Among the more disappointing things in all of this is that there is a rational, important conversation to be had about everyday awareness of security and government inflexibility. But there won't be, because she is Hillary Clinton and it is 2016.
Supposedly she got the server set up because the NSA refused to give a politician who travels frequently a secure smartphone. She (I personally believe) was likely ignorant of many of the security requirements of such a server (even one set up for unclassified e-mail), as was whoever set it up. And no-one on her staff either knew enough or was willing enough to say anything. She is also supposedly not the first Secretary of State to have an arrangement of this nature.
This feels like the very definition of systematic failure and clearly needs to change. But the conversation is almost exclusively based around a) her having nefarious motivations, because she is Hillary Clinton, or b) this all being a Republican plot to derail the Democratic candidate for President.
Supposedly she got the server set up because the NSA refused to give a politician who travels frequently a secure smartphone.
Baloney. She was the second most powerful person in the US government. If she couldn't get them to provide modern secure communications, she had the ear of the one who could.
If it was as you say, and truly that systemic a problem, then indeed heads should politically roll - starting from the top, which means her.
Handling national secrets on a cheap generic PC in one's bathroom because a subordinate huge-budget agency won't cooperate is a sign of gross incompetence on many levels. If jail time is what it's going to take to motivate people to get this systemic problem solved, them so be it. The standards are obvious, and ominously violated to a dangerous degree.
I think the NSA wanted to give her a secure Windows Mobile (or whatever it was called back then) phone, which may have been better supported. They also mention security issues with Blackberry, presumably even if they tried to make it "secure" themselves.
If I remember correctly, they didn't want to allow Obama to use a Blackberry either back then, but he was a big fan of Blackberries and said he couldn't use the much uglier and brick-like alternatives. So I think they eventually compromised for the president. But I don't think they were just going to do it for everyone else, at least not at the time.
They rated the statement 'my predecessors did the exact same thing' mostly false. Editorial choice -- they could have rated the statement 'none of my predecessors followed proper procedure for email either' and found it true.
Powell maintained his own email but without the server in his house, Rice claims she avoided all email, so we have exactly 0 secretaries of state who've handled email 'the right way' in 220-some-odd years of this fine country.
Indeed. I believe she should be investigated and prosecuted for this, but I nevertheless think it remains a mostly credible claim with respect to Powell. If I understand correctly, Politifact makes the argument that Powell used a personal e-mail address at an established service whereas Clinton installed her own mail server.
As someone who believes strongly in revitalizing self-hosting, I find focusing on Hillary's use of a personal mail server (and not on the fact that it was not an official e-mail account, full stop) to be unfairly marginalizing personal mail servers or personal servers in general. There's nothing wrong about running your own mail server. The problem is running your own mail server to give yourself a personal e-mail account to use in your job as Secretary of State. But the key part is using a personal e-mail account for your job that involves dealing with highly sensitive and classified materials—an action that would get most government employees fired if not imprisoned.
using this statue to prosecute would not only violate the spirit and intent of the law but also be very unlikely, given precedent, to result in any conviction. Hence a competent prosecutor would likely not seek to prosecute based on this law, nor should they, as it would be a waste of taxpayer money not to mention the ill effect it would have on our electoral process (sudden unnecessary prosecution against particular candidates unlikely to lead anywhere).
“Whoever, being an officer, employee, contractor, or consultant of the United States, and, by virtue of his office, employment, position, or contract, becomes possessed of documents or materials containing classified information of the United States, knowingly removes such documents or materials without authority and with the intent to retain such documents or materials at an unauthorized location shall be fined under this title or imprisoned for not more than one year, or both. “
Applying that to Hillary's case is a bit of a stretch. It's not like she was downloading all the confidential stuff at the White House and emailing it to herself. And anyone emailing to clintonemail.com would presumably guess that was going to the Clinton's email server.
I've almost entirely given up on conversations in HN threads, but the recent State Dept Inspector General's report concludes that after the server was found to be compromised, the staffers who found the issue were told to never speak of it again.
This wasn't just poor IT security, this was willful ignorance of the consequences of state secrets being in the open. It is incredibly likely she was targeted by foreign intelligence. And perhaps Russia found it useful that no one was talking about their impending invasion of Ukraine or Iran learned how desperate the administration was to cut a deal? There were a thousand ways this could have undercut US foreign policy, which has recently been disastrous (Like when Hillary hung up the phone on her Russian counterpart in 2012 when Russia was trying to negotiate a peaceful conclusion in Syria - according to the Wikileaks embassy cables).
> This wasn't just poor IT security, this was willful ignorance of the consequences of state secrets being in the open.
To be clear, this was unclassified email. Classified email is on a separate network.
Certainly having access to the Secretary of State's unclassified emails could yield valuable intelligence insights but these are not emails that are going to contain "secrets" per se.
That's absolutely not clear at all. Content from SIPRNet and JWICS both ended up in 1,340 of the emails on Hillary's server. The CIA has reviewed the emails and said that several of them contain partial content from their highly sensitive intelligence on human intelligence.
We won't know for sure until the FBI investigation is complete, but it is looking like this wasn't an accident but a cavalier attitude towards handling sensitive intelligence.
But given how no one seems to care how she handled Syria, Iraq, and N. Africa, it's obvious it doesn't much matter how she handled secret information.
Right, but State Department has Classnet for classified materials, this is not a case of Clinton plugging into Classnet with a private server.
The fact that other people sent information to her Opennet email address that contained information derived from classified documents is not necessarily damning for Clinton. If someone from DoD or any of the intelligence agencies pulled information from a classified document and sent it to a public email address, that spillage would be on the sender.
If Clinton realized that classified info came into her inbox then she would be responsible for getting that information off an unclassified machine. But if someone pasted an excerpt from a classified source into an unclassified email, the recipient of that email may not know that it was in fact classified information. Certain types of information should ring alarm bells for the recipient, but the classification of other types of information are not always going to be apparent if the information is not marked (secret, top secret, sbu, etc).
To date there doesn't seem to be anyone claiming there was intentional spillage on Clinton's part, or that she personally took classified information and put it on an unclassified system. There may yet be more revealed but right now it doesn't look like she did anything meriting prosecution.
I agree with this, but the failure is one of the government to "train" its appointed/elected members adequately. It should never be acceptable for STATE to conduct official business over private email, that just just be the rule. And while previous secretaries have also "worked around it" it is something the FBI should intervene on and enforce. The pressure of it being hard to do can lead to better funding/resources on making it easier to use, but the going in position should be "You shall not ... and if you do we're coming after you."
What's the rationale for not giving everyone secure smartphones? And I mean high-ranking officials, SoS certainly ranks considering how much she/he is in foreign countries with foreign leaders. Can someone in the know explain why the NSA would deny such requests?
Difficult to know for sure. Obama had one, Rice previously used one, but:
The NSA refused to give Clinton a device similar to the one used by Obama: a modified BlackBerry 8830 World Edition with additional cryptography installed. And while Clinton's predecessor Condaleeza Rice had obtained waivers for herself and her staff to use BlackBerry devices, Clinton's staff was told that "use [of the BlackBerry] expanded to an unmanageable number of users from a security perspective, so those waivers were phased out and BlackBerry use was not allowed in her Suite,"[1]
This being Clinton there are probably conspiracy theories (the NSA is out to get her!) but I suspect they simply didn't want to have to deal with it, and had the ability to say no. So they did.
>Clinton's staff was told that "use [of the BlackBerry] expanded to an unmanageable number of users from a security perspective
if you don't provide a secure way to get shit done, motivated individuals will figure out how to get shit done, security be damned. happens every time. that's what happened here.
You could rephrase it, "if you don't provide [an easy and] secure way to get shit done, motivated individuals will figure out how to get shit done, security be damned. happens every time. that's what happened here."
They refused to give her a highly customized hardened BlackBerry. She could have used a laptop or other device. There is no way they don't have a standard secure remote email capability, she just wanted what Obama had, and they said no, we aren't supporting any more bespoke devices for individuals. Which is totally rational from a security standpoint.
Idunno, this might be a little spellOCD of me, but I find it hard to take an article seriously that not once, but at least twice -- judging just from the quote here plus the lede, not even having read the article yet -- misspells the name of a Secretary (albeit a former one) of State.
In all fairness, Obama's use of a smartphone was unprecedented. I read (but cannot find a reasonable source now) that Obama's Blackberry was tethered to a private base station, not any kind of public network, cellular or otherwise. So "secure smartphone" is a term that really means "secure infrastructure".
Supposedly his phone is also locked down to just ~10 other similarly secure numbers, while Clinton wanted to be able to use her secure phone to call her entire staff. That would've required dozens or hundreds more devices, which is a problem when every possible loss or compromise of any device is such a huge deal.
Actually no, we're fortunate this isn't happening in 2017, or 2018. We can still keep her out of office, and we should, on moral grounds, not party grounds.
Unfortunately, the alternatives to her aren't that great either. I'm hedging my bets until November, hoping some sort of miracle happens. Hoping this election invokes the 12th amendment and goes to the house. I feel none of the current candidates would be eligible and we'd get a fresh start.
They are very displeased with him actually, remember Trump has alienated all the establishment in his party. And the house can nominate whomever they want.
>Supposedly she got the server set up because the NSA refused to give a politician who travels frequently a secure smartphone.
She didn't want the one they offered her, which was an older-style Windows Mobile phone. As the emails frequently note, she is not a "computer person", she knew how to work one kind of device for accessing email and refused to use anything different. They offered her a secure computer with a dedicated outside line even inside State, but her handlers thought she wouldn't even be able to deal with the concept of accessing her email on a PC rather than a Blackberry. I am not bashing Clinton here, I am just reading back the stuff from the emails that was on JudicialWatch.
What's "depressing" to me is that I have had to handle classified material in the past and there's zero doubt what would happen to me if I handled this shit like her and her staff did, but there's going to be zero material consequences for her. I kind of feel like there's two sets of law books, ones for peons like me, and ones for special people like her.
If our Secretary of State and would-be President can't be bothered to learn how to read email on a PC, even (especially) for the sake of information security, I think that deserves a little bashing.
They're too busy to make an appointment with their desk to read emails, and the government can't supply a secure smartphone to anyone less high up than the President himself? Even the Secretary of State? Just bizarre.
The NSA is not beholden to the State Department so they could very easily have told her no. Even between different branches of the Armed Forces there is limited ability to force the issue if another branch doesn't want to do something.
It's not A or B. They are not mutually exclusive. She can be evil and the subject of a plot. In fact, given that she is a politician, A is a most certainly true. And given that she is a candidate for president, so is B.
> She is also supposedly not the first Secretary of State to have an arrangement of this nature.
Careful with the phrasing - it has been said others have used "private e-mail" but that is, to me, not the same as setting up a server and using it exclusively.
Do you know anybody with their own home email server?
In context, that was implicitly "any previous US Secretary of State", not "any human being on Earth".
And I think the OIG report expressly said that Clinton was the only one to have done so.
OTOH, one could argue that a third party non-government, non-sanctioned, email system that the official does not control is potentially worse in many ways than a personal email server, as in the latter case the official at least in principal had control of retention and access and other aspects of the behavior of the system.
I think it's one thing to have run your own email server back in the early 2000's and doing the same in the mid teens. There is much more sophistication in terms of adversarial means and methods as well as sheer number of adversaries --as well as "education" about security.
In that case, I'd worry about the user doing unlawful/immoral things they can be blackmailed with. Agencies have made up accusations and set up traps for politicians in the past (and worse: see FBI vs. Martin Luther King, Jr.). If they can blackmail a person with the truth, chances are that others can do it too (criminals e.g.).
Isn't one of the main arguments against dragnet surveillance the possibility for the surveiling agency to blackmail the politicians who write the laws limiting its power?
The same argument surely applies to targeted surveillance...
sure. i was aiming to poke people citing occam's razor when controversial matter comes up because cognitive dissonance or whatever their problem is. sheep like to chose the easy path of denying things like you suggest ... until snowden gives up his life. and still they go about their useless business.
but after all, it _is_ a conspiracy theory because there would be at least two parties involved conspiring to blackmail. sheep also don't get what the term actually means.
No, she didn't, on many levels. Her underlings should have known better, but if a 68-year-old politician knew anything about internet security practices, I'd vote for them!
Her underlings were speaking up and were promptly silenced.
"The first query was dismissed by Clinton’s deputy chief of staff, claiming that the requirement to use two devices for official and personal e-mail “didn’t make a lot of sense.” Staffers raised concerns again the next January, but were told by a director that Clinton had received approval for her private server, even though she never requested it. Furthermore, the same official “instructed the staff never to speak of the Secretary’s personal e-mail system again.”
So, after a bogus real estate fraud investigation lead to the revelation of one of Bill's affairs and his subsequent impeachment, and then congress created committees to pour through her records for dirt, you know "on many levels" that she is accidentally keeping her records private. right.
This is really the crux of the case no one is talking about. There seems to be this notion she set out to do this evil deceptive thing. She had no idea, if anything her underlings were to blame. It was a colossal error, and she's terrible at articulating just about anything, let alone this failure.
Our choices this cycle are extremely poor, but I'll take her finger on the button any day of the week over the real estate oompa loompa.
That's a bit of a myth that's come about when compared to Sanders. In reality, her voting record is around the 70th percentile most liberal out of Democrat senators (referring to her last year).
She might be more Hawkish then Trump although considering the fact that Trump is making all his nonsense up as he goes along its really hard to tell. He tacks isolationist since everyone is tired of war and then he tacks we will destroy our enemies since everyone hates ISIS.
The Saudis might not be good allies but they are our allies. Considering Trump has talked about retreating from our nicer allies like South Korea and Japan in terms of everyone for themselves I wouldn't be surprised if they prefer her. It's not like they are donating money to her campaign.
Wall Street is afraid Trump will do something crazy and destroy the economy.
Haha, but hilariously both democrats and republicans feel very strongly that we should all vote for one of the two. They know deep down that it's one party with two basically identical divisions, but they could never utter that fact aloud.
He claimed to support it because it included the Violence Against Women Act, and criticized harsh on crime policies. That said high crime rate of the 90s made everyone a bit crazy. Now with dropping crime rates even conservatives talk of reform and jailing fewer people.
> Supposedly she got the server set up because the NSA refused to give a politician who travels frequently a secure smartphone.
That would have made it more difficult for the NSA to spy on her. I know this sounds cynical, but really, do you think the NSA doesn't spy on our government officials?
Re smartphone NSA refused to let her use a specific phone. There were several smartphones and certified solutions available. Hillary only wanted Blackberry. Quite opposite of your statement.
Re nefarious motivations. The server and its location weren't just used for diplomatic stuff. There are nefarious things going on. She worked hard to block any FOIA requests or supeonas that would enlighten us more. The mark of an honest politician or nonprofit. ;)
Here's some more details about the state of security of her private server [0]:
>Outlook Web Access, or OWA, was running on port 80 without SSL (unencrypted)
>Remote Desktop Protocol, port 3389, was exposed through the DMZ (open to anyone on the internet.) This, at the time it was being used, was open to critical vulnerabilities that would allow for remote execution of code.
>VNC Remote Desktop, port 5900, was also exposed through the DMZ.
>SSL VPN used a self-signed certificate. This isn't inherently bad, but left them open for "spearphishing" attacks, which have already been confirmed to be received by Hillary Clinton and her staff
It's also interesting how they responded to attacks on the server [1]:
>Here is the section from page 41 of the report which references an “attack”:
> On January 9, 2011, the non-Departmental advisor to President Clinton who provided technical support to the Clinton email system notified the Secretary’s Deputy Chief of Staff for Operations that he had to shut down the server because he believed “someone was trying to hack us and while they did not get in i didnt [sic] want to let them have the chance to.” Later that day, the advisor again wrote to the Deputy Chief of Staff for Operations, “We were attacked again so I shut [the server] down for a few min.” On January 10, the Deputy Chief of Staff for Operations emailed the Chief of Staff and the Deputy Chief of Staff for Planning and instructed them not to email the Secretary “anything sensitive” and stated that she could “explain more in person.”
This is, in my opinion, the worst part of the story. Anyone who has set up a web-server on the public net knows what happens when you leave ports accessible like this to old, well-known software. There's a good chance people would target her domain/IP looking for exploits and I'd be scared to question just how many people got access to that machine.
I wouldn't say "anyone". Most people, technical or not, have no idea what they're doing when it comes to computer security and don't care enough or take the time to research best practices.
One of the commenters on the Krebs post makes a remarkable point [1]:
"It gets better. Do a dig mx clintonemail.com. You’ll see that the machine’s incoming email was filtered by mxlogic.net, a spam filtering service that works by received all your emails, filtering out the spam, and forwarding you the rest.
This is because the hosting provider, Platte River Network, sold a package along with the hosting. The package included spam filtering and full-disk off-site backup (since then seized by the FBI).
So every email received by Clinton was going through many unsecured places, including a spam filtering queue, a backup appliance and an off-site backup server. Which has already been documented."
"She" did nothing of the sort. She told someone she wanted her email available. They said, ok, we'll just host it ourselves. "Whatever, I want my daily suduko and make sure I stop getting those damn linked-in spams". "Ok boss".
Seriously, how could anyone really believe she specc'd this out herself? Her staff probably threw it together as a MVP with the full intention of revisiting the implementation "really soon".
She cheered imprisonment of whistleblowers, citing sanctity of classified info. Source: "Hillary Clinton on the Sanctity of Protecting Classified Information"
Best quote: “I think that in an age where so much information is flying through cyberspace, we all have to be aware of the fact that some information which is sensitive, which does affect the security of individuals and relationships, deserves to be protected and we will continue to take necessary steps to do so,” Clinton said
Or, truly the craziest of possible scenarios: simply followed the instructions given to her by the people administering her access to the government's IT infrastructure.
I don't disagree with you. Just seemed like we were getting into the bizarre talking about teams of grad students to create something that already existed, unless I just didn't detect the sarcasm.
I have spent some time talking to different people I meet/know who have security clearances.
EVERY one of tells me that if they had done what it appears Hillary did, they would fully expect to be in jail for years.
In researching this, I find that about 4.5 million Americans currently have, and maybe 1.5 million more did have in the past, security clearances.
I find it hard to believe that in Washington DC, surrounded by people with security clearances, this was unintentional and just an accident. It's like Hillary had to look far afield to find people without security clearances so that they would set this up for her.
That's because in the federal government the average employee simply doesn't have the same amount of power nor leeway that a cabinet level executive would. For one, several cabinet level appointees have original classifying authority. No regular employee has that power.
A rank and file employee obviously could not direct anyone to set up a private email server for their correspondence or request that the NSA provide them with a secure blackberry.
> I find it hard to believe that in Washington DC, surrounded by people with security clearances, this was unintentional and just an accident. It's like Hillary had to look far afield to find people without security clearances so that they would set this up for her.
Clinton certainly was wrong here and people certainly told her not to do this. But I don't think it requires malicious intent, just someone not taking the rules/guidelines seriously and/or thinking they have more power than they do.
NARA compliance is something that many people either don't know about or are confused about at State department so I could see how some might not take it as seriously as they should.
I'm sure she and her inner circle rationalized away the security risk because classified materials are not supposed to be sent to public email addresses, there's a separate network for that.
- Executive Order 13526 and 18 U.S.C Sec. 793(f) of the federal code make it unlawful to send of store classified information on personal email.
- Section 1236.22 of the 2009 National Archives and Records Administration (NARA) requirements states that:
“Agencies that allow employees to send and receive official electronic mail messages using a system not operated by the agency must ensure that Federal records sent or received on such systems are preserved in the appropriate agency record keeping system.”
- MSNBC’s Lawrence O’Donnell believes that the use of a personal emails server appears to be a preemptive move, specifically designed to circumvent FOIA:
Nothing that links to the daily caller is a serious news source.
Plus the article is a pile of stupid innuendo that conflates what Hillary did with Petraeus providing contemporaneously classified documents to his journalist fuckbuddy.
Further, clearly nobody in government had a contemporaneous problem with it since they saw the email address every time they communicated with Hillary Clinton. Whenever they sent her an email, they saw
Hillary Clinton <hdr22@clintonemail.com>
show up in the email composition window, which certainly cannot be mistaken for a state department email...
In the just released state department report, there are several instances where staff complained about Clinton's use of a private server, and they were told that she had permission to do it and never to mention it again. In fact, no permission was ever sought or given.
IT staff reported issues with clintonemail going to SPAM folders and insisted Clinton use her .gov account, and she refused. IT staff further complained of security issues with her email server and were ignored.
It is simply not the case that no one had a problem with it. Many people did, and they were told to pound sand.
I worked in Federal Government for 7 years. She knew about Records Management, had a records custodian that worked for her, and clearly used clintonemail.com in an official capacity, circumventing State Department and other Federal regulations regarding official records.
Here is the official IG report:
https://assets.documentcloud.org/documents/2842429/ESP-16-03...
Sure, news sources can be biased and we should be discerning when we look at them, but that doesn't automatically mean that the source is automatically wrong 100% of the time.
The LA Times is a news source while the Daily Caller is an avowed conservative publication founded by Tucker Carlson and one of Dick Cheney's advisors.
It's quite possible the law discussed in that article was broken. The author lists the three cases of relevance: (1) whether Clinton knew she was putting classified information into an unclassified system, (2) did she willfully communicate classified information to anyone not authorized to receive it, and (3) did she remove classified information with the intent to retain such documents or materials at an unauthorized location. None of those are settled yet. The headline that "Hillary Clinton didn't break the law" is an opinion, not settled. The author is only citing what Clinton's aides and one government lawyer have said -- those are far from unbiased or conclusive. And after the state department IG's report from yesterday, it is pretty clear the violation was intentional.
The IG's report is basically just ass-covering by the Department of State, iterating her violations of protocol so that it doesn't look like they were completely incapable of recognizing things that the FBI is about to bring to light.
The criminal intent part is the FBI's job, and will likely apply, at the very least, to things like Clinton's attempt to delete thousands of messages before handing over the server (messages the FBI was able to obtain anyway due to offsite backups, going by the extrapolations observed and detailed on http://www.thompsontimeline.com/).
Even if she's not found guilty of violating any major law, this kind of obstruction of justice alone is in a class of behavior we impeached her husband over. I imagine the FBI doesn't take kindly to the people they're investigating putting the bureau through hassles like this.
>And the article lists various reasons why none of those would likely apply to her.
I guess we have different definitions of "likely" since the only reasons given are:
(1) Clinton and her aides have insisted that she didn't. They say none of her emails included material that was marked as classified at the time.
(2) She says she didn't, and there's no known evidence that she did.
(3) "If all she was doing was exchanging emails with her staff, I don't think they can prove that she had the intent to retain anything," a former top government lawyer told me.
Like I said, those are hardly unbiased or definitive assessments. Clinton and her aides have every reason to say that there was no wrongdoing. The government lawyer quoted even says "If" acknowledging that it is an assumption. As for the IG report, if it had said the violation was minor and mostly because of regulations implemented only after she left office, which had been claimed before, then it would be looking really good for her. As it stands, there is still an FBI investigation looming.
Does "not marked as classified at the time" mean what I think it does?
Obviously she did not change her automatic email footer to "Top Secret - Do not distribute - Thanks, H ;-)"
So of course none of her emails were marked - that's like saying "I am commiting a crime right here" since of course the server was insecure.
Is the content classified at the time, or even derived from a classified source? My understanding is there are perhaps thousands of emails to which this might apply, and the law needs only one. So it seems to me hopeless for Hillary to think the FBI would not recommend charges.
The bigger question is will the (current) AG decline to prosecute, and what about the next one?
"marked as classified" isn't what matters. It's misdirection.
The standard is that she had reason to believe that the email contained classified information.
Consider something obvious, like full details of an ICBM including plans for the nuclear warhead and decoys. You get a copy without markings. I hope you wouldn't imagine it to be unclassified just because it isn't "marked as classified at the time".
Some of her email contained information that she got from other government agencies; she knew it was classified and had no authority to declassify it. Some of her email actually was marked classified; we can assume she believed it to be classified. There is even a lovely case where she tells a subordinate to REMOVE THE MARKINGS and then send insecurely.
For issues with classified information, intent doesn't normally matter. This isn't libel. The rules are different. It's more like strict liability.
I don't know why you think proof has not been found. Is it because prosecution hasn't started? You can bet that many FBI and DOJ employees are struggling with the realization that prosecuting her would likely get them fired. The stress must be enormous.
My point is, ICBM hyperbole aside, it's going to be very easy for Clinton to claim that she did not know something was classified if indeed it was not officially classified at the time, and only reclassified later. A suspicion that she might be guilty is not going to cut in the courts.
> Some of her email contained information that she got from other government agencies; she knew it was classified and had no authority to declassify it. Some of her email actually was marked classified; we can assume she believed it to be classified. There is even a lovely case where she tells a subordinate to REMOVE THE MARKINGS and then send insecurely.
You'll need citations for these claims. Nothing I've read indicates any of that is true. The last example proves nothing because 1) the subordinate sent the material by secure fax in the end after all, and 2) there is no indication it was classified (http://www.cbsnews.com/news/state-department-releases-more-c...).
You'll need a citation for that. If you're talking about this exchange: http://www.cbsnews.com/news/state-department-releases-more-c..., it was sent securely in the end, not over email. Also no part of that exchange indicates the material was classified.
It depends your perspective and who you ask. The State Department was directed to draft regulations, as is common, as the result of law. The State Department says that Clinton broke those regulations. By extension, it could be argued that she broke the law.
Department of State employees are supposed to treat any material that even could be classified as extremely sensitive, and not to leave the building. On top of the flagrant disregard for security procedure detailed in this commentary, Clinton routinely shared material with private citizens like Sid Blumenthal, who had no security clearance whatsoever.
For answers to most of your questions about the Clinton email scandal, http://www.thompsontimeline.com/ breaks all the factors in play here down in excruciating detail.
Part of the whole security clearance process is instruction on detecting misclassification, so the :%s/SECRET/SUCRETS/g defense doesn't work. At least 22 emails where later classified as top secret, there is no way to mistake top secret material for uncontrolled information. There were at least 22 chances to take a step back and wonder about the wisdom of the thing.
Lets not forget the handful (I don't recall the exact number) of emails that Colin Powell sent from his personal account and had clearance adjustments later on. Or the number of Rice's staff who received emails to their personal accounts that were deemed classified after the fact.
Lots of chances for many individuals in the IC to step back and develop better procedures. Lets not put ALL the blame on Hillary.
Do we need to preface every discussion with a list of others' bad behavior? I imagine that would distract for the topic under discussion... and you wouldn't want to do that would you?
Well, we could be superficial and only talk about Hillary. OR, and this is crazy but stay with me, we could talk about how this issue happened way back in the early 2000's and no one at the NSA/House addressed the issue then.
A lot of people failed on this issue long before Hillary.
Congress addressed the issue of security of government servers more generally by passing the Federal Information Security Management Act (FISMA) in 2002. Her use of a rouge external server violates this law on every level. Clinton's predecessors have the defense that their terms preceded this law.
Why stop in the early 2000's? Surely this is all superficial if we avoid the real issue - the control of privileged information! It should be obvious how unproductive this line of thinking is, eventually we'd find ourselves debating the original sin of man.
What do you mean "that server was for only unclassified data"? There was no other server. Clinton had a .gov account but entirely refused to use it. Meaning 100% of the email Clinton sent was sent through her insecure personal server.
Do you believe 100% of her email was entirely unclassified at the time it was sent?
As for innocuous, it's reported that her emails (unsurprisingly) included intelligence from "special access programs" which are actually classified beyond top secret.
There was another server for truly classified info + hard copies were used for sensitive stuff. Also, the official non-classified state department server was confirmed hacked during her tenure.
Excerpt:
How did Clinton receive and consume classified information?
The Secretary's office was located in a secure area. Classified information was viewed in hard copy by Clinton while in the office. While on travel, the State Department had rigorous protocols for her and traveling staff to receive and transmit information of all types.
A separate, closed email system was used by the State Department for the purpose of handling classified communications, which was designed to prevent such information from being transmitted anywhere other than within that system.
That is false. Sidney Blumenthal emailed her signals intelligence (which is top-secret at a minimum) on her unsecure server, after stripping classification markings. This has been covered pretty well, and if you want to see for yourself then you can grab a copy of the Guccifer data dump.
I love her values - personal convenience vs national security. This is just the sort of person we need in the White House. It reminds me of a president (I forget which one) who tied up Air Force One on a runway at who knows what cost to the taxpayer just so he could get a haircut.
I have more of a problem with idling the engines while your hair is cut than of the closed runways. Today the complaint would be ecological not economical.
However if idling of the engines is required by security protocols then you can't complain nearly as much.
I do expect to put a ridiculous time value of money on the Presidents time and even higher on security. But it should be done to minimize inconvenience to others.
I am constantly surprised at both the vehemence and the triviality of the ire that people direct at the Clintons. There is literally nothing that people will not attack them with.
I would say that the "3 Felonies a Day" theory applies equally if not even more-so to someone like the Secretary of State. It's probably very hard if not impossible to actually do your job as a high ranking government official and not end up breaking a few laws.
The problem is once said law-breaking becomes widely reported and results in State Department and FBI inquiries, where do you go from there? How can they come back with a recommendation not to prosecute Clinton, but yet they vigorously prosecute people like Aaron Swartz?
However, I do disagree strongly with you that if charges are pressed it has anything to do with her gender. If it were John Kerry who had been SoS when Clinton was, operating kerryemail.com, and he was now running for President, I think we would be in exactly the same position.
Given all the warnings I got when I had a secret clearance back in the 80's about protecting the information and what penalties I faced for not following the rules I've found it unimaginable that the Secretary of State didn't know or didn't care about protecting much higher level secrets.
No nefarious plot. My understanding is that it went roughly like this. Back in 2009 Clinton requested a secure smartphone from the NSA. It's a custom made device (security by obscurity?). Anyway, the president gets one. As the secretary of state she has to travel a lot, and not being able to do email on the road is highly impractical. So she thought she should get one too.
The NSA denied her request for a secure smartphone and gave her some nonsense excuse. She tried a few more times to get one, and then Clinton gave up and ordered somebody to set her up with a private email server. She used this unsecure email server for years. She used it to communicate with top level officials (including the president). That she had this server was common knowledge in the administration. She knew it wasn't secure and she's been very careful not to discuss any classified information over email at all. In a handful of cases she slipped up and some classified information ended up on email anyway.
This is the best case version (for her), and what her camp wants people to believe. Its hard to see that it's true though. The IG report is pretty clear that she willfully violated recommendations and warnings about security.
Perhaps she wasn't furtively planning to take over the world, but the evidence points to more than her just wanting to use a Blackberry - it really seems (to me) like she took significant measures to avoid keeping records.
So she wanted the NSA to stonewall because that would give her the excuse she needed to set up a private email server? And the rest of the administration played along?
The simpler explanation is that Clinton got really annoyed with the NSA for denying her requests so she disregarded the rules and did her own thing.
Who knows what she would have done if she weren't stonewalled.
Your explanation is no "simpler", you're just completely disregarding the facts. People didn't just play along, she got a lot of pushback, especially for someone in such a senior position.
In 2011, she was offered a FOIAble BlackBerry. Her team said it didn't make sense. The simple explanation is that she didn't want a FOIAble BB.
You're acting like the NSA told her she couldn't have any smartphone, which isn't the story. The story is that the NSA said she couldn't have that smartphone.
Second, it seems to be your argument that she didn't get the IT support she wanted and so it's reasonable she did her own thing. This seems perfectly reasonable if you're trying desperately to give her the benefit of the doubt. Heck, we've all dealt with annoying IT departments!
Except, it's not like that. She was our top diplomat and 4th in line of succession to the presidency. It's a fact that classified information was discussed on the system.
I just can't believe that the best defense is "well, she didn't like the UI of Windows CE and she wanted a Blackberry, and it's not her fault the NSA wouldn't give her one -- so, she did what any of us would do -- she co-opted her husband's private server and paid a State Department employee under the table to manage it outside of the government infrastructure. She also made sure to order her subordinates to keep the email address out of the official State Dept. email registry because she didn't want to risk being forced to disclose anything. And, it's perfectly OK that when her email correspondence was subpoenaed during a FOIA lawsuit brought by Judicial Watch, the State Dept. didn't know to look on this server, and as such they didn't turn over all of the relevant materials until years later, when the private email address was made public and she felt it was OK to release hard copies of 30k emails (promising that among the 32k she deleted were only personal emails about yoga, Chelsea's wedding, etc.).
But, isn't that what we all do when the IT department is unreasonable?"
And those slipups should open her to prosecution under the Espionage Act.
A number of security professionals (I mean security in the government, Information Assurance sense) have told me that if they or I were to do anything like what Secretary Clinton did, we would be liable to be prosecuted.
The irony of Clinton having possibly violated the same law that she has used to (wrongly) advocate for the prosecution of whistleblowers is maddening, and moreover, the fact that she will likely escape prosecution is a horrible indictment of our democracy.
A lot of people are saying there's no way she gets indicted before the election. However, if Trump is elected, he's already said he's going to indict her and send her to prison. Therefore, I if you want to see her indicted, you're probably going to have to vote for Trump.
I expect Obama would pardon her if necessary. Worth noting that Bill Clinton pardoned John Deutch for something remarkably similar when he left office.
This is very true. But you aren't the Secretary of State. I'm sure there are people at a high enough level at wherever you work now that the normal rules don't apply to them. That's the nature of any organization. C-level executives, military generals and high level politicians can all decide not to follow certain rules if they choose, especially when it comes to IT policy. I'm not saying that what Clinton did was right or good, but this kind of thing does happen at a large number of organizations. It should not be surprising that an internationally famous figure would be treated differently than a mid level employee.
Well, why aren't they? Somehow I don't believe she sat there and edited her sendmail.cf by hand. She delegates the task, it gets done crapily, then it works so why change it.
I'm currently working with a major health care center - top of the line everything - and they hand me my upcoming appointment schedule printed from "myfreecalendars.com" because their IT people haven't gotten printing working in their new scheduling program, and frankly they just need to get shit done. I'm sure it's a HIPPA violation, but frankly I'm not going to complain because I need to get shit done too.
This narrative doesn't address the fact that Clinton was actively opposed to FOIA requests and had sought means to keep her public work private as much as possible.
Following common sense here, her decision to ignore State Department regulations (which she lied about) and participate in classified communications (which she also lied about) on a private server immediately after she had made efforts to minimize public access to her communications, leads to the obvious conclusion that she put secrecy above transparency. If her narrative in private testimony matches the public one, then she likely perjured herself as well on the point of whether the State Department authorized the server, since they now say they did not (which again, she lied about).
Not only actively opposed to FOIA requests -- unresponsive to subpoenas, including the Judicial Watch lawsuit's subpoena which requested all emails related to Benghazi and Libya.
Judicial Watch didn't get her emails about Libya with Sid Blumenthal until after the Guccifer hack made the email address public knowledge.
If it weren't for the Guccifer hack (of Sid Blumenthal's email), we wouldn't even know about the server, and she would have ignored that subpoena forever.
Forgive me, but I have only casually followed this. Perjury requires she falsify her testimony under oath, has there actually been a formal deposition from Clinton under oath?
I'll admit, I'd love to see nothing more than for her to go to prison (and I am expecting downvotes for this) - but I don't think it's going to be for perjury unless I missed something.
I'm not sure about exactly where she gave all of her testimony and I won't make any claims of purjury (though I think the evidence shows many lies here), but I feel I should point out that it's also possible to purjure oneself by lying to Congress.
The "wanting the NSA phone, being refused, and continuing to do what she'd always done" thing is the real story. Her staff were dumb not to make a stand at some point.
Quotes:
Mills wondered whether the department could get her an encrypted device like the one from the NSA that Obama used.
“If so, how can we get her one?” Mills wrote the group on Saturday evening, Jan. 24.
...
A request for a secure device from the NSA was rebuffed at the outset: “The current state of the art is not too user friendly, has no infrastructure at State, and is very expensive,” Reid, the security official, wrote in an email on Feb. 13, adding that “each time we asked the question ‘What was the solution for POTUS?’ we were politely told to shut up and color.”
I can't prove some of the more out-there theories aren't true, but they just don't make sense to me.
Given the sheer volume of email she sent from her blackberry (lunch meetings, when to get up, where to go, can you print this, happy birthday, etc) it's pretty clear it's her primary way of communication. So that explains her refusing to take no for an answer from the NSA.
If her motivation was to block FOIA requests, then why did she do literally all important and confidential communication on paper, which falls under FOIA? Then why did the entire administration accept her use of a private email server if she didn't have an obvious reason why she needed one? If her real motivation was to dodge FOIA, then why was the NSA stonewalling? The FOIA hypothesis raises far more questions than it answers.
> then why did she do literally all important and confidential communication on paper
This may not have always been the case.
> Part of the exchange is redacted, so the context of the emails is unknown, but at one point, Sullivan tells Clinton that aides "say they've had issues sending secure fax. They're working on it."
> Clinton responds, "If they can't, turn into nonpaper w no identifying heading and send nonsecure."
I don't want to go too far down the conspiracy theorists' rabbit hole here, so just consider this some alternative reality fiction for a second:
Because it is easier if everything is in one place. Imagine emailing back and forth with somebody, and they accidentally send you an email to the wrong account.
Wouldn't both sides need to be outside of FOIA for it to be worthwhile? It seems most of her emails are to staff with .gov email addresses, so surely everything is still recorded, be it in Inbox or Sent?
I just don't believe that Hillary Clinton could not get an email account on a government email server and that somehow having exchange at her house with no controls was the last option she had. I can't think of a scenario where a server at her house is better than almost any other option.
To extrapolate, the assertion is that she could get the secure .gov email account but it would only have been accessible from secured computers. They wouldn't give her a mobile device to access it, so she improvised.
If this were, say, some poor low level government worker saying they stored classified info on a private server because they just wanted to use a blackberry and anything else was too inconvenient, no doubt Hillary would call for their head on a spike. The hypocrisy of her record contrasted with this situation is strong.
Either you believe in the rule of law, or you don't. Clinton's actions have shown that she does not.
J. Scott Gration, the U.S. emissary to Kenya from 2011 to 2012 (during Clinton's tenure as SoS) was in the middle of being disciplined for improper use of email (among other things) when he resigned.
What she could not get was a Blackberry. So rather than use the approved device, she decided the simpler solution was to host her own email and just use a off the shelf device? Nothing about this makes any sense.
I never really understood why the NSA couldn't have provided her with some sort of handheld digital device that wasn't that Windows CE PDA. I also don't understand why Clinton didn't just opt to use it. Having used the WinCE devices before, they're not all that bad to do email on. They're not good, but how much worse would it have been compared to a BB? I used a UT Starcomm PP6700 (or something like that) and I even kinda liked the keypad.
I mean, according to the deposition of one of her aides that was released today she didn't know "how" to use email on anything but her BB and wasn't comfortable with something different - which is a copout of all copouts, I'm not HAPPY that I'm still deploying .Net applications on Windows at work (which isn't going to change unless Laserfiche and IBM start supporting .Net core or my team suddenly decides to switch to Java), but it's my job and I deal with the limitations imposed on me as a result of my employment.
Somewhere in between, just based on experience from spending 1.5 years to get Rahm's phone records. I've received one week so far and now I'm working on getting as much of a sample of his phone records as possible without them invoking their usual "unduly burdensome" rejection [0]. (Hoping to have something published within the next two months or so. Crazy story.)
The level of misinterpretation of FOIA among FOIA officers, lack of domain knowledge, intentional delays and reject-if-possible mentality makes these things very difficult. Total incompetence.
Though, if you find yourself close to something juicy, you can bet your ass a lawyer will swoop in and find something technically wrong to prevent information from being released. Chicago did that to me eight months in by saying "We don't use VoIP, so your request is void." after the state's attorney general's office told Chicago to give me the info. I'd consider this mildly nefarious.
[0] As far as I'm concerned, "unduly burdensome" is just another way of saying "we're not clever enough to get that information, so you're going to have to come up with a clever way on your own, with 1% of the information we have".
"Many journalists have fallen for the conspiracy theory of government. I do assure you that they would produce more accurate work if they adhered to the cock-up theory." -Bernard Ingham
Obvious throwaway account for obvious reasons. I worked at a well known international "activism" type organization. If our data practices ever came to light, the organization wouldn't exist anymore. I promise.
Never underestimate the incompetence even by the largest of organizations.
Depends if you class lobbying as a grand nefarious plot or not. I suspect there's likely to be financial reasons for the private email server in this case.
It is "65 years old wants to skirt the rules and no in her entourage had the skills to do it properly or the balls to tell her it is a bad idea".
In a sense I am sympathetic with her - this is the type of hacking the system we at HN tend to admire. Clinton is "Uber for Email" before it was cool - dislike the rules and current infrastructure - build your own.
It almost sounds like a farce: Clinton gets indicted or loses face due to incompetence relating to the e-mail server scandal, and in her place is elected The Donald, a man who has committed worse transgressions and has the potential to do even worse things when given power.
Frankly, she doesn't sound any more incompetent than even a typical old company c. 2010: think Target, Sony, etc. It would be sad, given that her opponent will likely be Trump, if this scandal sinks her candidacy.
While I care for neither she is the bigger danger because the anti-war left will be silent with her as will many other good activist groups like they are currently silent. A complicit and complacent press and Congress is the reason we have drones killing American's abroad, Manning in jail, Snowden in Russia, Libya in disarray, and a general mess in the Middle East to say the least about increased racial issues in the states. Identity based politics is poison and it shuts down too many groups.
Donald won't catch a break from ANYONE, it will be good to have nearly every group riding the Administrations ass every single day. Let alone he really isn't bound to one party or another and likely will go down the middle and get more things fixed than a party centric politician.
tl;dr the real threat Clinton poses over Trump is that press, Congress, and activist, will be silent against her.
Are you sure Trump wouldn't catch a break from anyone ? Have you seen how most republicans are now supporting him ? Do you think they won't support him if he wins ? why ?
Donald is a test as to whether or not you can win an election on white votes. The rich, white, male votes are probably the one cohort of whites he's least likely to get.
I really want to like Clinton for running her own server, respecting the decentralized basis of the Internet. Yet her domain name was clintonemail.com? What a pleb! Political corruption and murder is her family business, yet even with those capabilities she can't be bothered to obtain a better online identity? She may as well have been at hotmail or gmail and highlighted in blue!
Does this really indicate any private correspondence was printed via the internet? Even if a printer was set up which _was_ writable via this web address, that doesn't mean that emails from the email server itself were printed to that address rather than directly to the device, does it? In fact, presumably the printer and email were hosted on the same server so it doesn't make much sense to me that they would send one to the other via the web address.
It seems like it would be strange to give a printer a DNS name if you didn't intend to talk to it over the internet. If you're directly connected it doesn't need an IP at all.
I think the sniffing threat mentioned is overblown. As one of the commenters mentions, ISPs don't generally allow adjacent IPs to sniff traffic.
A bigger threat is that a vulnerability in the printer may have been exploited. E.g., for a long time most HP printers could have their firmware upgraded by sending them a print job. And so far the cursory look I've taken at various printer firmware has been really alarming – think thousands of calls to strcpy/memcpy and other unsafe friends.
Printer firmware and drivers are the worst. I've integrated with a software package that supplies its own printer drivers because the manufactures can't make a driver that will actually work well.
They constantly screw up the most basic of things. A good test of a network printer is to set it offline, send 20 print jobs to it (a test page is fine), then set it back online. Way too many printers will not print out all 20 print jobs, despite reporting success for all of them (This is true even of $30k printers).
I think you've misread my point. I understand this indicates an intention to talk to the printer over the internet; I don't understand why this would indicate that the emails, specifically, were printed in that manner rather than directly through a local connection. Perhaps the printer was used for printing emails locally but also was made web-accessible as a (misguided) convenience feature for printing other content.
It was on a cable internet connection. Typically that means that everything is broadcast to every customer on the same node (because cable networks are inherently broadcast-only) and the only privacy protection is a crappy 56-bit DES encryption that can be broken with a couple of dollars of compute time.
Any time in the last 10 years I setup an independent email server it had horrible deliverability rates. I wonder how they worked around that. Getting your server whitelisted with all the major providers is a major hassle.
Funny enough, State Department did in fact have issues with clintonemail.com mail ending up in Spam folders! Check the just released State Department report.
Also curious about USB - are there any USB logs and is that something logged by whatever OS her server was running? seems like it would have been really easy for things to move from email to usb...
That's a intersting point. Who knows if she even had a way to do that unless she connected remotely overseas via a secure client . Granted though it'd have to be highly secure
I seem to recall something about a CIA head getting fired because he took a Mac from work home. Does anyone recall details of this? (I tried to find it, and failed.)
Yeah, as important and fascinating as the whole story is, every time I see "ClintonEmail.com," all I can think is that surely the Clintons of all people should have the influence and power to get a hold of just "Clinton.com."
I mean the current owner of clinton.com is some investment firm that could probably do just as well something like ClintonGroup.com or ClintonInvestments.com. If I was her, I would fight for the email address "hillary@clinton.com."
> If I was her, I would fight for the email address "hillary@clinton.com."
How does one "fight for an email address"?
Once you own a domain, you own it. It doesn't matter that it just so happens to be someone else's last name.
She would have had to pay most likely a large sum to the investment firm that already owns clinton.com... and perhaps they aren't interested in selling, or they value the domain too high.
A rough analogy for this situation would be if a company had an "employees must use blackberries" policy, but the CFO of the company outright refused because he wanted to use his iPhone. Are they going to fire the CFO over that? Possible but not likely, especially if he is doing a good job otherwise.
In the same way, the Secretary of State can also refuse to comply with government policy (not law). You can't fire the Secretary of State for using the wrong email server. It just doesn't work that way. The fact that national security is involved does change things, but organizational politics is pretty much the same all over. If Clinton's email server contained the nuclear launch codes or the contents of Area 51 then the government would have handled it differently. It's unlikely that any lasting and serious security threats were exposed.
Supposedly she got the server set up because the NSA refused to give a politician who travels frequently a secure smartphone. She (I personally believe) was likely ignorant of many of the security requirements of such a server (even one set up for unclassified e-mail), as was whoever set it up. And no-one on her staff either knew enough or was willing enough to say anything. She is also supposedly not the first Secretary of State to have an arrangement of this nature.
This feels like the very definition of systematic failure and clearly needs to change. But the conversation is almost exclusively based around a) her having nefarious motivations, because she is Hillary Clinton, or b) this all being a Republican plot to derail the Democratic candidate for President.
It's all very depressing.