The Hillary Clinton thread

[Rip]

The report concluded that Clinton violated the agency’s email rules when she chose to exclusively use a private email server during her four years at State Department and did not promptly turn over records after she departed the agency.
The document also included some details of an exchange between Clinton and Abedin, who both chose not to cooperate with the IG’s investigation.

“In November 2010, Secretary Clinton and her Deputy Chief of Staff for Operations discussed the fact that Secretary Clinton’s emails to Department employees were not being received,” the report said. “The Deputy Chief of Staff emailed the Secretary that “we should talk about putting you on state email or releasing your email address to the department so you are not going to spam.” In response, the Secretary wrote, “Let’s get separate address or device but I don’t want any risk of the personal being accessible.”

http://www.politico.com/story/2016/05/h ... rry-223559

At least we know where her priorities were.

That's exactly what she should have done. I'm not sure what your issue is here. Business from state address. Personal from personal address.

Again, what am I missing here?

So you call exposing classified information so that you can make sure no one gets access to your personal e-mails prudent? No wonder our intel security has gone from the best in the world to being one of the worst.

[Max Peck]

BTW, I mostly posted the initial article as a joke, since I fully expected that Rip would be trumpeting it as confirmation that Clinton is going down. I thought the bit about him slacking off was enough of a hint in that regard.

Couldn't they have gotten an intern or something to skim the policies and identify the violations? That would have taken a tenth of the time and zero cost.

If you think people are cynical about government now, imagine how it would be if this is how internal audits were handled.

At any rate, my understanding is that the report also goes into the systemic problems within the State Department, not solely what Clinton and her staff did or did not do themselves. The office of the Inspector General (think of it as an Auditor General in our system) should be independent and nonpartisan, and invested in identifying problems and recommending solutions, moreso than condemning/absolving the actions of individuals. From what has come out over the course of the last year, the audit was almost certainly overdue, and the impact (or lack thereof) on Clinton is mostly incidental. I haven't seen any copies of the report, but if news agencies have it in their hands already I'm sure it is just a matter of time until someone can isgrimnur up a link to it.

[El Guapo]

One thing that's new, if I understand this correctly, is that while Clinton has said that she requested authorization to use a private e-mail server, they couldn't find any evidence of such a request.

One other thing that's helpful for Clinton is that the report confirms that other Secretaries of State also used private e-mail, though I gather she's the first Secretary of State to use private e-mail exclusively.

For the record, given the back and forth at the time, I never believed that she asked or received authorization to do what she did (because it's hard to imagine that authorization would have been given). I'm not surprised to hear others have used personal email, although I'd like to know the scope and magnitude. It's one thing to send a text to your assistant to meet you at the car with the file on Brazil once in a blue moon. It's quite another thing to set up your own IT shop and never touch the government infrastructure.

What I read indicated that Powell was also singled out as being particularly bad in this area, FWIW.

Anyway, the short answer is that this almost certainly does not make a difference long-term. It will generate some more bad headlines for Clinton (the apparent lack of an actual request probably being the biggest), but that's probably about it. She'll almost certainly still win California by a significant margin, probably New Jersey too, and so this report will be out of the headlines soon enough.

As long as she doesn't get indicted, and all indications are that that's a vanishingly small likelihood, she'll be fine.

[Isgrimnur]

Excerpts courtesy of WaPo.

[Isgrimnur]

Full report

[Max Peck]

Full report

Excellent, I was pretty sure that invoking you as a verb would produce results.

[GreenGoo]

So you call exposing classified information so that you can make sure no one gets access to your personal e-mails prudent? No wonder our intel security has gone from the best in the world to being one of the worst.

One or both of us are misunderstanding. I'm willing to entertain the idea that it's me, but I'm struggling to follow you.

[Isgrimnur]

Full report

Excellent, I was pretty sure that invoking you as a verb would produce results.

I aim to please.

[Zarathud]

After Snowden, are you sure you want to die on the hill that the State Department (or NSA) has the only secure servers?

Not that I'm saying Hillary's servers were better. But if you make everything come down to security, was that even really Hillary's job as Secretary of State?

[Defiant]

I haven't looked closely on this, but there's a huge variety in the differences in the spins of the headlines I'm seeing on this (eg, "Clinton faulted on emails by State Department audit", "State Department Report On Email Vindicates Clinton Rather Than Nails Her", "IG report on Clinton email concludes with nothing new")

[malchior]

After Snowden, are you sure you want to die on the hill that the State Department (or NSA) has the only secure servers?

IMO this is not talking about the same thing. As far as I know no one has ever remotely broken into a NSA S or TS system. Snowden was a privileged user who abused his rights and personally removed documents. Were there insufficient detection/prevention controls around the activity that led to him taking the data? Probably - especially for such an important organization - but it isn't in the same class. What I can safely assume is that the NSA has consistent standards/controls/procedures/practices/etc. of security they apply to all their systems at various classification levels. Something that Hillary's team likely circumvented altogether with their hodge podge system; where they took information and manually moving it between physically separated systems onto their non-standard system. Even if they attempted to match the policy as best as possible it was still separate and likely couldn't be monitored the same way. That is a blatant security violation and is pretty stupid. How aware of it she was or what the implications of her demanding a private system were is a different matter.

Not that I'm saying Hillary's servers were better. But if you make everything come down to security, was that even really Hillary's job as Secretary of State?

Again IMO it isn't that she is responsible or not responsible for security but as an executive in an organization she should be aware that decisions she makes need to follow the law and policies of the Government she serves.

I haven't looked closely on this, but there's a huge variety in the differences in the spins of the headlines I'm seeing on this (eg, "Clinton faulted on emails by State Department audit", "State Department Report On Email Vindicates Clinton Rather Than Nails Her", "IG report on Clinton email concludes with nothing new")

Politics.

But honestly this was a stupid decision that was likely purely political on her part to protect herself. She didn't want anything to come back and haunt her from her communications. And this is a big piece of what IMO is her biggest weakness - her ethics continually take a back seat to her ambition.

[hepcat]

I think that last point is the most salient. She knew she was circumnavigating IT security policies. But I don't think she did so because she was being secretive and had something to hide. I think she did it for the same reason the people I manage computer systems for do it...they are impatient and they don't understand what the hell they're doing.

I can't count the number of times I've found users attempting to get around password rotations, security updates, etc. simply because they don't have the time to type a new password or wait for a reboot. It sounds like it's a culture of this kind of crap in DC, as well. I'm guessing that as they continue to investigate this, they'll find that a metric ton of people are doing the same damn thing.

[El Guapo]

I think that last point is the most salient. She knew she was circumnavigating IT security policies. But I don't think she did so because she was being secretive and had something to hide. I think she did it for the same reason the people I manage computer systems for do it...they are impatient and they don't understand what the hell they're doing.

I can't count the number of times I've found users attempting to get around password rotations, security updates, etc. simply because they don't have the time to type a new password or wait for a reboot. It sounds like it's a culture of this kind of crap in DC, as well. I'm guessing that as they continue to investigate this, they'll find that a metric ton of people are doing the same damn thing.

FWIW I also get the impression that IT services & support at the State Department aren't keeping up with current technology and user needs, also leading to attempted workarounds and the like. Which doesn't justify the workarounds, but I suspect it's another thing that leads to stuff like this.

[Skinypupy]

FWIW I also get the impression that IT services & support at the State Department aren't keeping up with current technology and user needs

I'm not a tech guy by any means, but I do work with federal agencies on a daily basis (including State Dept). Your impression is absolutely 100% accurate.

IRS is far, far worse.

[Defiant]

She knew she was circumnavigating IT security policies. But I don't think she did so because she was being secretive and had something to hide. I think she did it for the same reason the people I manage computer systems for do it...they are impatient and they don't understand what the hell they're doing.

Like I said, I haven't really looked into the articles of the new reports, but my impression is the opposite. I think she did it because she's had a 25 year history of being attacked about everything under the sun, so she's naturally more private and more cautious about information about her being leaked, because anything could be used against her. But I don't think she was circumnavigating IT policy - I think like many people (especially older people who tend to be less computer literate, but also lots of people in all age groups), she's ignorant about sound secure practices.

[malchior]

I still think that whether or not she *knew* it was a problem is immaterial. As a caveat I need to read the report for work reasons and might have a different opinion afterwards; but from what I heard people had to manually move data between systems. That is a conscious decision and the people doing that specifically agree *not* to do that. Plus there are the likely technical workarounds required to make this all work. I've read accounts of whitelisting of accounts required. Why weren't alarms raised then? That is a security control being specifically circumvented and there should have been a process around that with accountability tied to someone. Either way - I still hold that this is a reflection on her ethics. This is like Chris Christie...maybe he didn't know specifically that his minions were doing wrong but the pattern I see is that ambitious, ethically bereft people tend to accumulate ambition, ethically bereft people around them to do their bidding. That is troubling to me.

[Rip]

It isn't a good excuse but I do have to acknowledge how far behind some government IT systems are.

Want to launch a nuclear missile? You'll need a floppy disk.

That's according to a new report by the U.S. Government Accountability Office (GAO), which found that the Pentagon was still using 1970s-era computing systems that require "eight-inch floppy disks."

The report says the Pentagon is planning to replace its floppy systems -- which currently coordinate intercontinental ballistic missiles (ICBMs), nuclear bombers and tanker support aircraft -- by the end of 2017.
Other departments were also put on notice to update their systems. The U.S. Treasury for example, still depends on assembly language code "initially used in the 1950s."

http://www.cnn.com/2016/05/26/us/pentag ... index.html

[malchior]

Skimmed the report and it appears to be entirely about records retention policy and general cybersecurity risks. It doesn't talk to data classification issues at all - guess that is entirely in the FBI's hands. Still there are some interesting nuggets that stood out. For example, employees brought up Clinton's use of personal email and the risk to record retention requirements and a department head said it was reviewed and cleared (though there was no record of it). In the same time period, there was an Ambassador (to Kenya) who attempted to direct his staff to use commercial email and was going to be disciplined for the breach of policy (but subsequently quit). Multiple senior officials said they didn't know the scope of her usage but their emails to her went to the personal address...the usual light fibbing.

That said I don't read it as a slam on Clinton - more of a straightforward report about lapses over a period of years around loose controls with some interesting tidbits that indicate non-cooperativeness (in skimming there were several references to refusals to be interviewed by key players including Clinton and the person responsible for IT security) but not malfeasance around records retention.

[Anonymous Bosch]

Sarah Westwood's write-up for the Washington Examiner aptly sums up the contradictions exposed by the IG's report:

1. She had permission and everybody knew

Since last spring, Clinton has responded to concerns about her emails by assuring voters that "everything [she] did was permitted."

"Her usage was widely known to the over 100 State Department and U.S. government colleagues she emailed, consistent with the practice of prior Secretaries of State and permitted at the time," says a statement on her campaign website.

But the inspector general report indicated Clinton had never sought permission for her unusual email arrangement.

"Secretary Clinton had an obligation to discuss using her personal email account to conduct official business with [State Department] offices, who in turn would have attempted to provide her with approved and secured means that met her business needs," the report said, noting that agency officials "did not — and would not — approve her exclusive reliance on a personal email account to conduct Department business, because of the restrictions ... and the security risks in doing so."

A State Department spokesman said Wednesday that "while people were aware of her use of personal email ... no one had a full and complete understanding of the extent" to which Clinton used a private account.

2. She would cooperate with any investigation

Clinton said earlier this month she is "more than ready to talk to anybody, anytime" about her personal email use.

In April, she told MSNBC's Chuck Todd she was willing to address any lingering uncertainties regarding her record-keeping.

"Back in August, we made clear that I'm happy to answer any questions that anybody might have, and I stand by that," she said at the time.

However, the inspector general noted in its report that Clinton and her top aides refused to meet with the State Department watchdog to answer questions.

Of 26 questionnaires sent to Clinton's staff, only five were ever returned.

3. Colin Powell did the same thing

Clinton's team has long defended the former secretary's decision to forego use of a State Department email address by arguing others in her position had done the same — particularly Colin Powell.

"My predecessors did the same thing, and many other people in the government," Clinton said during a Democratic primary debate in March.

The Clinton campaign seized on reports in February that Powell had been contacted by the FBI as part of its investigation into private emails that contained classified information. Powell had reportedly received two sensitive emails, classified at the lowest level, during his time at State.

By contrast, Clinton had more than 2,000 classified emails on her server, with dozens classified at the "secret" and "top secret" level. Clinton also set up and maintained her own email network hosted on a server in her basement, while Powell simply used a commercial account.

Unlike Clinton, Powell agreed to be interviewed for the inspector general's report. He told the watchdog he sometimes used a personal account due to restrictions during his tenure on communicating via email with individuals outside the State Department using an official account.

The inspector general noted policies governing email usage were "very fluid" at the time Powell worked at State.

"By Secretary Clinton's tenure, the Department's guidance was considerably more detailed and more sophisticated," the inspector general wrote.

4. It wasn't against the rules

In July of last year, Clinton told CNN her private email use was not problematic because "there was no law, there was no regulation" prohibiting her from using a personal account. She has repeatedly argued that her record-keeping practices were "above board."

However, the inspector general concluded Clinton did indeed violate rules that were in place at the time she served as secretary of state.

"Secretary Clinton should have preserved any federal records she created and received on her personal account by printing and filing those records ... because she did not do so, she did not comply with the department's policies that were implemented in accordance with the Federal Records Act," the report said.

5. She turned over all her emails

Clinton said in a press conference in March of last year, during which she addressed the email controversy for the first time, that she "provided all my emails that could possibly be work-related" to the State Department.

But the inspector general highlighted gaps in Clinton's emails that suggested some official communications did not make it into the batch of 55,000 pages of records Clinton gave the agency.

According to the watchdog, those pages "included no email covering the first few months of Secretary Clinton's tenure — from January 21, 2009, to March 17, 2009, for received messages; and from January 21, 2009, to April 12, 2009, for sent messages. [The inspector general] discovered multiple instances in which Secretary Clinton's personal email account sent and received official business email during this period."

6. Her server was safe from hackers

Clinton and her allies have long argued her private email use did not put any government information at risk because her server was not vulnerable to attacks. During an October interview with "60 Minutes," President Obama publicly dismissed the suggestion that Clinton jeopardized national security information.

"We have no indication that the email was compromised, the account was compromised or hacked in any way," a State Department spokeswoman said in March 2015.

"We're not aware of any evidence whatsoever that the server was hacked," said Brian Fallon, Clinton's campaign spokesman, a year later.

However, the inspector general did provide evidence that, at the very least, attempts had been made to hack into Clinton's server. Whether those hackers were ultimately successful fell outside the scope of the audit.

The inspector general cited a March 2011 classified memo that was sent directly to Clinton warning of "a dramatic increase since January 2011 in attempts by [redacted] cyber actors to compromise the private home e-mail accounts of senior Department officials."

State Department technology officials noted "Secretary Clinton never demonstrated to them that her private server or mobile device met minimum information security requirements."

A State Department spokesman acknowledged Wednesday that "hack attempts" were made on Clinton's server and could not conclude with certainty that those attempts were unsuccessful.

[GreenGoo]

I think that last point is the most salient. She knew she was circumnavigating IT security policies. But I don't think she did so because she was being secretive and had something to hide. I think she did it for the same reason the people I manage computer systems for do it...they are impatient and they don't understand what the hell they're doing.

This is how I see it as well. Even when she says she doesn't want her personal email exposed (that's prudent for anyone, I would think) I still don't see this is a secretive end run around security. I think it was about convenience and ease of use, and when standing up your own email server is easier than using what's already in place and provided for you, the already existing system should be looked at more closely and fixed if problems are identified.

As I said, I've always been of the opinion that violated government policy. Whether that is a serious thing or not, I was hoping an investigation would determine.

[GreenGoo]

FWIW I also get the impression that IT services & support at the State Department aren't keeping up with current technology and user needs, also leading to attempted workarounds and the like. Which doesn't justify the workarounds, but I suspect it's another thing that leads to stuff like this.

Not that anyone is interested, but do a google search for government of canada SSC email initiative to see how even the best intentions can go wrong if the wrong people are in charge.

The short version is through consolidation and outsourcing, the new system hasn't been able to handle even a tenth of the expected load. Email service in the government of canada, often the butt of jokes in DND because there are issues far more often than should be, actually became WORSE after spending millions of dollars to fill private coffers. It is so bad that the rollout of the project was stopped until a solution can be found (assuming a complete redesign isn't necessary, which clues are making me think it might).

To be clear, email service for the average drone is perfectly fine. There are issues on occasion, but typically they are fixed quickly when identified, but that doesn't mean the occasional email doesn't go missing, or show up several days later. For anyone who *needs* reliable email, that can be stress inducing.

I have no idea about the State Department's IT infrastructure, but even if I heard it was vacuum tubes and steam engines, I wouldn't be surprised.

None of which justifies security violations of genuinely sensitive material. I don't consider catty gossip about foreign dignitaries to be sensitive enough to care about, so I'm waiting for the FBI to tell me what they think. Officially.

[Max Peck]

I have no idea about the State Department's IT infrastructure, but even if I heard it was vacuum tubes and steam engines, I wouldn't be surprised.

You aren't far from the mark. Their policy for preservation of email messages deemed to be official records is to print them off and file a physical copy. How quaint! One of the specific recommendations in the report is to come up with something a little less... neolithic.

[Kraken]

FWIW I also get the impression that IT services & support at the State Department aren't keeping up with current technology and user needs

I'm not a tech guy by any means, but I do work with federal agencies on a daily basis (including State Dept). Your impression is absolutely 100% accurate.

IRS is far, far worse.

Feds spend billions to run museum-quality computer systems

[hepcat]

I'm guessing there's a lot of employees over 40 who are counting on their legacy knowledge being in demand for their job security. And they're the ones most likely fighting the upgrades.

[Fitzy]

I'm guessing there's a lot of employees over 40 who are counting on their legacy knowledge being in demand for their job security. And they're the ones most likely fighting the upgrades.

Believe it or not, the departments in the federal government, every single one of them, are horribly under funded for what they are expected to do. While there may be some older employees fighting any changes, the more likely culprit is simply a lack of funds.

Any shifting of funds away from other priorities leaves the department open to an attack from Congress and the media.

The easiest to see this in is the VA. Spend money upgrading the computers? WHY ARE YOU TAKING MONEY FROM THE VETERANS!!!!!

Or watch some of the congressional hearings if you are having trouble sleeping.

I watched an IHS Senate hearing specifically on problems in the Great Plains Area (North Dakota, South Dakota, Nebraska and Iowa).

One Senator spent his allotted time eviscerating IHS for not having and not enforcing standards. All the while he insisted IHS was not underfunded. To prove IHS was wasting money, he demanded to know why IHS hired 3 new employees at the national headquarters, when the money obviously should have gone to the local level. The three employees were hired to create and enforce standards.

Another Senator tried interrogating the IHS directors about a detox center. In New Mexico. That was amusing because you could see the IHS directors scrambling to figure out what the hell he was talking about. (Possibly similar to what people reading this are thinking).

It literally doesn't matter what the federal departments do. Someone in Congress will attack them for spending money in the wrong place.

Try spending money on a computer system that no one in Congress understands and holy hell will break loose.

I suspect most of the problems in the federal government can be traced back to Congress and the President adding another duty, but not adding a realistic funding stream.

[GreenGoo]

I'm guessing there's a lot of employees over 40 who are counting on their legacy knowledge being in demand for their job security. And they're the ones most likely fighting the upgrades.

No one, any place, ever, wants to spend money on infrastructure. It's tough to quantify cost effectiveness/ROI, and if the system hasn't ground to a complete halt, then spending money on it is wasted because hey, it ain't broken, why fix it? The people with the money and the people working on and with the systems often have differing opinions about what "broke" means.

The valuable people in the organizations I work with are the people with corporate knowledge. While some of that IS legacy systems, some of it is knowledge of the business processes and why they work as they do.

I was just praising a coder in another group for her dedication and hard work, not to mention corporate knowledge, which turned a nightmare week long troubleshooting session into 1/2 a day to identify, and another 1/2 day to fix the problem. Our managers don't value corporate knowledge until it's gone, and then they go right back to the start and have to relearn the same lesson, over and over.

[Anonymous Bosch]

"Pournelle's Iron Law of Bureaucracy" aptly sums it up:

Iron Law of Bureaucracy

Pournelle has suggested several "laws". His first use of the term "Pournelle's law" appears to be for the expression "one user, one CPU." He has also used "Pournelle's law" to apply to the importance of checking cable connections when diagnosing computer problems. His best-known "law" is "Pournelle's Iron Law of Bureaucracy":

In any bureaucracy, the people devoted to the benefit of the bureaucracy itself always get in control and those dedicated to the goals the bureaucracy is supposed to accomplish have less and less influence, and sometimes are eliminated entirely.

He has restated it as:

...in any bureaucratic organization there will be two kinds of people: those who work to further the actual goals of the organization, and those who work for the organization itself. Examples in education would be teachers who work and sacrifice to teach children, vs. union representatives who work to protect any teacher including the most incompetent. The Iron Law states that in all cases, the second type of person will always gain control of the organization, and will always write the rules under which the organization functions.

[Rip]

I think that last point is the most salient. She knew she was circumnavigating IT security policies. But I don't think she did so because she was being secretive and had something to hide. I think she did it for the same reason the people I manage computer systems for do it...they are impatient and they don't understand what the hell they're doing.

This is how I see it as well. Even when she says she doesn't want her personal email exposed (that's prudent for anyone, I would think) I still don't see this is a secretive end run around security. I think it was about convenience and ease of use, and when standing up your own email server is easier than using what's already in place and provided for you, the already existing system should be looked at more closely and fixed if problems are identified.

As I said, I've always been of the opinion that violated government policy. Whether that is a serious thing or not, I was hoping an investigation would determine.

Ironically what she did to keep personal e-mails from becoming public is now resulting in a majority of her e-mails becoming public.

Karma, not just for lunch anymore.

[Holman]

Karma, not just for lunch anymore.

Let's revisit this after we have November's Hispanic vote totals.

[Rip]

Karma, not just for lunch anymore.

Let's revisit this after we have November's Hispanic vote totals.

Why, is there an hispanic election?

[Holman]

Karma, not just for lunch anymore.

Let's revisit this after we have November's Hispanic vote totals.

Why, is there an hispanic election?

Wow.

[Zarathud]

Hispanics are people too, my friends.

[hepcat]

Hold on, hold on...rip isn't saying he hates ALL Hispanics. Just the ones who can climb.

P.S. I honestly don't think Rip meant what it sounds like from his reply. I think he was trying to make a joke but didn't consider how it might come across.

[Defiant]

I'm sure Rip, like Trump, has "a great relationship with the Hispanics."

[Rip]

I just don't think pandering to individual voting blocks works. Segregation is just as bad in voting politics as it is in the rest of society.

[hepcat]

You're not quite sure what segregation means, are you?

[Zarathud]

I just don't think pandering to individual voting blocks works. Segregation is just as bad in voting politics as it is in the rest of society.

Tell that to Trump.

[gbasden]

I just don't think pandering to individual voting blocks works. Segregation is just as bad in voting politics as it is in the rest of society.

Tell that to Trump.

Precisely.

[Rip]

[Max Peck]

What if you break them for Russia's benefit?