Friday, August 14, 2015

Hillary Clinton's Emails Considered

In March 2013, a hacker going by the name of Guccifer hacked Sid Blumenthal’s email account, whereby it was discovered Hillary Clinton conducted government business on a private email account.  The email address was “hdr22@clintonemail.com.”  Not only was the email account private, but the server handling this email account was located in her Chappaqua, NY home. The public didn’t find out about this until a few months ago.  When this story broke last March, Hillary Clinton said this - "I did not email any classified material to anyone on my email," Clinton said at a news conference in March. "I'm certainly well aware of the classified requirements and did not send classified material."  Last month, Mrs. Clinton denied any mishandling of classified emails - "I am confident that I never sent nor received any information that was classified at the time it was sent and received."  Inspectors General from the Intelligence Community and the State Department asked the Justice Department to launch an investigation into this matter.  In their report, they state the following:

“The IC IG found four emails containing classified IC-derived information in a limited sample of 40 emails of the 30,000 emails provided by former Secretary Clinton. The four emails, which have not been released through the State FOIA process, did not contain classification markings and/or dissemination controls. These emails were not retroactively classified by the State Department; rather these emails contained classified information when they were generated and, according to IC classification officials, that information remains classified today [Ed. Note – emphasis mine]. This classified information should never have been transmitted via an unclassified personal system.”

After taking a sample of 40 emails the Intelligence Community determined that Mrs. Clinton sent 4 emails that were classified at the time they were sent. Doing that once is a mistake, doing it more than once is negligence. She had over 30,000 emails can we expect to see 10% of those to be classified as well?  Professionals that I know are careful about such things. When in doubt about classification, they ask those with authority to review such things before transmission, not after. Mrs. Clinton claims whatever she sent was unclassified. Maybe she didn’t, but somebody working for her did [Huma Abedin?  Cheryl Mills?].  It strains credibility to the breaking point to think that the Secretary of State conducts business in an unclassified environment. To conduct classified business in an unclassified environment is reckless and negligent.  There is a reason we keep classified information within secure, closed networks.  John Kerry thinks the Chinese and the Russians are probably reading his emails. "Unfortunately, we're living in a world where a number of countries, China and Russia included, have consistently been engaged in cyberattacks against American interests, against American government."  Mr. Kerry is aware of the cyber threat and writes his own emails assuming our adversaries are reading them.  Apparently Mrs. Clinton has made no such assumption.

For those who don’t know how serious this breach of security can be, here is a primer of security classifications and what it means to illegally disclose information classified as such:

Top Secret - the unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to the national security

Secret - the unauthorized disclosure of which reasonably could be expected to cause serious damage to the national security

Confidential - the unauthorized disclosure of which reasonably could be expected to cause damage to the national security

To insure the protection of classified information, the government uses closed, secure networks.  For Secret information, information is transmitted via the Secret Internet Protocol Router Network (SIPRNET).  For Top Secret information, including emails, images, or information derived from “other” sources, that information is transmitted via Joint Worldwide Intelligence Communications System (JWICS).  To transmit or receive anything via JWICS, one must have a JWICS “drop,” which can be located only in a SCIF.  I’m guessing Mrs. Clinton doesn’t have a SCIF in her house, so how did Top Secret information get on her unclassified server?  Thumb drives.  JWICS and SIPRNET are closed networks and can’t be accessed from just any unclassified system.  Information has to be “air gapped” from one network to another.  Does this scenario sound familiar?  Edward Snowden used thumb drives to store classified information that he downloaded from the networks to which he had access before he fled the country.  Mrs. Clinton’s lawyer has [or had – the FBI might have it now] a thumb drive in his possession that contains classified information.  How did he come to have this information?  I’m sure he doesn’t have a security clearance, and he definitely doesn’t have “need to know” for such things.  One needs to have both the appropriate security clearance and the need to know to have access to it.

Since before the revelations of Edward Snowden, DoD has banned the use of thumb drives on all DoD computers, including unclassified computers.  I am certain that the State Department’s guidelines are similar to those of DoD.  Use of such things (or connecting any sort of media) with computers is traceable.  If I as a contractor used such a thing with my government laptop without permission, I would be called on the carpet with the Operations Group Commander to have a one-way conversation and then probably fired.  That would just be the beginning of my problems.  And that is just if I do that on an unclassified laptop.  I shudder to think of the penalties for doing such a thing on a classified system.  Chelsea Manning is an expert on such matters.  She is currently serving a 35-year sentence at Fort Leavenworth for violating the Espionage Act.

There is another thing to consider.  It has been reported some of the classified information on Mrs. Clinton’s server originated from the CIA.   It has been my experience that though they may share information with others, they don’t release that information to others [not willingly anyway].  They use a handling term called ORCON, which means “originator controlled.”  Such material is very conspicuously marked with the ORCON label – it is hard to miss.  The CIA is very touchy about ORCON information.  ORCON means that they and only they can control what happens with said information.  It’s their way of protecting sources and methods.  You can read it, you can study it, but you can’t cite it as a source in intelligence reporting.  If you want to use said information, you need to find another source to corroborate it.  So if Mrs. Clinton or any of her staff possesses any ORCON material without the CIA’s knowledge, they get very annoyed with that sort of thing.  And when the CIA gets annoyed, prosecutions tend to be the next step. 

This is not the first time a Clinton or somebody connected with the Clintons have demonstrated a cavalier attitude toward handling classified information.  Cases in point are Sandy Berger and John Deutsch.  Both served Bill Clinton in sensitive positions.  John Deutsch was found to have some highly classified information on his unclassified, personal laptop computer.  He lost his security clearance as a result, and the only reason he isn’t in jail is because he received a pardon from Bill Clinton hours before George W. Bush became president.  Sandy Berger visited the National Archives and walked out with classified papers shoved down his pants.   He got probation and was fined $50,000.

This is an issue of trust.  When we receive security clearances, we are bestowed with a trust to protect information that our adversaries would find damaging to our security and to our interests.  When one willfully mishandles classified information that trust is violated.  Once that trust is violated, it’s very difficult to get it back.  Hillary Clinton is a security risk.