S. Secretary of State's correspondence are skilled enough to infiltrate systems and exfiltrate data without leaving obvious traces. Clinton's office declined to provide technical details about the protections in place for the email server, citing "concerns about broadcasting specific technical details about past and current practices" given "what people with ill-intentions can do with such information in this day and age." The office statement holds that "robust protections were put in place and additional upgrades and techniques employed over time as they became available, including consulting and employing third party experts."

That position is not congruent with the findings of security experts consulted by by Bloomberg News and Gawker, however, which looked at the safety of Clinton's email. While their forensic analysis was only of the system as it stood in 2015, Clinton’s email server used a commercial encryption product from Fortinet that still had a default encryption certificate, not one purchased specifically the service.

What's next?

Earlier in the day, the State Department said it would publish the emails provided by Clinton online, once the printed records had been vetted.

“We will review the entire 55,000-page set and release in one batch at the end of that review to ensure that standards are consistently applied throughout the entire 55,000 pages,” said Jen Psaki, the State Department spokeswoman. “We said we expect the review to take several months; obviously that hasn’t changed.”

More broadly, this press conference and statement from Clinton's office create more questions that they answered. Instead of turning over the entire archive to a third party, who could then confirm the assessment of her counsels, Clinton has said that half of it is gone.

While she may "have absolute confidence that everything that could be in any way connected to work is now in the possession of the State Department," will the American people? It's all but certain that if she runs for president, as expected, her opponents and the GOP-controlled Congress will question this, as will the media.

If any professional political analyst had said in 2012 that public records, transparency, authenticity and electronic communications would be at the center of the opening rounds of the 2016 campaign for the presidency, I would have been dubious. And yet, here we are.