World

Hillary Clinton ignored State Department rules with private email server, audit finds

Hillary Clinton disregarded various State Department guidelines for avoiding cybersecurity risks, an internal audit finds, faulting her and past secretaries of state for weak information management.

'Longstanding, systemic' security problems cited by inspector general's report

Hillary Clinton checks her Blackberry on a flight to Libya in 2011. A new audit says she ignored clear directives on using a private email system. It notes that her predecessor Colin Powell had a similar email arrangement. (Kevin Lamarque/AP)

Hillary Clinton and her team ignored clear guidance from the State Department that her email setup broke federal standards and could leave sensitive material vulnerable to hackers, an independent audit has found. Her aides twice brushed aside concerns, in one case telling technical staff "the matter was not to be discussed further."

The inspector general's review also revealed that hacking attempts forced then-Secretary of State Clinton off email at one point in 2011, though she insists the personal server she used was never breached. Clinton and several of her senior staff declined to be interviewed for the State Department investigation.

Earlier this month, Clinton declared that she was happy to "talk to anybody, anytime" about the matter and would encourage her staff to do the same.

Opponents of her Democratic presidential campaign pointed to the audit Wednesday as proof that Clinton has not been truthful about her private email use and fresh evidence she is not trustworthy or qualified to be commander in chief.

Campaigning in California, presumptive Republican presidential nominee Donald Trump noted solemnly that Clinton had received "a little bad news" and then railed against her "horribly bad judgment."

Clinton, also campaigning in California, didn't mention the controversy and ignored reporters' shouted questions. A spokesman for Clinton, who served as the nation's top diplomat from 2009 to 2013, declared the audit showed her email use was consistent with what others at the department have done.

The 78-page analysis, a copy of which was obtained by The Associated Press, says Clinton ignored clear directives. She never sought approval to conduct government business over private email, and never demonstrated the server or the Blackberry she used while in office "met minimum information security requirements."

Twice in 2010, information management staff at the State Department raised concerns that Clinton's email practices failed to meet federal records-keeping requirements. The staff's director responded that Clinton's personal email system had been reviewed and approved by legal staff, "and that the matter was not to be discussed any further."

No evidence of legal staff review

The audit found no evidence of a legal staff review or approval. It said any such request would have been denied by senior information officers because of security risks.

The inspector general's inquiry was prompted by revelations of Clinton's email use, a subject that has dogged her presidential campaign.

The review encompassed the email and information practices of the past five secretaries of state, finding them "slow to recognize and to manage effectively the legal requirements and cybersecurity risks associated with electronic data communications, particularly as those risks pertain to its most senior leadership."

Clinton campaign spokesman Brian Fallon underscored that point Wednesday.

"The inspector general documents just how consistent her email practices were with those of other secretaries and senior officials at the State Department who also used personal email," Fallon said, noting that the report says "her use of personal email was known to officials within the department during her tenure, and that there is no evidence of any successful breach of the secretary's server."

Colin Powell also used private account

The audit did note that former Secretary of State Colin Powell had also exclusively used a private email account, though it did not name any other prior secretaries who had done so. But the failings of Clinton were singled out in the audit as being more serious than her predecessor.

"By Secretary Clinton's tenure, the department's guidance was considerably more detailed and more sophisticated," the report concluded. "Secretary Clinton's cybersecurity practices accordingly must be evaluated in light of these more comprehensive directives."

Republicans said Wednesday the audit shows Clinton was in clear violation of the Federal Records Act.

"The inspector general's findings are just the latest chapter in the long saga of Hillary Clinton's bad judgment that broke federal rules and endangered our national security," said Reince Priebus, chairman of the Republican National Committee. "The stakes are too high in this election to entrust the White House to someone with as much poor judgment and reckless disregard for the law as Hillary Clinton."

The State Department has released more than 52,000 pages of Clinton's work-related emails, including some that have since been classified. Clinton has withheld thousands of additional emails, saying they were personal.

Tempting target?

Critics have questioned whether her server might have made a tempting target for hackers, especially those working with or for foreign intelligence services.

Separately from the State Department audit, the FBI has been investigating whether Clinton's use of the private email server imperilled government secrets. It has recently interviewed Clinton's top aides, including former chief of staff Cheryl Mills and deputy chief of staff Huma Abedin. Clinton is expected to be interviewed.

Clinton has acknowledged in the campaign that the homebrew email setup in her New York home was a mistake. She said she never sent or received anything marked classified at the time, and says hackers never breached the server.

The audit said a Clinton aide had to shut down the server on Jan. 9, 2011, because he believed "someone was trying to hack us." Later that day, he said: "We were attacked again so I shut (the server) down for a few min."

The next day, a senior official told two of Clinton's top aides not to email their boss "anything sensitive," saying she could "explain more in person."

On CBS' Face the Nation this month, Clinton said, "I've made it clear that I'm more than ready to talk to anybody, anytime. And I've encouraged all of (my staff) to be very forthcoming."

The audit said three of her closest State Department aides — Mills, Abedin and policy chief Jake Sullivan — declined interview requests.

Comments

To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.