Hillary Clinton should voluntarily withdraw her candidacy after the final Democratic primary and release her pledged delegates to vote their conscious for either Bernie, or another Democratic candidate selected by the the DNC Chair. She should do this for the good of the Democratic Party because I believe there is a high likelihood she will be indicted by the DOJ before the Philly Convention.
The State Department IG’s report made clear that her private server was not approved by lawyers at the State Department, that it was never reviewed and approved for use by State Department’s IT office, and that if such a review was sought by Secretary Clinton, permission would not have been granted. Furthermore, it shows that Secretary Clinton was aware of numerous attempts to hack her server, and failed to take the steps required by law to ensure that the server was properly protected.
The IG’s report provides compelling evidence that Secretary Clinton was grossly negligent in her handling of classified material by placing that material on an unapproved, private server that she knew was a target of computer hackers. Gross negligence is the legal standard necessary to prosecute a government employee for a violation of 18 U.S. Code Section 793(f). There were 22 e-mails on her private server retroactively classified as Top Secret, including at least one that required code word clearance. Top Secret material is, by definition, information that if released “could be expected to cause exceptionally grave damage to the national security.” Those e-mails were kept on a server that was not approved by the U.S. government, nor do they appear to have received assurances that they met the technical standards necessary to protect Top Secret material.
There are many, many Kossacks who would like to claim this is a “nothingburger”. In fact, there’s a Rec List diary yesterday that cherry picked the least damaging aspects of the report to attempt to paint it as some sort of vindication for Secretary Clinton. It was not. It’s an alarm bell that Secretary Clinton will likely face serious legal consequences. Even if she doesn’t face prosecution, I believe several of her top aides will face prosecution, including Huma Abedin and Jake Sullivan who occupy key positions in her current campaign. Such indictments will virtually guarantee that Hillary will lose the election to Donald Trump.
Mishandling Classified Information
Using a personal e-mail account to send or store classified information risks violating 18 U.S. Code Section 793(f), which is the same law for which General Petraeus pled guilty for passing classified information to his mistress in 2011. The language of the statute is below:
(f) Whoever, being entrusted with or having lawful possession or control of any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, note, or information, relating to the national defense, (1) through gross negligence permits the same to be removed from its proper place of custody or delivered to anyone in violation of his trust, or to be lost, stolen, abstracted, or destroyed, or (2) having knowledge that the same has been illegally removed from its proper place of custody or delivered to anyone in violation of its trust, or lost, or stolen, abstracted, or destroyed, and fails to make prompt report of such loss, theft, abstraction, or destruction to his superior officer—
Shall be fined under this title or imprisoned not more than ten years, or both.
If a government employee, through his or her gross negligence, removes classified material from its proper place of custody and stores it in an unauthorized location, they have violated this statute. Hillary Clinton’s private e-mail server contained more than 2,000 e-mails containing classified information. We have subsequently learned that 22 e-mails most likely contained Top Secret information, which is the highest level of classified material. In order to be considered Top Secret, the material must be “expected to cause exceptionally grave damage to the national security” if released.
IG Report Shows Hillary’s Server was Unauthorized
Rather than using the State Department’s secure e-mail server for reading and storing classified information, or the State Department’s regular e-mail server, Secretary Clinton established a private server in her home in Chappaqua, NY and used it to receive, store, and most likely, send e-mails that have subsequently been classified. We now know that the State Department did not provide Hillary with the authorization to use a private e-mail server to conduct State Department business:
Throughout Secretary Clinton’s tenure, the FAM [Foreign Affairs Manual] stated that normal day-to-day operations should be conducted on an authorized AIS [Automated Information System], yet OIG found no evidence that the Secretary requested or obtained guidance or approval to conduct official business via a personal email account on her private server.
We also know that if she had approached the Department seeking authorization, she would have been denied because of the risk of releasing sensitive information. This is how the report summarizes the opinion of the current State Department Assistant Secretary of Security:
Secretary Clinton had an obligation to discuss using her personal email account to conduct official business with their offices, who in turn would have attempted to provide her with approved and secured means that met her business needs. However, according to these officials, DS [Diplomatic Security] and IRM [Information Resource Management] did not—and would not—approve her exclusive reliance on a personal email account to conduct Department business, because of the restrictions in the FAM and the security risks in doing so.
In addition, the FAM instructs State Department employees to seek out IRM if they intend to use any outside e-mail system to transmit sensitive information (this is not classified information, this is one step below classified). The IG’s report found:
OIG found no evidence that Secretary Clinton ever contacted IRM to request such a solution, despite the fact that emails exchanged on her personal account regularly contained information marked as SBU.
Keep in mind, the IG was told by the FBI that this report could not address the handling of classified material because it could complicate the FBI investigation, so this discussion is about sensitive material on her server. However, there’s absolutely no indication that the more than 2,000 e-mails containing classified information were handled any differently. Hillary did not use the State Department’s servers.
The IG’s Report Provides Compelling Evidence of Gross Negligence
To find a violation, the law requires that the employee was grossly negligent in his or her handling of classified material. The definition of gross negligence is:
a conscious and voluntary disregard of the need to use reasonable care, which is likely to cause foreseeable grave injury or harm to persons, property, or both. It is conduct that is extreme when compared with ordinary Negligence, which is a mere failure to exercise reasonable care.
What is reasonable care? It would be the steps that an ordinary person in a similar situation would take to ensure that his or her actions would not cause a foreseeable injury or harm. In this case, it would be the steps that an ordinary employee in the Office of the Secretary of State would take to ensure that his or her electronically stored information was secure.
How do we know what constitutes reasonable? Well, the State Department had guidance in place for employees in the FAM addressing the use of personal e-mail accounts. It has an IT office that can review a personal e-mail set-up and determine whether it meets security standards. It has a Counsel’s Office to review policy and practice to determine that it complies with national security laws. An ordinary SOS taking reasonable care would submit her private e-mail server to review by the Department’s legal counsel, and the Department’s IT office.
Hillary Clinton did not do either:
[T]he FAM contained provisions requiring employees who process SBU (sensitive information below classification level] information on their own devices to ensure that appropriate administrative, technical, and physical safeguards are maintained to protect the confidentiality and integrity of records and to ensure encryption of SBU information with products certified by NIST. With regard to encryption, Secretary Clinton’s website states that “robust protections were put in place and additional upgrades and techniques employed over time as they became available, including consulting and employing third party experts.” Although this report does not address the safety or security of her system, DS and IRM reported to OIG that Secretary Clinton never demonstrated to them that her private server or mobile device met minimum information security requirements specified by FISMA and the FAM.
And, her colleagues in the State Department told the IG that they were never asked whether the server was appropriate, safe, or legal:
In addition to interviewing current and former officials in DS and IRM, OIG interviewed other senior Department officials with relevant knowledge who served under Secretary Clinton, including the Under Secretary for Management, who supervises both DS and IRM; current and former Executive Secretaries; and attorneys within the Office of the Legal Adviser. These officials all stated that they were not asked to approve or otherwise review the use of Secretary Clinton’s server and that they had no knowledge of approval or review by other Department staff. These officials also stated that they were unaware of the scope or extent of Secretary Clinton’s use of a personal email account, though many of them sent emails to the Secretary on this account. Secretary Clinton’s Chief of Staff also testified before the House Select Committee on Benghazi that she was unaware of anyone being consulted about the Secretary’s exclusive use of a personal email address.
Well, maybe the issue never came up, right? I mean, maybe the entire State Department just innocently thought that this server was no big deal because Powell did it:
OIG did find evidence that various staff and senior officials throughout the Department had discussions related to the Secretary’s use of non-Departmental systems, suggesting there was some awareness of Secretary Clinton’s practices. For example:
- In late-January 2009, in response to Secretary Clinton’s desire to take her BlackBerry device into secure areas, her Chief of Staff discussed with senior officials in S/ES and with the Under Secretary for Management alternative solutions, such as setting up a separate stand-alone computer connected to the Internet for Secretary Clinton “to enable her to check her emails from her desk.” The Under Secretary’s response was “the stand-alone separate network PC is [a] great idea” and that it is “the best solution.” According to the Department, no such computer was ever set up.
- In November 2010, Secretary Clinton and her Deputy Chief of Staff for Operations discussed the fact that Secretary Clinton’s emails to Department employees were not being received. The Deputy Chief of Staff emailed the Secretary that “we should talk about putting you on state email or releasing your email address to the department so you are not going to spam.” In response, the Secretary wrote, “Let’s get separate address or device but I don’t want any risk of the personal being accessible.”
- In August 2011, the Executive Secretary, the Under Secretary for Management, and Secretary Clinton’s Chief of Staff and Deputy Chief of Staff, in response to the Secretary’s request, discussed via email providing her with a Department BlackBerry to replace her personal BlackBerry, which was malfunctioning, possibly because “her personal email server is down.” The then-Executive Secretary informed staff of his intent to provide two devices for the Secretary to use: “one with an operating State Department email account (which would mask her identity, but which would also be subject to FOIA requests), and another which would just have phone and internet capability.” In another email exchange, the Director of S/ES-IRM noted that an email account and address had already been set up for the Secretary and also stated that “you should be aware that any email would go through the Department’s infrastructure and subject to FOIA searches.” However, the Secretary’s Deputy Chief of Staff rejected the proposal to use two devices, stating that it “doesn’t make a whole lot of sense.” OIG found no evidence that the Secretary obtained a Department address or device after this discussion.
- Two staff in S/ES-IRM reported to OIG that, in late 2010, they each discussed their concerns about Secretary Clinton’s use of a personal email account in separate meetings with the then-Director of S/ES-IRM. In one meeting, one staff member raised concerns that information sent and received on Secretary Clinton’s account could contain Federal records that needed to be preserved in order to satisfy Federal recordkeeping requirements. According to the staff member, the Director stated that the Secretary’s personal system had been reviewed and approved by Department legal staff and that the matter was not to be discussed any further. As previously noted, OIG found no evidence that staff in the Office of the Legal Adviser reviewed or approved Secretary Clinton’s personal system. According to the other S/ES-IRM staff member who raised concerns about the server, the Director stated that the mission of S/ES-IRM is to support the Secretary and instructed the staff never to speak of the Secretary’s personal email system again.
OK, so multiple state department employees suggested switching her to a State Department e-mail address, but she refused. And, two employees were so concerned they approached their supervisors about the situation. But that’s probably because they were just worry warts, right? No reason to be actually worried about the private server:
- On January 9, 2011, the non-Departmental advisor to President Clinton who provided technical support to the Clinton email system notified the Secretary’s Deputy Chief of Staff for Operations that he had to shut down the server because he believed “someone was trying to hack us and while they did not get in i didnt [sic] want to let them have the chance to.” Later that day, the advisor again wrote to the Deputy Chief of Staff for Operations, “We were attacked again so I shut [the server] down for a few min.” On January 10, the Deputy Chief of Staff for Operations emailed the Chief of Staff and the Deputy Chief of Staff for Planning and instructed them not to email the Secretary “anything sensitive” and stated that she could “explain more in person.”
Wow, so people outside of the government were actively aware of the server and were apparently trying to hack its contents. Did Hillary have IRM conduct a review of her security procedures to determine if the server met standards? No. As stated above, the IG found no attempt throughout Secretary Clinton’s tenure to have IRM review and approve the server.
So did IRM get involved at all? Yes, the State Department’s servers thought Hillary’s e-mails were spam. Think about that, the private server being used by the Secretary of State for all State Department correspondence was identified as spam by the State Department’s server. That was apparently enough to get Hillary to have IRM involved to fix the problem:
- OIG identified two individuals who provided technical support to Secretary Clinton. The first, who was at one time an advisor to former President Clinton but was never a Department employee, registered the clintonemail.com domain name on January 13, 2009. The second, a Schedule C political appointee who worked in IRM as a Senior Advisor from May 2009 through February 2013, provided technical support for BlackBerry communications during the Secretary’s 2008 campaign for President. OIG reviewed emails showing communications between Department staff and both individuals concerning operational issues affecting the Secretary’s email and server from 2010 through at least October 2012. For example, in December 2010, the Senior Advisor worked with S/ES-IRM and IRM staff to resolve issues affecting the ability of emails transmitted through the clintonemail.com domain used by Secretary Clinton to reach Department email addresses using the state.gov domain.
Exercising reasonable care would have involved following State Department procedures for establishing and using a private e-mail address by approaching IRM for approval. It would have involved approaching the State Department’s lawyers to determine if it was appropriate to establish a private server for the storage of the Secretary of State’s e-mails. It would have involved addressing known security risks by properly reporting those risks to the State Department and resolving the issue with the assistance of IRM. Instead, Hillary used her server without authorization, without the advice of the Department’s legal counsel, and without a security review by IRM. Despite being approached on numerous occasions about switching to a State account, Hillary insisted on using her private server.
The Real Danger of Possible Prosecution
The IG's report was not a vindication. If anything, it was a road map to a possible indictment. We simply cannot go into the general election with something like this hanging over the head of our nominee. If any details of the investigation leak, or if Loretta Lynch actually brings an indictment, it would ensure the election of Donald Trump. Furthermore, it’s bad for our democracy to have a presidential candidate running who has exercised such terrible judgment, placing herself, her subordinates, and her close advisers at risk of serious violations of the law, all for her personal convenience.
The nominee doesn’t have to be Bernie, but it should be someone else.