Hillary Clinton “did not comply” with State Department policies when she chose to use a personal email account to conduct government business, according to an inspector general’s report released Wednesday.
The State Department faulted Clinton and previous secretaries of state for poorly managing email and other computer information and for slowly responding to new cybersecurity risks.
The report cites “longstanding, systemic weaknesses” related to communications that precede Clinton’s appointment as secretary of state. The State Department singled out Clinton’s failures as “more serious,” however, according to the Associated Press.
“At a minimum, Secretary Clinton should have surrendered all emails dealing with department business before leaving government service and, because she did not do so, she did not comply with the Department’s policies that were implemented in accordance with the Federal Records Act,” the report reads.
Clinton’s email scandal has dogged the 2016 Democratic presidential frontrunner for more than a year. In March 2015, she first admitted to exclusively using a private email account to send and receive work-related emails while she served as secretary of state. The controversy compelled her to hand over roughly 30,000 work-related emails to the State Department, which have been released in batches since last year.
But she deleted about 30,000 additional emails from her server that she says were “personal” in nature before handing it over to the FBI in August, five months after handing over individual emails to the State Department.
Around the time she handed over the server, a House committee requested access to it to ensure that she had not deleted any work-related emails. But her lawyer, David Kendall, told the committeethat Clinton aides had changed the server’s settings so that only emails she sent and received in the previous 60 days would be saved.
- REUTERS/Jonathan Ernst
The State Department investigation found “no evidence that the Secretary requested or obtained guidance or approval to conduct official business via a personal email account on her private server,” the 78-page report says, noting that “normal day-to-day operations [at State] should be conducted on an authorized Automated Information System (AIS), which has the proper level of security control to … ensure confidentiality, integrity, and availability of the resident information.”
From the report:
According to the current CIO and Assistant Secretary for Diplomatic Security, Secretary Clinton had an obligation to discuss using her personal email account to conduct official business with their offices, who in turn would have attempted to provide her with approved and secured means that met her business needs. However, according to these officials, DS and IRM did not-and would not-approve her exclusive reliance on a personal email account to conduct Department business, because of the restrictions in the FAM [Foreign Affairs Manual] and the security risks in doing so.
The report seems to answer one of the biggest questions surrounding Clinton’s setup, which is whether her use of a personal email account to do government business defied State Department policies requiring that anything relating to agency activity be captured on the department’s server. It comes at a time when Clinton, the Democratic frontrunner for president, is preparing for a likely general-election matchup against Donald Trump.
- Thomson Reuters
In February, a federal judge ruled that Clinton’s top aides and other State Department officials with knowledge of her setup could be questioned “about whether she deliberately sought to thwart open records laws by using a private email server,” according to the Associated Press.
One of Clinton’s top aides, Huma Abedin, has not yet cooperated with the State Department investigation. But emails found between Abedin and Clinton reveal that the secretary did not want to use a government email address because of privacy concerns.
“In November 2010, Secretary Clinton and her Deputy Chief of Staff for Operations discussed the fact that Secretary Clinton’s emails to Department employees were not being received,” the report said, according to Politico.
It continued: “The Deputy Chief of Staff emailed the Secretary that ‘we should talk about putting you on state email or releasing your email address to the department so you are not going to spam.’ In response, the Secretary wrote, ‘Let’s get separate address or device but I don’t want any risk of the personal being accessible.'”
Clinton’s deputy chief of staff rejected the proposal to use two devices, however, stating that it “doesn’t make a whole lot of sense,” according to the report.
‘Someone was trying to hack us’
On January 9, 2011, a person identified in the report as “the non-Departmental advisor to President Clinton who provided technical support to the Clinton email system,”wrote in an email that he had to shut down the server because he believed “someone was trying to hack us,” the report said.
“While they did not get in i didnt [sic] want to let them have the chance to,” he said, according to the report. Later that day, the adviser again wrote to Clinton’s deputy chief of staff for operations: “We were attacked again so I shut [the server] down for a few min.”
On January 10, the deputy chief of staff for operations emailed Clinton’s chief of staff, Huma Abedin, and the deputy chief of staff for planning and instructed them not to email Clinton “anything sensitive” and stated that she could explain more in person.
- AP Photo/Cliff Owen
The “non-departmental advisor” in question is likely Bryan Pagliano, Clinton’s former IT director who was in charge of overseeing her private server while she was at the State Department. Pagliano was granted immunity by the Justice Department in March in exchange for his cooperation with the investigation into Clinton’s server.
Significantly, Pagliano told investigators in March that the logs he handed over to authorities indicated that no intrusion into Clinton’s server had occurred. That information would appear to contradict what he said in 2010, but it is unclear if, speaking to authorities in March, he meant that the server had only not been hacked by foreign adversaries rather than less sophisticated attackers.
FBI agents arereportedly doing their own analysis of whether the server was ever attacked, as they continue looking into whether Clinton or her aides mishandled classified material by using a private email account during her time at the State Department.
To that end, agents are also investigating whether any sensitive information was stored on the server after it was handed it over from Pagliano’s oversight to the data storage company Platte River Networks, which is “not cleared” to have access to classified material.
Clinton has insisted that she never sent nor received information that was marked “classified” using her private email account, and her campaign spokesman Brian Fallon said in a statement that the “GOP will attack HRC because she is running for President,” but the report “makes clear her [Clinton’s] personal email use was not unique at State Dept.”
It is true that Clinton’s use of a private email address was not illegal and was permitted by State Department rules. But the federal government has standards for how servers are built, how they are secured, and how their data is stored.
The FBI and the State Department have been steadily sifting through Clinton’s email – State released the last batch of the emails to the public at the end of February- but it is still unclear how much classified information was shared in the tens of thousands of emails, or what particular safeguards were taken to protect it.
This story includes reporting by the Associated Press.