State Dept’s Wibbly Wobbly Jello Stance on Use of Private Email, Also Gummy Jello on Prostitution

Posted: 1:38 am EDT
[twitter-follow screen_name=’Diplopundit’ ]

 

We’ve added to our timeline of the Clinton Email saga (see Clinton Email Controversy Needs Its Own Cable Channel, For Now, a Timeline).

On August 24, 2015, State Dept. Spokesman John Kirby told CNN:  “At The Time, When She Was Secretary Of State, There Was No Prohibition To Her Use Of A Private Email.” Below is the video clip with Mr. Kirby.

Okay, then. Would somebody please get the State Department to sort something out. If there was no prohibition on then Secretary Clinton’s use of a private email, why, oh, why did the OIG inspectors dinged the then ambassador to Kenya, Scott Gration for using commercial email back in 2012? (See OIG inspection of US Embassy Kenya, 2012).

Screen Shot 2015-08-25

Oh, and here’s a more recent one dated August 25, 2015. The OIG inspection of U.S. Embassy Japan (pdf) says this:

In the course of its inspection, OIG received reports concerning embassy staff use of private email accounts to conduct official business. On the basis of these reports, OIG’s Office of Evaluations and Special Projects conducted a review and confirmed that senior embassy staff, including the Ambassador, used personal email accounts to send and receive messages containing official business. In addition, OIG identified instances where emails labeled Sensitive but Unclassified6 were sent from, or received by, personal email accounts.

OIG has previously reported on the risks associated with using commercial email for official Government business. Such risks include data loss, hacking, phishing, and spoofing of email accounts, as well as inadequate protections for personally identifiable information. Department policy is that employees generally should not use private email accounts (for example, Gmail, AOL, Yahoo, and so forth) for official business.7 Employees are also expected to use approved, secure methods to transmit Sensitive but Unclassified information when available and practical.8

OIG report referenced two cables, we’ve inserted the hyperlinks publicly available online: 11 STATE 65111 and 14 STATE 128030 and 12 FAM 544.3, which has been in the rules book, at least since 2005:

12 FAM 544.3 Electronic Transmission Via the Internet  (updated November 4, 2005)

“It is the Department’s general policy that normal day-to-day operations be conducted on an authorized [Automated Information System], which has the proper level of security control to provide nonrepudiation, authentication and encryption, to ensure confidentiality, integrity, and availability of the resident information.”

This section of the FAM was put together by the Office of Information Security (DS/SI/IS) under the Bureau of Diplomatic Security, one of the multiple bureaus that report to the Under Secretary for Management.

Either the somebodies were asleep at the switch, as the cliché goes, or somebody at the State Department gave authorization to the Clinton private server as an Automated Information System.

In any case, the State Department’s stance on the application of regulations on the use of private and/or commercial email is, not wobbly jello on just this one subject or on just this instance.

gummy-bears-o

dancing jello gummy bears

On October 16, 2014, State/OIG released its Review of Selected Internal Investigations Conducted by the Bureau of Diplomatic Security. This review arose out of a 2012 OIG inspection of the Department of State (Department) Bureau of Diplomatic Security (DS). At that time, OIG inspectors were informed of allegations of undue influence and favoritism related to the handling of a number of internal investigations by the DS internal investigations unit. The allegations initially related to eight, high-profile, internal investigations. (See State/OIG Releases Investigation on CBS News Allegations: Prostitution as “Management Issues” Unless It’s NotCBS News: Possible State Dept Cover-Ups on Sex, Drugs, Hookers — Why the “Missing Firewall” Was a Big Deal).

One of those eight cases relate to an allegation of soliciting a prostitute.

The Foreign Affairs Manual (FAM) provides that disciplinary action may be taken against persons who engage in behavior, such as soliciting prostitutes, that would cause the U.S. Government to be held in opprobrium were it to become public.1

In May 2011, DS was alerted to suspicions by the security staff at a U.S. embassy that the U.S. Ambassador solicited a prostitute in a public park near the embassy. DS assigned an agent from its internal investigations unit to conduct a preliminary inquiry. However, 2 days later, the agent was directed to stop further inquiry because of a decision by senior Department officials to treat the matter as a “management issue.” The Ambassador was recalled to Washington and, in June 2011, met with the Under Secretary of State for Management and the then Chief of Staff and Counselor to the Secretary of State. At the meeting, the Ambassador denied the allegations and was then permitted to return to post. The Department took no further action affecting the Ambassador.

OIG found that, based on the limited evidence collected by DS, the suspected misconduct by the Ambassador was not substantiated. DS management told OIG, in 2013, that the preliminary inquiry was appropriately halted because no further investigation was possible. OIG concluded, however, that additional evidence, confirming or refuting the suspected misconduct, could have been collected. For example, before the preliminary inquiry was halted, only one of multiple potential witnesses on the embassy’s security staff had been interviewed. Additionally, DS never interviewed the Ambassador and did not follow its usual investigative protocol of assigning an investigative case number to the matter or opening and keeping investigative case files.

Department officials offered different justifications for handling the matter as a “management issue,” and they did not create or retain any record to justify their handling of it in that manner. In addition, OIG did not discover any guidance on what factors should be considered, or processes should be followed, in making a “management issue” determination, nor did OIG discover any records documenting management’s handling of the matter once the determination was made.

The Under Secretary of State for Management told OIG that he decided to handle the suspected incident as a “management issue” based on a disciplinary provision in the FAM that he had employed on prior occasions to address allegations of misconduct by Chiefs of Mission. The provision, applicable to Chiefs of Mission and other senior officials, states that when “exceptional circumstances” exist, the Under Secretary need not refer the suspected misconduct to OIG or DS for further investigation (as is otherwise required).2 In this instance, the Under Secretary cited as “exceptional circumstances” the fact that the Ambassador worked overseas.3

DS managers told OIG that they viewed the Ambassador’s suspected misconduct as a “management issue” based on another FAM disciplinary provision applicable to lower-ranking employees. The provision permits treating misconduct allegations as a “management issue” when they are “relatively minor.”4 DS managers told OIG that they considered the allegations “relatively minor” and not involving criminal violations.

Office of the Legal Adviser staff told OIG that the FAM’s disciplinary provisions do not apply to Ambassadors who, as in this instance, are political appointees and are not members of the Foreign Service or the Civil Service.5

OIG questions the differing justifications offered and recommends that the Department promulgate clear and consistent protocols and procedures for the handling of allegations involving misconduct by Chiefs of Mission and other senior officials. Doing so should minimize the risk of (1) actual or perceived undue influence and favoritism and (2) disparate treatment between higher and lower-ranking officials suspected of misconduct.6 In addition, OIG concludes that the Under Secretary’s application of the “exceptional circumstances” provision to remove matters from DS and OIG review could impair OIG’s independence and unduly limit DS’s and OIG’s abilities to investigate alleged misconduct by Chiefs of Mission and other senior Department officials.

In the SBU report provided to Congress and the Department, OIG cited an additional factor considered by the Under Secretary—namely, that the Ambassador’s suspected misconduct (solicitation of prostitution) was not a crime in the host country. However, after the SBU report was issued, the Under Secretary advised OIG that that factor did not affect his decision to treat the matter as a “management issue” and that he cited it in a different context. This does not change any of OIG’s findings or conclusions in this matter. 

After the SBU report was issued, the Under Secretary of State for Management advised OIG that he disagrees with the Office of the Legal Adviser interpretation, citing the provisions in the Foreign Service Act of 1980 which designate Chiefs of Mission appointed by the President as members of the Foreign Service. See Foreign Service Act of 1980, §§ 103(1) & 302(a)(1) (22 USC §§ 3903(1) & 3942(a)(1)). 

During the course of that review, State/OIG said it discovered some evidence of disparity in DS’s handling of allegations involving prostitution. Between 2009 and 2011, DS investigated 13 prostitution-related cases involving lower-ranking officials.

The OIG apparently, found no evidence that any of those inquiries were halted and treated as “management issues.”

.

Also, have you heard?  Apparently, DEA now has an updated “etiquette” training for its agents overseas.

That’s all.

Is there a diplomatic way to request that the responsible folks at the State Department culture some real backbone in a petri-dish?

No, no, not jello backbone, please!

#

Advertisements

Daily Press Briefing Needs IT and FOIA Specialists on HRC Emails, Plus HAK Files Go to Court

Posted: 1:25 am EDT
[twitter-follow screen_name=’Diplopundit’ ]

Clip via PostTV

[protected-iframe id=”5bc752fe6db00036072fab3bf7198c29-31973045-31356973″ info=”http://www.washingtonpost.com/posttv/c/embed/4c950cba-c367-11e4-a188-8e4971d37a8d” width=”480″ height=”290″ frameborder=”0″ scrolling=”no” webkitallowfullscreen=”” mozallowfullscreen=”” allowfullscreen=””]

Argghhhh! Whaaat?

Email System

The State Department has multiple automated information systems. All employees, including locally employed staff and contractors (apparently with the exception of Secretary Clinton and who knows how many others), have state.gov email addresses for use in their unclassified workstations.  But not everyone has classified access and in some places, you have to go to a controlled location just to read your classified email.  Here is a quick description from publicly available documents:

    • OpenNet is the Department’s internal network (intranet), which provides access to Department-specific Web pages, email, and other resources.
    • ClassNet is the Department’s worldwide national security information computer network and may carry information classified at or below the Secret level.
    • SMART-SBU or just “SMART” replaces existing Department of State unclassified email and cable systems with a Microsoft Outlook-based system.
    • SMART-C is the Classified State Messaging and Archive Retrieval Toolset

 

No one “scans” emails for classified material?

The real question seems to be — well, if all her email communication was conducted through a private email  server —  how can we be sure that no classified and sensitive information were transmitted using her private email account?  We can’t, how can we?

However, for ordinary employees with badges and logins, an Information System Security Officer (ISSO) has “read access to the employee’s mailbox to ensure that no messages contain classification levels higher than that allowed on the authorized information system” (see 12 FAM 640-pdf). Which seems to indicate that ISSOs as a matter of course, “scan” State Department electronic mailboxes and files to ensure that there are no material there beyond “Sensitive But Unclassified” in the unclass system, for example.


Moving on to fumigation

Anyways — remember the WikiLeaks fallout? At that time, federal employees and contractors who believe they may have inadvertently accessed or downloaded classified or sensitive information on computers that access the web via non-classified government systems, or without prior authorization, were told to contact their information security offices for assistance.

If the unthinkable does happen, their unclassified computers required the equivalent of um… let’s say, digital “fumigation.” But who does that for private email servers?

The office that handles FOIA requests is the Office of Information Programs and Services (A/GIS/IPS/RL) under the Bureau of Administration. The Department also has its own chief information officer. Can we please have the State Department’s IT and FOIA experts talk about this from the podium?  Please, please, please, pretty please, this is getting more painful to watch every day.

 

[grabpress_video guid=”7ebdc05049ec1cf964f05708abe166946e545cb4″]

 

In related news — when you see reports that US embassies have been cited multiple times by State/OIG for use of  “personal email folders,” we suggest you take a deep breath.  That’s not/not the same as the use of personal private emails like Yahoo or Gmail. What those OIG reports are probably referring to are the personal storage folders, also known as  .pst files in Microsoft Outlook on the employees’ hard disk drives. Why would you want to save your emails in the personal folders of your computer?

Because a .pst file is kept on your computer, it is not subject to mailbox size limits on the mail server. By moving items to a .pst file on your computer, you can free up storage space in the mailbox on your mail server.

 

Just because you have classification authority, must you?

Below is an excerpt from the State Department Classification Guide | January 2005, Edition 1 (pdf via the Federation of American Scientists)

High Level Correspondence. This includes letters, diplomatic notes or memoranda or other reports of telephone or face-to-face conversations involving foreign chiefs of state or government, cabinet-level officials or comparable level figures, e.g., leaders of opposition parties. It should be presumed that this type of information should be classified at least CONFIDENTIAL, though the actual level of classification will depend upon the sensitivity of the contained information and classification normally assigned by the U.S. to this category of information. Information from senior officials shall normally be assigned a classification duration of at least ten years. Some subjects, such as cooperation on matters affecting third countries, or negotiation of secret agreements, would merit original classification for up to 25 years.

One thing to remember here, and it’s an important one — the secretary of state is the highest classification authority at the State Department.

CFR 2005 Title 22 Volume I Section 9-10:

(a) In the Department of State authority for original classification of information as ‘‘Top Secret’’ may be exercised only by the Secretary of State and those officials delegated this authority in writing, by position or by name, by the Secretary or the DAS/ CDC, as the senior official, on the basis of their frequent need to exercise such authority.

But why would the USG’s classification guide or classification authority even apply to an email server that apparently is not owned nor physically possessed or maintained by the State Department?


No one is coming out of this smelling like roses

The 67th secretary of state exclusively used private email during her entire tenure at the State Department. She left the State Department on February 1, 2013.  The official word is that in October 2014 — to improve record-keeping or something — the State Department “reached out to all of the former secretaries of state to ask them to provide any records they had,” Secretary Clinton reportedly sent back “55,000 pages of documents to the State Department very shortly” after the letter was sent to her. “She was the only former Secretary of State who sent documents back in to this request,” said Ms. Harf.  This storyline is not even walking quite straight anymore according to the NYT’s follow-up report of March 5.

What appears clear is that the USG cannot possibly know the answer to the endless questions surrounding these emails since it does not have possession of the private email server used in the conduct of official business. But somebody must know how this set-up came to be in 2009.  What originated this, what security, if any  were put in placed?

As if we don’t have enough  disturbing news … have you seen this?

 

But 56th took his files with him!

In related news,  the National Security Archive  filed suit against the State Department this week under the Freedom of Information Act to force the release of the last 700 transcripts of former Secretary of State Henry Kissinger’s telephone calls (telcons). The Archive’s appeal of State’s withholding dates back to 2007.

.

 

The 56th secretary of state had reportedly removed the telcons, along with his memcons and office files, from the State Department when he left office at the end of 1976. According to the FOIA-released declassification guide for the State Department “information that still requires protection beyond 25 years should be classified for only as long as considered necessary to protect the national security.”

But … but …it’s been almost 40 years, heeeellloo!

Where are we again? Oh, utterly distressed by this whole thing.

 

 

Related post:

Don’t read WL from your workstation, if read elsewhere make sure you wash your eyes or you go blind….

 

Related items:

It could be very long time before Hillary Clinton’s State Department e-mails see the light of day (WaPo)

12 FAM 640  DOMESTIC AND OVERSEAS AUTOMATED INFORMATION SYSTEMS CONNECTIVITY (pdf)

Leaked Guccifer emails did say “confidential” but the purported sender of those emails was no longer in USG service and presumably, no longer had any classification authority.

 

Snapshot: State Dept FY2014 FOIA Personnel and Costs

Posted: 9:46 am EST
[twitter-follow screen_name=’Diplopundit’ ]

 

Via FY 2014 FOIA Annual Report:

During this fiscal year the Department experienced a 60 percent increase in FOIA lawsuits over fiscal year 2013. The majority of new lawsuits involved voluminous sensitive records that required careful coordination with other federal agencies. To meet the demands of this upswing in FOIA lawsuits, the Department reallocated resources from FOIA processing to FOIA litigation, which directly impacted efforts to manage and reduce the backlog of pending FOIA requests that are not in litigation.

Despite all efforts, including employing best practices established during the successful backlog reduction project in fiscal year 2013 as well as processing over 88 percent of the thousands of referrals that were pending from last fiscal year and received by the Department this fiscal year, the FOIA request backlog rose by 15.8 percent this fiscal year. However, the Department achieved a significant reduction in the FOIA appeal backlog lowering the backlog by 13.7 percent. The Department also closed its ten oldest requests and consultations. These accomplishments are especially noteworthy in light of the fact that the Department reallocated FOIA processing resources to address large, complex FOIA litigation cases and to provide assistance to the Department on significant special document productions throughout the fiscal year.

Note that the number of FOIA requests and administrative appeals backlogs at the end of FY2014 (September 30,2014) is 10,045 or 1,376 cases more than FY2013. Processing of simple FOIA cases can take anywhere between 3 days to 1,576 days or 4.3 years. Processing complex cases can take anywhere between 11 days to 2,237 days or 6.1 years. The average number of days for processing expedited FOIA cases is 385.6 days. (see pdf)

In the table below, the “Equivalent Full-Time FOIA Employees” include When Actually Employed (WAE) former Foreign Service Officers who perform document review and students who work part-time throughout the year to process FOIA requests. Note that the breakdown of personnel does not identify exactly how many WAE and how many students are working FOIA cases, only that they are equivalent to “full-time employees.”  WAE employees have no regularly scheduled tour of duty and the hours worked cannot exceed 1,040 in a calendar year. As for the students, we don’t know how many students rotate through the FOIA office requiring training every year.   Also useful to know that each bureau has its own WAE application and appointment procedures and the ability to hire is limited by the bureau’s budgets.

Screen Shot 2015-03-08

According to the annual report, the processing costs below include “a percentage of the costs incurred by IT staff who were employed to support the FOIA program as one of their major duties”  The IT staffing numbers are not reflected in personnel data column so we also have no idea how many IT staff supports the FOIA office.

Screen Shot 2015-03-08

 #

In related news:

 #