Well, it’s been quite an interesting week in Emailghazi land. FBI Director James Comey announced during a lengthy press conference that charges would not be filed against Secretary Clinton for her use of a private email server or mishandling of classified information. However, Comey did spent time making an extended attack on Clinton’s judgement and her carelessness.
He made things sound bad, real bad.
And then a few days later he testified before Congress and under oath the details of the story of how the Director came to his decision not to charge painted a decidedly different picture than that of his previous press conference. Many of those details are highly significant and put the actions that led to the Director's decision and his scathing rebuke of the Secretary in an entirely different light.
Now In full disclosure I used to hold a Top Secret/SAR clearance while working in the IT department of a defense contractor for 12 years. As a result I may have a somewhat unique view and perspective on this situation that others may not appreciate.
The first factor is that classified data is usually protected using C2 Security Requirements or better.
- It must be possible to control access to a resource by granting or denying access to individual users or named groups of users.
- Memory must be protected so that its contents cannot be read after a process frees it. Similarly, a secure file system, such as NTFS, must protect deleted files from being read.
- Users must identify themselves in a unique manner, such as by password, when they log on. All auditable actions must identify the user performing the action.
- System administrators must be able to audit security-related events. However, access to the security-related events audit data must be limited to authorized administrators.
- The system must be protected from external interference or tampering, such as modification of the running system or of system files stored on disk.
In order to meet these standards computer systems containing classified information can not be linked or attached to outside unclassified systems or the internet. The only way for classified information to reach an unclassified internet linked email system such as Secretary Clinton’s would be for someone to manually copy the files using a floppy, zip or usb drive, or else manually transcribe the information onto the unclassified system from a printed copy of the classified document.
The PC’s and workstation that I worked with 20 years ago in a classified environment had to have their external drives, floppies, CD and DVD, de-installed and may even be placed in a ray-shielded room to prevent electromagnetic transmission of data in order to meet the C2 standard. Since then some things have changed and digital communication in a classified environment are handled via use of a SCIF.
Most senior officials who deal with classified information have a SCIF in their offices and their homes.
These are not just extra offices with a special lock. Each SCIF is constructed following complex rules imposed by the intelligence and defense communities. Restrictions imposed on the builders are designed to ensure that no unauthorized personnel can get into the room, and the SCIF cannot be accessed by hacking or electronic eavesdropping. A group called the technical surveillance countermeasures team (TSCM) investigates the area or activity to check that all communications are protected from outside surveillance and cannot be intercepted.
Most permanent SCIFs have physical and technical security, called TEMPEST. The facility is guarded and in operation 24 hours a day, seven days a week; any official on the SCIF staff must have the highest security clearance. There is supposed to be sufficient personnel continuously present to observe the primary, secondary and emergency exit doors of the SCIF. Each SCIF must apply fundamental red-black separation to prevent the inadvertent transmission of classified data over telephone lines, power lines or signal lines.
The SCIF would be secure and would not house or be linked to Clinton's email or the internet. From all indications Clinton did not does have a classified SCIF installed in her house, so she or her staff would be using [either that one or] the SCIF located within the State Dept. offices to do classified communications, not her email account.
There should be no classified info on her server because there should be no physical way for it to leave the SCIF and get there. Understanding this helps greatly when you try to understand what Director Comey meant by this during his testimony.
"We did not find evidence sufficient to establish that she knew she was sending classified information beyond a reasonable doubt to meet the intent standard," Comey explained.
This goes back to Clinton’s claims that she did not send classified information that was "marked” at the time. Some have taken this to be a lawyerly dodge, but it's quite critical to the entire point. Within the SCIF environment every documented is marked with a header whether it is classified or not. Every unclassified document actually says “Unclassified” in order maintain the standard.
But the classified documents that Comey says were among Clinton’s personal email were not marked this way.
“According to the manual, if you’re going to classify something, there has to be a header on the document, right?” Cartwright asked, to which Comey responded in the affirmative.
Asked whether there was a header that contained the “c” in the text, Comey said the “c” denoting classified material “was in the body in the text but there was no header on the email or in the text.”
“So if Secretary Clinton really were an expert at what's classified and what’s not classified and we're following the manual, the absence of a header would tell her immediately that those three documents were not classified,” Cartwright remarked. “Am I correct in that?”
Comey called it a “reasonable inference.”
So it’s quite reasonable to assume that Clinton did not know that some paragraphs contained within the content of, according to Comey three individual emails that were being repeatedly forwarded back and forth, where actually classified because they were only marked with a (C) instead of the standard headings. She had no idea. And consequently she wasn’t lying when she said she didn’t send any emails “marked” classified at the time. She didn’t using the standard set by the manual and the fact that the SCIF is entirely seperated from her system. Comey did not say that any classified information with “standard headers” were sent or received by Clinton, and also that he and the FBI did not consider any documents that had been “Up-Classified” after fact as a result of FOIA or review by the Inspector General.
According to what Comey described these paragraphs marked (C) were input by staffers “down stream” from the Secretary, I would assume input as a manually transcribed excerpt from the original classified document since a “copy/paste” should not be possible from classified to unclassified systems. Eventually this info, Comey said, was forwarded upstream and reached Secretary Clinton for her review or comment. Comey stated that nearly 1,000 people within the State Dept viewed or were copied one of these emails with a (C) marked paragraph.
He also stated under oath that all of those people had clearance to view this information.
When Comey stated there was a “problem” in the handling of classified info within the State Dept. in general, I believe this is what he meant. In the coarse of doing their job, and in communicating about their job, classified issues need to be discussed. Outside of doing all their communication within a cumbersome SCIF the use of the (C), which does not conform with the classification manual, appears to have been adopted as a shorthand method and not everyone, including the Secretary, is necessarily aware of this practice.
Over and above the exposure that Clinton’s outside risk created as a target for hackers — and Comey did not say that it had been hacked, noting that the one person who had claimed to have hacked her system “was lying” — this shorthand classification method within the unclassified environment seems to me like a problem, and it’s a problem for all 1,000 people who were connected to those email chains, not just the Secretary.
All of that is ultimately why Comey said this.
“Is it your statement, then, before this committee that Secretary Clinton should have known not to send classified material and yet she did?” Rep. Tim Walberg (R-Mich.) asked as the hearing extended to its third hour.
“Certainly she should have known not to send classified information,” Comey said. “As I said, that's the definition of negligent. I think she was extremely careless. I think she was negligent. That I could establish. What we can't establish is that she acted with the necessary criminal intent.”
Now there was another “Marking” issue which I had discovered when debating Clinton’s emails with some on the right. They claim that Clinton once ordered classified markings to be removed from a fax, thereby allowing classified information to be improperly transmitted. I had been advised by Armando in twitter that this didn’t happen, but then during his testimony Comey brought it up and confirmed that it did occur, however he also said that when Clinton instructed the information be sent in “non-paper” form the instruction also included removing the classified portion of the document as well as the markings.
There’s also the argument, which was raised by Rep. Cummings during the hearing which seems to have surprised Comey, that the paragraphs marked with a (C) were in fact wrongly identified due to human error.
At a regular briefing for reporters Wednesday, Kirby said State is aware of two instances in the set of roughly 30,000 messages turned over to the agency by Clinton where classification markings appeared in the emails. However, he said those were mistakes where staff failed to remove the notations while preparing background and talking points for Clinton in a planned phone call with a foreign official.
"It appears that those...that those markings were a human error. They didn’t need to be there. Because once the secretary had decided to make the call, the process is then to move the call sheet, to change its markings to unclassified and deliver it to the secretary in a form that he or she can use," Kirby said. "And best we can tell on these occasions, the markings — the confidential markings — was simply human error. Because the decision had already been made, they didn’t need to be made on the email."
Kirby said such "call sheets" are often treated as classified when being prepared but as unclassified when forwarded to the secretary for his or her use.
Comey seemed unaware of this when it was brought up by Cummings and if that is the case, there were no classified documents, marked or unmarked, that were sent or received by Secretary Clinton. If Comey had recommended that charges be filed, this revelation would have completely blown his case apart even his claim of her “extreme negligence” because in fact it wasn’t her negligence but an error made by a staffer in preparing her call sheets and leaving a (C) classification marking in the email when none was needed.
Comey was questioned about the (C) markings by a Rep. Meadows.
Comey again referenced Clinton’s lack of sophistication during an exchange with Rep. Mark Meadows (R-N.C.), who asked the FBI director whether he meant to say that the secretary of state “is not sophisticated enough to understand a classified marking.”
"That’s not what I’m saying,” Comey answered. “You asked me, did I assume that someone would know. Probably before this investigation, I would have. I’m not so sure of that answer any longer. I think it’s possible — possible — that she didn’t understand what a ‘(c)’ meant went she saw it in the body of an email like that.”
Meadows then asked Comey whether a "reasonable person" would think that someone of Clinton's stature would understand that.
"I think that's a conclusion a reasonable person would draw, it may not be accurate,” Comey remarked, “but that's what folks would say.”
So the key classified information was only marked with a (C) not with normal markings and it’s perfectly reasonable for someone to think those documents weren’t classified as a result.
Again.
“According to the manual, if you’re going to classify something, there has to be a header on the document, right?” Cartwright asked, to which Comey responded in the affirmative.
Asked whether there was a header that contained the “c” in the text, Comey said the “c” denoting classified material “was in the body in the text but there was no header on the email or in the text.”
So if Secretary Clinton really were an expert at what's classified and what’s not classified and we're following the manual, the absence of a header would tell her immediately that those three documents were not classified,” Cartwright remarked. “Am I correct in that?”
Comey called it a “reasonable inference.”
It would be a “reasonable inference” for someone to believe those documents weren’t classified, and in fact two of them actually weren’t at all because the (C) marking was a mistake.
Now there are some other issues here as to whether her server being outside of state.gov made it vulnerable to being hacked, even though there’s no evidence that it was, or that changes made by the state internal IT to better allow Clinton and Huma Abedin’s emails to get through by disabling part of their firewall ultimately led to a successful hack of the state.gov email system.
But there is no evidence that was the case, or that Clinton’s own system was hacked.
Rep. Chaffetz attempted to make some hay of the issue that Clinton’s attorneys may have viewed classified information when sorting her emails and deciding what to delete, but Comey countered that they didn’t read all the emails, only the titles and headers. [Rep. Cummings stated his understanding was the Clinton’s attorneys had clearance] This may also be why they may have mistakenly deleted some of her work related emails that they had believed were personal since they didn’t actually read them. Chaffetz also suggested that Congress would be referring a potential perjury case to the FBI against Secretary Clinton for her under oath statements during the Benghazi hearing, but with all the facts on the table I have strong doubts there’s any real case to be perused there.
All in all, much of Comey testimony slapped down right-wing conspiracy theories and greatly bolstered many of the public claims made by Secretary Clinton herself about the entire email situation.
Whether the Clinton campaign will push back using these revelations remains to be seen, but I suspect they will. Vigorously.