Sunday, February 07, 2016

The Email Saga

By John R. Bolton

The more you know about the State Department, the worse Hillary's actions look.

For alumni of U.S. national-security departments and agencies, Hillary Clinton’s email saga is mind-numbing. The publicly available information makes clear she and her aides violated so many elementary security prohibitions that alumni are speechless. They wonder, had they done what she did, how quickly they would have lost their clearances and jobs and how extensive the criminal indictments against them would be.

By contrast, many who have never served in government or dealt with classified information see the affair as opaque, even overblown. Certainly Clinton has worked hard to foster that impression. Leaving political spin aside, and without delving into arcane legal analysis, which is it? What did Clinton and her entourage actually do day-to-day, and what does it mean? In hopes of making things a little clearer, herewith the observations of one State Department alumnus, who has pondered how he would look in an orange jumpsuit were he in Clinton's shoes.

State, like other national-security agencies, has both classified and unclassified ways for its employees, especially the most senior, to communicate. Clinton erred in two separate but often confused ways. First, she used private channels for official government business, and second, she used unclassified channels to send and receive classified information.

Her first error violates basic common sense, familiar to any private business: Business channels should be used for business purposes and personal channels for personal purposes. Obviously, there can be ambiguity between business and personal communications, such as one spouse asking another, "When will you be home for dinner?" But in Clinton's case, there seems to be no ambiguity: She simply did not use government channels for her electronic communications. Her motive was almost certainly to put information she alone deemed personal beyond government access, which is impermissible even for the most junior clerk, let alone the secretary of state. Clinton's private email system by definition undercuts her defense that she complied with government record-keeping requirements because all her emails went to unclassified government accounts (such as her aides'). Without full access to her server, why should we believe Clinton didn't send emails to aides' private email addresses, thereby shielding them entirely from potential government retrieval?

Clinton's second error, using unclassified email systems—whether her private accounts or State's unclassified email system (through her aides)—to transmit material that should have remained in classified channels, is the nub of the email issue. Clinton has asserted that what she did with her private channels was "allowed." Yet she has produced no evidence whatever of who did this "allowing" that was contrary to applicable statutes and express State Department regulations involving official business and information security.

Clinton clearly did not vigorously pursue normal State procedures to have her private email server legitimized. Had she somehow gotten the necessary signoffs from the bureaucracy, she would have at least had cover from the current firestorm, and we would have heard about it long ago. Far more likely, she realized that, had she asked plainly, she would have been told plainly that her scheme was way out of bounds.

How should she have pursued standard approval procedures from department officials responsible for legal compliance and security requirements? She could have solicited an opinion from State's legal adviser, the department's general counsel. Either verbally or in writing, she could have described what she proposed to do and asked if it was acceptable. There is as yet no evidence that anyone contacted the legal adviser's office on this subject. Perhaps Harold Koh, legal adviser under Clinton (now back at Yale Law School), can inform the public debate by telling us whether he was ever aware of what Clinton was doing. Or the FBI could ask him directly. (There is no attorney-client privilege issue here; Koh's client was the U.S. government, not Clinton personally.)

Similarly, State's executive secretariat (charged with the critical bureaucratic task of managing paper flows and records of decisions by Clinton and other key officials) would have been utterly remiss if it were blind to Clinton's ignoring government communications channels, let alone security requirements. And other State offices like the Bureau of Diplomatic Security (charged among other things with the secretary's safety) and the Bureau of Information Resource Management had important equities at stake. Were they, or their boss, under secretary for management Patrick Kennedy, ever consulted or informed about Clinton's practices in whole or in part? And has the FBI talked with any of these people yet?

Clinton's next line of defense, as she stated January 31: "There is absolutely no evidence that I sent or received any email marked classified." Of course, using a private email account or even State's unclassified email system and marking emails classified would be an immediate, incontrovertible admission that security requirements had been violated. The way to avoid creating such evidence is not typing "Secret" or the like in the emails. That gambit, however, cannot declassify information already classified or classifiable.

What exactly were Clinton's aides doing that resulted in classified material being exchanged among them? Here, it helps to understand how classified information, especially highly sensitive material, is distributed within State. Some particularly sensitive intelligence is available only in hard copy. Scanning it into an unclassified email system would mean retaining the original classification markings, an exceedingly incriminating action, as explained above. Considerably more classified information is available electronically, but it cannot be transmitted from the classified to the unclassified system except by State Department technicians in very limited circumstances. For example, you cannot attach a classified document to an email on the classified system and send it to an AOL or Gmail account. One of the most fundamental protections for secure IT systems is that they are not connected to the Internet. When I was at State, for example, I had two computers behind my desk connected to completely separate classified and unclassified systems.

Given these obstacles to readily transferring classified materials into unclassified emails, what almost certainly happened is this: Clinton aides would read classified documents, either hard or electronic copies, and type the information, paraphrased or verbatim, they wanted to transmit into unclassified emails. They would then send them to Clinton, unflagged in any way as containing classified material. She could forward an email to someone else, or send it back in reply. That's why so many emails are now redacted. If the FBI is doing its job, it will interview the senders of those emails, asking them how they obtained the information they transmitted.

Most emails released to date were exchanged among Clinton's close political circle at State, but some originated from career personnel. This is a particularly pernicious, if little-noticed, consequence of her disdain for proper security: dumbing-down security protections department-wide. State's bureaucracy knows no higher career goal than getting face time with the secretary or otherwise getting their names before her. No Washington bureaucracy is cleverer in figuring out how to reach that objective. Very likely, some number of senior State careerists knew of Clinton's private email and accordingly communicated much of what they wanted her to see in unclassified form, thereby breaching security. More fodder for the FBI.

But, Clinton pleads, she did not originate any emails with classified information. Even if true, Clinton, the queen bee of this scheme, unarguably understood the game. In one known instance, proving the point clearly, she instructed an aide to delete classification markings and send classified material on an unclassified fax. If this isn't evidence of "specific intent" for prosecutors, nothing is. It is delusional to say that an experienced, well-briefed official wouldn't have had a good and growing sense of what should be classified, whether the material originated with her or not. Clinton served for six years on the Senate Armed Services Committee, where she saw significant amounts of classified information. She was no babe in the woods when she came to State. Once there, moreover, she signed a standard non-disclosure agreement that by its express terms defines classified information as "marked or unmarked .  .  . including oral communications."

Clinton tries to minimize the seriousness of her error by arguing, as she did during the January 31 interview, that having hundreds of her emails wholly or partly redacted before release is nothing but "classification in retrospect." This dodge is either deceitful or utterly uneducated. To argue, as Clinton does, that information properly unclassified at the time she received it can grow more sensitive as time passes is so breathtaking it almost defies physical reality.

For the vast bulk of classified government documents, the potential damage from being leaked diminishes over time, largely for two reasons. First, time sensitivity is a significant factor in classification decisions. When, for example, a U.S. diplomat receives intelligence about negotiations in real time, the need to shield the information as highly classified may be very transitory. Even just days later, its value may have largely dissipated. Second, the passage of time almost invariably reduces the damage to the United States if the information gets into the wrong hands. Thus, immediately leaking sensitive information can be highly damaging, but leaking it a year later may only be embarrassing, while in five years there may be essentially no harm at all.

The situation is different, and much worse for Clinton, regarding intelligence gathered through sensitive sources and methods. While the significance of the content itself likely diminishes over time, the sensitivity of sources and methods can last decades or longer. Compromising these sources could put lives at risk and ruin billion-dollar collection systems. This is certainly true for "Special Access Program" (SAP) reports, recently prominent because even the State Department withheld 22 Clinton emails in their entirety because they contained SAP material.

State's current leadership, however, is clearly trying to provide cover for Clinton by disputing classification decisions of other agencies. Bureaucrats often engage in such internecine warfare, but the operating principle has long been that the classifier of information retains control over its distribution and release. This principle rests on the common-sense notion that the agency originating or acquiring the information is best-positioned to decide how much protection it requires. State would feel the same way the intelligence community feels today about Clinton's callous disregard for its judgments if, for instance, the Defense Department decided to declassify State reporting cables. Significantly, as Fox News's Catherine Herridge has reported, the FBI is asking the originating agencies for their judgments, rather than relying on State's post facto obstructionism.

Finally, Clinton is calling for all of her emails to be disclosed publicly. This is the most hollow, hypocritical ploy of all. She knows with certainty that the administration will not release them. The classification protections are not Clinton's to waive, any more than she could waive executive privilege on her emails with President Obama if he determined to keep them privileged. And we now know, despite earlier denials all around, that Obama and Clinton did indeed communicate through her private channels.

Clinton has many other points of vulnerability that have barely been noticed. For example, hostile intelligence services can remotely capture control of cell phones and other electronic devices with microphones and have them transmit back everything the microphones pick up, even when the devices are apparently turned off. This is why, on entering a secure classified information facility, people must leave their electronic devices outside the room. This is also why senior U.S. officials are asked not to bring cell phones and laptops when they visit countries like Russia and China, because of the severe risk the equipment could be compromised during their trips. Yet for four years, Clinton and her top political staff apparently traveled worldwide with personal electronic gear such as cell phones and iPads, ignoring specific recommendations from State IT personnel not to do so.

We have just scratched the surface here of the irregularity of Clinton's practices while at State. And that could be the FBI's hardest job: how to find sufficient resources to investigate properly before the suspect becomes their boss. The race is on.

John R. Bolton, a senior fellow at the American Enterprise Institute, served as U.S. ambassador to the United Nations in 2005-06.