State IG: Clinton violated records policy

Photo credit: a katz / Shutterstock.com

Democratic presidential frontrunner and former secretary of State Hillary Clinton violated agency records policy, according to a watchdog report. (Photo credit: a katz / Shutterstock.com.)

Hillary Clinton did not comply with agency records policy during her four-year tenure as secretary of State, the State Department inspector general concluded in a report sent to Congress on May 25.

Clinton should have preserved any federal records on the personal email account that she used for business as secretary by printing and filing those records, said the IG report, a copy of which FCW obtained. By not submitting all emails dealing with department business before leaving office, she "did not comply with the department's policies that were implemented in accordance with the Federal Records Act," the IG report found.

The National Archives and Records Administration observed that the subsequent delivery of printed copies of 55,000 emails "mitigated [Clinton's] failure to properly preserve emails that qualified as Federal records during her tenure and to surrender such records upon her departure." The State Department IG concurred with that judgement, but noted that the production of emails was "incomplete."

The OIG report cited 19 emails between Clinton and the official Defense Department account of Gen. David Petraeus -- which DOD supplied for the investigation -- that were not included in Clinton's email document production, among other examples of documents not released by the former secretary.

Clinton, who is the presumptive Democratic nominee for president, has been under fire since The New York Times revealed in March 2015 that she exclusively used a private email server for official business as the nation's top diplomat.

The use of a personal account was discouraged by agency policy at the time Clinton assumed office, according to the report. The current State Department CIO and the assistant secretary for diplomatic security told the OIG that Clinton "had an obligation to discuss using her personal email account to conduct official business with their offices, who in turn would have attempted to provide her with approved and secured means that met her business needs."

Those officials said that the Bureau of Diplomatic Security's Bureau of Information Resource Management, "did not -- and would not -- approve her exclusive reliance on a personal email account to conduct Department business, because of the restrictions in the [Foreign Affairs Manual] and the security risks in doing so," according to the report.

Citing the revised guidance and memoranda regarding use of personal email by State before and during Clinton's tenure, the OIG observed, "Secretary Clinton's cybersecurity practices accordingly must be evaluated in light of these more comprehensive directives."

While the 2015 revelation made news, inside State there was at least limited awareness of the private email server. A March 17, 2009, official memorandum that listed communications equipment in Clinton's New York residence listed a server in the basement among the inventory. And on multiple occasions, IRM staffers worked with Clinton's staff to resolve technical problems.

The report also asserted that one staffer "raised concerns about the server," leading to an instruction from the director of the Executive Secretariat to staff, "never to speak of the Secretary's personal email system again."

The IG report covers 20 years spanning the tenures of the last five secretaries, including current Secretary of State John Kerry, and found that "systemic weaknesses related to electronic records and communications have existed within the Office of the Secretary that go well beyond the tenure of any one secretary of State."

Some of the department's management weaknesses have included struggles to retrieve email records and access electronic files, and a failure to meet records requirements for departing employees, according to the audit.

The OIG also reported learning that some records officials were "not comfortable" with asking the incoming secretary and top staffers to print and file email records. They had sought instead an electronic method of email preservation.

The department in general, and the office of the Secretary in particular, "have been slow to recognize and to manage effectively the legal requirements and cybersecurity risks associated with electronic data communications, particularly as those risks pertain to its most senior leadership," the report concluded.

"The IG's report certainly highlights the need for better technologies to archive emails, including NARA's recently promoted Capstone policy that the State Department has embraced," said Jason R. Baron, a lawyer at Drinker Biddle and former director of litigation at the National Archives and Records Administration. "NARA has, however, now mandated that by the end of this year all federal agencies must manage email electronically. It remains to be seen how many agencies will be able to meet the December 31, 2016 deadline," Baron told FCW.

The OIG issued eight recommendations, all of which are considered resolved under current management.

Clinton and her top staffers declined to be interviewed by the OIG for the report. Clinton's presidential campaign, however, on May 25 issued a statement that, "[c]ontrary to false theories advanced for some time now, the report notes that [Clinton's] use of personal email was known to officials within the department during her tenure, and that there is no evidence of any successful breach of the Secretary's server."

About the Author

Sean Lyngaas is a former FCW staff writer.


  • Comment
    customer experience (garagestock/Shutterstock.com)

    Leveraging the TMF to improve customer experience

    Focusing on customer experience as part of the Technology Modernization Fund investment strategy will enable agencies to improve service and build trust in government.

  • FCW Perspectives
    zero trust network

    Why zero trust is having a moment

    Improved technologies and growing threats have agencies actively pursuing dynamic and context-driven security.

Stay Connected