The use of personal e-mail was pervasive among Hillary Clinton’s senior staff, at least according to an e-mail released yesterday by the State Department in response to Freedom of Information Act requests. That e-mail shows that Hillary and her close associates were well aware of the security risks presented by the use of private e-mail to conduct official business. They were also concerned that advertising their use of private e-mail for official business would draw hackers like sharks to chum. What was Hillary’s answer? To order the rank and file not to use private e-mail – all the while continuing to conduct her own business on her home-brew server.
In late May 2011, hundreds of personal Gmail accounts were subject to a major phishing scheme that apparently originated in China. The FBI investigated. Secretary of State Hillary Clinton issued a public statement addressing the massive security breach, which apparently included some senior government officials’ private e-mail. She called the allegations “very serious” and claimed that the U.S. government “take[s] them seriously; we’re looking into them.”
Behind the scenes, Anne Marie Slaughter, Clinton’s director of policy planning, sensed an opportunity to hit Congress up for more money. She e-mailed Clinton on her Hillary.com private e-mail account, copying State’s chief of staff, Cheryl Mills. Slaughter suggested that someone “inside or outside” the Department of State write an op-ed to underscore the need for further funds to update outdated State Department technology. Slaughter complained that “State’s technology is so antiquated that NO ONE uses a State-issued laptop and even high officials routinely end up using their home email accounts to be able to get their work done quickly and effectively.” More funds would allow the State Department to “significantly upgrade our technology.”
Hillary Clinton and her senior staff were well aware of the security risks posed by the widespread use of personal e-mail during her tenure.
Hillary Clinton thought this idea was just peachy. Writing from her own private e-mail account, she answered: “I think this makes good sense. How should we follow up?” Mills thought it a bad idea, however, to have a current State Department employee admitting to widespread misuse of personal e-mail. “I think this is easier to do as former employee rather than current,” she wrote. “Second and more significantly, as someone who attempted to be hacked (yes I was one), I am not sure we want to telegraph how much folks do or don’t do off state mail b/c it may encourage others who are out there.” Slaughter responded, “Jake [Sullivan, another senior staffer] also has concerns.” The op-ed idea apparently died there.
#share#So Clinton and her senior staff were well aware of the security risks posed by the widespread use of personal e-mail during her tenure. They understood the target of opportunity they would present if that use were broadcast. This wouldn’t have come as a surprise to anyone familiar with State Department regulations at the time, which required that the “normal day-to-day” business of the department be conducted on official e-mail servers. Those official servers, the State Department Foreign Affairs Manual states, have “the proper level of security control to provide nonrepudiation, authentication and encryption, to ensure confidentiality, integrity, and availability of the resident information.” Clinton and her senior staff violated these regulations as a matter of convenience and with apparent regularity.
#related#Yet the State Department did not tolerate the same personal e-mail practices among career employees. A mere three weeks after this e-mail exchange, a cable signed by Hillary Clinton went out to diplomatic and consular officials serving overseas, alerting them to the security risks brought to light by the Gmail hack and warning those officials to “avoid conducting official Department business from your personal e-mail accounts.” A year later, Mrs. Clinton accepted the resignation of the U.S. ambassador to Kenya after an inspector-general report criticized the ambassador for using commercial e-mail systems to conduct official business.
Private e-mail for me, but not for thee. Shortly after news of the Hillary Clinton private e-mail server broke in March, the head of the American Foreign Service Association wrote Secretary of State John Kerry to ask if there was “in practice or by law, any difference” in how the State Department’s internal “standards apply to and are enforced for non-career appointees,” which would include the political appointees of the State Department, “as opposed to career employees.” It may be the most insightful question anyone has asked in all of this mess.