The State Department says that Hillary Rodham Clinton's use of her private e-mail account during her tenure as head of the agency did not include sending classified information. But what, if any, security measures Clinton may have used to protect the account remain unclear -- and unclassified e-mails could still contain sensitive information about U.S. foreign policy strategy.
"It is not clear whether Mrs. Clinton’s private email account included encryption or other security measures, given the sensitivity of her diplomatic activity," the New York Times reported Monday A spokesperson for Clinton did not respond to an inquiry from The Washington Post about whether Clinton used a third party service provider like Gmail or AOL or what security features were deployed.
The State Department was also vague, but suggested Clinton's e-mail was not used for classified communications. “We have no indication that Secretary Clinton used her personal email account for anything but unclassified purposes," State Department deputy spokesperson Marie Harf said in a statement. "While Secretary Clinton did not have a classified email system, she did have multiple other ways of communicating in a classified manner, including assistants printing documents for her, secure phone calls, and secure video conferences.”
But even if the private e-mail account wasn't used for classified communications, sensitive but unclassified information about U.S. foreign policy objectives still may have been at risk if security standards were lax.
The AOL e-mail account of Sidney Blumenthal, a close confidant and former adviser to President Bill Clinton, was compromised in a string of attacks by a Romanian hacker who went by the handle "Guccifer" and targeted individuals close to prominent political figures in 2013. Hillary Clinton wasn't allowed to bring Blumenthal on staff at the State Department, according to the New York Times, but the alleged contents of his hacked e-mail account suggest Blumenthal continued to provide guidance to Clinton on foreign policy subjects, including unofficial intelligence memos.
One such memo from January 2013, posted by the Smoking Gun, is marked "CONFIDENTIAL" and purports to contain information about internal Libyan government discussions. It's unclear from the leaked information if Clinton responded to Blumenthal's messages, but if legitimate, the very exposure of the messages highlights the risk of using personal e-mails for sensitive communications: Even if one side of the conversation is secure, the other might not be.
Clinton's use of a private e-mail address was not unique to her position, a State Department official who declined to be named said, noting that former secretary of state Colin Powell wrote in his book about using a personal laptop and e-mail account to connect with assistants and foreign ministers.
Often times secretaries of state are "phone people," said Center for Strategic and International Studies senior fellow James A. Lewis, and they generally don't write their own e-mails -- instead delegating such tasks to aides. The use of secure telephone systems can provide protection from eavesdroppers and from a written record of communications.
"I think using a private e-mail is a not uncommon practice," Lewis said. "The real question is was it done to avoid accountability?" The registry information for clintonemail.com, the domain associated with the e-mail revealed in the Guccifer hacks, show it was first created on Jan.13, 2009 -- a week before President Obama was sworn into office and the day Clinton's Senate confirmation hearings began.