The Clinton Email Controversy

I haven't followed the details, but now that Trump is threatening to put Hillary in jail for using a personal email server I'd like to understand this better. This is the basics discovered after a few minutes of reading:

1. During her time as Secretary of State Hillary Clinton continued to use her personal email addresses, which are based on a server originally installed in her home during her 2008 presidential campaign. It was not a secure server until her appointment as Secretary of State in 2009.
   ​
2. Clinton never had a State Department email address.
   ​
3. Clinton used her personal server to send and receive State Department emails, including emails containing classified information, and including to people who had insufficient clearance.
   ​
4. Near the end of 2014 Clinton provided more than 30,000 emails in hardcopy form to the State Department. She withheld nearly 32,000 emails she deemed personal.
   ​
5. At the same time the backup hardware for the Clinton server was turned over to the FBI.
   ​
6. It's not clear precisely when but probably around the same time that Clinton instructed her aides to delete personal emails, apparently numbering nearly 31,000, from the server. It is not known whether those emails are available from backup. The FBI won't say. My speculation is that unless there was a backup problem, the deleted emails are available from backup.
   ​
7. Concerning deletion of personal email the Justice Department said:
   ​

   quote:

   ---

   "There is no question that former Secretary Clinton had authority to delete personal emails without agency supervision she appropriately could have done so even if she were working on a government server. Under policies issued both by the National Archives and Records Administration and the State Department, individual officers and employees are permitted and expected to exercise judgment to determine what constitutes a federal record."

   ---

   ​
8. Other former Secretaries of State have also used personal email addresses, but not to the extent of Clinton, and not with as serious lapses.
   ​
9. No other former Secretary of State has used a personal email server, though this seems a plus to me rather than the minus it is usually characterized as. A Secretary of State using a gmail or Yahoo account seems much less secure than a personal server domain. The recent Clinton email revelations from Wikileaks didn't come from Clinton's server.

--Percy

just a quick look at your points. This one stands out. I have seen nothing that she sent any classified information. She received some that had classified info. Anything she sent that was deemed classified was deemed classified after the fact.A key point on all of this is that email was and has never been thought of as safe for classified email. Hillary Clinton and others were well aware of this. The State Dept system is not considered safe for that. There is evidence the State Dept system has been hacked.

As I understand it there are two problems. One is that Clinton was both receiving and sending emails that included information already declared classified. I get the impression that the classified information was attachments, not the actual message typed by Secretary Clinton. Naturally a classified attachment could not originate on Clinton's server, but once received she could forward it and attach it to other emails she sent.The other problem is that the emails with their classified attachments remained on Clinton's server where, being outside the State Department's classified networks, they presented a continuing security risk. According to Wikipedia:

quote:

---

After allegations were raised that some of the emails in question contained classified information, an investigation was initiated by the Federal Bureau of Investigation (FBI) regarding how classified information was handled on the Clinton server. 113 emails contained information which was classified at the time it was sent including 65 emails deemed "Secret" and 22 deemed "Top Secret."

---

It's worth noting that 113 out of 30,000 is a pretty good compliance rate. Wikipedia continues:

quote:

---

Nearly 2,100 emails on the server were retroactively marked as classified by the State Department. Government policy, reiterated in the non-disclosure agreement signed by Clinton as part of gaining her security clearance, is that sensitive information should be considered and handled as classified even if not marked as such.

---

In what I quote from you here I changed "classified email" to "classified information" because I'm pretty sure that's what you meant: I'm not sure if that's true. The State Department does have what they consider classified computer networks which presumably have email accounts. The security exposure was because Hillary wasn't using those. My understanding is that the State Department has both classified and unclassified computer networks, that the classified network has not been hacked, and that the State Department is working to improve the security of its classified computer networks. Hillary denies having computer expertise and couldn't argue that she used a personal server out of concerns about State Department computer security.Even had Hillary used internal State Department email addresses the odds are pretty good that there would have been continual leakage between the classified and unclassified networks. One would hope that the State Department now has email firewalls that prevent anyone sending classified information from the classified networks to anywhere outside it.But security and utility are often at odds with one another. The speed and spottiness with which clearances are issued probably comes into regular conflict with the urgency to share information, forcing people to work at bypassing the system to do what needs to be done, security concerns notwithstanding.--Percy

There is a bit of nuance on this point, if I understand the situation correctly.There are files marked "Classified" (Big C). They have a specific header on them marking them as classified.Then there is classified information (little c). This is information you have learned from files marked Classified. What Hillary apparently did in some emails is discuss this classified information with other people over her private server. As far as I know, she did not send out files marked Classified (Big C) on her private email server.From the wiki page:"Three emails, out of 30,000, were found to be marked as classified, although they lacked classified headers and were only marked with a small "c" in parentheses, described as "portion markings" by Comey"So only 3 emails had any markings declaring them to be Classified at the time they were handled by Clinton's email server. That is debatable. Secretary Powell discussed classified information over AOL servers, if memory serves. This certainly doesn't excuse anyone's behavior, including Clinton's, but it does give some context.

Hmmm. That wasn't my interpretation of what Wikipedia was trying to say. They actually comment about this is two different places, here's a fuller excerpt:

quote:

---

113 emails contained information which was classified at the time it was sent including 65 emails deemed "Secret" and 22 deemed "Top Secret." Three contained markings indicating they could be classified, although they lacked classified headers and were only marked with a small "c" in parentheses, described as "portion markings" by FBI Director James Comey.
...
The FBI investigation found that 110 messages contained information that was classified at the time it was sent. Sixty-five of those emails were found to contain information classified as "Secret"; more than 20 contained "Top-Secret" information.[90][91] Three emails, out of 30,000, were found to be marked as classified, although they lacked classified headers and were only marked with a small "c" in parentheses, described as "portion markings" by Comey.

---

I thought this meant all these emails had classified headers ("Confidential", "Secret" or "Top Secret"), except for three that had no classified headers and were only marked with a small "c" in parentheses. I've been trying to nail down whether that's correct, and it turns out I'm wrong. There seems to be a lot of confusion out there about this, and there really shouldn't be because Comey was unambiguous in his press conference:

quote:

---

Separately, it is important to say something about the marking of classified information. Only a very small number of the e-mails containing classified information bore markings indicating the presence of classified information. But even if information is not marked classified in an e-mail, participants who know or should know that the subject matter is classified are still obligated to protect it.

---

So you're right. Interestingly, nowhere in his press conference did Comey mention a "small 'c' in parentheses," and I couldn't find the original source of that information, only articles repeating it. Fox News has link to one of these emails (Banda Email), but the topic is innocuous (setting up a phone call), it's a capital "C" not a small "c" between parentheses at the bottom of the email, there's an explicit classification of "CONFIDENTIAL" near the top with a date of this year (so who knows where that came from), and this article says it was a staff error where the confidential classification should have been removed but wasn't.What I wasn't expecting as I read articles from earlier this year was how harsh the liberal press was on Hillary. No news source gave her a break. The best spin any articles put on it was that it was pretty bad. Even articles that described how the State Department and the intelligence community constantly bicker over what should be classified were very harsh. But it was often difficult to tell whether the articles understood that Comey said only three emails had any explicit indication of their confidentiality level, rather than the other interpretation too many articles seemed to make. Anyway, I don't think Hillary got a free ride from the liberal press on this issue.--Percy

That's what I am seeing as well. Some people seem to think that every single document labeled Top Super Secret was being funneled through Clinton's server, but that just wasn't the case. In the end, she discussed classified information with people over her secured, but not US Federally secured, server.I am more on the Berny side of the outrage spectrum when it comes to this topic. She made a mistake, no harm came from it, and she won't do it again. Can we just stop talking about it and move to things that do matter? The only people currently pushing this story are people who want to throw Hillary in jail on any charge they can find, true or untrue. What server she keeps email on really isn't something that Joe Schmoe really cares about.

I forgot that I wanted to make a couple comments about the FBI investigation. I wanted to look at the FBI report, but I could only find it in low quality non-searchable PDF at the FBI website: FBI Report on Clinton Emails. This would be too long and too painful to scan through, so if someone has a better source please post a link.In the meantime I can only go by my impressions of the FBI investigation from Comey's press conference: it seemed superficial and unnuanced.I didn't see any recognition of the bickering between government departments about what's confidential. Nor was there any recognition that the State Department has both classified and unclassified networks and that Hillary would have used unclassified networks for most of her emails had she had a State Department email address, resulting in the same security vulnerability. Nor was there any acknowledgment of emails that discussed how to share some specific confidential information given that email was inappropriate for it. Nor was there any hint of the general nature of emails touching on confidential, secret or top secret information - for example, did the emails contain actual top secret information, or were they only discussions in some way referencing a top secret subject, in a manner similar to the confidential Banda email about the time of a phone call.On the plus side, it was nice to see him say that no criminal intent was involved.I tried to find Benghazi emails at the WSJ Clinton Email Search Site, but no luck: "No matching records found"--Percy

Let's start with the definition of a completely secure computer system: a computer locked into a room where nobody has any access to it.That is also the definition of the most useless computer system in existence.While far from ideal, in reality there is a very dynamic balance between computer systems that are secure and that are useable.I retired from the US Navy Reserve half a decade ago. We had a secure network at our disposal which was all that we had to work with there. At the same time, we had to do our administrative work somehow (for my last decade of service, I served mainly as XO, but sometimes also as Officer in Charge (OIC)). What ended up happening was that our admin work was performed on our laptops outside of the Navy and Marine Corps' secure network. The secure network was far too restrictive, as required by security considerations, to allow us to use it for admin work. Yet we still needed to gain access to the reserve center's printers.Sparing you the details (which you shouldn't know about anyway, for security reasons!), we constantly found ourselves having to find ways to work around the secure network. That shows that in real time there can be a conflict between security and operational needs. Ideally, there should be a secure network that meets operational needs. In reality, ??? Who classifies information? Government agencies do. Do they classify that information before that information comes into existence? No, they classify it afterwards. So then during the original transmissions, what was their classification? Er, none?Classification always happens after the fact. Was that classified? Not at the time, Ma'am. Afterwards, though. OK, in real time, how do you handle that realistically?

Percy writes:

quote:

---

Other former Secretaries of State have also used personal email addresses, but not to the extent of Clinton, and not with as serious lapses.

---

That is a judgement call (and for precisely the reason you point out next). Powell used AOL for his email services and classified information was shuttled through it. That's a public service over which the government has no control.This is the entire reason for my current job: Military Units were using Yahoo Groups to have ways to share information among their members. When the Powers That Be (C) found out about this, they thought it was a great idea to have an online method of communication but the use of a public, commercial service was unacceptable: There is no control by the military for the security protocols, no way to retrieve the site should the admins for it go away and become unavailable (save by the graces of Yahoo), the information is stored who knows where and is being data-mined within an inch of its bits, there's advertising to the membership (which is also being data-mined), and if there is any breach in the security, the military has absolutely no control over the response. Yeah, the military could request Yahoo to delete all information, but there's no way to guarantee that.Thus, they created their own system that they could control that provided the services that Yahoo was providing.In short, Powell did the *worst* thing he could possibly do: He used a non-secure commercial service. This is a continuing problem. If you go onto Facebook right now, you can find OPSEC information ('OPerational SECurity"...things like troop deployments). Now, that Clinton decided to use email outside of the State Department (at Powell's direct urging that she do so) is a poor decision. But she did it in the right way: She used the secure server that was set up by the Secret Service when Bill retired. As such, it was under her direct control and if there were any trouble, she could manage it directly.But that, of course, is the entire reason for the State Department's computer system: So that you don't have to roll your own.Too, Powell deleted all of his emails after he left, turning over nothing. And to go back to Powell's direct suggestion to Clinton regarding the use of a private email, he directly stated that one of the reasons to do so was to avoid public records requirements.

The government's position is that classified information shouldn't exist on unclassified systems, but where did Hillary's received emails come from, and where did the sent emails go? Looking at just a few of Hillary's emails (WSJ Clinton Email Search), many were being received from and sent to email addresses at the domain state.gov, which is an unclassified network. All indications are that the State Department uses this network for most email communication, and this practice did not suddenly begin when Clinton became Secretary of State but must also have been the practice under Condoleezza Rice, who was not herself an email userBut with Clinton began exchanges of email containing classified information with an outside server. Regardless how secure Clinton's server, it represented a security hole outside State Department control. True, the State Department's unclassified network has its own security problems, but it's under State Department control.Even had Clinton used a state.gov email address, she would still have been guilty of sending and receiving classified information on an unclassified network. Rice avoided the problem by not using email, but undoubtedly during her time the State Department must have used the state.gov domain for classified information, for how else were they to communicate?So Clinton continued a practice that was already in place when she took office. Her unique fault was not that she used unclassified networks for classified information, for that practice was ongoing and probably continues to this day, but that she used her own email server, thereby exposing the State Department to potential security breaches they were unaware of.--Percy

But wasn't her server set up by the Secret Service? Aren't they involved in securing US secrets?

If Hillary received classified information in email, that is entirely the responsibility of the email sender.Classified information should never be in email. Period.

And the person that sent the email to the person that forwarded it to the person who has texted it to the person that hit "all reply" should know better.

So, The Donald will have the entire State Dept in jail.He could put up a real nice casino at Foggy Bottom and then he could lose anther billion $$, declare another bankruptcy and have another 20 year write-off from his taxes. He's got the best plans fur shur!

LOLI've been occasionally hit by that "reply all" -- as have many other people. What was intended as private goes public.Email is inherently insecure.