I wasn’t surprised by the news that the FBI did not find cause to pursue criminal charges involving the handling of emails by Hillary Clinton when she was serving as Secretary of State.
After all the political attacks that followed the recent report of the State Department’s Inspector General, I took the time to read the unclassified, public version of the IG report (“Office of the Secretary: Evaluation of Email Records Management and Cybersecurity Requirements“). It was actually quite interesting, in a weird way.
First of all, despite all the political rhetoric, the investigation wasn’t really about security leaks or mishandling of classified information, although there was discussion of potential cybersecurity issues behind departmental policies.
Instead, the IG was focused on the Federal Records Act, which spells out policies for the retention and archiving of government records. The investigation looked at whether email records were captured by the departmental mail system for archiving, as required by the Federal Records Act and other policies.
…laws and regulations did not prohibit employees from using their personal email accounts for the conduct of official Department business. However, email messages regarding official business sent to or from a personal email account fell within the scope of the Federal Records Act if their contents met the Act’s definition of a record.
Both Colin Powell and Hillary Clinton used private email systems for their own communications, according to the report.
Powell told investigators he used the private email system to communicate with “principal assistants, individual ambassadors, and foreign minister colleagues,” and Powell’s representatives said he did not retain either electronic or printed copies of those emails.
Clinton produced some 55,000 pages of printed copies.
In a letter to the Department, her representative stated that it was the Secretary’s practice to email Department officials at their government email accounts on matters pertaining to the conduct of government business. Accordingly, the representative asserted, to the extent that the Department retained records of government email accounts, the Department already had records of the Secretary’s email preserved within its recordkeeping systems.
The report noted that the records requiring long-term preservation were a small part of the total email traffic.
“…the Department believes that the majority of the millions of emails sent to and from Department employees each year are non-permanent records with no long-term value.”
The Inspector General noted that the State Department was not unique in experiencing difficulties in complying with the evolving records retention policies.
According to a 2010 U.S. Government Accountability Office (GAO) report, most agencies do not prioritize records management, as evidenced by lack of staff and budget resources, absence of up-to-date policies and procedures, lack of training, and lack of accountability. In its most recent annual assessment of records management, NARA identified similar weaknesses across the Federal Government with regard to electronic records in particular. NARA reported that 80 percent of agencies had an elevated risk for the improper management of electronic records, reflecting serious challenges handling vast amounts of email, integrating records management functionality into electronic systems, and adapting to the changing technological and regulatory environments.53
The report also touches on the reasons that Clinton and others turned to private email systems–“antiquated” government technology.
…in a June 3, 2011, email message to Secretary Clinton with the subject line “Google email hacking and woeful state of civilian technology,” a former Director of Policy Planning wrote: “State’s technology is so antiquated that NO ONE uses a State-issued laptop and even high officials routinely end up using their home email accounts to be able to get their work done quickly and effectively.”
The IG report primarily addressed the need for “an appropriate method of preserving emails that constitute Federal records.” There was no discussion of possible crimes even hinted at, and the only documented case of unauthorized access by a hacker or outside party involved a State Department computer, not one of the primary email systems.
The report’s overall conclusion is pretty mundane.
Longstanding, systemic weaknesses related to electronic records and communications have existed within the Office of the Secretary that go well beyond the tenure of any one Secretary of State. OIG recognizes that technology and Department policy have evolved considerably since Secretary Albright’s tenure began in 1997. Nevertheless, the Department generally and the Office of the Secretary in particular have been slow to recognize and to manage effectively the legal requirements and cybersecurity risks associated with electronic data communications, particularly as those risks pertain to its most senior leadership. OIG expects that its recommendations will move the Department steps closer to meaningfully addressing these risks.
It seemed to me that if there were any hints or suggestions of potential criminal law violations, they would have been noted in the Inspector General’s report. The absence of anything of this kind appeared to be a strong indication that the subsequent FBI probe would come up empty. And that’s exactly what has now happened.