The State Department inspector general’s report on Hillary Clinton’s use of a private email system while secretary of state had members in both parties spinning the facts to score partisan points this election season:
- Sen. Ron Johnson, the Republican chairman of the homeland security committee, said “you have to assume that our enemies and our adversaries had access to every email that ever went over her private server.” But there’s no evidence so far that any attempts to hack into Clinton’s server were successful.
- Democratic Rep. Adam Schiff said former Secretary of State Colin Powell, a Republican, “did not respond … to the IG” when asked “to provide whatever emails he retained or to work with the private provider of those emails to provide them.” Schiff gets his facts wrong. The IG made no such request, and the IG report noted that Powell told the State Department in 2015 that he did not retain any emails.
Johnson, whose committee has been investigating the security of Clinton’s email system, and Schiff, who is a member of the House Permanent Select Committee on Intelligence, appeared on the Sunday talk shows three days after the IG report was publicly released on May 26.
That report was critical of Clinton’s “exclusive reliance on a personal email account to conduct Department business,” saying it had been department policy since 2005 that “normal day-to-day operations” must be conducted on government servers. Clinton was secretary of state from January 2009 to February 2013.
Was Clinton’s Email System Hacked?
On CBS’ “Face the Nation,” Johnson — a Wisconsin Republican who heads the Senate Committee on Homeland Security and Governmental Affairs — called Clinton’s email arrangement “reckless and dangerous.”
The State Department has said that many of her emails contained classified information — including some emails that were higher than “top secret” — although none was marked classified at the time the emails were sent and received. Some personal emails sent to Powell and aides to former Secretary of State Condoleezza Rice also contained information that retroactively has been classified as “confidential” or “secret.”
Johnson, May 29: [Y]ou have to assume that our enemies and our adversaries had access to every email that ever went over her private server. Did it affect their actions … as it related to, for example, Vladimir Putin’s invasion of Crimea or Eastern Ukraine? What about the negotiations with Iran? What about Assad?
The IG report discussed the potential security risk of Clinton’s server, but it did not report any security breaches and neither has any other investigative body so far — contrary to Johnson’s assumption.
The senator’s office told us he did not say Clinton’s emails were hacked. Fair enough. But what evidence is there that Clinton’s server may have been successfully hacked and that “every email that ever went over her private server” has been stolen?
The IG report said hackers attempted to access Clinton’s server on Jan. 9, 2011, but Clinton’s technical support adviser shut down the server to deny access. The report also said that Clinton received two phishing email messages on May 13, 2011, that contained suspicious links. The campaign has said the phishing attempts were unsuccessful.
In the past, Johnson has expressed concerns that hackers may have accessed Clinton’s emails.
Johnson sent a letter dated Oct. 5, 2015, to SECNAP Network Security Corp., which Johnson said provided a “threat-monitoring” device for Clinton’s network. In that letter, Johnson said that there were attempts to hack into Clinton’s server “originating in countries such as China, the Republic of Korea, and Germany,” based on emails that the committee obtained as part of its examination of Clinton’s email arrangement.
Johnson wrote about an example of a cyberattack on Clinton’s server that originated from China, but he said it was “detected and prevented.”
In citing that incident, Johnson asked the security company for more information because “questions remain about whether the private server was vulnerable to cyberattacks” prior to installation of the device. Questions still remain; Johnson’s office told us that SECNAP said it could not respond to the senator’s questions because it has a nondisclosure agreement with its client, presumably the Clintons.
However, the New York Times in March reported that security logs from Clinton’s email server were turned over to the FBI, and they showed no evidence of foreign hacking.
We may not know whether Clinton’s server was compromised until the FBI investigation is completed. In April, FBI Director Jim Comey declined to say when the investigation would be completed, but said he would not set an arbitrary deadline, such as completing it by the July nominating convention.
Update, July 6: Comey announced on July 5 that he would not recommend charges against Clinton or her staff. At a press conference, Comey said the FBI “did not find direct evidence that Secretary Clinton’s personal email domain … was successfully hacked. But, given the nature of the system and of the actors potentially involved, we assess that we would be unlikely to see such direct evidence.”
Comey added that “it is possible that hostile actors gained access” to Clinton’s email account, because, among other factors, she sent and received “work-related emails in the territory of sophisticated adversaries.”
The Powell Comparison
On “Fox News Sunday,” Rep. Adam Schiff defended Clinton’s decision to set up a private email system, repeatedly trying to draw comparisons to former Secretary of State Colin Powell, a Republican who served under President George W. Bush.
Clinton and Powell were the only two secretaries of state who used personal email accounts “on an exclusive basis for day-to-day operations,” according to the IG report. Unlike Clinton, Powell didn’t use a private server. As the report notes, Powell said on “Meet the Press” on Sept. 6, 2015, that he used a commercial email account. He didn’t say which provider, but Powell was a board member of America Online, or AOL, prior to becoming secretary of state.
Host Chris Wallace several times sought to prevent Schiff from discussing Powell. At one point, Schiff criticized Wallace after the host noted that Powell agreed to be interviewed by the IG, but Clinton did not. Schiff accused Wallace of failing to mention that Powell “still has not responded to the IG” on some key matters.
Schiff, May 29: [Y]ou did not bring up the fact that when Secretary Powell was asked to provide whatever emails he retained or to work with the private provider of those emails to provide them, he did not respond and still has not responded to the IG. You did not bring that up.
Schiff twists the facts. First, the IG made no such request. The IG report, however, said that Powell’s representative told the State Department in 2015 that he did not retain any work-related emails. So Powell was “asked to provide whatever e-mails he retained,” and he responded.
The IG report cited an April 2, 2015, letter written by State Department Deputy Assistant Secretary for Global Information Services Margaret Grafeld that said, “In March 2015, former Secretary Powell’s representative advised that while former Secretary Powell used a personal email account during his tenure as Secretary of State, he did not retain those emails or make printed copies.”
Schiff is right that Powell was asked “to work with the private provider of those emails to provide them,” but not by the inspector general.
Schiff is actually referring to an Oct. 21, 2015, letter sent by Patrick Kennedy, the State Department’s under secretary for management, to Powell’s principal assistant, Peggy Cifrino, as noted in the IG report. The Office of Inspector General is an independent office within the State Department, and Kennedy is not under the IG’s authority.
In Kennedy’s letter, the State Department encouraged Cifrino to contact the email provider Powell used as secretary of state to see if any work-related emails could be recovered. Powell was secretary of state from 2001 to 2005, and the email account had been closed for years. The State Department did not specifically direct Powell’s office to respond, saying only to forward work-related emails to the department “if you do recover any such emails.”
“You previously advised, with respect to official emails sent on Secretary Powell’s private account during his time in office, that the account he used has been closed for a number of years,” Kennedy wrote to Cifrino. “Based on advice we have received from the National Archives and Records Administration, the Department would nevertheless encourage you — if you have not already done so — to check with the internet service or email provider for the former account to see if it is still possible to retrieve any official emails from Secretary Powell’s tenure at the Department. If you do recover any such emails, we would appreciate your forwarding them to the Department.”
The IG report noted that Powell’s office as of May had not responded to the State Department’s request — not that Powell “still has not responded to the IG,” as Schiff said.
Clinton and her allies frequently compare Clinton’s use of personal email to Powell’s use. But the IG report was pointed in drawing key differences between Clinton and past secretaries. It said the rules governing personal email and the use of nongovernment systems were “considerably more detailed and more sophisticated” during Clinton’s time in office.
“Secretary Clinton’s cybersecurity practices accordingly must be evaluated in light of these more comprehensive directives,” the report said.