The State Department’s Office of Inspector General releases a report with the title “Evaluation of Email Records Management and Cybersecurity Requirements.” The 83-page report is the main headline at the New York Times, the Washington Post, and elsewhere, because it sheds new light on Clinton’s email scandal. The Post calls it “a highly critical analysis of Hillary Clinton’s email practices while running the department, concluding that Clinton failed to seek legal approval for her use of a private server and that agency staff members would not have given their blessing if it had been sought because of ‘security risks.’”
The report did not cover the classified content of some of Clinton’s emails due to the on-going FBI investigation and instead focuses mainly on record management issues for Clinton as well as the four previous secretaries of state. The office’s inquiry was initiated by a request from Secretary of State John Kerry in 2015, and was led by Inspector General Steve Linick, who was appointed by President Obama in 2013. The report reveals:
- There were “long-standing systemic weaknesses” in the State Department’s recordkeeping. Department officials were “slow to recognize and to manage effectively the legal requirements and cybersecurity risks” of widespread email use. This problem went “well beyond the tenure of any one secretary of state,” but most of the report focuses on Clinton’s tenure.
- Former secretary Colin Powell is singled out for violating department policy by using a personal email account while in office, as Clinton did. But the report notes that in the four years between the end of Powell’s tenure and the start of Clinton’s, the department’s warnings about the “obligation” to mainly use government email accounts for work matters had become more detailed and frequent.
- Dozens of department employees sometimes used personal email accounts for work matters. But only three were discovered who used such accounts exclusively: Clinton, Powell, and Scott Gration, who was US ambassador to Kenya in 2011 and 2012. Gration faced an internal rebuke for doing so and was forced to resign. Clinton was the only one to use a private server as well.
- Clinton “had an obligation to discuss using her personal email account to conduct official business” with security and records management officials, but investigators “found no evidence” that she had requested or received approval from anyone to conduct work matters mainly by personal emails. Furthermore, department officials “did not—and would not—approve her exclusive reliance on a personal email account to conduct Department business.”
- Similarly, Clinton had not sought permission to use a private email server, and would not have received it if she had.
- Clinton was required to demonstrate to security and records management officials that both her server and her mobile devices “met minimum information security requirements,” but she never did so.
- Clinton should have handed over copies of her work emails immediately upon stepping down in February 2013. Failure to do so violated department policies and the Federal Records Act. Instead, she provided only some work emails, and those only in December 2014, nearly two years later, after the Republican-led House Benghazi Committee began asking for some of her emails.
Clinton has claimed she effectively left copies of her emails with the State Department because she mainly emailed other department officials. However, the report says that was an inappropriate form of preservation. Additionally, four of her closest aides, whom she exchanged emails with most often, also made “extensive” use of personal email accounts, so none of those emails would have been preserved in State Department records just by being received by those aides.
- There was “some awareness” of Clinton’s email account among senior department officials. But there also appear to have been efforts to keep her use of a private server a secret. For instance, in 2010, when two department computer technicians raised concerns that her server might not properly preserve records, a higher official told them her setup had been reviewed by lawyers and warned them “never to speak of the Secretary’s personal email system again.” Furthermore, no evidence of such a legal review has been found.
- Clinton has claimed she exclusively used a private email account for “convenience.” However, this claim is belied by Clinton’s response to an email from Huma Abedin, Clinton’s deputy chief of staff, in November 2010. When Abedin prodded Clinton about “putting you on State email or releasing your email address to the department […] ,” Clinton replied that she would consider a |separate address or device, “but I don’t want any risk of the personal being accessible.”
- Clinton turned over 30,000 work-related emails in December 2014, while deleting another 31,000 emails she said were personal in nature. However, the report claims her email handover was “incomplete,” and there are gaps and missing emails. For instance, the above-mentioned November 2010 email was not handed over by Clinton but was found through other means.
- Several incidents were uncovered in which Clinton or some of her aides worried that Clinton’s private server had been hacked. For instance, a January 2011 email to a Clinton aide said Clinton’s server was shut down because “someone was trying to hack us.” It is unknown if the server actually was broken into at that time. However, Clinton and her aides failed to alert department computer security personnel to the hacking attempts, as required by department policy.
- Clinton, as well as nine of her former top aides, refused to be interviewed for the report. By contrast, the four previous secretaries of state, as well as current Secretary of State John Kerry, were interviewed.