Posted: 1:25 am EDT
[twitter-follow screen_name=’Diplopundit’ ]
Clip via PostTV
[protected-iframe id=”5bc752fe6db00036072fab3bf7198c29-31973045-31356973″ info=”http://www.washingtonpost.com/posttv/c/embed/4c950cba-c367-11e4-a188-8e4971d37a8d” width=”480″ height=”290″ frameborder=”0″ scrolling=”no” webkitallowfullscreen=”” mozallowfullscreen=”” allowfullscreen=””]
The State Department has multiple automated information systems. All employees, including locally employed staff and contractors (apparently with the exception of Secretary Clinton and who knows how many others), have state.gov email addresses for use in their unclassified workstations. But not everyone has classified access and in some places, you have to go to a controlled location just to read your classified email. Here is a quick description from publicly available documents:
- OpenNet is the Department’s internal network (intranet), which provides access to Department-specific Web pages, email, and other resources.
- ClassNet is the Department’s worldwide national security information computer network and may carry information classified at or below the Secret level.
- SMART-SBU or just “SMART” replaces existing Department of State unclassified email and cable systems with a Microsoft Outlook-based system.
- SMART-C is the Classified State Messaging and Archive Retrieval Toolset
No one “scans” emails for classified material?
The real question seems to be — well, if all her email communication was conducted through a private email server — how can we be sure that no classified and sensitive information were transmitted using her private email account? We can’t, how can we?
However, for ordinary employees with badges and logins, an Information System Security Officer (ISSO) has “read access to the employee’s mailbox to ensure that no messages contain classification levels higher than that allowed on the authorized information system” (see 12 FAM 640-pdf). Which seems to indicate that ISSOs as a matter of course, “scan” State Department electronic mailboxes and files to ensure that there are no material there beyond “Sensitive But Unclassified” in the unclass system, for example.
Moving on to fumigation
Anyways — remember the WikiLeaks fallout? At that time, federal employees and contractors who believe they may have inadvertently accessed or downloaded classified or sensitive information on computers that access the web via non-classified government systems, or without prior authorization, were told to contact their information security offices for assistance.
If the unthinkable does happen, their unclassified computers required the equivalent of um… let’s say, digital “fumigation.” But who does that for private email servers?
The office that handles FOIA requests is the Office of Information Programs and Services (A/GIS/IPS/RL) under the Bureau of Administration. The Department also has its own chief information officer. Can we please have the State Department’s IT and FOIA experts talk about this from the podium? Please, please, please, pretty please, this is getting more painful to watch every day.
In related news — when you see reports that US embassies have been cited multiple times by State/OIG for use of “personal email folders,” we suggest you take a deep breath. That’s not/not the same as the use of personal private emails like Yahoo or Gmail. What those OIG reports are probably referring to are the personal storage folders, also known as .pst files in Microsoft Outlook on the employees’ hard disk drives. Why would you want to save your emails in the personal folders of your computer?
Because a .pst file is kept on your computer, it is not subject to mailbox size limits on the mail server. By moving items to a .pst file on your computer, you can free up storage space in the mailbox on your mail server.
Just because you have classification authority, must you?
Below is an excerpt from the State Department Classification Guide | January 2005, Edition 1 (pdf via the Federation of American Scientists)
High Level Correspondence. This includes letters, diplomatic notes or memoranda or other reports of telephone or face-to-face conversations involving foreign chiefs of state or government, cabinet-level officials or comparable level figures, e.g., leaders of opposition parties. It should be presumed that this type of information should be classified at least CONFIDENTIAL, though the actual level of classification will depend upon the sensitivity of the contained information and classification normally assigned by the U.S. to this category of information. Information from senior officials shall normally be assigned a classification duration of at least ten years. Some subjects, such as cooperation on matters affecting third countries, or negotiation of secret agreements, would merit original classification for up to 25 years.
One thing to remember here, and it’s an important one — the secretary of state is the highest classification authority at the State Department.
(a) In the Department of State authority for original classification of information as ‘‘Top Secret’’ may be exercised only by the Secretary of State and those officials delegated this authority in writing, by position or by name, by the Secretary or the DAS/ CDC, as the senior official, on the basis of their frequent need to exercise such authority.
But why would the USG’s classification guide or classification authority even apply to an email server that apparently is not owned nor physically possessed or maintained by the State Department?
No one is coming out of this smelling like roses
The 67th secretary of state exclusively used private email during her entire tenure at the State Department. She left the State Department on February 1, 2013. The official word is that in October 2014 — to improve record-keeping or something — the State Department “reached out to all of the former secretaries of state to ask them to provide any records they had,” Secretary Clinton reportedly sent back “55,000 pages of documents to the State Department very shortly” after the letter was sent to her. “She was the only former Secretary of State who sent documents back in to this request,” said Ms. Harf. This storyline is not even walking quite straight anymore according to the NYT’s follow-up report of March 5.
What appears clear is that the USG cannot possibly know the answer to the endless questions surrounding these emails since it does not have possession of the private email server used in the conduct of official business. But somebody must know how this set-up came to be in 2009. What originated this, what security, if any were put in placed?
As if we don’t have enough disturbing news … have you seen this?
— NatlSecurityArchive (@NSArchive) March 6, 2015
But 56th took his files with him!
In related news, the National Security Archive filed suit against the State Department this week under the Freedom of Information Act to force the release of the last 700 transcripts of former Secretary of State Henry Kissinger’s telephone calls (telcons). The Archive’s appeal of State’s withholding dates back to 2007.
— NatlSecurityArchive (@NSArchive) March 5, 2015
The 56th secretary of state had reportedly removed the telcons, along with his memcons and office files, from the State Department when he left office at the end of 1976. According to the FOIA-released declassification guide for the State Department “information that still requires protection beyond 25 years should be classified for only as long as considered necessary to protect the national security.”
But … but …it’s been almost 40 years, heeeellloo!
Where are we again? Oh, utterly distressed by this whole thing.
12 FAM 640 DOMESTIC AND OVERSEAS AUTOMATED INFORMATION SYSTEMS CONNECTIVITY (pdf)
Leaked Guccifer emails did say “confidential” but the purported sender of those emails was no longer in USG service and presumably, no longer had any classification authority.