Ex-Chief Information-Disclosure Guru on Hillary’s Email Defense and the Folks Asleep at the Switch

Posted: 12:40  am EDT
[twitter-follow screen_name=’Diplopundit’ ]

 

.

Dan Metcalfe spent more than thirty years working at the U.S. Department of Justice where he served from 1981 to 2007 as director of the Office of Information and Privacy. He was responsible for overseeing the implementation of the FOIA throughout the entire executive branch. He now teaches secrecy law at American University’s Washington College of Law. His deconstruction of the former secretary of state’s explanation on her exclusive use of private email is probably the best one we’ve seen so far. There is also an analysis here from the National Security Archive.

Below is an excerpt from the op-ed piece Mr. Metcalfe wrote for Politico:

[T]here is the compounding fact that Secretary Clinton did not merely use a personal email account; she used one that atypically operated solely through her own personal email server, which she evidently had installed in her home. This meant that, unlike the multitudes who use a Gmail account, for instance, she was able to keep her communications entirely “in house,” even more deeply within her personal control. No “cloud” for posterity, or chance of Google receiving a congressional subpoena—not for her. No potentially pesky “metadata” surrounding her communications or detailed server logs to complicate things. And absolutely no practical constraint on her ability to dispose of any official email of “hers,” for any reason, at any time, entirely on her own. Bluntly put, when this unique records regime was established, somebody was asleep at the switch, at either the State Department or the National Archives and Records Administration (which oversees compliance with the Federal Records Act)—or both.

[…] as Secretary Clinton might like to claim personal “credit” for this successful scheme when talking with her friends about it within the privacy of her own home—perhaps while leaning against her private Internet server in her basement—the fact is that she didn’t invent this form of law circumvention; she just uniquely refined it. Yes, it was the Bush administration—specifically, the White House Office of Administration in concert with Vice President Dick Cheney, Karl Rove and the Republican National Committee—that likewise succeeded with wholesale email diversion back in the pre-smartphone days of freewheeling Blackberry usage.

Unfortunately for all of us, the competition for perverse “honors” in the world of circumventing both the letter and the spirit of federal records laws is indeed quite stiff.

Read more here in Politico Magazine.

An internet security expert tells Quartz  that a home server is “kind of like putting your money in your mattress.”

.

.

It did, did’t it? Lockbox.

Then there’s this guy who in 1994 was a 22 year old who worked as a computer programmer for a company called Information Management Consultants tasked with sorting through presidential docs in 1993.  He wondered if the Clinton team included technical wizards who designed a flawless keyword search when combing through her emails:

If so, she should release technical documentation of the search algorithm, the test procedure, and the test results — assuming they tested it. Without that information, we have no basis for sharing Hillary Clinton’s “absolute confidence” that the State Department has received all her work-related email communication.

Hey, wouldn’t it be nice to know who should get a large medal for being asleep at the switch at the State Department on this? Asleep at the switch doesn’t sound very good but perhaps it is a kinder version for whatever it was that happened at HST.

#

Advertisements

OIG: Only 41,749 State Dept Record Emails Preserved Out Of Over a Billion Emails Sent

Posted: 4:29 pm EDT
Updated: March 12, 9:29 pm PST
[twitter-follow screen_name=’Diplopundit’ ]

State Department deputy spokeswoman Marie Harf told CNN that since the inspector general is independent from the department “they will have to speak to the timing and details of releasing this report, which they control.”

So we asked the IG and we’re told that “the timing of the release of this report (ISP-I-15-15) was purely coincidental to the recent email issue.”

*

State/OIG did a review (pdf) of the Department’s State Messaging and Archive Retrieval Toolset (SMART) and Record Email in Washington, DC, between January 24 and March 15, 2014. According to the OIG, in 2013, Department employees created 41,749 record emails. These statistics are similar to numbers from 2011, when Department employees created 61,156 record emails out of more than a billion emails sent. Department officials have noted that many emails that qualify as records are not being saved as record emails.

Below are the highlights of the OIG review:

  • A 2009 upgrade in the Department of State’s system facilitated the preservation of emails as official records. However, Department of State employees have not received adequate training or guidance on their responsibilities for using those systems to preserve “record emails.” In 2011, employees created 61,156 record emails out of more than a billion emails sent. Employees created 41,749 record emails in 2013.
  • Record email usage varies widely across bureaus and missions. The Bureau of Administration needs to exercise central oversight of the use of the record email function.
  • Some employees do not create record emails because they do not want to make the email available in searches or fear that this availability would inhibit debate about pending decisions.
  • System designers in the Bureau of Information Resource Management need more understanding and knowledge of the needs of their customers to make the system more useful. A new procedure for monitoring the needs of customers would facilitate making those adjustments.

Additional details from the OIG report:

The need for official records

The Department of State (Department) and its employees need official records for many purposes: reference in conducting ongoing operations; orientation of successors; defending the U.S. Government’s position in disputes or misunderstandings; holding individuals accountable; recording policies, practices, and accomplishments; responding to congressional and other enquiries; and documenting U.S. diplomatic history. Record preservation is particularly important in the Department because Foreign Service officers rotate into new positions every 2 or 3 years. Federal law requires departments, agencies, and their employees to create records of their more significant actions and to preserve records according to Governmentwide standards.

Who has responsibility for the preservation of official records?

Every employee in the Department has the responsibility of preserving emails that should be retained as official records.3 The Office of Information Programs and Services in the Bureau of Administration’s Office of Global Information Services (A/GIS/IPS) is responsible for the Department’s records management program, including providing guidance on the preservation of records for the Department and ensuring compliance. IRM administers the enterprise email system, including SMART, and therefore provides the technical infrastructure for sending and receiving emails and preserving some as record email.

What constitute official records? 

If an employee puts down on paper or in electronic form information about “the organization, functions, policies, decisions, procedures, operations, or other activities of the Government,” the information may be appropriate for preservation and therefore a record according to law, whether or not the author recognizes this fact. Whether the written information creates a record is a matter of content, not form. Federal statutes, regulations, presidential executive orders, the Foreign Affairs Manual (FAM), Department notices, cables, and the SMART Messaging Guidebook contain the criteria for creating and maintaining official records and associated employee responsibilities.

Which email messages should be saved as records?

According to Department guidance referenced above, email messages should be saved as records if they document the formulation and execution of basic policies and actions or important meetings; if they facilitate action by agency officials and their successors in office; if they help Department officials answer congressional questions; or if they protect the financial, legal, and other rights of the government or persons the government’s actions directly affect. Guidance also provides a series of questions prompting employees to consider whether the information should be shared, whether the successor would find the email helpful, whether it is an email that would ordinarily be saved in the employee’s own records, whether it contains historically important information, whether it preserves the employee’s position on an issue, or whether it documents important actions that affect financial or legal rights of the government or the public.

 

The OIG report notes that it has previously examined the Department’s records management, including electronic records management, in its 2012 inspection of A/GIS/IPS. OIG found that A/GIS/IPS was not meeting statutory and regulatory records management requirements because, although the office developed policy and issued guidance on records management, it did not ensure proper implementation, monitor performance, or enforce compliance. OIG also noted that, although SMART users can save emails as records using the record email function, they save only a fraction of the numbers sent. OIG recommended that the Bureau of Administration implement a plan to increase the number of record emails saved in SMART.

That was in 2012.

The OIG team also found that “several major conditions impede the use of record emails: an absence of centralized oversight; a lack of understanding and knowledge of record-keeping requirements; a reluctance to use record email because of possible consequences; a lack of understanding of SMART features; and impediments in the software that prevent easy use.”

To show how misunderstood is the requirement to save record emails, see the following chart. The U.S. Embassy in Hanoi had 993 record emails compared to US Embassy Islamabad that only had 121 record emails preserved. The US Consulate General in Guangzhou had 2 record emails while  USCG Ho Chi Minh City had 539. It looks like the US Embassy in Singapore with 1,047 record emails had the highest record emails preserved in 2013. The frontline posts like Baghdad had 303, Kabul had 61, Sana’a had 142 and Tripoli had 10 record emails in 2013. The only explanation here is that the folks in Singapore had a better understanding of record email requirements than the folks in our frontline posts. Given that the turn-over of personnel at these frontline posts is more frequent, this can have consequential outcome not just in the public’s right to know but in continuity of operations.

Screen Shot 2015-03-11

Again, via the OIG:

Many inspections of embassies and bureaus have found that the use of SMART and the record email function are poorly understood. This lack of understanding is one of the principal causes of the failure of U.S. embassies to use record email more often. The inspections show that many employees do not know what types of emails should be saved as record emails. The employees typically need more and clearer guidance and more training. OIG has made formal and informal recommendations to increase the use of record email, to write and distribute formal embassy or bureau guidance on record email, and to arrange for training.

The A/GIS/IPS office is under the Assistant Secretary for the Bureau of Administration, an office that reports to the Under Secretary for Management (M). The Bureau of Information Resource Management (IRM) also reports to M.

 #