Hillary’s classified e-mails: Much ado about nothing (most likely)

Without knowing more about the classified information reportedly found on Hillary Clinton’s personal e-mail server, conclusions about what this news portends for Clinton’s veracity and good judgment must remain tentative. However, the flurry of attention being given this revelation is quite possibly a political tempest in a Hillary-obsessed teapot. To understand why, one must know something about the creation and treatment of classified information.

The government’s system for classifying information was designed for a time when sensitive information was usually memorialized in writing or communicated by phone. It includes elaborate rules for labeling documents based on the information they contain, for deciding who can make what classification decisions, and for determining who has access to what information. Documents containing classified information are elaborately marked so that those who see them know the access rules and can treat the documents accordingly, and a single document may contain information classified at different levels. A CIA report indicating that after Stuxnet only 25% of Iran’s centrifuges were in good working condition might, for example, be classified as Secret, but if the report also indicated sources for that estimate, this information and the document as a whole would almost certainly be labeled Top Secret, and further access limitations might be indicated. Moreover, even those with requisite access permissions should not access classified information unless they have a “need to know,” although in practice “need” may be loosely defined. The document would be further protected by safe storage requirements and, depending on the security level, perhaps by the use of special couriers if the document had to be physically transferred. Discussion of classified material should occur only in secure settings and often must be confined to SCIFs (Sensitive Compartmented Information Facilities)—rooms, buildings, or sometimes, when the President is traveling, a blue tent, constructed so as to ensure against electronic and other surveillance.

As technology has advanced, rules and procedures have been adjusted to encompass new means of communication. Security sensitive telephone conversations and faxing require secure lines, and there are different separate networks, ordinarily accessible only within SCIFs, for computer communications at the Secret and Top Secret levels. Regardless, of how classified information is transmitted, markings showing the classification level of the entire document, and of any differently classified information within it, should be retained. Human nature being what it is, however, slippage can occur. Markings may be lost when information is extracted from the original source and retransmitted, or individuals may not alert their listeners to the classified nature of what they are hearing. Also conversations between people sharing the same secret knowledge may not always be confined to appropriately secure settings. Inadvertent disclosures are an additional problem. People are notoriously poor at recalling where they first encountered information, and references to secret matters may slip out without the speaker or writer ever realizing that the disclosure was forbidden.

Authority to classify information resides at various levels. People low on the administrative totem pole, including field operatives of all sorts, can classify information they convey if they believe that secrecy is required, but their decisions will be reviewed by specifically responsible officials. The government’s highest classification authority is the President. Not only is the President’s decision final if there is an interagency dispute about whether information should be classified, but the President can classify or declassify any information regardless of agency objections. On occasion, the intelligence community has shuddered when Presidents revealed sensitive classified information in speeches or conversation. No wrong was committed, however, because no matter what harm disclosing information may cause, the President has the authority to reveal it.

Presidents seldom get involved in the classification process, however. Rather classification authority is delegated down to the federal agencies that deal with security and diplomatically-relevant information. Within each agency, the agency head is the highest classification authority. Thus, if the allegedly classified information in Clinton’s e-mails had been labeled Secret or Top Secret by some lower ranking State Department official, there would be no issue beyond one of Clinton’s good judgment if she decided to declassify and discuss it. An agency head cannot, however, declassify information first classified by a different agency. Thus according to news reports, the e-mails provided the Justice Department apparently mention only information classified by CIA and NSA.

Assuming that CIA and NSA classified information can be found in messages on Clinton’s server, and there is no reason to doubt this, two further points must be considered before deciding that any breach was knowing or potentially serious. First, security professionals have a reputation for erring in the direction of overclassification. Not only may information be classified when its revelation would pose no serious security threat, but there have allegedly been instances where agencies classified information for impermissible reasons such as to cover up crimes or avoid embarrassing the agency. Early in his first term President Obama issued Executive Order 13526 designed to tilt the balance toward greater disclosure by emphasizing the need for an unequivocal and strong security or foreign policy nexus before information is classified (“If there is significant doubt about the need to classify information, it shall not be classified.” Sec, 1.1 (4)(b) ) If, however, my experience within one agency was typical, some at the operational level may not have fully bought-in to the President’s slant. Second, classified information remains classified and must be so treated even when it is widely known. Thus notorious leaks of classified information have been followed by messages to cleared government employees reminding them that they are obliged not to read any of the disclosed documents no matter how much conversation they are engendering. If the policy is not complete idiocy—cleared individuals could, for example, put leaked information together with what they knew from still secure sources and reach conclusions “beyond their pay grade”—it is nonetheless close to it. Among the world’s billions, the only people required to forego accessing leaked classified information are government employees, including many in the forefront of the fight against terrorism, who have been investigated and found loyal enough to be trusted with government secrets.

What does all this imply for judgments of Hillary Clinton’s e-mail practices? It suggests that although it is fair to question Clinton’s judgment in commingling personal and governmental e-mail on a personal server, absent more damning information, the revelation that information classified as Secret or even Top Secret was found in messages on Clinton’s server adds more sizzle than substance to claims that Clinton acted wrongly. Even if classified information is in messages Clinton sent rather than confined to what she received, there is no good reason to question the honesty (as opposed to the accuracy) of Clinton’s claim that she never conveyed classified information in messages sent through her personal server.

Questions of honesty would arise only if Clinton acquired the information from marked documents or in settings where she was alerted to the classified nature of what she was learning. But in transmitting their concerns to the Justice Department, the CIA and NSA Inspectors General noted that the classified information they found was not marked to indicate that secrecy was required. Most likely Secretaries of State receive, without markings or other alerts, considerable classified information in high level conversations or via oral and written briefings. If the classified information found came from these sources, perhaps comingled with non-classified summaries of matters reported in the domestic or foreign press, there would be little reason to question the honesty of Clinton’s denials.

Critics may argue that whether or not Clinton knew that information in her emails was classified, she should at least have been aware of its sensitive nature and avoided referencing it in messages sent through her server. But this criticism assumes that the sensitivity of classified information is obvious. Often, however, information is classified not because of what it alone reveals, but because of what it might reveal when put together with other evidence. Indeed, compilations of information may be classified even if no information in the compilation is itself classified. And tendencies toward overclassification, or delays in declassification, may mean that some truly innocuous information is labeled Secret. Moreover, since the information at issue was classified by agencies other than State, Clinton may well have been unaware of related information that would have made the sensitivity of what she disclosed obvious.

Still one might ask, how could one not be aware of the sensitivity of information classified Top Secret, which is reportedly the classification level of at least two messages found on Clinton’s server. In fact, it is easy. Consider a message informing a staff member that despite a world-wide embargo, Iran had managed to secure 1000 high performance centrifuges. This information would not be news to Iran or to many involved in the delivery supply train. So why should it be classified? A reason might be that if Iran knew what we knew, they would be alerted to the presence of spies or surveillance devices in their midst. Yet a person told of the centrifuge delivery without learning that the information was Top Secret might well assume that the absence of an alert meant that the information was “open source.”

We may never know what the messages labeled Secret and Top Secret on Clinton’s server contained, and without this knowledge, we have no way of knowing whether the presence of classified information on Clinton’s personal server is reason to question Clinton’s e-mail practices or judgment. Critiques based on this information are for the moment pure speculation. They are also unrelated to questions surrounding Clinton’s use of a personal server. Had Clinton sent or received emails containing Secret or Top Secret information using the State Department’s unsecured network, the issues, including any potential violations of rules regarding the transmittal of classified information, would be exactly the same.

Two other points deserve mention, not because of their implications for Clinton’s honesty but for their bearing on a larger issue: whether Clinton’s comingling of official and private messages on a personal server created risks that would have been absent had she used a government e-mail system for business-related transmissions. We may in the future learn more about this, for Clinton has agreed to give her server to the FBI for an assessment of its security. Most likely there were risks in using a personal server, but it is also likely that the risks were not realized, and it is quite possible that the risks were no greater, and perhaps less, than they would have been had Clinton used a State Department server. Clinton, no doubt, had firewalls and other protections in place to guard her personal server, and it is likely that she only discussed sensitive topics with people whose discretion she could trust since she could be damaged politically by any untoward revelations. As for the risk of being hacked, the wave of hacked government sites and the betrayals of Bradley Manning and Eric Snowden mean it is not silly to think that using a privately protected, unadvertised server could have made Clinton’s e-mails less vulnerable to surreptitious acquisition than they would have been on a State Department server, which is most likely a regular target of attempted intrusions.

Understanding how the government’s security system works, provides further reason to see the House Benghazi Committee’s desire to secure Clinton’s private server as a smoke screen for a politically-motivated hatchet job. Clinton’s private server e-mails are unlikely to shed any new light on what happened in Benghazi, or on her activities while the struggle was ongoing and in its immediate aftermath. Pertinent messages by or to Clinton and her staff that were marked Secret or Top Secret and are likely the most informative would have been sent through secure government channels, and confidential post-mortem analyses will be still classified. These may be provided to the Committee by the government if the law requires it, but there is no reason to expect to find them stored on Clinton’s private e-mail server. What would have been found there before Clinton destroyed her personal e-mails are likely messages revealing little or nothing about what happened in Benghazi but perhaps revealing Clinton’s circle of close confidents, or comments and disclosures that might be politically embarrassing and harmful to Clinton’s presidential ambitions. If contemporary politics were such that the House Committee could be trusted to reveal nothing on Clinton’s server except Benghazi-related messages, its demand to access the server before messages were destroyed would have deserved respectful consideration. But if we lived in that political world, investigations into Benghazi would have long since ceased, or if they were somehow still ongoing, the Committee would have had no interest in searching the totality of Clinton’s personal communications.

Destroying her personal emails does not, however, protect Clinton from the political consequences of mixing government and personal email on a personal server. Just as her supporters are likely to accept her claim that she only destroyed personal messages, and to be convinced that the Benghazi Committee could not have been trusted to keep personal information confidential, her opponents are unlikely to believe that only personal messages were destroyed. Rather, they will see in their claimed destruction a subterfuge designed to cover up the deletion of messages showing malfeasance in Clinton’s handling of Benghazi or other damning revelations about her performance while Secretary of State. The next Presidential election may be determined by whichever side is best able to persuade the broader American public that its convictions are right. The issue of Clinton’s honesty should not, however, be confused by the presence of classified information in some of the messages that Clinton gave the government. Based on what we have learned so far, it appears that Clinton’s error in asserting that there was no classified information on her server was quite likely an honest mistake. If it is not, Clinton would have been just as much at fault had she used an unsecured State Department server rather than her own.