Late last month, Hillary Rodham Clinton stood before a line of television cameras at a rural Iowa campaign stop to deny reports that she had sent sensitive information over her private e-mail system.
“I’m confident that I never sent or received any information that was classified at the time it was sent and received,” Clinton said, dismissing claims to the contrary by federal intelligence officials as a bureaucratic dispute over what qualifies as classified.
The view from inside Clinton’s presidential campaign team was much the same: Clinton had done what she needed to do, there was nothing of real concern regarding the e-mails and, mostly, the whole matter was an annoyance in her efforts to win the White House.
The next week, however, law enforcement officials became interested, and the campaign’s apparent lack of concern began to turn into a sense of anxiety.
“They’re worried about it,” said a longtime Clinton adviser and confidant who agreed to discuss the mood of the campaign team only on the condition of anonymity. “They don’t know where it goes. That’s the problem.”
The controversy over her private e-mail setup has moved into a new and, potentially, more serious phase. What had begun five months ago as a relatively narrow question about proper archiving of public records has become a bigger, more politically dangerous one: Whether the then-secretary of state and her close aides, in choosing to use a private e-mail system, disregarded common sense and may have put sensitive information at risk of falling into the wrong hands.
The first warning came July 31 when a Justice Department prosecutor called Clinton’s longtime lawyer, David Kendall, seeking a thumb drive that contained a copy of the 30,000 e-mails that Clinton had turned over earlier to the State Department, according to a person briefed about the conversation. Six days later, Kendall turned over to the FBI his thumb drive — and two copies — which had been stored in a safe in his office provided by the State Department. Next, the FBI wanted Clinton’s private server. That too, has been handed over, arriving in government hands Wednesday afternoon from the New Jersey data center where it was being kept.
The FBI’s interest in Clinton’s e-mail system arose after the intelligence community’s inspector general referred the issue to the Justice Department on July 6. Intelligence officials have expressed concern that some sensitive information was not in the government’s possession and that Clinton’s unusual e-mail system could have “compromised” secrets.
That investigation, still preliminary, is focusing on how to contain any damage from classified information that might have been put at risk. Officials have said that Clinton is not a target. But, according to legal experts, this type of security review can turn into a criminal investigation if there is evidence that someone intentionally mishandled government secrets.
Clinton’s Democratic backers in Congress, including some who have had access to the e-mails in question, have in recent days waved away the suggestion that Clinton bears particular responsibility for improper handling of sensitive information. Rep. Adam B. Schiff and Sen. Dianne Feinstein, two California Democrats who are ranking intelligence committee members, said none of the e-mails alleged to contain classified information were written by Clinton.
“I think the fact that some staff of the Department of State may have sent the secretary some e-mails not marked as classified is going to prove to be of very minor significance,” Schiff said.
The issues around Clinton’s e-mails have also intensified as it has become clear that a number of her statements defending her actions now appear to be false.
As she did that Sunday in Iowa, Clinton has said multiple times that she never sent or received any e-mails containing information that was classified at the time.
But the intelligence community’s inspector general, reviewing a small sample of Clinton’s private e-mails, has contradicted that claim. While the e-mails may not have been marked that way, they contained classified information. The IG said this week that he had discovered information in two e-mails that intelligence agencies considered to be top secret, the highest category of classification.
In recent weeks, Clinton, her campaign and the State Department have shifted their language, offering less definitive denials regarding classified information.
When her use of a private e-mail account first came to light in March, Clinton said that, “I’m certainly well-aware of the classification requirements and did not send classified material.”
But then last week, as The Washington Post reported that the FBI had begun its inquiries, Clinton spokesman Nick Merrill said that she had not sent or received any e-mails that were “marked classified at the time.”
This week, when the inspector general said some e-mails should have been designated top secret, the State Department said it was reviewing the content but acknowledged that some had been sent over “unclassified systems” in 2009 and 2011 and “ultimately some were forwarded to Secretary Clinton.”
Like Merrill, the agency spokesman also said that the e-mails had not been marked as classified. According to federal rules, it is the responsibility of the sender of an e-mail to ensure it contains the proper classification designations.
The controversy highlights one of the problems with Clinton’s decision to use her own e-mail system during her four years running the State Department.
At many agencies that handle sensitive information, discussions of classified material and sharing of classified documents must take place on specially secure classified computers. The government protections don’t extend to private accounts.
Other Cabinet secretaries have been known to use private accounts, including one of Clinton’s predecessors, Colin Powell.
State Department rules require employees to “use, hold, process, or store classified material in data and word processing systems . . . only under conditions that will prevent unauthorized persons from gaining access,” according to the agency’s Foreign Affairs Manual. A 2009 executive order also specifies that classified information “may not be removed from official premises without proper authorization.”
In several of the e-mails that intelligence officials now say are classified, Clinton’s closest aides were writing to her to alert her to specific information and sometimes citing what the CIA was reporting, according to two government officials who have reviewed them.
Clinton was on the thread of the e-mails as other aides shared new information or joined in the discussion, and often did not reply, the officials said.
John Fitzpatrick, head of the Information Security Oversight Office within the National Archives, said agencies train officials with security clearances to spot sensitive material and then to look up the proper classifications — such as “confidential,” “secret” or “top secret.”
“If you write an e-mail , you are expected to distinguish the classified from the unclassified,” Fitzpatrick said. “If you say ‘the CIA reports’ something — writing that sentence should set off alarm bells.”
Fitzpatrick said the dispute is somewhat academic given Clinton’s unique system. Officials shouldn’t rely on private systems for work e-mails, he said, and they should never talk about classified matters on a private system.
“The rules require conducting any official business on an official system. There are many reasons for that — including assuring the security of the information, regardless of its classification. There is no argument to have those conversations in a private e-mail.”
One open question is whether 31,000 e-mails that Clinton deemed to be personal and which were not handed over to the government remain in some way on her server.
Both Clinton and a lawyer for the company that has been handling the server since 2013 have said there is no trace of any files on the drive.
But technology experts say that there can be ways to revive deleted e-mails.
Joseph Lorenzo Hall, the chief technologist for the Center for Democracy and Technology, said some ways of deleting information from a server are more thorough than others. A quick deletion may erase data from the table of contents in a server, but the data itself could remain deep in the system.
Experts typically use a more thorough but time-consuming way to erase the data, using software to write over the files with gibberish. The Department of Defense and the NSA recommend writing over data multiple times to ensure it is fully obscured.
Whether any files remain on Clinton’s server “depends on the level of technical competence of the people doing the damage control,” Hall said. In this case, he added, “I would expect this to have been wiped. Not just wiped but, since they had some time, thoroughly wiped.”
Much of what the public now knows about Clinton’s e-mails comes as a result of a Republican-led House oversight investigation into the State Department’s handling of the 2012 terrorist attack on the U.S. diplomatic compound in Benghazi, Libya.
In August 2014, the committee’s discovery in records of a private e-mail domain, “clintonemail.com,” prompted the State Department to ask Clinton for copies of all of her work-related e-mails.
In December, Clinton turned over to the State Department printed paper copies of 30,000 e-mails that she said were work-related. Because of a long-standing public records request seeking Clinton’s records as secretary, a court ordered the State Department to review and make public large portions of all of the e-mails that Clinton turned over by specific deadlines, starting in May. The State Department’s Freedom of Information Act office then became intensely busy, trying to figure out what needed to be redacted for privacy or sensitivity reasons.
In April, following a New York Times report in March that first noted Clinton’s exclusive use of a private e-mail address during her time as secretary, State Department inspector general Steve Linick began an inquiry to look more deeply at the use of personal devices by Clinton and other previous secretaries. In early June, he expanded the inquiry to have his team read through hundreds of Clinton’s e-mails to check on the State process for releasing them. Linick asked the inspector general for the intelligence community, I. Charles “Chuck” McCullough III, to help because of his office’s expertise in classified records.
In mid-June, McCullough and Linick became concerned that State might be handling potentially classified information in a sloppy way. They discovered that classified information mentioned in one of Clinton’s e-mails had been released by the State Department to the public in May.
But the inspectors tussled with a top State Department official, Patrick Kennedy, who said the proper protocols were being followed to protect classified information.
State officials believed that McCullough’s office was over-classifying by deeming information sensitive even if it had been published in news articles or other public documents, according to two government officials. An agency spokesman, Alec Gerlach, said it was common for staffers around the world to learn information from open sources “that may also be independently learned through entirely separate means within the intelligence community.” He said State officials were working with intelligence agencies to review Clinton’s e-mails and to “clarify their findings and resolve whether, in fact, this material is classified.”
On June 24, McCullough learned in a letter sent by Kendall to the State Department that copies of these classified e-mails were on a thumb drive in Kendall’s Williams & Connolly office in downtown Washington.
On June 25, McCullough called an FBI official running the National Counterintelligence and Security Center, a little-known agency responsible for securing the federal computer and cyber systems, to alert him that classified information was outside of the government’s control, according to two government officials. McCullough was told to refer the matter to the FBI’s national security branch, the officials said.
State officials were dissatisfied with the security of Kendall’s thumb drive, which he was storing in his office safe, according to a person with knowledge of internal discussions. Kendall argued that he had to preserve it as evidence in the Benghazi investigation. The State Department then arranged for a government-issued safe to be installed in the office of Kendall’s partner, Katherine Turner, another Clinton attorney.
However, Clinton’s team was not aware of the Justice Department’s involvement until it was reported late the evening of July 23 by the New York Times.
Kendall called the Justice Department on July 24 seeking information — the first contact between the Clinton team and law enforcement with regard to the sensitive material, according to a person with knowledge of the interaction.
The FBI launched its inquiry, looking into the security of the e-mail setup and the thumb drive.
The investigation is being overseen by two veteran prosecutors in the Justice Department’s National Security Division. One of them helped manage the prosecution of David H. Petraeus, the retired general and former CIA director who was sentenced to probation earlier this year after pleading guilty to a misdemeanor charge of mishandling classified materials. He was also fined $100,000.
Adam Goldman, Tom Hamburger and Alice Crites contributed to this report.