According to one Mr E. Snowden, the U.S. federal government has access to both her work email and her private email. So she didn't really break any rules.
Hillary Clinton draws flak for using personal email at State Dept
Hillary Clinton allegedly used a private email account while presiding over the State Department, potentially violating US federal record-keeping laws in the process. The former US Secretary of State exclusively used a private email account instead of an official State Department facility, the New York Times reports. Staffers …
COMMENTS
-
-
Wednesday 4th March 2015 13:38 GMT Tom 13
Your interpretation of the law is wrong. The NSA does not count as the messages being archived. The requirement is for the National Archives to have access to her records. She broke the law. Period. There's no way around it.
Furthermore, I glanced at the Gawker leaks yesterday. She violated security policies. Confidential email was transmitted in plain text.
-
-
-
Wednesday 4th March 2015 13:43 GMT Tom 13
Re: Not the first..
This is more likely a dodge on FEC law. As a government employee, you are not allowed to use an official government account for partisan purposes. She's too damn lazy to keep a separate account. Depending on who you ask, you aren't even allowed to use the separate account on a government computer.
-
Tuesday 3rd March 2015 18:16 GMT Bob Dole (tm)
This, my friends, is what happens when IT fails to do its job.
Good for her for not waiting around until hell froze over in the IT department. Given that email addresses are usually provisioned at the exact same time as other network accounts, I have to wonder what computer she was using...
-
Wednesday 4th March 2015 13:47 GMT Tom 13
No, this is what happens when the Secretary of State orders IT not to give her an email account. Provisioning an email at that level happens automatically in the IT department. I'm just a minor cog in our IT department. When our new head office guy came in, the account was setup two whole weeks before he set foot in the building. We're at least 5 levels away from the Secretary for our federal branch office.
-
Tuesday 3rd March 2015 19:05 GMT channel extended
Privacy
She appearently does understand privacy, since she used a private email account. Could she have a better chance at controling the NSA?
Odd: If you have noting to hide you have nothing to fear.
Bod: If you don't want privacy during sex, then can I watch? Oh, I'll also need to bring my camera.
-
Tuesday 3rd March 2015 20:52 GMT Erik4872
How is this different from private business?
I've worked for lots of companies where the CEO and other executives use their personal email accounts almost exclusively. Top execs usually aren't reading or writing their own email anyway, at least in the places I've worked. The CEO's assistant does that -- they're the ones using the CEO's email account to read and respond, and usually are told either directly or from that personal email account what to do.
Not using your official email account is also a good way to get around e-discovery of your personal life. One place I worked for was so spooked by e-discovery that they set email retention for everyone to 30 days...if anyone came looking for evidence, they had better do it quickly. With CEOs being public figures, likely sued many times a year, they might not want their official email accounts to contain details of their...personal lives...that wind up in front of a jury.
Government is a little different, because top Cabinet posts probably have the same rules requiring archive and retention of official communication. It sets up an interesting approval circular reference when your manager has to approve IT requests...seriously, does the President do that? :-) Who approves his IT requests?
-
Tuesday 3rd March 2015 23:10 GMT Paul Crawford
Re: How is this different from private business?
The difference is that folk should use TWO emails! (In fact 3+)
The first one for official business and that is subject to discovery. Of course, depending on the data retention rules and any legislation that forces that period.
The second one is your personal email account that you use for chatting to friends, ordering stuff from Amazon, arranging a hot date, etc... Since this is not used officially (and you are not dumb enough to do so and have a client's email reveal this so it IS then subject to discovery) you don't need to worry much. If it is not using the corporate servers, they don't have to touch it at all.
The 3+ ones are for spam accounts, like sites that ask for email to download articles, etc. You can more or less set that to self-delete after a day or two once you have the access you needed.
-
Wednesday 4th March 2015 14:00 GMT Tom 13
Re: The difference is that folk should use TWO emails!
Actually for someone like Clinton you need four plus spam accounts.
1. Publicly disclosed official email account. This is the one maintained almost exclusively by staff. It gets bombarded by world plus dog.
2. Actual official email account that the Secretary uses to exchange email with other government officials. At that level, it should default to encrypted.
3. Private fundraising email account. At the Secretary level, you have to assume they are active in partisan activities including fundraising. It's illegal to use official accounts for partisan purposes. And you probably don't want this account mixing with your actual personal account.
4. Private personal account. The account for people who actually know you on a first name basis. Optional account for hot dates.
Is it a lot accounts? Yep. It's also the price of all the laws they passed governing how government works.
-
-
-
Wednesday 4th March 2015 00:18 GMT tom dial
Some years back I worked for a DoD agency where the managed data was classified For Official Use Only because it contained employee personal and financial information. The requirement was that all government work be performed using equipment provided, configured, and maintained by the government and that any official email be done using the agency's Exchange. Similar emergency provisions to those the article describes applied to the email part and I doubt anyone ever was beaten up for a misstep on the that. However I made sure to copy or forward to myself, my manager (and usually his manager) any work related email from or to my private account, and required my employees to do the same.
It is disappointing that the State Department, which handles data of considerably higher classification and where email is far more likely to contain sensitive material, appeared. to be clueless about security, both in IT and in upper management. There likely is more to be concerned about than the technical violations of a law that seem to be the focus of most of the articles in the nontechnical press.
-
Wednesday 4th March 2015 14:06 GMT Tom 13
@tom dial
I don't imagine the IT staff were clueless. I expect they are all well aware of their legal exposure on this issue. Which makes me think they were following direct orders. Maybe verbal orders, but none the less, direct orders. Like I said above, I'm just a minor cog in the machine. I'm well aware of all the land mines surrounding me fucking up anything related to creating email accounts. I'm not even a real mail admin, more like a data entry clerk on that count. Every time were disabling/deleting an account, the phrase "litigation hold" occurs several times on the paperwork. If I've done my job, it's great CYA, if I don't, I could be the one in the dock.
-
-
Wednesday 4th March 2015 01:31 GMT Anonymous Coward
Typical
"That woman" couldn't be bothered to do things in the way that ordinary people do, and which would have protected her communications. Perhaps she was too busy dodging bullets on tarmacs to sort it out.
When caught out, she blames everyone but herself - I am surprised that she didn't first blame an intern for persuing her account.
Perhaps there was a reason why her bêtes-noires understood her so well?
-
-
Wednesday 4th March 2015 14:15 GMT Tom 13
@Ian Tunnacliffe
Bullshit. Federal Records act has been out there since 1950. It was written broadly enough to cover these records when email came into existence.
I lost my private sector job in the Democrat caused recession of 2006. I started working for the government in the DC area a year later. When I was first hired, one of the first things emphasized was that ONLY messages coming from an official government account were actionable and all official messages HAD to be sent on official, department created email. No I don't work at State. I work in a far more low level position in an agency that has proven amazingly resilient at avoiding Executive Orders for as long as possible, but they sit straight when Congress updates the law. And nothing scares them more than the Federal Records Act.
-
-
Wednesday 4th March 2015 14:48 GMT Anonymous Coward
Journalistic train wreck
Bad title, but some of us have to work for a living.
The few technical details that are floating around this story and the tinfoilery that's been built on them are more evidence that most people, including journalists and supposed "cybersecurity" experts are clueless when it comes to how the Internet, and e-mail in particular, work. They also seem to have a problem with the concept of "ex post facto" law.
I'm not going to address all of those in this comment, just going to point out that nothing publicly released so far could give a real expert without special access to the backend involved any way to draw the conclusions I've seen flying around this issue.
Yes, it should have been illegal starting a few decades ago for any government official to use their personal e-mail to transact official business. The same is true for landline or moblie communications. But it wasn't. As I understand it the law was unsettled enough up to the time Mrs. Clinton left the State Department that the rules had to be tightened significantly afterward. That's a scandal, an inexcusable breach of the public trust, but not just for the Clintons: it's also a scandal for both parties and especially every bureaucrat who didn't clearly separate their personal from business mail for the last generation. If company boards of directors want to allow such slipshod information management, that's up to them -- and their shareholders.
But government, especially government agencies that handle the kind of classified information whose publication is worth sending young people to jail for the rest of their lives, should be held to a higher standard. I guess what I'm saying is that this is a systemic problem, a problem of principles, not just the misbehavior of a bunch of political appointees.
On the journo side of things, I've really given up any hope that anyone in the press is competent enough to cover technology topics. They all seem to be a bunch of credulous adolescents with a tenuous grasp of what's going on around them. Most people who frequent this site could do a better job reporting on these kinds of topics, with a little editorial assistance to clean up their grammar and punctuation. However that's not going to change because publishers are clueless and only concerned with marketing to the rest of the clueless.
It's akin to how the threat of Nuclear Winter was handled between around 1950 and 1988. Everyone in the field knew the risk, but that information didn't get to the public, first as the result of government secrecy and later due to self-censorship by both the press and the public itself (self-deception didn't start with Fox News viewers, after all, it's a quintessentially American way of dealing with "inconvenient" realities). It took a TV miniseries, "The Day After" to enlighten then President, Ronald Reagan -- even though he was alive when the film version of the prophetic "On the Beach" was released way back in 1959.