Upon assuming the role of Secretary of State in 2009, Hillary Clinton and her aides struggled with how to separate her work and business related communications in an increasingly digital and mobile age. The result was the set up of a private email server forgoing the use of an official State.gov email address altogether. Thus, the Hillary Clinton email scandal was born.
Even though this scandal has been going on for over a year, a vast majority of Americans are still unsure of what exactly she did wrong. Many in the Democratic Party believe this whole controversy has simply been a partisan, Republican attack to damage her Presidential campaign. That view has been reinforced by Sen. Bernie Sanders who has refused to raise the issue in the 2016 Democratic primary thus far – something both potential Republican nominees have promised to do in the general election. So what is going on here?
In August 2015, the FBI officially launched an investigation into Clinton’s use of a private e-mail server while she was Secretary of State. The primary issue that FBI investigators are looking at is whether or not Clinton knowingly retained, transmitted, or deleted classified information from her private server. Communicating this type of information through unsecure means could put highly classified government secrets at risk by making them susceptible to hackers and spies.
As of January 2016, the State Department has withheld 22 emails from Clinton’s server as “top secret” and too classified to release to the public. Two of these emails surround the movement of North Korean missiles, and the specifics of a drone operation.
There are several laws surrounding the mishandling of classified information which are spelled out under Title 18 US Criminal Codes and Procedures. The two statutes federal investigators are most interested in are Title 18 U.S. Code § 1924 and Title 18 U.S. Code § 793.
Title 18 U.S. Code § 1924 : Unauthorized removal and retention of classified documents or material
(a) Whoever, being an officer, employee, contractor, or consultant of the United States, and, by virtue of his office, employment, position, or contract, becomes possessed of documents or materials containing classified information of the United States, knowingly removes such documents or materials without authority and with the intent to retain such documents or materials at an unauthorized location shall be fined under this title or imprisoned for not more than one year, or both.
Title 18 U.S. Code § 793 – Gathering, transmitting or losing defense information
(f) Whoever, being entrusted with or having lawful possession or control of any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, note, or information, relating to the national defense, (1) through gross negligence permits the same to be removed from its proper place of custody or delivered to anyone in violation of his trust, or to be lost, stolen, abstracted, or destroyed, or (2) having knowledge that the same has been illegally removed from its proper place of custody or delivered to anyone in violation of its trust, or lost, or stolen, abstracted, or destroyed, and fails to make prompt report of such loss, theft, abstraction, or destruction to his superior officer
Section 1924 and 793 establishes that anyone that possesses classified information and knowingly, or through “gross negligence” removes it without authority or retains it in an unauthorized location shall face punishment.
- Clinton has denied wrongdoing by saying these emails have all been retroactively classified, and she neither sent nor received information “marked classified” while Secretary of State. More importantly, as the head of the agency she was the ultimate arbiter of what information would or wouldn’t be considered classified at the time.
- There is no law that prevents federal employees from having a non-government, personal email as long as relevant work-related documents are preserved. She points to several other public officials who used private emails while in office, including former Secretaries of State Condoleezza Rice and Colin Powell and that the current Secretary of State John Kerry is the first to primarily use a state.gov email account.
- The campaign has argued that her work-related emails were captured on government systems because she was emailing with folks with government email addresses, and as far as deleting or destroying relevant records, she says the emails that were destroyed on her server were personal correspondence that she has the legal right to decide what to do with.
What the FBI has to decide:
- Did Clinton knowingly remove classified information when she wiped her server?
- Did Clinton know that the emails being sent from her private email address through her private email server contained classified information?
Below are 3 scenarios where the FBI and DOJ will have to make an assessment on these questions.
Will Hillary Clinton’s e-mails with Clinton Foundation employee Sidney Blumenthal meet the threshold that she knowingly retained “classified information” on her private server and also communicated information of “the national defense” with someone “not entitled to receive it.”?
Clinton’s use of a private server was unveiled as a result of the Congressional investigation into the 2012 terrorist attacks which killed 4 Americans at the US consulate in Benghazi, Libya. In December 2014, Clinton turned over all the emails deemed “work-related” to the State Department and the Benghazi investigation. During the review of these emails it was revealed that she had extensively corresponded with someone by the name Sidney Blumenthal while Secretary of State.
Sidney “Sid” Blumenthal was a former journalist at the New Yorker who became one of the Clinton’s closest aides and confidants during Bill Clinton’s administration. At the time of the Benghazi attacks, Blumenthal was not a State Department employee, despite having tried, he worked at the Clinton’s large non-profit organization, The Clinton Foundation.
Once his correspondence with Hillary Clinton came to light, Blumenthal was summoned to testify before the Congressional Benghazi committee in June 2015. In a closed door meeting with the committee members, Blumenthal turned over 60 emails that he had exchanged with Hillary Clinton. Once the committee crosschecked the emails that Blumenthal had turned over with the ones Clinton had handed over to the State Department, they found that she had not turned over nine emails and portions of six others – 15 emails in all were unaccounted for. After accusations that she deleted these emails, the State Department released a new 1,500 pages of Clinton’s emails in September 2015 that were previously undisclosed to the Benghazi committee.
The additional tranche of emails revealed at least 84 containing classified information, including ones she sent. Several email between her and Blumenthal have had select paragraphs and even entire pages redacted. This June 2012 memo has been completely redacted, and this September 2012 memo even has the subject line hidden.
Blumenthal in fact prefaced many of his intelligence memos to Clinton by saying they came from “an extremely sensitive source” and the information “should be handled with care”. This throws into doubt Clinton’s argument that she could not know information was classified because it was not “marked classified”. Clinton repeatedly forwarded these emails to her aides, thanked Blumenthal and encouraged him to continue sending her information.
The most incriminating email from Blumenthal to Clinton is a memo where he reveals the name of a CIA intelligence operative in Libya. In a March 2011 memo, Blumenthal wrote “Tyler spoke to a colleague currently at the CIA, who told him the agency had been dependent for intelligence from [redacted due to sources and methods].” Despite the email not being “marked classified”, information about a current CIA asset which was illegally obtained would likely fall under the purview of a 2009 Non-Disclosure Agreement Clinton signed which stipulates that “classified information is marked or unmarked classified information.”
John Rizzo, a former general counsel at the CIA, said of the memo “it’s the most sensitive kind of classified information — the true identity of a human source.”
J. William Leonard, a former director of the U.S. government’s Information Security Oversight Office (ISOO) who worked for both the Bill Clinton and George W. Bush administrations said of the information “It’s born classified”…for the State Department to say otherwise was “blowing smoke.”
Clinton, by law, was supposed to report this improper disclosure of classified information to Department of State Inspector General. But interestingly during her tenure, there was no Inspector General for the State Department, the longest there had been an absence in that position since 1957. Clinton is one of ten members of the US government which determines what is classified information, yet still forwarded this email to one of her aides – debunking her claim that she never sent classified information through her private server.
“This is a serious breach of national security and a clear violation of the law”, said Army Col. Larry Mrozinski, who served almost four years as a senior military adviser in the State Department under both Clinton and Condoleezza Rice. “It’s hard to imagine that in her position she would fail to recognize the obvious…anybody else would have already lost their security clearance and be subjected to an espionage investigation,” Mrozinski added.
If the FBI concludes that the identity and location of this CIA operative was authentic then this could be considered a violation of Section 1924 for possessing “documents containing classified information” (even if it was not marked classified) at an “unauthorized location” (on her private server). Furthermore, this would prove that Clinton was corresponding about information “of the national defense” with an employee of The Clinton Foundation, even though Blumenthal was never given a security clearance to deal with such sensitive information in the first place.
Clinton forwarding his email to others and encouraging additional information be sent could be considered a violation of Section 793, Section 798, and the 2009 Non-Disclosure Agreement for “knowingly and willfully” communicating sensitive information with someone who was not “properly authorized by the United States Government to receive it“. However, the case to prosecute Clinton under Section 793, “The Espionage Act,” is far weaker than the other statutes. It is easy to piece together certain behavior and claim that she has violated the law, but intent is important when deciding to prosecute.
There is an argument to be made based off of a 1941 Supreme Court case that in order to be prosecuted under The Espionage Act, the disclosure of this information would have had to be done in “bad faith” and with “intent” to injure the United States. It is not currently possible to say Clinton intended to injure anyone by forwarding the e-mail, and that likely would not be true anyway. The FBI will have to assess what additional information her deleted emails may contain with regards to her “intent” when using her private email to discuss classified information.
Does Hillary Clinton’s failure to encrypt her private server for the first two months as Secretary, along with other security lapses, constitute “gross negligence” while possessing information of “the national defense”?
Once Clinton turned over her server to the FBI in August 2015, reports began to emerge that it was extremely vulnerable to hacking attempts because the server permitted remote-access connections directly over the Internet. Not only that, Clinton did not encrypt any of her emails for the first two months as Secretary of State.
Before becoming Secretary of State in 2009, Clinton purchased a private email server to be installed in her home in New York. On this server she used the email address email@example.com for all work and personal correspondence throughout her 4-year tenure as Secretary. She did not use, or activate, an official State Department “state.gov” email account throughout this time. Hillary Clinton’s email server and address (firstname.lastname@example.org) were not sanctioned by the State Department as one of the agency’s authorized electronic recordkeeping systems under the National Archives and Records Administration‘s (NARA) regulations.
This separates her case from former Secretaries of State Colin Powell and Condoleezza Rice who had a private email address, but primarily used their work email. They did not go as far as to have all their communications flow through a private server which only they controlled, nor were they sending highly classified information through their private email. Colin Powell had only two of his e-mails retroactively classified, that too at the lowest level.
After scanning the “clintonemail” domain, a private cybersecurity firm found that from January 2009 to March 2009 the domain had no digital certificate issued by an authority. Without what’s called an “SSL” certificate, data flows through in the form of plain text. This means all of Clinton’s web browser, smartphone and tablet communications would not have been “encrypted,” which allows any hacker to read that information.
Marc Maiffret, who has founded two cybersecurity companies, called her set up “total amateur hour” and that “real enterprise-class security, with teams dedicated to these things, would not do this.” “An attacker with a low skill-level would be able to exploit this vulnerability,” said a Homeland Security Department’s U.S. Computer Emergency Readiness team.
Clinton has so far refused to answer questions about how well her system was secured, the types of safeguards on her server and whether, or how frequently, security updates were applied. Clinton’s first email sent from the server was on January 28th, 2009, but the Clinton’s server wasn’t issued an SSL certificate until March 29th, 2009 – contradicting her claim that this system wasn’t used till after March 2009. During those two months, Clinton’s travel logs show that she visited China, Indonesia, Egypt, Israel, Japan and South Korea and discussed issues about North Korea, Mexico, Afghanistan, military advisers, CIA operations and a briefing for Obama.
There are now reports that, Asian governments may have been reading Clinton’s information during the 3 month window when her server did not have an SSL certificate. While Clinton has claimed there is no evidence that her private server was successfully hacked, there have been two confirmed hacking attempts into Clinton’s email server: one in 2011 from Russia and a second one in 2012 from Serbia. There are now reports of dozens more hacking attempts into her server, some even originating from allies like China, South Korea and Germany.
While the specific safeguards for her email server are still unknown, we know these two things for sure. First, the State Department was aware of these lapses, warned Clinton and attempted to provide her with a secure “state.gov” email account, but she chose not to use it. Second and more damningly, Clinton tried to modify existing State Department security protocols so she would be able to use her unsecured Blackberry in a secure facility (called a SCIF) to view classified information. The NSA said no.
Does the lax security for her private server and attempted circumvention of security protocols while there were confirmed hacking attempts into her server demonstrate “gross negligence” while retaining information of the national defense? The FBI will have to make the call.
Does Hillary Clinton transferring the data from her private server to Platte River Networks and then wiping the server constitute retaining “classified information” at an “unauthorized location”, having information of the “national defense” be “lost, stolen, abstracted, or destroyed“, and an obstruction of justice?
Whether or not Clinton’s private email server itself violated The Federal Records Act, The National Archives Regulations or the Freedom of Information Act remains the subject of legal debate. But what she chose to do with her data after leaving office has not received as much attention.
After Hillary stepped down as Secretary of State in February 2013, she chose to upgrade her private email server. In June 2013, a small IT company in Denver called Platte River Networks won a contract to provide information technology services to Bill and Hillary Clinton, which included taking possession of Hillary’s email server while she was Secretary of State. The role of Platte River Networks was to “upgrade, secure and manage the e-mail server for both the Clintons and their staff beginning June 2013.”
This was a huge contract for a company that had actually never held a federal contract before, had no prior relationship with the Clintons, and who’s most notable accomplishment at the time was winning the 2012 Denver Metro Chamber of Commerce’s Small Business of the Year award. In June 2013, the company took Clinton’s server from her home in New York and transferred it to a secure facility in New Jersey. It was here the data from her original server was “migrated” to a new server for the purpose of making the transition to Platte River Networks.
Platte River Networks did not have clearance to handle classified government information. Cindy McGovern, a spokeswoman for an agency within the Defense Department that vets companies for security clearances, said her office had not extended one to Platte River Networks. The company has admitted that as far as it knows, their employees never held formal government-issued security clearances.
Given the existence of classified information on her private server, Clinton’s decision to transfer this information to a private IT company with no security clearance could be violation of Section 1924 for housing sensitive information at an “unauthorized location,” but could even fall under Section 793 for “gross negligence” in handling information of “the national defense.”
Then there is the question of the wiping of the email server. Clinton claims the emails she deleted were personal and not work related, and its up to her if she wanted to get rid of them, even if she decided to do so 2 years after leaving the State Department. Because all of her correspondence is in her control and not the government’s, it is difficult to verify the claim.
However the FBI has attempted to do so by approaching Platte River Networks to retrieve Clinton’s original server. There are reports that employees at the company began to fear a cover-up as they received a letter from Clinton Executive Service Corp instructing them to “cut the back up”.
The employees did not do so and the FBI has now recovered deleted emails which they considered to contain work-related information. This debunks her claim, which she made under the penalty of perjury, that she turned over all her work-related emails to the State Department.
In addition, if they find find highly classified emails then she could be considered attempting to obstruct justice and be in violation of Section 793 for having information of the “national defense” be “lost, stolen, abstracted, or destroyed”.
What will happen next?
Last month the Justice Department granted immunity to Clinton’s IT staff member who managed her e-mail server, Bryan Pagliano. A witness is usually granted immunity if he/she will be giving testimony to a grand jury about evidence that relates to an investigation, and usually implicates themselves in a crime. Until now, Pagliano has been pleading the 5th Amendment and has refused to cooperate with the investigation surrounding how the e-mail server was set up and the safeguards put in place. There are even suspicions of fraud involving his hiring and payment, which were all done by the Clintons, and not reported to the State Department.
Many have said a granting of immunity is not evidence of guilt, rather a competent lawyer who is seeking protections for their client before cooperating with an investigation. Pagliano receiving immunity may ultimately be inconsequential, but one former FBI official said, “you don’t start granting people close to Clinton immunity unless you are seriously looking at charges against your target.”
The FBI is expected to officially announce the findings from the investigation around May or June. The Democratic National Convention will choose the party’s nominee for President at the end of July. If Clinton is found guilty of any charges she must either withdraw her name from the Democratic primary, or continue to deny/downplay wrongdoing and hope that she will still collect enough delegates in the remaining primary states to secure the nomination. If a heavy charge is brought down and she chooses to withdraw from the race, Bernie Sanders would likely become the nominee. However, there are rumors there could still be a contested convention because of the party’s high number of super delegates.
About The Author
Chetan Hebbale is currently a graduate student at the Johns Hopkins School of Advanced International Studies (SAIS) in Washington, D.C. focused on international economics, climate change, and sustainability.
Prior to this, he spent over 4 years at Deloitte Consulting working on technology and strategy projects at the CDC and U.S. Treasury Department.
He is a native of Atlanta, GA and attended the University of Georgia.