Presumptive Democratic Presidential nominee Hillary Clinton can no longer claim that she complied with State Department rules and regulations governing the private bathroom server at her Chappaqua, New York, home.
According to a report from the nonpartisan State Department inspector general Clinton violated State’s email rules. And beyond that, the private “clintonmail” server was not allowed, was the subject of several hacking attempts, and was maintained by a Department of State employee without State’s direct knowledge.
MORE: Hillary Hacker Guccifer Pleads Guilty in Federal Court
We’ve pulled out the highlights from the report.
While Clinton’s campaign website claims that her use of a private email server was approved by the State Department, the report:
“found no evidence that the Secretary requested or obtained guidance or approval to conduct official business via a personal email account on her private server.”
“According to the current CIO and assistant secretary for diplomatic security, Secretary Clinton had an obligation to discuss using her personal email account to conduct official business with their offices, who in turn would have attempted to provide her with approved and secured means that met her business needs.”
The report also found that Clinton was required by law to preserve certain key records, including her emails—she wasn’t.
“Secretary Clinton should have preserved any Federal records she created and received on her personal account by printing and filing those records with the related files in the Office of the Secretary,” the report states. “At a minimum, Secretary Clinton should have surrendered all emails dealing with Department business before leaving government service and, because she did not do so, she did not comply with the Department’s policies that were implemented in accordance with the Federal Records Act.”
Clinton didn’t get the approval of State Department lawyers before instituting her email system.
As previously noted, OIG found no evidence that staff in the Office of the Legal Adviser reviewed or approved Secretary Clinton’s personal system.
Clinton and her top aide, Huma Abedin, discussed State Department concerns about her private server, and considered getting Clinton a second device for private email.
“In November 2010, Secretary Clinton and her Deputy Chief of Staff for Operations discussed the fact that Secretary Clinton’s emails to Department employees were not being received…The Deputy Chief of Staff emailed the Secretary that “we should talk about putting you on state email or releasing your email address to the department so you are not going to spam.” In response, the Secretary wrote, “Let’s get separate address or device but I don’t want any risk of the personal being accessible.”
But when staff members raised concerns, they were told that Clinton’s private email server was approved —and that they should keep quiet.
According to the other S/ES-IRM staff member who raised concerns about the server, the Director stated that the mission of S/ES-IRM is to support the Secretary and instructed the staff never to speak of the Secretary’s personal email system again.
But their concerns were valid, according to the report. Clinton’s server was attacked at least twice, and one time that went unreported to authorities.
In another incident occurring on May 13, 2011, two of Secretary Clinton’s immediate staff discussed via email the Secretary’s concern that someone was “hacking into her email” after she received an email with a suspicious link. Several hours later, Secretary Clinton received an email from the personal account of then-Under Secretary of State for Political Affairs that also had a link to a suspect website. The next morning, Secretary Clinton replied to the email with the following message to the Under Secretary: “Is this really from you? I was worried about opening it!” Department policy requires employees to report cybersecurity incidents to IRM security officials when any improper cyber-security practice comes to their attention. 12 FAM 592.4 (January 10, 2007). Notification is required when a user suspects compromise of, among other things, a personally owned device containing personally identifiable information. 12 FAM 682.2-6 (August 4, 2008).
However, OIG found no evidence that the Secretary or her staff reported these incidents to computer security personnel or anyone else within the Department
And while Clinton and her team have maintained that the server was never hacked, there was at least one successful attempt that required immediate action, an incident Secretary Clinton and her Chief of Staff were aware of.
On January 9, 2011, the non-Departmental advisor to President Clinton who provided technical support to the Clinton email system notified the Secretary’s Deputy Chief of Staff for Operations that he had to shut down the server because he believed “someone was trying to hack us and while they did not get in i didnt [sic] want to let them have the chance to.” Later that day, the advisor again wrote to the Deputy Chief of Staff for Operations, “We were attacked again so I shut [the server] down for a few min.” On January 10, the Deputy Chief of Staff for Operations emailed the Chief of Staff and the Deputy Chief of Staff for Planning and instructed them not to email the Secretary “anything sensitive” and stated that she could “explain more in person.
And then there’s this: Bryan Pagliano, the Clinton aide tasked with maintaining her server (he has now agreed to talk to the FBI in exchange for immunity from prosecution), wasn’t supposed to be helping her out at all.
“They told OIG that while they were aware that the Senior Advisor [Pagliano] had provided IT support to the Clinton Presidential campaign, they did not know he was providing ongoing support to the Secretary’s email system during working hours.”
And last but not least, the Investigator General determined that the emails Clinton turned over to the State Department for the investigation were an incomplete set.
Suffice it to say, for Hillary Clinton, the news isn’t good. She did, of course, say just a few weeks ago that she’d be happy to talk about her emails, anytime, any place. She may want to start talking.