Clinton’s handling of email went beyond carelessness, experts say

FBI Director James Comey during his statement at FBI Headquarters in Washington on Tuesday, July 5, 2016. Comey said 110 emails sent or received on Hillary Clinton's server contained classified information.
FBI Director James Comey during his statement at FBI Headquarters in Washington on Tuesday, July 5, 2016. Comey said 110 emails sent or received on Hillary Clinton's server contained classified information. AP

Hillary Clinton and her team clearly skirted the most basic rules for the handling of classified information, and their actions as outlined Tuesday by the director of the FBI went well beyond carelessness to an open flouting of known practices, security experts inside and outside the administration said Tuesday.

Experts were especially disdainful of the FBI’s finding that highly classified information turned up in emails that Clinton sent and received on her unsecured server. That alone was in violation of the Foreign Affairs Manual, a comprehensive set of State Department policies, that, among other restrictions, require that a different computer system be used when dealing with classified documents and that a physical distance, or “air gap,” separate it from other computers.

“If she didn’t want to carry two systems, she could have had a staffer or one of the agents assigned to her protective detail hand her the (other) system,” said Scott Stewart, vice president of tactical analysis for Stratfor, an Austin, Texas-based global security consultancy. Stewart is a former Diplomatic Security Service special agent for the State Department.

Failing to maintain that dual system “is just unconscionable, especially if we are putting code-word material on an unclassified system,” Stewart said, referring to the practice of compartmentalizing classified cables or documents with code words that ensure access only on a “need-to-know” basis. Seven of the emails found on Clinton’s email server were classified Top Secret/Special Access Program, FBI Director James B. Comey said.

“That’s not carelessness. That was intentional,” Stewart said.

Comey said that Clinton also used her personal email extensively “in the territory of sophisticated adversaries,” a practice he said made it “possible that hostile actors gained access to Secretary Clinton’s personal e-mail account.”

He did not name the countries – Clinton traveled to 112 nations while in office – but the U.S. government has warned repeatedly in recent years about the dangers of cyber intrusions throughout the world. Last year, President Barack Obama stopped staying at the iconic Waldorf-Astoria Hotel in Manhattan for the annual United Nations General Assembly session because the property had been sold to an insurance company in China, a nation that would certainly qualify as a “sophisticated adversary.”

The Overseas Security Advisory Council, an adjunct to the State Department, warns citizens traveling to China that “all means of communication are likely monitored.” It added that hotel rooms, offices, elevators and public areas are under “continuous surveillance.”

Despite Comey’s scathing assessment, however, Clinton and her top aides are unlikely to have a problem in obtaining access to sensitive and classified clearances if she wins the presidency in November elections, the experts said.

In his presentation Tuesday, Comey suggested that while he was recommending no criminal charges, other “consequences” were possible, including what he called “security or administrative sanctions.”

But the experts said it was unlikely such sanctions would be used against Clinton or her aides.

The State Department renewed Clinton’s “Top Secret/Sensitive Compartmented Information” clearance after she left office in 2013, according to a Sept. 22 letter from Assistant Secretary of State Julia Frifield to Senate Judiciary Committee Chairman Charles Grassley, and it is unclear if any agency has requested that it be suspended – as is frequently the case in security investigations.

It was unknown if her aides still hold security clearances or whether any such clearance was suspended during the FBI’s investigation; U.S. officials said they generally don’t comment on individuals’ clearance status.

In any case, national security experts said the matter is moot if Clinton wins the election. Becoming president would supersede any outstanding clearance issues.

“Once you’re president, you have access to whatever you want. You can ask for whatever you want and they have to give it to you, within reason,” said one official who’s familiar with security procedures across the federal government. He spoke under the condition of anonymity because of the sensitivity of the issue. “Bill Clinton famously joked that he was going to look for UFOs when elected.”

Clinton’s senior aides also are unlikely to face problems. Experts say the process of revoking someone’s clearance takes up to a year – well after the November vote. In addition, the process is overseen by the Office of Personnel Management, which falls under the executive branch. In other words, Clinton’s White House would decide whether her former aides merit security clearances.

“Once no charges are recommended, the practical effect is that everybody around this individual, including them, gets to have access to classified,” the official said. “Nobody’s going to be able to stop them.”

But House Speaker Paul Ryan, R-Wis., told Fox News Tuesday that he believed the director of national intelligence should stop Clinton from receiving the classified briefings that are the norm for official nominees of the two major U.S. parties – though that too seems an unlikely step, given that Director of National Intelligence James Clapper was appointed to his job by President Barack Obama.

Comey also chastised the State Department for what he said was a lax security culture that fell short “in the kind of care for classified information found elsewhere in the government.”

That assessment was seconded by officials who’ve worked across the federal government, saying the State Department was well known for looser security than, say, the Pentagon of the National Security Council. One U.S. official, asked for examples of such lax practices, let out a sigh and began to list practices he observed among State Department employees: sticking passwords under keyboards, sharing passcodes to open gates on unsecured phone lines, leaving computers “just lying around, sometimes open and sometimes closed.”

He said he saw virtually no enforcement of policies governing the use of cell phones and other electronics in the building.

“I saw no real rule about bringing electronic devices into the building,” said the official, speaking on condition of anonymity because the issue involves sensitive information. “And these can be and frequently are listening devices. That’s what a cell phone is – a two-way radio.”

Outside data security experts concurred. “I know enough about State Department security to not have a lot of faith in it. They are behind the times,” said Herbert S. Lin, a scholar at the Center for International Security and Cooperation at Stanford University.

State Department spokesman John Kirby wouldn’t address the FBI’s specific findings but took issue with the director’s assessment of State as having a laxer security culture than other federal agencies.

Kirby acknowledged that State’s own inspector general had found “lapses,” but, he said, it was unfair to portray a former secretary’s email practices as emblematic of a system-wide cavalier attitude toward sensitive information.

“We don’t share the broad assessment made of our institution,” Kirby said.

Anita Kumar and Marisa Taylor contributed to this report.

Hannah Allam: 202-383-6186, @HannahAllam

Tim Johnson: 202-383-6028, @timjohnson4