State Dept. watchdog: Clinton violated email rules

A State Department watchdog concluded that Hillary Clinton failed to comply with the agency’s policies on records while using a personal email server that was not — and, officials say, would never have been — approved by agency officials, according to a report released to lawmakers on Wednesday.

The long-awaited findings from the State Department inspector general, which also revealed Clinton expressing reluctance about using an official email account, were shared with Capitol Hill Wednesday, a copy of which was obtained by POLITICO. The report detailed how some employees who questioned the wisdom of the homegrown setup were told to stop asking questions, and the audit confirmed apparent hacking attempts on the private server.

It's the latest turn in the headache-inducing saga that has dogged Clinton's campaign. While the report concludes that the agency suffers from "longstanding, systemic weaknesses" with records that "go well beyond the tenure of any one Secretary of State,” it specifically dings Clinton for her exclusive use of private email during her four years at the agency.

“Secretary Clinton should have preserved any Federal records she created and received on her personal account by printing and filing those records with the related files in the Office of the Secretary,” the report states. “At a minimum, Secretary Clinton should have surrendered all emails dealing with Department business before leaving government service and, because she did not do so, she did not comply with the Department’s policies that were implemented in accordance with the Federal Records Act."

The report also notes that she had an "obligation to discuss using her personal email account" but did not get permission from the people who would have needed to approve the technology, who said they would not have done so, if they had been asked.

"According to the current [chief information officer] and assistant secretary for diplomatic security, Secretary Clinton had an obligation to discuss using her personal email account to conduct official business with their offices, who in turn would have attempted to provide her with approved and secured means that met her business needs," the report reads. "However, according to these officials, [the relevant people] did not — and would not — approve her exclusive reliance on a personal email."

The watchdog also "found no evidence that the Secretary requested or obtained guidance or approval to conduct official business via a personal email account on her private server."

The watchdog’s findings could exact further damage to Clinton’s campaign, and they provide fresh fodder for Donald Trump, who has already said he will go after Clinton for the email scandal “bigly.” And it could reinforce another problem for the Democratic frontrunner: her persistently high unfavorability ratings, driven by a swath of voters who say they don’t trust her.

The report represents the latest pushback — in this case by a nonpartisan government entity — against her campaign’s claim that she did not break any rules and that her use of a private server was completely allowed.

Clinton Campaign spokesman Brian Fallon in a statement predicted that "political opponents of Hillary Clinton are sure to misrepresent this report for their own partisan purposes," but argued that "in reality, the Inspector General documents just how consistent her email practices were with those of other Secretaries and senior officials at the State Department who also used personal email."

"The report shows that problems with the State Department's electronic recordkeeping systems were longstanding and that there was no precedent of someone in her position having a State Department email account until after the arrival of her successor," Fallon continued. "Contrary to the false theories advanced for some time now, the report notes that her use of personal email was known to officials within the Department during her tenure, and that there is no evidence of any successful breach of the Secretary's server."

Investigators also concluded that former Secretary of State Colin Powell, who used a personal email as well, likewise did not follow record keeping laws. However, the report notes significant difference in their circumstances: During Powell's tenure, State's capacity to email people outside the department was limited. He said he needed it to reach people who didn't work at State. The IG also noted that he used email less frequently than Clinton and top technology officials were aware of his personal email use.

State Department officials who briefed journalists about the report would not say directly whether they agreed with the inspector general’s finding that Clinton’s use of email violated State policies.

“The policies on email evolved over time and our guidance to officials on how to comply with them evolved and improved over time,” said one senior State official, who spoke on condition of anonymity. “There was no absolute prohibition [on use of person email] during this or any other tenure — administration.”

“It may have been difficult” to get approval of a set-up like Clinton’s, the official acknowledged, while emphasizing that the report and the National Archives have found that Clinton “mitigated” the impact of her use of a private system by turning over some of her emails to the department in late 2014.

“It’s clear from the report that the Department could have done a better job preserving emails and records of secretaries of state,” another senior state department official. “The department is much better situated today….This has high-level attention.”

Clinton and her top staff did not cooperate with the investigation, which was requested by current Secretary of State John Kerry. She, her former chief of staff Cheryl Mills and top deputies Jake Sullivan and Huma Abedin are among those who declined interviews. Kerry and his predecessors Powell, Madeleine Albright, and Condoleezza Rice, however, did answer questions.

According to the report, some State Department technology staff said they were instructed to not talk of Clinton’s email set-up after they raised concerns about the unusual arrangement. One employee told investigators that he or she "raised concerns that information sent and received on Secretary Clinton’s account could contain Federal records that needed to be preserved in order to satisfy Federal recordkeeping requirements,” the document states.

But they were told to drop it: "According to the staff member, the Director stated that the Secretary’s personal system had been reviewed and approved by Department legal staff and that the matter was not to be discussed any further. As previously noted, OIG found no evidence that staff in the Office of the Legal Adviser reviewed or approved Secretary Clinton’s personal system.”

A 2012 directory lists John Bentel as the director of the office that handles information technology for the Office of the Secretary. Bentel no longer works for State and has refused to answer Congressional investigators' questions on this matter.

Another staff member from office handling information technology recounted the hushed nature of the email arrangement, the report says: “According to the other [IT] staff member who raised concerns about the server, the Director stated that the mission of S/ES-IRM is to support the Secretary and instructed the staff never to speak of the Secretary’s personal email system again."

While Clinton has often said she used a personal email out of "sheer convenience," one email in the report suggests she was also worried about her privacy. In the revealing November 2011 exchange, Clinton's right-hand staffer Huma Abedin discussed with her the possibility of putting her on a State Department email because her messages were not being received by State staff.

“We should talk about putting you on [S]tate email or releasing your email address to the department so you are not going to spam,” she wrote. 

Clinton responded: “Let’s get separate address or device but I don’t want any risk of the personal being accessible.”

The report details numerous laws and regulations that govern government communications and security of emails, assessing how each administration lived up to those standards. The bulk of the report, however, centered on Clinton.

According to the report a non-State adviser to Bill Clinton, who was the original user of the server later taken over by Hillary Clinton, shut down the server in early 2011 because of hacking concerns. While unnamed in the report, previous news reports have identified longtime Clinton staffer and Teneo employee Justin Cooper as the man who registered Clinton's email address. According to the report, the individual who registered the address was the same person who reported the hacking.

Cooper, according to the report, reached out to Huma Abedin on Jan. 9, 2011 to notify her of the hacking problem, an occurrence that happened twice that day. He said he "had to shut down the server because he believed ‘someone was trying to hack us and while they did not get in i didnt [sic] want to let them have the chance to,’” the report says.

“Later that day, the advisor again wrote to the Deputy Chief of Staff for Operations, ‘We were attacked again so I shut [the server] down for a few min,’” the report reads.

That matter should have been reported, the IG report says, but was not.

“Notification is required when a user suspects compromise of, among other things, a personally owned device containing personally identifiable information,” it says. “However, OIG found no evidence that the Secretary or her staff reported these incidents to computer security personnel or anyone else within the Department.”

State has deemed more than 2,000 of Clinton's messages as classified, including 22 that were upgraded to the most sensitive national security classification, "top secret." And the FBI is still probing whether any laws were broken laws by putting classified information at risk — or whether her staff improperly sent sensitive information knowing it wasn't on a classified system.

At the very least, State’s inspector general says Clinton didn’t do what she was supposed to, though it also notes widespread email issues across the tenures of five secretaries of state, not just Clinton. The report found top staffers frequently used personal emails too. 

"OIG recognizes that technology and Department policy have evolved considerably since Secretary Albright’s tenure began in 1997. Nevertheless, the Department generally and the Office of the Secretary in particular have been slow to recognize and to manage effectively the legal requirements and cybersecurity risks associated with electronic data communications, particularly as those risks pertain to its most senior leadership," the report concluded. "OIG expects that its recommendations will move the Department steps closer to meaningfully addressing these risks."

Clinton and her allies have contended she did nothing illegal by choosing to set up a private email server and account at her Chappaqua, New York, home, and that she was not trying to evade public records requests. Instead, Clinton has said she was motivated by the desire for convenience, though she has conceded it was not the best choice.

Clinton says is cooperating with the FBI investigations. In late 2014, they turned over 30,000 of her emails, and while there were no apparent bombshells in the content of the messages, the number of emails later deemed classified has raised questions about the security of the set-up.

Clinton has also faced scrutiny for instructing her staff to delete about 32,000 messages deemed personal by her team. It’s unclear how many of those emails the FBI may have been able to recover from her server — which was turned over to authorities last August — or whether those messages will eventually be made public.

The report gives more details of the under-the-radar work of Clinton’s top technology staffer, Bryan Pagliano, whom she paid to maintain her private email server. State’s chief information officer and deputy chief information officers, Pagliano’s direct bosses, told investigators that he never informed them of his side duties. They “believed that Pagliano’s job functions were limited to supporting mobile computing issues across the entire Department.” 

“They told OIG that while they were aware that the Senior Advisor had provided IT support to the Clinton Presidential campaign, they did not know he was providing ongoing support to the Secretary’s email system during working hours,” the report reads.

The top technology officers also told investigators they “questioned whether he could support a private client during work hours, given his capacity as a full-time government employee.”

Pagliano invoked his right to avoid self-incrimination and refused to answer questions on the matter before Congress but received immunity from the FBI to talk about the email arrangement. Lawmakers on Capitol Hill have been eager to question him on whether Clinton intentionally used private email because she didn’t want anyone getting access to her messages.