(The Washington Post)

The controversy over Hillary Clinton’s use of a private e-mail account while she was secretary of state has centered on whether she used it to send or receive classified messages. This focus obscures the larger question of whether Clinton’s setup affected the State Department’s compliance with the Freedom of Information Act and legal requirements for federal agencies to retain records, as well as myriad other questions about agencies’ information-management practices. Moreover, much of the commentary has been more confusing than illuminating, because it fundamentally misunderstands how the classification system works. Correct a handful of prevalent myths, and it’s clear that this aspect of the story reveals more about our nation’s dysfunctional system for managing official secrets than it does about Clinton.

1. Information can be “classified,” even if no one has classified it.

Many news reports and commentators have suggested that “information is classified by [its] nature” (as Sean Davis writes in the Federalist), even if no agency or official has classified it yet. These accounts treat “classified” as a quality rather than an action — one that is inherent, immutable and self-evident. If information is sensitive enough, it’s classified, no matter what.

When it comes to “original classification” — the initial decision to classify information — that portrayal is simply wrong. Under the executive order that governs classification, the 2,000-plus officials who have this authority “may” classify information if its disclosure reasonably could be expected to damage national security. The determination of harm is often highly subjective, and even if an official decides that disclosure would be harmful, he or she is not required to classify.

Information provided by foreign governments in confidence is different. The executive order cautions that the release of such information is “presumed” to harm national security; the rules provide that such information “must be classified.” There is a difference, however, between “must be classified” and “is classified.” After all, when an official receives information, its source and the circumstances of its disclosure may not be apparent. This category of information is not self-identifying, let alone self-classifying.

An official who transmits that information without classifying it has violated agency rules. But the recipient now possesses information that someone else should have classified — not classified information. (Of course, classifying the information, then sending it through unclassified channels to a private e-mail account also would be impermissible. E-mails released by the State Department show that some of Clinton’s correspondents dealt with this by asking to set up conversations over secure telephone lines.)

2. It’s easy to figure out whether information has been classified.

There is a common refrain that Clinton “should have known” there was classified information in e-mails she got, even if it wasn’t marked. As commentator Andrew McCarthy put it, “Classified information . . . is well known to national security officials to be classified — regardless of whether it is marked as such or even written down.”

The classification rules treat this myth as if it were true. Once information has been classified by an authorized official, anyone who retransmits it must mark it as classified, even if it was not marked when received. This is called “derivative classification,” and it can be performed by any of the 4.5 million individuals who are eligible to access classified information. They rely on “classification guides” — a kind of index of original classification decisions, mostly kept on secure Web sites — to determine what information has been classified and therefore must be marked.

Derivative classification is intended to be a straightforward, ministerial task. But the system breaks down in practice. The categories of information listed in guides are sometimes so broad or vague that they leave officials to guess whether any given piece of information has been classified. In 2009, President Obama ordered agencies to review their guides and purge outdated material, but his directive did not address the lack of specificity.

And while the number of original classification decisions is on the wane, there were still almost 50,000 new secrets created last year — on top of the 2 million created in the 10 previous years. It is virtually impossible to distill this sprawling universe of classified information into usable guidance. There are more than 2,000 federal classification guides, some of them hundreds of pages long. To expect every official to be thoroughly familiar with all the relevant guidance and apply it without error is simply unrealistic.

3. Anything classified is sensitive.

Many discussions of Clinton’s e-mail assume that all classified information deserves to be classified, often using the terms “classified” and “sensitive” interchangeably. The same assumption underlies frequent blanket statements by officials that “unauthorized disclosure of classified information jeopardizes national security.”

In fact, the classification system is marked by discretion (intended) on the front end and uncertainty (unintended) on the back end. This lack of clear boundaries opens the door to a huge amount of unnecessary classification.

There are multiple incentives, unrelated to national security, to classify. It is easier and safer for busy officials to classify by rote rather than to pause for thought. Classification is a way for officials to enhance their status or protect agencies’ turf. It can hide embarrassing facts or evidence of misconduct. There are no countervailing disincentives, as classification decisions normally go unreviewed, and agencies do not punish overclassifying. The result is massive overclassification, a phenomenon noted by experts and blue ribbon commissions for decades. Current and former government officials have estimated that 50 to 90 percent of classified documents could safely be released.

One need look no further than Clinton’s own e-mails for evidence of this problem. In February 2010, Clinton’s top foreign policy adviser e-mailed that he was unable to send her a statement by former British prime minister Tony Blair because someone had entered it into the State Department’s classified system, “for reasons that elude me.” Clinton responded incredulously: “It’s a public statement!” Yet her adviser was unable to access it, let alone send it to an unsecured e-mail address. Clinton also has come under fire for e-mails that referenced the CIA’s “top secret” drone strikes in Pakistan — a program well known to our friends and enemies around the world.

4. Any mishandling of classified information is illegal.

Some 2016 presidential candidates have not hesitated to label the mishandling of classified information as criminal, with former Arkansas governor Mike Huckabee calling Clinton’s actions “beyond outrageously illegal.” Even a New York Times article stated flatly, “Mishandling classified information is a crime.”

In fact, in a nod to the complexities of handling classified information, the law criminalizes only violations that are “knowing,” “negligent” or the like. The law falls short, however, in failing to give express protection to knowing releases of classified information by whistleblowers. The Obama administration has used the Espionage Act — a statute meant to target spies and traitors — to prosecute federal employees who revealed waste, fraud and abuse. Judges allowed these cases to go forward even though none of the defendants harmed or intended to harm national security.

The lack of protection for whistleblowers allows the government to graft its own “intent” requirement onto the law through selective prosecution. Those who seek to reveal government misconduct are prosecuted. Those who don’t — including high-level officials who have acted carelessly, as well as those given tacit approval for leaks that cast the administration in a positive light — are not (or, in the unusual case of Gen. David Petraeus, are given a deal to avoid jail time).

This double standard has rightly been criticized. It should be eliminated, not by prosecuting every slip, but by focusing on actions that are intended and likely to harm national security — and by protecting disclosures that serve the public interest by revealing wrongdoing.

5. Our classification system protects us from harm.

This myth flows naturally from the assumptions that all classified information is automatically and self-evidently sensitive and that any release of classified information would compromise national security. “On hundreds of occasions, Hillary Clinton’s reckless attempt to skirt transparency laws put sensitive information and our national security at risk,” GOP Chairman Reince Preibus said last month.

Actually, it is our bloated classification system that puts our security at risk. Some classification is unquestionably necessary to keep the nation safe, but overclassification not only stifles public discussion and debate; it also discourages people from following the rules. Officials who routinely encounter innocuous information marked “top secret” lose respect for the system. They are more likely to handle information carelessly or even engage in unauthorized disclosures, believing that little harm will result. The danger is that the baby could get thrown out with the bathwater: A casual approach to classified information jeopardizes the real secrets buried within the excess.

Overclassification also creates practical barriers to compliance. The procedures for storing, accessing and transmitting classified information are burdensome. That’s a feature, not a bug: These logistical barriers not only prevent unauthorized access but also aim to keep the bar for classifying information appropriately high. But when onerous security measures must be followed to transact even the most routine official business, the burden can become untenable.

Indeed, departure from protocol is not uncommon. Clinton’s e-mails revealed that career diplomats were sending foreign government information through unclassified channels. As one former intelligence official put it, “It’s inevitable, because the classified systems are often cumbersome, and lots of people have access to the classified e-mails or cables.”

Even those who scrupulously attempt to comply with the rules may find themselves unable to do so. With so much classified information coursing through the system, it is simply impossible to avoid some spillage.

These problems could be solved. Meaningful limits could be placed on officials’ discretion to classify, and an internal oversight system could be established to ensure that officials do not overstep these lines. Declassification could be made automatic after a reasonable time, rather than allowing agencies to create a bottleneck by conducting lengthy reviews. Shrinking the pool of secrets would make it easier to ensure that classified information is properly marked and protected, which would enhance national security and relieve the burden on busy officials. Without such measures, overclassification is sure to continue.

Twitter: @LizaGoitein

Five myths is a weekly feature challenging everything you think you know. You can check out previous myths, read more from Outlook or follow our updates on Facebook and Twitter.