Clinton defence of personal email server fails to placate critics
Admits it 'might have been smarter' to use two accounts
Analysis Hillary Clinton's admission that she was perhaps unwise to make exclusive use of a personal email account while serving as US Secretary of State has failed to placate critics, some of whom are trying to use the affair to derail her expected challenge for the White House next year.
Clinton has issued a minimal mea-culpa stating that she used a personal email account while working as the US's top diplomat for reasons of "convenience". She grudgingly admitted that maybe it would have been better if she had used a second email account.
"I opted for convenience to use my personal email account. I thought it would be easier to carry one device for my work and personal email account," the former First Lady told reporters on Tuesday during a hastily arranged press conference at the United Nations.
"At the time, this didn't seem like an issue … looking back I think it might have been smarter to have [used] two devices from the beginning.
"The vast majority of my work emails went to government employees at their government addresses, which meant they were captured and preserved immediately on the system at the State Department," she added.
Clinton estimated that about 60,000 emails were sent or received through the account, a little over half of which were personal and therefore not turned over to State Department officials. Even so, officials are reviewing 55,000 pages of Clinton emails. Clinton previously said she wants the State Department to publicly release her emails after this review. A review of all of her emails revealed only one exchange with a foreign (UK) official.
The former Secretary of State was not handling classified material through her email address, Team Clinton said.
A separate, closed system was used by the Department for the sole purpose of handling classified communications which was designed to prevent such information from being transmitted anywhere other than within that system, including to outside email accounts.
Clinton's use of a private email server potentially violated US federal record-keeping laws, as previously reported. The former first lady – and potential 2016 presidential candidate – maintained that she had complied with the "letter and spirit of the rules" during her four years as America's top diplomat until January 2013.
Clinton's rationale for running a private email server has (if anything) emboldened critics. Ex-law enforcement and national security officials warn that Clinton's email server was both a prime target and easy prey for foreign intel agencies, the Washington Post reports.
As if to emphasise the point, a cache of emails Clinton sent using the "clintonemail.com" domain was pilfered by Romanian hacker Guccifer and leaked to Gawker back in 2013. The use of Clinton's personal email account on official business only became a political issue this month when it was unearthed by a House committee investigating the September 2012 attack on the American Consulate in Benghazi, Libya.
The White House confirmed that President Obama emailed Clinton's private email address while she was Secretary of State, Politico reports. It's not clear whether these messages were encrypted.
Political critics suspect Clinton used the private email account to keep any potentially embarrassing emails secret. Some technology vendors argue that Clinton set a bad example.
Phil Barnett, a VP at mobile device management vendor Good Technology, questioned Clinton's data management practices.
"Personal and highly sensitive corporate data are very different and should be treated as such," Barnett said. "But that's not to say you can't have them on the same device. The user experience must be high quality to keep data secure – if your corporate security model is too heavy, people will find a way around it.
"Separating and containerising sensitive data allows one device to do both jobs while balancing usability and security. And the more sensitive the data, the more critical this approach becomes," he added.
The affair has created issues around using personal vs. government issued e-mail addresses, as well as the preservation requirements that apply to each case. The incident has also thrown up regulatory, compliance and storage/e-discovery issues.
Mark Noel, a former litigator for Latham & Watkins who went on to co-found an electronic discovery software firm before moving onto Catalyst Repository System, is more sympathetic to Clinton's DIY email set-up, arguing that there's a good chance that historically significant data will be recovered one way or another.
"The use of a personal email account doesn't necessarily mean there's any intent to hide things," Noel said. "It's very common for busy professionals to try to funnel everything into one email account or one device, because multiple devices or accounts are too much of a pain to deal with and take up way too much time. When the government or corporate system isn't set up to allow that kind of efficiency, people often craft their own solutions purely for the sake of getting their jobs done."
Emails sent or received by Clinton might still be accessible even if here or her staff either deleted or lost them for any reason. There are always copies at the other end, the managing director of professional services at Catalyst Repository System pointed out.
"Analysts who are complaining that 'there's no way we can know if there's anything missing' aren't quite right," Noel said. "We do this all the time in civil litigation and government investigations. Emails tend to leave copies on every server they touch, so even if a sender doesn't keep a copy of it, the receiver's email system probably did. If Ms. Clinton emailed other government issued accounts, those emails are very likely preserved – just in a different location."
Gaps in the record might also be revealed via practices common in commercial litigation, according to Noel.
"Additionally, there are other types of analysis, such as 'gap analysis' that can reveal whether email is likely missing, based on the usual pattern and quantities of email and whether there appear to be 'holes' in the emails that are preserved. These types of analyses are also quite common in civil litigation and government investigations where it is suspected that someone is intentionally hiding or deleting evidence," he concluded. ®
Sponsored: Becoming a Pragmatic Security Leader