Clinton's server had classified material beyond 'top secret'

[KRonn]

This is the most secret stuff, classified SAP and on a need to know basis. Considered extremely damaging info if it gets out. There really is no justification for it being on a private server. Who ever sent it to "Hillary.com" may also be culpable, along with sending other classified emails to an unsecured server. And indeed the State dept did tell Hillary's aides that she should get a "government.com" email so lots of people knew about this.

The idea that something is or is not "stamped" classified isn't necessarily the point either. All the officials who will handle classified info are trained on what classified means and sign off on it. That includes info that won't have some official classified "stamp" on it, but officials are trained to know what could be classified. When in doubt consider it classified. Some info/emails are born classified depending on the subject matter regardless of some geek stamping it with a label. 

This latest, on top of all the others, is from the Intel Inspector General and was apparently first reported by the NY Times or maybe another news paper. Calling this, again, a right wing conspiracy doesn't hold up as it's part of an FBI and IG investigation, but that's just the first pass of the Hillary campaign. And certainly they will come up with more views on it. If this weren't Hillary and the place she is in running for President, I would think it very likely that person would already be indicted a while ago. But the FBI is taking its time and making sure they have everything set properly before they decide whether or not to go to the Justice Department. I'll be very surprised if less than a few indictments come out of this for other people, whether Hillary also gets one or not.

[garbon]

This is the most secret stuff, classified SAP and on a need to know basis. Considered extremely damaging info if it gets out. There really is no justification for it being on a private server. Who ever sent it to "Hillary.com" may also be culpable, along with sending other classified emails to an unsecured server. And indeed the State dept did tell Hillary's aides that she should get a "government.com" email so lots of people knew about this.

The idea that something is or is not "stamped" classified isn't necessarily the point either. All the officials who will handle classified info are trained on what classified means and sign off on it. That includes info that won't have some official classified "stamp" on it, but officials are trained to know what could be classified. When in doubt consider it classified. Some info/emails are born classified depending on the subject matter regardless of some geek stamping it with a label. 

This latest, on top of all the others, is from the Intel Inspector General and was apparently first reported by the NY Times or maybe another news paper. Calling this, again, a right wing conspiracy doesn't hold up as it's part of an FBI and IG investigation, but that's just the first pass of the Hillary campaign. And certainly they will come up with more views on it. If this weren't Hillary and the place she is in running for President, I would think it very likely that person would already be indicted a while ago. But the FBI is taking its time and making sure they have everything set properly before they decide whether or not to go to the Justice Department. I'll be very surprised if less than a few indictments come out of this for other people, whether Hillary also gets one or not.

And this is exactly the response that such an 'article' hopes to elicit.

[frunk]

What I don't understand is this...apparently other government officials have also used private email servers, so it isn't just Clinton. But how is that possible?

I don't deal with anything approaching top secret clearance, but if I decided to use a personal email address rather than a work email address, that would never fly. No one would agree to send me emails. It is just basic data security. One client I had back in the day prohibited any thumb drives from their facilities to keep data from leaving their network security.

With email it's not nearly so straightforward.  Setting up forwarding accounts is trivial, so you can use the work address but receive it on your personal.  It's also pretty easy (and quite common) to set it up so that email is read from one server to another for a variety of different reasons.  Depending on how it is set up it won't necessarily be obvious to the originating server that the emails are being saved that way. 

To me this whole thing seems like a non-story.  Email shouldn't be considered a good way to keep data from getting outside of a system.  I hope they at least used pgp and/or tls when sending/receiving though.

[Malthus]

We have been told not to send truly confidential stuff by email, no matter where the server is located, because it is allegedly inherently not secure, and things can be learned from it even if the message is encrypted. Not being a techie, I have no idea how true that is.

[alfred russel]

With email it's not nearly so straightforward.  Setting up forwarding accounts is trivial, so you can use the work address but receive it on your personal.  It's also pretty easy (and quite common) to set it up so that email is read from one server to another for a variety of different reasons.  Depending on how it is set up it won't necessarily be obvious to the originating server that the emails are being saved that way. 

To me this whole thing seems like a non-story.  Email shouldn't be considered a good way to keep data from getting outside of a system.  I hope they at least used pgp and/or tls when sending/receiving though.

From a worker bee perspective, this all sounds insane, and I am sure I would be fired if I tried to use a personal server for work email, and probably would be fired if I sent work related emails to a coworkers personal account on a regular basis to facilitate such an arrangement.

[frunk]

From a worker bee perspective, this all sounds insane, and I am sure I would be fired if I tried to use a personal server for work email, and probably would be fired if I sent work related emails to a coworkers personal account on a regular basis to facilitate such an arrangement.

Let me ask you this, do you read your work email on your laptop/desktop using outlook or other email program that isn't web based?  Boom, your laptop/desktop probably has most if not all of your work email stored.  The only difference between your machine and Hillary's is that she could forward the email to other machines.  Yours could easily be set up the same way.

[alfred russel]

Let me ask you this, do you read your work email on your laptop/desktop using outlook or other email program that isn't web based?  Boom, your laptop/desktop probably has most if not all of your work email stored.  The only difference between your machine and Hillary's is that she could forward the email to other machines.  Yours could easily be set up the same way.

My company computer definitely has it stored, but we also can't access our email from a non work computer using outlook or an email program. I could forward my email to a non company email server, but as i was saying, I think that would end up threatening my employment status. It is a big no no.

[alfred russel]

Frunk, to add to this...I used to work as a third party auditor of companies, and currently work with third party auditors.

As a third party auditor, it was common that the client was unable to send sensitive files via email to me, so they would give them via thumbdrive. Except at the one client I mentioned where thumbdrives were prohibited. (I don't remember how we ended up getting the data)

At my current company, we prohibit sending sensitive files to third parties via email, so we have given all our auditors company email accounts that they can use to receive sensitive files.

[Berkut]

While I am pretty sure the right is exaggerating this, at the same time I am stunned that Clinton would think it was ok to use a personal computer to engage in any kind of State department business. Obviously nearly everything she does has some level or another of either real or even just practical "classification" to it, her normal daily business is about how the highest level of the US government is run, and no matter what they formally classify, or do not classify, or whatever, it should pretty much ALL be controlled, encrypted, and the risks associated with her communication carefully understood and controlled. Which is simply not possible on her personal server.

If she was some flunky, she would be fired for this, without question I think.

Could you imagine a CIA analyst, for example, doing work related stuff on their personal computer, even if they assured everyone they don't do *classified" stuff on it, of course? Fuck that - they don't get to make those decisions, and neither does the Secretary of State.

This isn't, IMO, a deal breaker in regards to her candidacy, but it is certain;y a significant negative mark against her judgement.

[lustindarkness]

I would get in deep doodoo if I tried sending classified or PII on a webmail or such.

[frunk]

Frunk, to add to this...I used to work as a third party auditor of companies, and currently work with third party auditors.

As a third party auditor, it was common that the client was unable to send sensitive files via email to me, so they would give them via thumbdrive. Except at the one client I mentioned where thumbdrives were prohibited. (I don't remember how we ended up getting the data)

At my current company, we prohibit sending sensitive files to third parties via email, so we have given all our auditors company email accounts that they can use to receive sensitive files.

Which is all good policies.  I don't think there's been any indication that there was sensitive information sent through email (apart from, apparently, a NYT article).  I think it would be tough to tell the secretary of state that they can't send or receive email with anybody without a government email though.

[frunk]

While I am pretty sure the right is exaggerating this, at the same time I am stunned that Clinton would think it was ok to use a personal computer to engage in any kind of State department business. Obviously nearly everything she does has some level or another of either real or even just practical "classification" to it, her normal daily business is about how the highest level of the US government is run, and no matter what they formally classify, or do not classify, or whatever, it should pretty much ALL be controlled, encrypted, and the risks associated with her communication carefully understood and controlled. Which is simply not possible on her personal server.

If she was some flunky, she would be fired for this, without question I think.

Could you imagine a CIA analyst, for example, doing work related stuff on their personal computer, even if they assured everyone they don't do *classified" stuff on it, of course? Fuck that - they don't get to make those decisions, and neither does the Secretary of State.

This isn't, IMO, a deal breaker in regards to her candidacy, but it is certain;y a significant negative mark against her judgement.

I think I downplayed it a bit too much, but it is a lapse of judgement rather than anything nefarious.  The extent to which it was risky is the extent to which it was permitted under the existing rules.

[alfred russel]

Which is all good policies.  I don't think there's been any indication that there was sensitive information sent through email (apart from, apparently, a NYT article).  I think it would be tough to tell the secretary of state that they can't send or receive email with anybody without a government email though.

And this is where there is a huge culture gap that I don't understand. When I've audited high level executives, I would have no problem pointing out mistakes and potential issues to them. I've never gotten the pushback "those rules shouldn't apply to me"--explicit or implicit.

Outside of audit, I've never felt shy about discussing policy compliance in the same way. Not with the attitude of: "Hey Senior Executive--you are not following the rules! You need to comply!" But with the attitude of, in a private setting, saying, "Just want to help keep us out of trouble with the auditors or to avoid something bad happening, but in order to ensure xxx we have this policy yyy." Again I've never gotten pushback--the experience I have is that executives want to follow the rules to set a good example and to keep out of trouble. If the issue here is that people were scared to speak up to the secretary of state, that didn't seem to serve her very well, did it?

[viper37]

While I am pretty sure the right is exaggerating this, at the same time I am stunned that Clinton would think it was ok to use a personal computer to engage in any kind of State department business.

She's 68 years old.  Basically, the age of your moms/stepmoms.  How confortable are they with technology?  How would you rate their capacity to explain secure and unsecure on-line behavior?  The difference between various types of encryption?

[lustindarkness]

While I am pretty sure the right is exaggerating this, at the same time I am stunned that Clinton would think it was ok to use a personal computer to engage in any kind of State department business.

She's 68 years old.  Basically, the age of your moms/stepmoms.  How confortable are they with technology?  How would you rate their capacity to explain secure and unsecure on-line behavior?  The difference between various types of encryption?

Are you saying she was not capable of preforming her job as Secretary of State?