Today the State Department’s inspector general released a report on Hillary Clinton’s email use during her time as secretary of state. Both Democrats and Republicans are going to spin the report to argue either that Clinton is completely blameless or that it reveals her to be history’s greatest monster. Donald Trump will likely say that the Office of the Inspector General (OIG) found that Clinton kidnapped the Lindbergh baby and produced Vanilla Ice’s first album.
So let’s see if we can sort through what’s there and what isn’t.
You can read our story by Rosalind Helderman and Tom Hamburger for a summary, but here are the two key excerpts from the IG’s report that deal with Clinton. First:
Secretary Clinton should have preserved any Federal records she created and received on her personal account by printing and filing those records with the related files in the Office of the Secretary. At a minimum, Secretary Clinton should have surrendered all emails dealing with Department business before leaving government service and, because she did not do so, she did not comply with the Department’s policies that were implemented in accordance with the Federal Records Act.
So that’s one problem: she should have printed out her emails so they could be archived, but she didn’t do that until the department sent a request to multiple secretaries of state, two years after she left office. Here’s the other part, which is more serious:
Secretary Clinton used mobile devices to conduct official business using the personal email account on her private server extensively, as illustrated by the 55,000 pages of material making up the approximately 30,000 emails she provided to the Department in December 2014. Throughout Secretary Clinton’s tenure, the FAM [Foreign Affairs Manual] stated that normal day-to-day operations should be conducted on an authorized AIS [Automated Information System], yet OIG found no evidence that the Secretary requested or obtained guidance or approval to conduct official business via a personal email account on her private server. According to the current CIO and Assistant Secretary for Diplomatic Security, Secretary Clinton had an obligation to discuss using her personal email account to conduct official business with their offices, who in turn would have attempted to provide her with approved and secured means that met her business needs. However, according to these officials, DS and IRM [Bureau of Information Resource Management] did not — and would not — approve her exclusive reliance on a personal email account to conduct Department business, because of the restrictions in the FAM and the security risks in doing so.
Get past all the abbreviations and government-speak, and what it comes down to is that Clinton should never have used a personal email account, no matter how secure she thought it was, for department business, and that she repeatedly failed to consult with personnel who should have been aware of how her personal system worked.
If you’re saying, “Didn’t we already know that?”, well yes, we mostly did, though there are some new details here. So here’s what Clinton and her supporters will say: This report doesn’t reveal anything new. Clinton already said that using a private email server instead of the State Department’s system was a mistake, and she apologized for it. But there’s no evidence that national security was actually compromised, none of her emails contained information that was classified at the time she sent or received it, and even if she violated departmental policy, she certainly didn’t do anything criminal. And don’t forget that the report was highly critical of Colin Powell, who also used his personal email for official business.
And here’s what her opponents will say: This report shows the true gravity of Clinton’s misdeeds. She violated the department’s policies. She probably committed crimes. For all we know Kim Jong Un was reading her emails every night. At every step, she tried to hide from scrutiny and accountability.
How valid are those arguments? Clinton’s case is meant to lead you to the conclusion that in the end this is not that big a deal. The Republicans’ case is that she was reckless and irresponsible, and terrible things might have happened as a result. On one hand, we don’t have any evidence of anything terrible happening, but on the other hand, speculation is all Republicans need to get what they want out of this matter.
That’s because the political reality is that Republicans aren’t making a big deal out of this because of their deep and abiding concern for cybersecurity. They just want something to hammer Clinton with. Which is fine — that’s politics. But they also know that the details are all but irrelevant. Most Americans couldn’t tell you what this controversy is actually about; they just know that Clinton did something shady with emails. As long as Republicans can weave that into a larger argument about her being untrustworthy, they’ll run with this, even if they’d be even happier if Clinton got indicted (which is theoretically possible but looking extremely unlikely at this point).
And though Clinton would like us to believe that her intentions were pure and unimpeachable, while Republicans would like us to believe that her intentions were dark and sinister, the truth is probably somewhere in between. I don’t doubt that Clinton made the initial decision to use a private server in order to retain control of her communications. That’s not because she was planning to execute some kind of nefarious criminal conspiracy over email, but because she knew that she’ll always be the target of lawsuits and fishing expeditions from her political opponents, and she didn’t want to give them any more material to work with. As a piece of forward-looking political strategy, we now know how foolish that was; it’s done far more damage to her than it would have if her emails had regularly been FOIA’ed and then leaked to the press by her opponents.
But it also appears, from what we know so far, that there weren’t really any practical consequences for the country because of her decision — no covert operations compromised, no key national security information delivered to our enemies. And cybersecurity experts will tell you that her emails likely would have been no less vulnerable had they been on the State Department’s servers, which are the target of constant hacking attempts.
So maybe the best thing for Clinton to do now would be to say that this whole episode has brought home to her the need for the federal government to dramatically improve its cybersecurity, and she wants to assemble a blue-ribbon commission of experts to devise a plan to reform the systems across the government, one that she hopes Republicans will join with her to pass through Congress within her first year in office so it can be implemented as soon as possible. At least then some good might come of this controversy.