back to article Hillary Clinton draws flak for using personal email at State Dept

Hillary Clinton allegedly used a private email account while presiding over the State Department, potentially violating US federal record-keeping laws in the process. The former US Secretary of State exclusively used a private email account instead of an official State Department facility, the New York Times reports. Staffers …

  1. Buzzword

    According to one Mr E. Snowden, the U.S. federal government has access to both her work email and her private email. So she didn't really break any rules.

    1. Tom 13

      Your interpretation of the law is wrong. The NSA does not count as the messages being archived. The requirement is for the National Archives to have access to her records. She broke the law. Period. There's no way around it.

      Furthermore, I glanced at the Gawker leaks yesterday. She violated security policies. Confidential email was transmitted in plain text.

  2. auburnman

    If she really wasn't given a state.gov address, the one of the most senior Officers of the state would have been unable to do her job effectively; sounds close enough to an emergency for me.

    1. JamesPond
      FAIL

      You mean she had so little clout that she couldn't get the leader of the free world to sign-off the requisition for an e-mail account?

      1. IglooDude

        Tthe State Dept email administrator is a BOFH. 'Nuff said?

    2. Eddy Ito Silver badge

      If it was a slip-up that got corrected in a month, I could be convinced although given the position was Secretary of State even ten days seems like an unforgivably long time. An "emergency" that lasted four years? <cough>Bullshit!</cough>

    3. Tom 13

      The only way the Secretary of State was not given an official email address is if she ordered them not to give her one, which is breaking the law.

  3. Alistair Silver badge
    Coat

    .....a lawyer at Drinker Biddle & Reath

    Am I the only one that read that as Drinker Piddle and Heave?

    1. Marketing Hack Silver badge
      Devil

      Best (fictitious) legal firm name since Wee Cheatham & Howe!!

      1. Alan Newbury

        Or Sue, Grabbit and Runne (Thanks Private Eye)

    2. Doctor Syntax Silver badge

      Nearly. Death!

  4. phil dude
    Alien

    appears incredibly naive...

    in other words, some more juicy news to come!!

    P.

  5. A Non e-mouse Silver badge

    Not the first..

    ..and won't be the last.

    People in the UK Civil Service have been doing this to try and side-step Freedom of Information

    1. Richard Taylor 2 Silver badge
      Trollface

      Re: Not the first..

      Well I was aware of Toty ministers and their SPADs doing this but servants, not really a d civil - never

    2. Tom 13

      Re: Not the first..

      This is more likely a dodge on FEC law. As a government employee, you are not allowed to use an official government account for partisan purposes. She's too damn lazy to keep a separate account. Depending on who you ask, you aren't even allowed to use the separate account on a government computer.

  6. Anonymous Coward
    Anonymous Coward

    Nice catch.

    "..nuclear winter..."

    At some point, somewhere, you just have to ask yourself "Am I really going to use this comparison?" BTW, didn't Jbush INTENTIONALLY dump government related information...so is that like our star going supernova?

  7. Anonymous Coward
    Anonymous Coward

    The real ascandal is that both Dem & Rep parties are wholly owned subsidiaries of Wall Street

  8. Bob Dole (tm)

    This, my friends, is what happens when IT fails to do its job.

    Good for her for not waiting around until hell froze over in the IT department. Given that email addresses are usually provisioned at the exact same time as other network accounts, I have to wonder what computer she was using...

    1. Chris G Silver badge

      Looks Like

      BYOD and BYOemail, probably to go along with BYOItinerary,

      She would make a dangerous following act to Obarmy, America's 1st black president being replaced by America's 1st woman president.

      I hope the Romanian Hackers publish the content.

    2. Tom 13

      No, this is what happens when the Secretary of State orders IT not to give her an email account. Provisioning an email at that level happens automatically in the IT department. I'm just a minor cog in our IT department. When our new head office guy came in, the account was setup two whole weeks before he set foot in the building. We're at least 5 levels away from the Secretary for our federal branch office.

  9. channel extended

    Privacy

    She appearently does understand privacy, since she used a private email account. Could she have a better chance at controling the NSA?

    Odd: If you have noting to hide you have nothing to fear.

    Bod: If you don't want privacy during sex, then can I watch? Oh, I'll also need to bring my camera.

  10. Anonymous Coward
    Anonymous Coward

    More proof

    ...that politicians are clueless when it comes to cyber security.

  11. Anonymous Coward
    Anonymous Coward

    Scum bam not much different

    The a$$clown used his crackberry for communication without proper security.

  12. Erik4872

    How is this different from private business?

    I've worked for lots of companies where the CEO and other executives use their personal email accounts almost exclusively. Top execs usually aren't reading or writing their own email anyway, at least in the places I've worked. The CEO's assistant does that -- they're the ones using the CEO's email account to read and respond, and usually are told either directly or from that personal email account what to do.

    Not using your official email account is also a good way to get around e-discovery of your personal life. One place I worked for was so spooked by e-discovery that they set email retention for everyone to 30 days...if anyone came looking for evidence, they had better do it quickly. With CEOs being public figures, likely sued many times a year, they might not want their official email accounts to contain details of their...personal lives...that wind up in front of a jury.

    Government is a little different, because top Cabinet posts probably have the same rules requiring archive and retention of official communication. It sets up an interesting approval circular reference when your manager has to approve IT requests...seriously, does the President do that? :-) Who approves his IT requests?

    1. Paul Crawford Silver badge

      Re: How is this different from private business?

      The difference is that folk should use TWO emails! (In fact 3+)

      The first one for official business and that is subject to discovery. Of course, depending on the data retention rules and any legislation that forces that period.

      The second one is your personal email account that you use for chatting to friends, ordering stuff from Amazon, arranging a hot date, etc... Since this is not used officially (and you are not dumb enough to do so and have a client's email reveal this so it IS then subject to discovery) you don't need to worry much. If it is not using the corporate servers, they don't have to touch it at all.

      The 3+ ones are for spam accounts, like sites that ask for email to download articles, etc. You can more or less set that to self-delete after a day or two once you have the access you needed.

      1. Tom 13

        Re: The difference is that folk should use TWO emails!

        Actually for someone like Clinton you need four plus spam accounts.

        1. Publicly disclosed official email account. This is the one maintained almost exclusively by staff. It gets bombarded by world plus dog.

        2. Actual official email account that the Secretary uses to exchange email with other government officials. At that level, it should default to encrypted.

        3. Private fundraising email account. At the Secretary level, you have to assume they are active in partisan activities including fundraising. It's illegal to use official accounts for partisan purposes. And you probably don't want this account mixing with your actual personal account.

        4. Private personal account. The account for people who actually know you on a first name basis. Optional account for hot dates.

        Is it a lot accounts? Yep. It's also the price of all the laws they passed governing how government works.

  13. tom dial Silver badge

    Some years back I worked for a DoD agency where the managed data was classified For Official Use Only because it contained employee personal and financial information. The requirement was that all government work be performed using equipment provided, configured, and maintained by the government and that any official email be done using the agency's Exchange. Similar emergency provisions to those the article describes applied to the email part and I doubt anyone ever was beaten up for a misstep on the that. However I made sure to copy or forward to myself, my manager (and usually his manager) any work related email from or to my private account, and required my employees to do the same.

    It is disappointing that the State Department, which handles data of considerably higher classification and where email is far more likely to contain sensitive material, appeared. to be clueless about security, both in IT and in upper management. There likely is more to be concerned about than the technical violations of a law that seem to be the focus of most of the articles in the nontechnical press.

    1. Tom 13

      @tom dial

      I don't imagine the IT staff were clueless. I expect they are all well aware of their legal exposure on this issue. Which makes me think they were following direct orders. Maybe verbal orders, but none the less, direct orders. Like I said above, I'm just a minor cog in the machine. I'm well aware of all the land mines surrounding me fucking up anything related to creating email accounts. I'm not even a real mail admin, more like a data entry clerk on that count. Every time were disabling/deleting an account, the phrase "litigation hold" occurs several times on the paperwork. If I've done my job, it's great CYA, if I don't, I could be the one in the dock.

  14. Anonymous Coward
    Anonymous Coward

    Typical

    "That woman" couldn't be bothered to do things in the way that ordinary people do, and which would have protected her communications. Perhaps she was too busy dodging bullets on tarmacs to sort it out.

    When caught out, she blames everyone but herself - I am surprised that she didn't first blame an intern for persuing her account.

    Perhaps there was a reason why her bêtes-noires understood her so well?

  15. Ian Tunnacliffe

    It might be useful if El Reg were to acknowledge that the law requiring officials to exclusively use government-provided email didn't come into force until a full year after Clinton left office.

    You know - for the sake of accuracy or something.

    1. Tom 13

      @Ian Tunnacliffe

      Bullshit. Federal Records act has been out there since 1950. It was written broadly enough to cover these records when email came into existence.

      I lost my private sector job in the Democrat caused recession of 2006. I started working for the government in the DC area a year later. When I was first hired, one of the first things emphasized was that ONLY messages coming from an official government account were actionable and all official messages HAD to be sent on official, department created email. No I don't work at State. I work in a far more low level position in an agency that has proven amazingly resilient at avoiding Executive Orders for as long as possible, but they sit straight when Congress updates the law. And nothing scares them more than the Federal Records Act.

  16. Anonymous Coward
    Anonymous Coward

    Journalistic train wreck

    Bad title, but some of us have to work for a living.

    The few technical details that are floating around this story and the tinfoilery that's been built on them are more evidence that most people, including journalists and supposed "cybersecurity" experts are clueless when it comes to how the Internet, and e-mail in particular, work. They also seem to have a problem with the concept of "ex post facto" law.

    I'm not going to address all of those in this comment, just going to point out that nothing publicly released so far could give a real expert without special access to the backend involved any way to draw the conclusions I've seen flying around this issue.

    Yes, it should have been illegal starting a few decades ago for any government official to use their personal e-mail to transact official business. The same is true for landline or moblie communications. But it wasn't. As I understand it the law was unsettled enough up to the time Mrs. Clinton left the State Department that the rules had to be tightened significantly afterward. That's a scandal, an inexcusable breach of the public trust, but not just for the Clintons: it's also a scandal for both parties and especially every bureaucrat who didn't clearly separate their personal from business mail for the last generation. If company boards of directors want to allow such slipshod information management, that's up to them -- and their shareholders.

    But government, especially government agencies that handle the kind of classified information whose publication is worth sending young people to jail for the rest of their lives, should be held to a higher standard. I guess what I'm saying is that this is a systemic problem, a problem of principles, not just the misbehavior of a bunch of political appointees.

    On the journo side of things, I've really given up any hope that anyone in the press is competent enough to cover technology topics. They all seem to be a bunch of credulous adolescents with a tenuous grasp of what's going on around them. Most people who frequent this site could do a better job reporting on these kinds of topics, with a little editorial assistance to clean up their grammar and punctuation. However that's not going to change because publishers are clueless and only concerned with marketing to the rest of the clueless.

    It's akin to how the threat of Nuclear Winter was handled between around 1950 and 1988. Everyone in the field knew the risk, but that information didn't get to the public, first as the result of government secrecy and later due to self-censorship by both the press and the public itself (self-deception didn't start with Fox News viewers, after all, it's a quintessentially American way of dealing with "inconvenient" realities). It took a TV miniseries, "The Day After" to enlighten then President, Ronald Reagan -- even though he was alive when the film version of the prophetic "On the Beach" was released way back in 1959.

  17. strum Silver badge

    Just a thought

    Has no-one considered that HC might have thought that email was an inappropriate medium for diplomacy?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019