Governance & Risk Management , IT Risk Management , Privacy

Clinton Email Probe Cites 38 for Violations

State Dept. Report: No 'Persuasive Evidence' of Deliberate Mishandling of Classified Info
Clinton Email Probe Cites 38 for Violations
Former Secretary of State Hillary Clinton (Photo: Gage Skidmore via Flickr/CC)

The U.S. State Department's years-long review of former Secretary Hillary Clinton's use of a private email server found that although 38 current or former department officials violated government security policies, there was no "persuasive evidence of systemic, deliberate mishandling of classified information.”

See Also: From Epidemic to Opportunity: Defend Against Authorized Transfer Scams

The report found that Clinton’s use of the server added an "increased degree of risk of compromise." But it also notes: "While there were some instances of classified information being inappropriately introduced into an unclassified system in furtherance of expedience, by and large, the individuals interviewed were aware of security policies and did their best to implement them in their operations.”

The unclassified Oct. 16 State Department report was released by Sen. Chuck Grassley, R-Iowa, on Friday. The report found that the 38 current and former State Department employees were responsible for about 90 violations of department security protocols.

None of those State Department employees were named in the report. The investigation also found nearly 500 other security violations, but investigators could not connect those to specific individuals.

Those former or current employees who violated State Department security protocols, could face difficulty in obtaining or renewing a government security clearance, according to the Associated Press. In addition, employees still working for the State Department could face some type of internal disciplinary action, the AP reports.

Clinton's use of a personal server for some of her email produced a significant political backlash, including an FBI investigation. President Donald Trump also used the incident to attack Clinton's integrity and judgment during the 2016 presidential election (see: Clinton, Trump Tackle Cybersecurity in Debate).

Clinton Reaction

After the report was released Friday, Nick Merrill, a spokesperson for Clinton, posted a response on Twitter, calling the investigation another "pointless crusade" against the former secretary of state, senator and presidential candidate.

But in a statement, Grassley, who has been investigating Clinton's use of a private server for years, notes that the State Department investigation “concluded that Clinton’s use of a personal email server to conduct official business increased the risk of unauthorized disclosures and security compromises."

Increased Risks

The State Department report finds that the use of the server increased the risk that classified data could have been transferred to a nonclassified system because the "private system lacks the network monitoring and intrusion detection capabilities of State Department networks."

The use of the private server also increased the risk of an inadvertent release of classified data, the report notes.

"While the use of a private email system itself did not necessarily increase the likelihood of classified information being transmitted on unclassified systems, those incidents which then resulted in the presence of classified information upon it carried an increased risk of compromise or inadvertent disclosure," the report adds.

In the end, however, the report did not find pervasive evidence that State Department officials misused the private server or deliberately accessed or transmitted classified documents, the report concludes.

"Instances of classified information being deliberately transmitted via unclassified email were the rare exception and resulted in adjudicated security violations," the report notes.

Scope of Investigation

In December 2014, Clinton and her team first turned over more than 30,000 emails from her private server, which started the review to determine if these messages contained any classified information, according to the report.

That part of the investigation continued for over a year until March 8, 2016, when the FBI stopped the State Department investigation and began its own review, the report's timeline notes.

In July of 2016, the FBI finished its investigation, which led to former FBI Director James Comey holding a press conference where he criticized Clinton's use of the private email server as secretary of state as "extremely careless" but said the FBI would not recommend charges. Another Justice Department Inspector General's report found no evidence that the server itself was hacked.

After the FBI finished its investigation, the State Department returned to its investigation in July 2016, which then took another three years to complete, the report notes.

State Department investigators note that it took months to sort through all the emails, remove duplicates and determine if any of the material mentioned classified information. Additionally, the investigation "involved thousands of person-hours of review and investigative effort, including gathering statements from hundreds of past and present [State Department] employees and conducting dozens of interviews," the report notes.

About the Author

Scott Ferguson

Scott Ferguson

Former Managing Editor, GovInfoSecurity, ISMG

Ferguson was the managing editor for the media website at Information Security Media Group. Before joining ISMG, he was editor-in-chief at eWEEK and director of audience development for InformationWeek. He's also written and edited for Light Reading, Security Now, Enterprise Cloud News, TU-Automotive, Dice Insights and

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.