It Took Awhile But Here It Is — Going After @StateDept OIG Steve Linick With Fake Sleeper Cells

Posted: 2:24 pm EDT

 

Politico reported on January 25 about the State Dept. watchdog tied to earlier Clinton probe.   Rep. Steve Israel (D-N.Y.), described by Politico as a Clinton ally questioned the impartiality of the State Department IG’s office. He was specifically targeting OIG Steve Linick’s senior advisor, David Seide, who according to Representative Israel: “You have a guy who used his former position to conduct a wide-ranging investigation into Mrs. Clinton that amounted to nothing, who then continues that work in the State Department. That has fingerprints on it that are just too visible and just lead to all sorts of questions.”

Excerpt below from Politico:

A lawyer overseeing investigations into former Secretary of State Hillary Clinton’s email practices has a history of tangling with the former first lady’s political operation: He was a federal prosecutor involved in a probe that led, a decade ago, to the unsuccessful prosecution of a top Clinton fundraising aide.

David Seide — now the acting senior adviser to the State Department inspector general — gathered evidence that surfaced in the case against David Rosen, the national finance director of Clinton’s 2000 Senate bid.
[…]
While Rosen’s trial was a stinging defeat for the government, after Rosen’s acquittal, the committee that arranged the 2000 gala paid a $35,000 civil penalty to the Federal Election Commission and agreed to amend the relevant campaign finance reports to acknowledge more than $721,000 in unreported spending. Such large in-kind donations to a campaign-linked fundraiser were legal at the time, but they were made illegal by the so-called soft-money ban in the McCain-Feingold law passed in 2002.
[…]
Seide appears to have close ties to State Department Inspector General Steve Linick and to DiSanto. When Linick gave up his position as IG at the Federal Housing Finance Agency to join State in 2013, Seide and DiSanto followed him to the new agency.

However, Seide’s résumé doesn’t suggest an anti-Clinton vendetta. After leaving government, he spent a year as an in-house counsel at Morgan Stanley before joining Wilmer Hale, a Washington law firm that has employed many prominent Democrats and former Clinton administration officials.

In 2002, Congress passed the Bipartisan Campaign Reform Act of 2002, better known as McCain-Feingold. The legislation made changes to the Federal Election Campaign Act of 1971 to limit the use of “soft money.”

Representative Steve Israel voted in favor of the Bipartisan Campaign Reform Act of 2002.  So he was for McCain-Feingold before he was against McCain-Feingold?  Here’s the funny thing.  According to Politico, Doug Welty, the State OIG spox said that Mr. Seide was involved in the prosecution of a case in which a Clinton donor was charged with stock fraud, but not the Rosen case.

Chill out! Those prosecutors, they all look the same, hey?

In November last year, senior Democrats also alleged a “fishy connection” between the release of Huma Abedin-related  information and Senator Grassley’s former top investigator, Emilia DiSanto, who is now the deputy inspector general at the State Department. The NYT notes that “Ms. DiSanto worked for Mr. Grassley for years; she joined the inspector general’s office in late 2013, around the time the inquiry into Ms. Abedin began.”

Ms. DiSanto, in an email, responded angrily to questions about whether there was a connection between her and the information that Mr. Grassley had received.

“Any claim that I have communicated with Senator Grassley about State Department nominations is an outright lie,” she wrote. “There is nothing ‘fishy’ about the fact that I once worked for Senator Grassley about five years ago. Indeed, it is quite common for employees of the legislative branch to join the executive branch to continue their public service.”

Senator Grassley’s inquiry originally started with the Special Government Employee (SGE) arrangement involving Human Abedin in August 2013 (see The Other Benghazi Four: Lengthy Administrative Circus Ended Today; Another Circus Heats Up). Senator Grassley said in his letter to Secretary Kerry that he made inquiries on June 13, 2013 and August 15, 2013 regarding the State Department’s use of Special Government Employee (SGE). We’re not complaining, by the way, that Senator Grassley is looking into this issue. We’d like to know how other State Department employees can get permission to hold three other jobs concurrent with their federal jobs.  Some friends have mortgages, others have kids in college, car payments, student debts, etc…. so an additional job or two would be really helpful.

In any case, Emilia DiSanto was appointed Acting Deputy IG on October 1, 2013 to succeeded Harold Geisel, the Deputy IG who served as OIG boss for the last five years while the State Department did not have a Senate-confirmed Inspector General.  Ms. DiSanto was with the Federal Housing Finance Agency-Inspector General’s Office for two years prior to her move to the State Department.

In 2004, during her work at the Senate Finance Committee, Ms. DiSanto reportedly met with Food and Drug Administration whistleblowers about their concerns that widely used antidepressants were linked to suicidal behavior among teens. According to the WSJ, the scientists told Ms. DiSanto that they believed the agency and companies were ignoring or suppressing that information. Shortly thereafter the senator held the first major congressional hearing on a drug safety issue in years.  They later turned their attention to “medical devices, specialty hospitals, the antibiotic Ketek, ghostwritten medical papers, the FDA’s criminal division, its drug division, its veterinary division and, most notably, the diabetes drug Avandia.” See more here (PDF).

In late 2005, she survived an attack by a man who repeatedly struck her with with an unidentified object believed to be a baseball bat. Reports say no evidence points to DiSanto’s work on the Finance Committee as the cause for the attack, but sources say there are a number of clues that suggest it could be since the assailant “was trying to hide his identity, wearing a hood and black gloves. He also did not make any demands before attacking the 49-year-old staffer. A working assumption among investigators is that he was waiting for her to arrive home.” She reportedly returned to work a week after her attack, and continued to work at the Senate until 2011 when she left and moved to FHFA/OIG.

David Seide was appointed Counselor to the Inspector General on October 18, 2013.  Previously, he served for almost three years as Director of Special Projects in the Office of the Inspector General of the United States Federal Housing Finance Agency.  His title was later changed to Acting Senior Adviser to the Inspector General at the State Department.

Both Ms. DiSanto and Mr. Seide worked with Mr. Linick when he was inspector general at Federal Housing Finance Agency (FHFA). We should note that they worked with the RMBS Working Group and the New York Attorney General’s Office in support of the investigation and prosecution of RMBS fraud cases. In November 2013, when all three have already moved to the State Department, their old office, FHFA/OIG with the Justice Department and other state and federal entities secured a record $13 billion global settlement with JPMorgan for misleading investors about securities containing toxic mortgages.  They did the jobs they were supposed to do there.

Now they’re doing the jobs they’re supposed to be doing at the State Department.

And some politician is trying to convinced us that they are at fault for doing their jobs by peddling “all sorts of questions” and citing  “fingerprints.”

Mr. Seide is one of the two team leaders and 10 OIG staffers who looked into the Department of State’s FOIA Processes for Requests Involving the Office of the Secretary (PDF).  Is the good congressman from New York also digging up the backgrounds of the 10 OIG staffers involved in that project? That is, by the way, a distressing report to read but nobody asked how come no one had ever done this review before? What happened to the OIG during the Clinton tenure? What’s that? There was no Senate confirmed IG during that entire tenure?

Too bad, there was no IG with major brass balls before now to look under the rugs.

We do think that the real target of these allegations of bias is Mr. Linick. Because, hey … if his closest aides are political sleeper cells, who somehow manage to lay low in the bureaucracy and a decade later they turned the screws at their first opportunities, then by golly, he must be, too!  And if you can smear the messengers badly enough, then, of course, all those reports his office issued and will issue in the future can simply be ignored or dismissed as partisan.

This is predictable babble and the good congressman from New York and friends must now find a vomitorium so they can throw up all this crap.

f791ea607711be2775df70d9287f543b160f7b76b9f250ebefa874ae9c6ee67b

 

Related items:

 

 

 

New London Embassy: Design Passed the Full Mockup Blast, So Why the “Augmentation Option” For $2 Million?

Posted: 2:58 am EDT

 

Back in July last year, we wrote about the New London Embassy (NLE) project. Our trusted source told us that the project “went into construction before its glass facade design was tested to confirm it will meet blast standards.” Our source further explained that  the testing was needed only because the New London Embassy does not use known, familiar, window systems. The curtain wall apparently has no frames to ‘bite’ the glass and retain it under blast. That is a new technique for OBO we’re told, so the bureau reportedly had no basis to analyze the design (see New Embassy Construction Hearing: Witnesses Not Invited, and What About the Blast-Proof Glass?).

On December 8, the House Oversight Committee held a hearing on the New London Embassy Project. Below is an excerpt from State/OIG Steve Linick’s prepared statement (PDF):

In July 2015, OIG published the findings of its performance audit of the London NEC construction project.1 During this audit, OIG reviewed the Department’s evaluation and approval of the project design, including the design of the outer façade of the Chancery building,2 which comprises two layers. The outermost layer consists of a scrim stretched over a network of thin aluminum components. The scrim wraps the building to the east, west, and south, acting as a screen. Underneath the scrim, a glass curtain wall with an aluminum frame forms the inner layer of the building’s envelope.

OIG’s first objective was to determine whether the Department resolved security issues with the curtain wall design before allowing construction to begin. The Department’s physical security standards require all new office buildings such as the Chancery at the London NEC to provide blast protection to keep people and property safe from an attack. Moreover, by law and Department policy, the Department must certify to Congress that the project design will meet security standards prior to initiating construction.

OIG found that the Department’s Bureau of Diplomatic Security (DS) and Bureau of Overseas Building Operations (OBO) did not obtain blast-testing results for the Chancery’s curtain wall design before the Department certified the project and authorized initiation of construction. As discussed in more detail below, initiating construction prior to security certification and blast testing increased the financial risk to the Department and taxpayers, and was contrary to the Department’s policy.

A second objective for OIG was to determine whether the Department adhered to Federal Acquisition Regulation (FAR) requirements in negotiating a price for the NEC. OIG found that the contracting officer responsible for the NEC construction contract awarded the construction portion of the contract without requiring the contractor to provide an explanation of approximately $42 million in cost differences between the initial proposal and the final proposal. Because the contracting officer did not obtain sufficient information when negotiating the final price for the construction portion of the contract as required by the FAR, OBO was unable to assess fully the contents of the construction proposal that the contracting officer ultimately accepted and used as the basis for the firm-fixed-price award.

A practice that does not comply with 12 FAM 361.1

Since at least 2003, the Department has followed the practice of issuing limited notices to proceed, as set forth in the 2003 draft agreement, thereby authorizing construction contractors to begin limited tasks (not including foundation work) prior to certification. This practice, however, does not comply with 12 FAM 361.1, which states that “no contract should be awarded or construction undertaken until the proponent of a project has been notified by the Department that the appropriate certification action has been completed.” Notwithstanding the prohibition in 12 FAM 361.1, DS approved OBO’s request for early site work and construction of the piling foundation of the London NEC in November 2012, more than a year before certification and blast testing.

Concerns with the security of the curtain wall

The London NEC’s outer façade design was new and was never previously evaluated or tested by DS. The glass curtain wall design used in the NEC needed to meet a variety of security criteria, including forced-entry/ballistic resistant (FE/BR) and blast-protection requirements. As early as November 2012, DS notified OBO of its concerns with the curtain-wall design. DS informed OBO that there were substantial omissions and deficiencies of essential information related to FE/BR testing, curtain-wall sound mitigation, and blast-design methodology. This meant that DS would not accept computer modeling of the curtain wall to certify whether it would meet blast requirements and thus would require field validation as a condition to certify the project. CSE also expressed concerns with the security of the curtain wall and notified DS that its concerns would “need to be resolved by either a follow-on design or a written agreement” from OBO.

An “alternate curtain wall system” – just in case

Based on that written assurance and prior to any blast testing, the Under Secretary of State for Management certified to Congress on December 16, 2013, that the London NEC would be constructed in a secure manner and would provide adequate and appropriate security for sensitive activities and personnel. During this timeframe, OBO tasked the design firm for the NEC to develop solutions in the event the curtain wall failed the blast test. Specifically, OBO worked with the contractor to develop an “alternate curtain wall system” that was acceptable to DS for certification without blast testing.

An “augmentation option”— for an additional cost of $2 million

DS oversaw two series of component-level blast tests in February and April 2014. According to DS, the tests were necessary to determine the viability of employing structural silicone for the curtain wall. However, because the test results were mixed and inconclusive, OBO and DS agreed that the full mockup blast test would be the only valid test of the design. The full mockup blast test occurred on May 28, 2014, and according to DS, the design passed. Nevertheless, DS and OBO reached an agreement incorporating what became known as an “augmentation option”— for an additional cost of $2 million. Employing this option, although not necessary to meet standards, was intended to provide an added measure of security.

As noted in our audit, OIG recognizes that the Department’s decision to initiate construction of the London NEC prior to completing the required blast testing was driven by a schedule to complete construction by 2017. However, by initiating construction without first completing blast testing, the Department committed itself to the construction of a building that could have required significant redesign, potentially placing millions of dollars at risk.

 

The House Oversight Committee hearing page is here with the rest of the video clips and the prepared statements of the witnesses from OIG, OBO, and Diplomatic Security.

#

Related posts:

 

@StateDept’s Problematic Information Security Program and Colin Powell’s Wired Diplomatic Corps

Posted: 2:10 am EDT

 

.

Via the AP:

Clinton approved significant increases in the State Department’ information technology budgets while she was secretary, but senior State Department officials say she did not spend much time on the department’s cyber vulnerabilities. Her emails show she was aware of State’s technological shortcomings, but was focused more on diplomacy.
[…]
Emails released by the State Department from her private server show Clinton and her top aides viewed the department’s information technology systems as substandard and worked to avoid them.

Screen Shot 2015-10-20

click here to view pdf file

The report does not include specific details on the “significant increases” in the IT budget. Where did it go? Why did the Clinton senior staff suffer through the State Department’s antiquated technology without any fixes?

In contrast, here is Colin Powell’s Wired Diplomatic Corps:

Another disturbing aspect of State Department life prior to 2001 was the poor condition of its information technology (IT). Independent commissions warned the organization’s computer networks were “perilously close to the point of system failure” and “the weakest in the U.S. government.” Inadequate funding, concerns over IT security, and simple bureaucratic inertia were all contributing factors. Powell came to an institution in which his employees relied on an antiquated cable messaging system, slow, outdated computers and as many as three separate networks to do their daily work. At several posts diplomats did not enjoy full access to the Internet or the department’s classified network. Such realities were troubling for a new secretary of state, who had served on American Online’s board of directors and considered Internet access an indispensable resource in his own daily life. Powell believed effective twenty-first diplomacy necessitated a modern communications system at State and made its establishment a top priority.

As with embassy construction and security, Powell successfully garnered the financial resources to make substantial quantitative and qualitative improvements in the organization’s information technology. For instance, a secure unclassified computer network with full Internet access was extended to 43,500 desktops during his tenure, making the State Department a fully wired bureaucracy for the first time in its history. This goal was reached in May 2003, under budget and ahead of schedule. Shortly thereafter a modernized classified network was installed at 224 embassies and consulates — every post that the Bureau of Diplomatic Security deemed eligible for such technology. In addition, a Global IT Modernization (GIT-M) program was launched to ensure that all computer hardware is kept state-of-the-art through an aggressive, four-year replacement cycle. Other changes equipped the institution with cutting-edge mainframes, updated secure telephones, and wireless emergency communication systems. Most recently, the State Department began under Powell’s leadership to replace its decades old cable and e-mail systems with one modern, secure, and fully integrated messaging and retrieval system.

These impressive technological changes were complemented by the creation of a new 10-person office for e-Diplomacy in 2002. The unit was established to support State’s information revolution by finding ways to increase organizational efficiency through information technology, making the newly installed systems user-friendly, and continuing to identify new ways to send, store and access information. Furthermore, IT security was enhanced considerably. One department report indicated that by August 2004, 90.4 percent of State’s operational systems had been fully authorized and certified, earning the department OMB’s highest rating for IT improvement under the President’s Management Agenda (PMA). In part, achievements of this type were facilitated through Powell’s hiring of 530 new IT specialists (while controlling for attrition). Through an aggressive recruitment and retention program based on incentives and bonuses, the department’s vacancy rate for such positions, which was “over 30 percent five years ago, [was] essentially eliminated.” As with congressional relations and embassy construction and security, State’s information technology was enhanced significantly under Powell’s leadership.

Read in full here via American Diplomacy — The Other Side of Powell’s Record by Christopher Jones.

So, among the more recent secretaries of state, one stayed home more than most. Secretary Powell knew the IT systems were substandard and he went about making the fixes a priority; he did not hand it off to “H” to lobby Congress or simply talked about the State Department’s “woeful state of civilian technology.” 

Below is a clip from OIG Steve Linick’s Management Alert for recurring information system weaknesses spanning FY2011-FY2013.  The actual FISMA reports do not seem to be publicly available at this time:

Screen Shot 2015-10-20

The FISMA audit dated October 2014 says:

[T]he Chief Information Security Officer stated that the Bureau of Information Resource Management, Office of Information Assurance (IRM/IA), received a budget of $14 million in FY 2014, an increase from $7 million in FY 2013.6 A majority of the budget was used for contractor support to improve FISMA compliance efforts.

We identified control deficiencies in all [Redacted] (b) (5)  of the information security program areas used to evaluate the Department’s information security program. Although we recognize that the Department has made progress in the areas of risk management, configuration management, and POA&M since FY 2013, we concluded that the Department is not in compliance with FISMA, OMB, and NIST requirements. Collectively, the control deficiencies we identified during this audit represent a significant deficiency to enterprise-wide security, as defined by OMB Memorandum M-14-04.

We have been unable to find the FISMA reports during all of Rice, Clinton and Kerry tenures. We’ll keep looking.

#

 

Why didn’t the State Dept have a permanent IG from 2008-2013? Late, but a senator wants to know.

Posted: 12:13  am EDT

 

Senate Judiciary Committee chairman Chuck Grassley has been keeping the records folks awake in Foggy Bottom. Last week, he directed his attention on the missing permanent IG at the State Department from 2008-2013. Over two years late but this gotta be good.

The previously Senate-confirmed OIG for the State Department was Howard J. Krongard who announced his resignation on December 7, 2007 and left post on January 15, 2008.  President Obama nominated the current IG Steve Linick in June 2013. The U.S. Senate confirmed his nomination on September 17, 2013 and Mr. Linick officially started work at the State Department on September 30, 2013.  (By the way, on October 1, the federal government went on shutdown and Mr. Linick’s office was one of the very few offices at the State Department whose employees were put on furlough).  The vacancy at the IG’s office lasted more than five years before President Obama’s nominee finally took office.  (See Senate Confirms Steve Linick; State Dept Finally Gets an Inspector General After 2,066 DaysAfter 1,989 Day-Vacancy — President Obama Nominates Steve Linick as State Dept Inspector General).

In any case, Senator Grassley now wants to know why the IG vacancy at the State Department lasted, by official count, 2,071 straight days. Late but okay, we’d like to know, too.  The senator wrote a letter to Michael E. Horowitz, the Chair of Council of the Inspectors General on Integrity and Efficiency (CIGIE) and to Secretary Kerry. Excerpt below:

Congress needs a better understanding of how and why the State Department lacked a permanent IG who could serve as an independent watchdog for 2,071 straight days. Accordingly, please respond to the following by September 11, 2015:

CIGIE Chair Horowitz: Assuming that CIGIE prepared a list of recommended candidates to fill the IG vacancy at the State Department created upon the departure of former IG Howard Krongard in 2008:

a. Who were the candidates?
b. When were they recommended?
c. Who sent the slate of recommendations from CIGIE to the White House?
d. Who received the slate of recommendations at the White House from CIGIE?

e. What was the response, if any, from the White House regarding the slate of candidates?
f. Who, if anyone, at CIGIE received the White House’s response?
g. When and how was any such response from the White House received?

h. Please provide all records from any CIGIE official at the time relating to communications with the White House about the IG vacancy or potential candidates to fill the vacancy.
i. Did CIGIE provide candidate names to the State Department? If so, please provide the Committee with all records from any CIGIE official at the time relating to communications with the State Department about the IG vacancy or potential candidates to fill the vacancy.

Secretary Kerry: Please provide the Committee with all State Department records related to the IG vacancy or potential candidates to fill the vacancy, including communications between and among former Secretary Clinton, her senior staff, or any State Department personnel, any CIGIE official, or any White House official.

In the letter’s footnotes, Senator Grassley cites the testimony of POGO’s Danielle Brian on “Watchdogs needed: Top Government Investigator Positions Unfilled for Years, June 3, 2015.”  POGO has previously questioned the independence of the State Department’s acting IG. POGO also published a letter from “very concerned employees” (pdf) dated January 12, 2008 sounding the alarm on the appointment of an acting IG. Senator Grassley is listed as one of the addresses of that letter.

Senator Grassley’s IG vacancy letter cites two cases:

1) The “appearance of undue influence and favoritism” in departmental investigations of three allegations related to Diplomatic Security investigations (see Review of Selected Internal Investigations Conducted by the Bureau of Diplomatic Security | January 2015 (pdf).

[ As an aside — the original OIG draft/report on DS investigations dates back to 2012 and was made part of the Higbie v. Kerry, a title VII employment discrimination case in Texas. That case was subsequently dismissed by the district court and affirmed by the Court of Appeals (pdf) in March 2015.  But in 2013, the government sought to exclude the “improperly obtained documents” that Higbie obtained via a subpoena from a retired OIG employee, Aurelia Fedenisn. The government asserted that the documents, including the draft report, were improperly retained by Fedenisn after her employment ended in 2012.  We’re reminded of this case in relation to the IG vacancy because the Washington Examiner recently reported that the then acting IG had sought to keep early drafts of a controversial OIG report under wraps in the Higbie case in federal court in 2013. Note that the contents of that draft report have already circulated and were reported on by the press in June 2013].

2) Allegations related to “protected disclosures” at  the U.S. Consulate General in Naples Italy, a case currently in the court system  (see Howard v. Kerry: Court Denies Motion to Dismiss One Retaliation Claim.

Senator Grassley’s letter is available to read here: 2015-08-27 Grassley | CEG to CIGIE and State Dept (IG Vacancy)

#

 

Clinton Email Challenge Now a Sharknado, and Secretary Kerry Is Right to be “Concerned”

Posted: 2:13  pm PDT

 

This happened Thursday night. We drafted this post early morning but waited for a piece of information we wanted to see. So yup, overtaken by events.  In any case, you may now read the inspector generals memos referenced to in the NYT report here. See NYT: Criminal Inquiry Sought Over Clinton Emails? Read the Inspector Generals Memos.  We’re also waiting for the OIG to issue a clarification on the DOJ referral the NYT reported.

The memos went possibly from two IG offices — State Department Steve Linick and Intelligence Community Inspector General I. Charles McCullough, III — to the Under Secretary for Management Patrick Kennedy. The IGs memos are also cc’ed to one of the State Department’s deputy secretaries. It looks like, the memos or contents/snippets of it were shared with DOJ, as a DOJ official appears to be the NYT’s source for this story (see tweets below).

Here are the tweets from July 24:

.

 

The report from the NYT includes the following:

— 1.  The memos were provided to The New York Times by a senior government official.

— 2.  The inspectors general also criticized the State Department for its handling of sensitive information, particularly its reliance on retired senior Foreign Service officers to decide if information should be classified, and for not consulting with the intelligence agencies about its determinations.

— 3.  The revelations about how Mrs. Clinton handled her email have been an embarrassment for the State Department, which has been repeatedly criticized over its handling of documents related to Mrs. Clinton and her advisers.

— 4.  Some State Department officials said they believe many senior officials did not initially take the House committee seriously, which slowed document production and created an appearance of stonewalling.

— 5.  State Department officials also said that Mr. Kerry is concerned about the toll the criticism has had on the department and has urged his deputies to comply with the requests quickly.

Today:

.

.

 .

On this whole email debacle at the State Department, it must be said that this might not have happened if not enabled by senior bureaucrats in the agency. We do not believe for a moment that senior officials were not aware about the email practices of then Secretary Clinton or the record retention requirement. But hey, if the practice was done for four years over the protests and dissent of officials at “M”, “A”, the Legal Adviser or the CIO, we’d like to see that email trail.

By the way, this NYT report follows a July 20 Politico report about a contentious hearing where U.S. District Court Judge Richard Leon demanded explanations for why some of the Associated Press’ FOIA requests received no reply for four years or more before the wire service filed suit in March.

“The State Department’s not going to have the luxury of saying, because we’re focusing on Hillary’s emails, we’re doing so at the cost and expense of four-year-old requests. So, that’s not going to be an excuse,” the judge said. “In my judgment, a four-year-old request gets a priority over a recent request.”

On Mr. Kerry’s concern about the toll the criticism has had on the department … the secretary is right to be concerned. Senior officials did not take Congress seriously?  Even if senior bureaucrats do not agree or approve of the conduct of the Select Committee, even if they think this is a sideshow seeking to derail a presidential campaign, the required document production is still part of their jobs. In my view, the most serious consequence on the appearance of stonewalling is it also gives the appearance that bureaucrats are picking sides in this political shitstorm.

This can potentially undermine the expectation of the State Department as an impartial and non-political entity. The perception, right or wrong, that this impartiality is compromised, will not serve it or its employees well in the long run.

You might like to read a couple previous posts on FOIA personnel, costs and the “persistent neglect of fundamental leadership responsibilities” that made this the Clinton email debacle a challenge of Sharknado proportion for the agency. (see Snapshot: State Dept FY2014 FOIA Personnel and Costs and State Dept FOIA Requests: Agency Ranks Second in Highest Backlog and Here’s Why).

#

State/OIG Report on US Embassy Estonia Gets a “D” For Um … Dazzle?

Posted: 2:09 am  EDT

 

The Office of the Inspector General inspected the U.S. Embassy in Tallinn, Estonia from October 3–22, 2014.  It released its inspection report  on June 18, 2015.

Inspection of Embassy Tallinn, Estonia
Posted On: June 18, 2015 Report Date: June 2015
Report Number: ISP-I-15-23A
Report: application/pdf icon isp-i-15-23a.pdf

Quick look at post fro the IG report:

Missionwide staffing is 42 U.S. direct-hire employees, including 27 Department U.S. direct-hire employees. The FY 2014 missionwide budget was $8.9 million. Other agencies represented at the mission include elements of the U.S. Departments of Defense, Justice, and Homeland Security. A small number of U.S. military personnel on rotation to Estonia fall under chief of mission authority. The mission has no consulates. The mission’s FY 2015 request for foreign assistance funds totaled $3.6 million for Estonian military stabilization operations and security sector reform ($2.4 million for foreign military funding and $1.2 million for international military education and training). Embassy Tallinn’s missionwide budget for FY 2014 was approximately $8.9 million. Department staffing was 27 U.S. direct-hire employees and 85 locally employed (LE) staff members.

Excerpt from key findings:

  • The Ambassador and the deputy chief of mission provide appropriate oversight to the country team, and U.S. Department of State sections, in accordance with Section 207(a) of the Foreign Service Act of 1980. However, stronger leadership from the Ambassador and his greater adherence to Department of State rules and regulations are necessary.
  • The political/economic section is staffed adequately to carry out its policy advocacy and reporting responsibilities but needs to adjust local staff portfolios and the language requirements of its U.S. officers to maximize resources.
  • The public affairs section is central to mission efforts to carry out Integrated Country Strategy objectives, using traditional public diplomacy tools, media engagement, social media, and regional outreach to amplify policy messages.
  • The embassy’s consular warden system has not been reviewed, activated, or tested since at least 2011. Worldwide tensions increase the need for an effective warden system with the flexibility to meet multiple contingencies, including the potential interruption of electronic messaging capability.
  • The aging chancery does not meet—and cannot be retrofitted to meet—even the most basic security standards, and numerous infrastructure deficiencies need to be addressed if the embassy is to remain at its present location.
  • The telecommunications and power cabling infrastructure throughout the chancery is disorganized and largely undocumented, which limits the ability of information management staff to carry out their duties.
  • The embassy needs a comprehensive training plan for locally employed staff that reflects priority training needs.
  • Internal management controls need to be strengthened, with particular attention to separation of duties, documenting processes and standard operating procedures, clarifying backup duties, and reassessing organization structure.

Here is what Section 207(a) of the Foreign Service Act of 1980 says:

excerpt from Foreign Service Act of 1980

 

Quite impressive, yo!

The ambassador is popular with the Estonian public, helped sold Javelin missiles worth $50–$60 million, met so infrequently with senior Estonian Government officials but succeeded, nonetheless, to get Estonia to accept one Gitmo detainee. This report reminds us of those evaluation reports where the drafter attempts walking on water. Excerpts:

  • The Ambassador’s interpersonal skills have enabled him to participate effectively in public affairs and other programing in several parts of the country and have garnered him personal popularity with the Estonian public.
  • His support for the military includes advocacy for U.S. military sales. His efforts have helped secure a sale to the Estonian Government of U.S. Javelin missiles worth $50–$60 million.
  • The Ambassador, however, has not established strong relationships at the Government of Estonia’s ministerial level. In his 2 years as Chief of Mission, he has met infrequently with the Prime Minister or other ministers in the cabinet (less than 12 times during his 24 months in the embassy, in addition to initial courtesy calls or accompanying visitors and at public events). … Despite the infrequency of his meetings with senior Estonian Government officials, the Ambassador successfully led the effort to obtain the government’s acceptance of a Guantanamo detainee—an impressive achievement given the small size of the country and the government’s reluctance.

On getting the Estonians to “yes,” how did he do it? The IG report did not say, which would have been really helpful given how many Gitmo detainees we still need to place elsewhere.

On leadership, the IG report says:

The most significant findings concern the need for stronger leadership from the Ambassador and his greater adherence to ethics principles, Equal Employment Opportunity (EEO) guidelines, and security policies.

Buried in the report is this:

[T]he embassy staff rated the Ambassador below average in leadership categories, including vision, engagement, fairness, and ethics. Segments of the mission community, including some U.S. direct-hire and LE female employees told the OIG team that they feel undervalued. .. Some American and LE staff members gave examples of preferential treatment that the Ambassador afforded to specific employees and interns. It is imperative that the Ambassador reverse these perceptions; he indicated that he is willing to work hard to do so, and he began the process by apologizing to his staff before the inspection team’s departure.

On the EEO program, the report says, “The EEO program at Embassy Tallinn requires attention by embassy leadership.” Oy! What happened?

Non-review of visa issuances/refusals:

The DCM has not met requirements in 9 FAM 41.113 and 9 FAM 41.121 to review nonimmigrant visa issuances and refusals. The most recent regional consular officer report for Tallinn, dated January 2014, states that “[t]he DCM did not meet adjudication review standards…since the last regional officer report visit [in May 2013].” A Bureau of Consular Affairs preinspection report found that standards had also not been met between May 1 and July 30, 2014. The DCM’s review of visa adjudications at single officer embassies is especially important, as no other person provides required oversight and quality control.

Things that happen just before the OIG starts work, or leave post:

  • The Ambassador’s efforts to establish an overall strategic vision, in accordance with 3 Foreign Affairs Manual (FAM) 1214, have not been successful. Few of Embassy Tallinn’s senior leaders can articulate the Ambassador’s overall strategic vision or identify the top priorities contained therein, despite an off-site planning session held just days before the start of the inspection. The Ambassador held the previous planning off site almost 2 years earlier—too long ago to enable employees to have a lasting awareness of his goals and direction. A clear shared vision—key to coordinated team work and productivity—is missing. Greater communication is needed. No structured effort exists to inform the mission employees, including LE staff members, of the outcome of the planning session, which has left a large part of the embassy team uninformed.
  • At the start of the inspection no program was in place for mentoring the mission’s two first- and second-tour (FAST) employees, and some mid-level officers stated that they would welcome mentoring on career development issues. The DCM structured a FAST program and scheduled initial mentoring sessions prior to the inspection team’s departure.

Counsel from EUR/Office of the Legal Adviser?

Elsewhere on the report, it says that “the OIG team identified instances in which the Ambassador did not appear to adhere to established Department rules and regulations. Each instance was small, but collectively they suggest his disregard for adherence to the rules.” It recommends that EUR, in coordination with the Office of the Legal Adviser, should counsel the Embassy Tallinn Ambassador concerning ways to avoid breaches of Department of State rules and regulations.


What the hey?  

[T] he Ambassador has been involved only marginally in efforts that would identify potential opportunities in Estonia for U.S. businesses, as outlined in 18 FAM 015. He agreed to increase efforts in that area, as well as not to pursue Estonian export interests that would not directly result in U.S. jobs.

The IG inspectors cited Section 207(a) of the Foreign Service Act of 1980 on its key findings but forgot Section 207 (c) of the Act?


Oh darn, we almost forgot —  whatabout curtailments?  

Read more about that in U.S. Embassy of Curtailments.


Recusals, anyone?

Embassy Tallinn’s chief of mission is Jeffrey Levine. Prior to his appointment  as ambassador to Estonia, he was the State Department’s director of Recruitment, Examination and Employment from 2010-2012 (HR/REE).

The OIG team who inspected the mission was headed by Marianne Myles who was previously Ambassador to Cape Verde (2008-2010). Prior to her appointment to Cape Verde, she, too was the director of the State Department’s Office of Recruitment, Examination and Employment (HR/REE). She was also Director of Policy Coordination for the Foreign Service’s Director General (DG/HR).

A side note here, HR/REE had three directors spanning at least  six years who went directly from HR to an ambassadorship. (Luis Arreaga, the HR/REE director from 2008-2010 was appointed Ambassador to Iceland from 2010-2013).  This is an extremely small club to belong to.

So we asked Mr. Linick’s office about its recusal policy. Wasn’t IG Linick concerned about potential conflict of interest in this instance? We also asked if there has ever been an instance when OIG inspectors who are/were FS members recused themselves when there is potential or appearance of conflict of interest?

Over the weekend, we received the OIG’s response to our inquiry.  Repeated below in its entirety:

OIG strictly follows the  independence standards established by the Council of the Inspectors General on Integrity and Efficiency (CIGIE).    In order to ensure each inspector is free, both in fact and appearance, from personal, external, and organizational impairments to independence, OIG has a rigorous conflict review within the Office of Inspections (ISP).

Pursuant to this policy, prior to an inspection, every member of the inspection team must review a staffing chart with every employee of the inspected entity, and report, in writing, all prior professional and personal relationships with any such individual.  ISP management  and the Office of General Counsel carefully review this information to ensure that all ISP teams’ members are independent and free from real or apparent conflicts of interest.  This process happens  early in the inspection process as ISP assigns staff to individual teams.   If any such conflicts are identified, ISP takes action to mitigate the conflict, which could include removing a team member from a team.  OIG  provides training to all inspectors on CIGIE independence standards and how to avoid conflicts of interest.

Regarding the Tallin inspection, OIG followed its standard procedure in reviewing input from Ambassador Myles regarding any relationships with employees in Embassy Tallinn and concluded her participation in the inspection was appropriate under CIGIE standards and OIG policy.

So there you go.

We must note that for years, the names of the OIG inspection team members were redacted from these publicly released OIG reports. We have railed about those redactions for various reasons. In 2013, when Steve Linick assumed charge of the OIG — the first Senate-confirmed IG since the 2007 resignation of Howard J. Krongard —  one of his first actions was to release the names of the inspectors with the publicly available reports. We have not forgotten that.

#

OIG Steve Linick Seeks Legislative Support For Kill Switch on State Dept “Investigating Itself”

Posted: 1:41 am EDT

 

The Senate Foreign Relations Subcommittee on State Department management, operations and development held a hearing on April 21 with OIG Steve Linick  on the efficiency and effectiveness of State Department operations.

The video is also available here. Or you can watch here via the SFRC.

Only two senators stayed for the duration of the entire hearing, Senator Timothy M. Kaine of Virginia [D]  and Senator David Perdue of Georgia [R] . It’s quite a change from watching other congressional hearings.  No one was angry or hysterical. No one was tearing up.  The senators seem genuinely interested in hearing what Inspector General Linick had to say. They ask informed, thoughtful questions and follow-up questions. Both have also been hosted overseas during a CODEL or two and have complimentary things to say about the men and women of our diplomatic service.

Senator Ron Johnson of Wisconsin [R] did sit down but just long enough to ask and rail about Benghazi.  Senator Chris S. Murphy of Connecticut D] also came in to question the IG about BBG operations. It sounds like he has a lot of concerns about BBG and is working on efforts to shore up the long floundering red headed step child of global engagement.

IG Linick brought up two main challenges during the hearing, one on the OIG’s IT vulnerability and the other, its interest on getting first dibs when it comes to allegations of criminal or serious administrative misconduct by Department employees. Not “M”, not Diplomatic Security, but for the OIG to get right of first refusal on criminal allegations in the State Department.

Inspector Linick also asked for a flexible hiring authority so the OIG is able to hire retired FS employees and former SIGAR employees. These individuals have the experience OIG needs but they face restrictions under the current hiring authority. We hope he gets it.

We strongly support these asks by the OIG.  The first, because it makes sense. The second, because it’s long overdue.  It will remove the “it depends” mantra over in the Big House.  For the OIG to have real oversight, it should have the right to decide whether to conduct the investigations themselves or not.  That decision should not be left to State Department management. The OIG has already requested that the Department revise its current directives on this, but it doesn’t look like anything happened yet.  We would like to see Congress include this in the State Department congressional authorization.

IG Linick’s prepared testimony is here (pdf). Below is an excerpt:

OIG Network Vulnerabilities

Vulnerabilities in the Department’s unclassified network directly affect OIG’s IT infrastructure, which is part of the same network. We noted in our November 2013 Management Alert on information security that there are thousands of administrators who have access to the Department’s computer network. That access runs freely throughout OIG’s IT infrastructure and increases risk to OIG operations. For example, a large number of Department administrators have the ability to read, modify, or delete any information on OIG’s network including sensitive investigative information and email traffic, without OIG’s knowledge.17 OIG has no evidence that administrators have compromised OIG’s network. At the same time, had OIG’s network been compromised, we likely would not know. The fact that the contents of our unclassified network may be easily accessed and potentially compromised places our independence at unnecessary risk and does not reflect best practices within the IG community. OIG seeks to transition to an independently managed information system, which will require the Department’s cooperation and support from Congress.

A footnote on his prepared statement says that DS and the Bureau of Information Resource Management (State/IRM) recently agreed to notify and receive confirmation from OIG prior to accessing OIG systems in “most circumstances. ” 

Right of First Refusal To Investigate Allegations of Criminal or Other Serious Misconduct

Unlike other OIGs, my office is not always afforded the opportunity to investigate allegations of criminal or serious administrative misconduct by Department employees. Department components, including DS, are not required to notify OIG of such allegations that come to their attention. For example, current Department rules provide that certain allegations against chiefs of mission shall be referred for investigation to OIG or DS. However, that guidance further states that “[in] exceptional circumstances, the Under Secretary for Management may designate an individual or individuals to conduct the investigation.”19 Thus, DS or the Under Secretary may initiate an investigation without notifying us or giving us the opportunity to evaluate the matter independently and become involved, if appropriate. Accordingly, OIG cannot undertake effective, independent assessments and investigations of these matters as envisioned by the IG Act.

The directives establishing this arrangement appear to be unique to the Department. By contrast, the Departments of Defense, Justice, Homeland Security, the Treasury (and the IRS), and Agriculture, all of which had within them significant law enforcement entities prior to the establishment of their respective offices of Inspector General (OIG), defer to their OIGs for the investigation of criminal or serious administrative misconduct by their employees or with respect to their programs. Notice must be provided by all agency components to their respective OIGs of, at a minimum, allegations of misconduct by senior employees. In some agencies, notice must be provided of such allegations with respect to all employees. The respective OIGs have the right to decide whether to conduct investigations themselves or refer matters back to the relevant agency component for investigation or other action. However, in some cases, when requested by OIG to do so, the relevant agency component to which the OIG referred back the matter must report to the OIGs on the progress or the outcome of investigations.

Particularly where senior officials are involved, the failure to refer allegations of misconduct to an independent entity like OIG necessarily creates a perception of unfairness, as management is seen to be, as the U.S. Government Accountability Office (GAO) notes, “investigating itself.”*

This risks undermining confidence in the integrity of the Department. Moreover, this arrangement prevents OIG from carrying out its clear statutory duty, set forth in the IG Act, “to provide policy direction for and to conduct, supervise, and coordinate … investigations relating to the programs and operations” of the Department.

Accordingly, we are seeking legislative support—similar to that provided to other OIGs—for early notification to OIG of allegations of certain types of misconduct. In addition, OIG is seeking legislative clarification of its right to investigate such allegations.23 Current Department directives are a barrier to achieving accountable and transparent government operations.

Here is another footnote:

GAO, Inspectors General: Activities of the Department of State Office of Inspector General at 25-26. (GAO- 07-138, March 2007) ([B]ecause DS reports to the State Department’s Undersecretary [sic] for Management, DS investigations of department employees, especially when management officials are the subjects of the allegations, can result in management investigating itself.”); see also OIG’s Review of Selected Internal Investigations Conducted by the Bureau of Diplomatic Security (ESP-15-01, October 2014) (Department policies and procedures appear to have significant implications and created an appearance of undue influence and favoritism, which undermines public confidence in the integrity of the Department and its leaders).

#

State/OIG to Review Use of Special Government Employees (SGE), Conflicts of Interest Safeguards

Posted: 2:20 am EDT

 

Back in 2013, we blogged about the State Department Special Government Employees:  Who Are the State Dept’s 100 “Special Government Employees”? Dunno But Is Non-Disclosure For Public Good? and this: State Dept refused to name its SGEs because of reasons #1, #2, #3, #4 and … oh right, the Privacy Act of 1974:

At that time, there was a message from Mission Command:

“Good morning, Mr. Hunt (or whoever is available). Your mission, should you choose to accept it, involves the retrieval of all Special Government Employee (SGE) names. There are more than a hundred names but no one knows how many more.  They are padlocked in the Privacy Act of 1974 vault, guarded by a monstrous fire-breathing creature from Asia Minor. PA1974 vault location is currently in Foggy Bottom.  As always, should you or any member of your team be caught or killed, everybody with a badge will disavow all knowledge of your actions. This message will self-destruct in five seconds.  If not, well, find a match and burn.”

Teh-heh!

In January 2014, without Mr. Hunt, the State Department finally released its SGE list as reported by ProPublica here . ProPublica  concluded then that “the list suggests that the status is mostly used for its intended purpose: to allow outside experts to consult or work for the government on a temporary basis.” Which makes one wonder why it wasn’t readily released in the first place.

The recent Clinton email debacle, revived interest on Secretary Clinton’s use of the SGE program that allowed some political allies to work for the government while pursuing private-sector careers. In March, Sen. Charles E. Grassley (R-Iowa), who heads the Judiciary Committee was on it.

Via WaPo:

“The public’s business ought to be public with few exceptions,” Grassley said in a statement Saturday. “When employees are allowed to serve the government and the private sector at the same time and use private email, the employees have access to everything and the public, nothing.”

Senator Grassley’s request to the State Department, apparently not yet answered, is available here.

Last week, Senator Grassley received confirmation that the State Department Office of Inspector General will review the department’s use of the Special Government Employee program. Below is part of Senator Grassley’s statement:

“This program is meant to be used in a limited way to give the government special expertise it can’t get otherwise,” Grassley said.  “Is the program working the way it’s intended at the State Department or has it been turned on its head and used in ways completely unrelated to its purpose?   An independent analysis will help to answer the question.  An inspector general review is necessary. Available information suggests that in at least one case, the State Department gave the special status for employee convenience, not public benefit.”

In response to Grassley’s request, State Department Inspector General Steve Linick confirmed his office “intends to examine the Department’s SGE program to determine if it conforms to applicable legal and policy requirements, including whether or not the program, as implemented, includes safeguards against conflicts of interest.”

Grassley is concerned about potential conflicts of interest arising from a top State Department employee, Huma Abedin, who worked for both the government as a Special Government Employee and an outside firm, Teneo, at the same time.

More about Ms Abedin’s consulting work here.  Senator Grassley’s request to IG Linick is available here.  IG Linick’s response to Senator Grassley is available here.

You get the feeling that State/OIG is the most wanted office in WashDC these days?

#

Email Episode 1472: No Dust Left on Chappaqua Server?

Posted: 11:28 pm PDT

.

.

.
The New York Times also posted the letter from the former secretary of state’s lawyer David E. Kendall to House Chairman Trey Gowdy.  Excerpt below:

There is no basis to support the proposed third-party review of the server that hosted the hdr22@clintonemail.com account. During the fall of 2014, Secretary Clinton’s legal representatives reviewed her hdr22@clintonemail.com account for the time period from January 21, 2009 through February 1, 2013. After the review was completed to identify and provide to the Department of State all of the Secretary’s work-related and potentially work-related emails, the Secretary chose not to keep her non-record personal e-mails and asked that her account (which was no longer in active use) be set to retain only the most recent 60 days of e-mail. To avoid prolonging a discussion that would be academic, I have confirmed with the Secretary’s IT support that no e-mails from hdr22@clintonemail.com for the time period January 21, 2009 through February 1, 2013 reside on the server or on any back-up systems associated with the server.

Page 8 of this 9-page document includes a letter from the State Department’s Under Secretary for Management Patrick Kennedy:

We understand that Secretary Clinton would like to continue to retain copies of the documents to assist her in responding to congressional and related inquiries regarding the documents and her tenure as head of the Department. The Department has consulted with the National Archives and Records Administration (NARA) and believes that permitting Secretary Clinton continued access to the documents is in the public interest as it will help promote informed discussion.

Accordingly, Secretary Clinton may retain copies of the documents provided that: access is limited to Secretary Clinton and those directly assisting her in responding to such inquiries; steps are taken to safeguard the documents against loss or unauthorized access; the documents are not released without written authorization by the Department; and there is agreement to return the documents to the Department upon request. Additionally, following counsel, we ask that, to the extent the documents are stored electronically, they continue to be preserved in their electronic format. In the event that State Department reviewers determine that any document or documents is/are classified, additional steps will be required to safeguard and protect the information.

The  entire Kendall-Gowdy letter is available to read here.

Because it’s Friday, there is also this item from Gawker and ProPublica adding a stranger twist to this  email saga.

 

 

In related news, remember when Michael Schmidt broke the NYT story about  Secretary Clinton’s exclusive use of a personal email account during her entire tenure as Secretary of State? That was on March 2.  On March 25,  Secretary Kerry finally asked the Office of Inspector General to review email and record retention at his agency.  The letter Secretary Kerry sent to IG Steve Linick is available to read here (pdf).

.

I don’t know about you but … it’s that kind of week.

Greys-Anatomy perfectedflaw

Image: Tumblr, perfectedflaw via Mashable

#

Rabbit Hole News: State Dept’s Private Email Usage Policy, Plus Attn: State/OIG – Firecracker Coming Your Way

Posted: 01:47 EST
Updated: 11:19 EST
Updated 15:14 EST

 

Shortly after the NYT broke the story about the former secretary of state’s exclusive used of a personal email account to conduct government business, we sent an inquiry to the State Department’s Office of Inspector General. We don’t know if they could comment about it but we wanted to ask anyway.  We’ve looked at the regs but the FAM is silent on the use of private email, or at least we thought it was. It almost seem as if the rule makers presumed that all employees will be using official email, thus, the rules only spell out the requirement for the preservation of records.

If Secretary Clinton was using a private email account and if her close advisers were also using private email accounts, we wanted to know how is this reconciled with the ability of individuals to FOIA government documents. We were also interested how this would keep other senior or even regular employees from using Yahoo or Gmail to conduct official business.

State/OIG’s response was, “we are not in a position to comment at this time.”

Actually, we asked the wrong questions.

In 2012, we blogged about the OIG inspection report of the U.S. Embassy in Kenya. (See State/OIG Releases Ambassador Scott Gration’s Embassy Report Card – And Look, No Redactions!). We mentioned in passing the ambassador’s use of commercial email for official government business. In light of these news reports that Secretary Clinton exclusively used nongovernment email during her four year tenure as secretary of state, the old 2012 report is getting some legs again.

 

.
Below is an excerpt from that 2012 report specifically addressing the ambassador’s use of commercial email for daily communication of official government business. The ambassador was also slammed for using “a government-owned laptop that is not physically or electronically connected to the Department’s OpenNet network.”  

Mission Leadership Challenge 

Very soon after the Ambassador’s arrival in May 2011, he broadcast his lack of confidence in the information management staff. Because the information management office could not change the Department’s policy for handling Sensitive But Unclassified material, he assumed charge of the mission’s information management operations. He ordered a commercial Internet connection installed in his embassy office bathroom so he could work there on a laptop not connected to the Department email system. He drafted and distributed a mission policy authorizing himself and other mission personnel to use commercial email for daily communication of official government business. During the inspection, the Ambassador continued to use commercial email for official government business. The Department email system provides automatic security, record-keeping, and backup functions as required. The Ambassador’s requirements for use of commercial email in the office and his flouting of direct instructions to adhere to Department policy have placed the information management staff in a conundrum: balancing the desire to be responsive to their mission leader and the need to adhere to Department regulations and government information security standards. The Ambassador compounded the problem on several occasions by publicly berating members of the staff, attacking them personally, loudly questioning their competence, and threatening career-ending disciplinary actions. These actions have sapped the resources and morale of a busy and understaffed information management staff as it supports the largest embassy in sub-Saharan Africa.

Authorized Automated Information Systems 

The Ambassador uses a government-owned laptop that is not physically or electronically connected to the Department’s OpenNet network. Authorized Department OpenNet email systems are available on the Ambassador’s office desktop. According to 12 FAM 544.3 and 11 State 73417 (from the Assistant Secretary for Diplomatic Security to the Ambassador), it is the Department’s general policy that normal day-to-day operations be conducted on an authorized information system, which has the proper level of security controls. The use of unauthorized information systems increases the risk for data loss, phishing, and spoofing of email accounts, as well as inadequate protections for personally identifiable information. The use of unauthorized information systems can also result in the loss of official public records as these systems do not have approved record preservation or backup functions. Conducting official business on non-Department automated information systems must be limited to only maintaining communications during emergencies.

Recommendation 57: Embassy Nairobi should cease using commercial email to process Department information and use authorized Department automated information systems for conducting official business. (Action: Embassy Nairobi)

Source:  Inspection of Embassy Nairobi, Kenya | Report Number ISP-I-12-38A, August 2012 | pdf

 

We should point out that the 2012 report was issued prior to the tenure of IG Steve Linick and Secretary Clinton tenure at the State Department ended in February 2013.  But with 2016 just around the corner, this email debacle will not die a quiet death.

The unclassified cable  STATE 065111 on securing email accounts sent to all overseas posts on June 28, 2011 only says “avoid conducting official Department business from your personal email accounts.”

See the magic word there? It did not say you can’t, only that you shouldn’t.

So for the second day in a row, the subject of the Clinton emails was featured in the Daily Press Briefing. The State Department’s deputy spox, Marie Harf was impressive when she said that “There was no prohibition” on the use of personal email.  She emphasized that “There was not then and there is not now a prohibition on using a personal email for official business, and at the time she was in office, there was no time requirement for when those needed to be preserved as records.”

Entertainment value? High.

In any case, the question that we probably should have asked the OIG is this — if an ambassador was “hammered” for his use of nongovernment, private email, can we presume that ordinary bureaucrats would get a similar treatment? And if this is so  — don’t we then have a set of rules that applied to everyone but the head of the agency?   We originally cited 5 FAM 440 (pdf) as the rules governing  Electronic Records, Facsimile Records, and Electronic Mail Records in the State Department.  But wait —  the 2012 OIG report on Kenya cited 12 FAM 544.3 Electronic Transmission Via the Internet (pdf), a section of the FAM that has been in the rules books since 2005. It says in part:

It is the Department’s general policy that normal day-to-day operations be conducted on an authorized AIS [automated information system], which has the proper level of security control to provide nonrepudiation, authentication and encryption, to ensure confidentiality, integrity, and availability of the resident information. The Department’s authorized telework solution(s) are designed in a manner that meet these requirements and are not considered end points outside of the Department’s management control.
[…]
c. Employees should be aware that transmissions from the Department’s OpenNet to and from non-U.S. Government Internet addresses, and other .gov or .mil addresses, unless specifically directed through an approved secure means, traverse the Internet unencrypted. Therefore, employees must be cognizant of the sensitivity of the information and mandated security controls, and evaluate the possible security risks and then decide whether a more secure means of transmission is warranted (i.e., secure fax, mail or network, etc.)

d. In the absence of a Department-provided secure method, employees with a valid business need may transmit SBU information over the Internet unencrypted after carefully considering that:

(1) SBU information within the category in 12 FAM 541b(7)(a) and (b) must never be sent unencrypted via the Internet;

(2) Unencrypted information transmitted via the Internet is susceptible to access by unauthorized personnel;

(3) Email transmissions via the Internet generally consist of multipoint communications that are routed to their destination through the path of least resistance, which may include multiple foreign and U.S. controlled Internet service providers (ISP);

(4) Once resident on an ISP server, the SBU information remains until it is overwritten;

(5) Unencrypted email transmissions are subject to a risk of compromise of information confidentiality or integrity;

(6) SBU information resident on personally owned computers connected to the Internet is generally more susceptible to cyber attacks and/or compromise than information on government owned computers connected to the Internet;

(7) The Internet is globally accessed (i.e., there are no physical or traditional territorial boundaries). Transmissions through foreign ISPs or servers can magnify these risks; and

(8) Current technology can target specific email addresses or suffixes and content of unencrypted messages.

 

General policies, of course, can have exceptions and if that’s what happened here, wouldn’t it be nice to know who were granted exceptions to use private email accounts besides the secretary of state and why? And did the Legal Advisor or somebody else signed off on those exceptions? Was the clintonemail.com server an authorized AIS [automated information system] of the State Department, and if so, who authorized it?

We cannot predict where this email controversy is going to end, but some Internet sleuth is digging up Dubai, Denmark, Luxembourg in what seems to be an already convoluted matter.  If you read the link below there is an interesting question whether the Clinton e-mail server was hosted for some period of time by an outside hosting firm.  If the hosting firm was based overseas at an external location in Texas or elsewhere,  wouldn’t this be an added headache for cybersecurity and something the OIG’s new Office of Evaluations and Special Projects (ESP) might be interested in?

.

.

While the Inspector General of the State Department might not be in a position to comment about this issue publicly at this time, or might not want to wade into the rabbit hole with this political firecracker, it may not have much of a choice.  Even our apolitical neighbors were dismayed by this.  The perception that the rules may have been applied selectively, based on rank undermines the Service.  That in itself is an excellent excuse to review the entire practice and determine to what extent exceptions were made.  The Republican National Committee has reportedly already asked the Office of Inspector General to look into whether Clinton’s practices led her or the department to violate the Federal Records Act.

It’s only a matter of time before there is a formal congressional request. Heads up State/OIG, this firecracker is heading your way.

* * *

Related post:
So wait — Hillary Clinton never got a state.gov email? What does the FAM say?

Related items:

State Department June 28, 2011 Unclassified Cable 065111 on Securing Email Accounts via (foxnews)

NARA Bulletin 2014-06 | September 15, 2014 – Guidance on Managing Email

NARA Bulletin 2013-03 | September 9, 2013 – Guidance for agency employees on the management of Federal records, including email accounts, and the protection of Federal records from unauthorized removal

NARA Bulletin 2011-03 | December 22, 2010 – Guidance Concerning the use of E-mail Archiving Applications to Store E-mail

OMB | Managing Government Records Directive requires that Federal agencies manage all their email electronically by December 31, 2016.