No one “scans” emails for classified material?

The real question seems to be — well, if all her email communication was conducted through a private email  server —  how can we be sure that no classified and sensitive information were transmitted using her private email account?  We can’t, how can we?

However, for ordinary employees with badges and logins, an Information System Security Officer (ISSO) has “read access to the employee’s mailbox to ensure that no messages contain classification levels higher than that allowed on the authorized information system” (see 12 FAM 640-pdf). Which seems to indicate that ISSOs as a matter of course, “scan” State Department electronic mailboxes and files to ensure that there are no material there beyond “Sensitive But Unclassified” in the unclass system, for example.

Moving on to fumigation

Anyways — remember the WikiLeaks fallout? At that time, federal employees and contractors who believe they may have inadvertently accessed or downloaded classified or sensitive information on computers that access the web via non-classified government systems, or without prior authorization, were told to contact their information security offices for assistance.

If the unthinkable does happen, their unclassified computers required the equivalent of um… let’s say, digital “fumigation.” But who does that for private email servers?

The office that handles FOIA requests is the Office of Information Programs and Services (A/GIS/IPS/RL) under the Bureau of Administration. The Department also has its own chief information officer. Can we please have the State Department’s IT and FOIA experts talk about this from the podium?  Please, please, please, pretty please, this is getting more painful to watch every day.

[grabpress_video guid=”7ebdc05049ec1cf964f05708abe166946e545cb4″]

In related news — when you see reports that US embassies have been cited multiple times by State/OIG for use of  “personal email folders,” we suggest you take a deep breath.  That’s not/not the same as the use of personal private emails like Yahoo or Gmail. What those OIG reports are probably referring to are the personal storage folders, also known as  .pst files in Microsoft Outlook on the employees’ hard disk drives. Why would you want to save your emails in the personal folders of your computer?

Because a .pst file is kept on your computer, it is not subject to mailbox size limits on the mail server. By moving items to a .pst file on your computer, you can free up storage space in the mailbox on your mail server.

Just because you have classification authority, must you?

Below is an excerpt from the State Department Classification Guide | January 2005, Edition 1 (pdf via the Federation of American Scientists)

High Level Correspondence. This includes letters, diplomatic notes or memoranda or other reports of telephone or face-to-face conversations involving foreign chiefs of state or government, cabinet-level officials or comparable level figures, e.g., leaders of opposition parties. It should be presumed that this type of information should be classified at least CONFIDENTIAL, though the actual level of classification will depend upon the sensitivity of the contained information and classification normally assigned by the U.S. to this category of information. Information from senior officials shall normally be assigned a classification duration of at least ten years. Some subjects, such as cooperation on matters affecting third countries, or negotiation of secret agreements, would merit original classification for up to 25 years.

One thing to remember here, and it’s an important one — the secretary of state is the highest classification authority at the State Department.

CFR 2005 Title 22 Volume I Section 9-10: