Being Legal Counsel to Somebody with Security Clearances

Related Post Roulette

75 Responses

  1. Avatar Jaybird says:

    I think that there are two questions here with two different answers.

    The first is whether you’d need to have a particular clearance to represent someone with a clearance who needs representation.

    The second is whether you’d need to have a particular clearance to be part of the chain of custody of evidence that contains classified information.

    It seems to me that the answer to the former would have to be “no” based on how byzantine the process for getting a clearance seems to be.

    I don’t know for certain but here is my thought process: to defend someone accused of mishandling nuclear secrets (or whatever), you don’t need to look at the nuclear secrets. The nuclear secrets can be a McGuffin. You just need to establish whether the McGuffin is classified or not at which point the issue is one of handling/mishandling the McGuffin.

    Now the *SECOND* question strikes me as being the question that will turn this turbulent.Report

    • Avatar Morat20 says:

      Also depends on how the materials are stored, when the materials were marked ‘classified’ and whether said materials were even marked.

      IT requirements here (dealing with everything from proprietary business data to classified government data) is the use of Ironkey or similar. Because if you lose it or leave it (which happens a LOT with thumb drives), it’s still secure even if Joe Blow the Evil Foreign Agent picks it up.

      So if your lawyer has a thumb drive of classified data he can’t access or read (lacking your password), does he have access to classified data? Or a thumb drive full of useless bits?Report

      • Avatar Jaybird says:

        Does “I didn’t touch it or read it” matter for chain of custody issues?Report

        • Avatar Michael Cain says:

          One of the lawyers here ought to do a post about chain of custody in an electronic age. Ditto for the process of discovery. 15 or so years ago the (several) computers in my cubicle were subject to discovery in an intellectual property lawsuit. I wasn’t asked about configurations, and wasn’t allowed to be present while the legal dept and their IT person did whatever they did. After consulting log files in the (several) Linux boxes afterwards — I needed to know what if anything they had broken — I feel pretty safe in guaranteeing that large numbers of possibly relevant “documents” were never looked at.Report

          • Avatar nevermoor says:

            The short answer is that any company that sees an upcoming need for ediscovery (which, let’s face it, is all but the smallest companies) should prepare by using an ediscovery-friendly document management system (e.g.).

            Then it becomes trivially easy to do filtering, review, and production.

            Otherwise, the proper approach is to identify “custodians” (i.e. employees who may have relevant documents), interview each of them about their storage practices (paper docs, network drives, local backups, etc), collect all of it, ingest all of it into an ediscovery review tool, then finally apply filters/keywords/whatever before doing production review.

            There isn’t really a “chain of custody” issue, but there is the need for someone (usually at the law firm) to certify that production was completed.Report

            • Avatar Michael Cain says:

              Also a very broad definition of document. The part of my work that would have mattered if it had become part of the case was an impromptu software research project that had grown over a period of years. The “documents” were the source code, an ever-growing, ever-changing thing. Much of the IP issue would have come down to “When were certain types of changes introduced into the code?” Ideally the project(s) should have been handled by an auditable version control system from the beginning; within corporate IT, there were practical difficulties with doing that.Report

        • Avatar Morat20 says:

          I dunno. That’s why I asked. Hereabouts, if I were to give my lawyer an thumb drive of documents, he’d get an Ironkey thumb drive with the understanding that he wouldn’t get the password unless the files were required to be accessed (either by my lawyer or the courts).

          I don’t know why HRC’s lawyer has the thumb drive — it could be anything from “I was required to turn over these documents to a Congressional committee (hilariously the Benhazi committee — they’re still pounding that)” and so had her lawyer do it (like, you know, the way most people with the means to afford lawyers turn over information to Courts and Court-equivalents) to “I want a third party to have copies when the selective leaking and lying begins to prevent claims I altered it in response to leaks”.

          If he doesn’t have the password, he has a brick. If he was turning it over to the courts, he’d presumably have the password. Or perhaps he was the one doing due diligence on the ‘classified’ aspect.

          Does he have a security clearance? I dunno, but if anyone’s personal lawyer is like to have one it’s the lawyer of a former Secretary of State who is also the wife of a former President.

          (Seriously, if I was Secretary of State I’d probably make sure my lawyer got clearance for at least the low level stuff like this. If nothing else, I’d want to make sure my lawyer was clean, since I’m freaking Secretary of State).Report

          • Avatar zic says:

            From the NPR fact check:

            Wonderlich also found it ethically challenged, if not legally, for Clinton and her team to have been the filter for her emails:

            “The final arbiter of what’s public or what’s turned over to Congress shouldn’t be private staff working for Hillary Clinton. It should be State Department employees who are bound by duty to the public interest.”Wonderlich also found it ethically challenged, if not legally, for Clinton and her team to have been the filter for her emails:

            “The final arbiter of what’s public or what’s turned over to Congress shouldn’t be private staff working for Hillary Clinton. It should be State Department employees who are bound by duty to the public interest.”

            I would presume Clinton’s team was her lawyer and his staff, perhaps working with a personal assistant? I don’t think she sifted through 60,000-odd emails, do you?Report

            • Avatar Morat20 says:

              Depends on how the vetting was done. I’d imagine the lawyer was part of it, though.

              Myself, I’d start with a simple script looking for classified tags in the plain text and have someone review any attached documents (you can parse them, but it’s harder to parse things like scanned documents for words).

              Of course you’d take any purely personal emails and remove them from consideration (emails to Clinton from non-governmental, US citizens. Relatives, friends not working in government, etc).

              I think the interesting thing is the speculation here that, obviously, the lawyer lacks clearance or having the thumb drive is against the law. He’s a lawyer. You’d think that, if that were the case, he’d inform his or her client hat he’s not taking the bloody thumb drive as it’s against the law.

              So either the lawyer is cheerfully engaged in highly visible law-breaking (this WAS for a Congressional hearing), is totally unaware of the law dealing with classified materials (seems odd given that’s the topic), or is totally in the clear either because of the law or his own status.Report

            • Avatar Jaybird says:

              I would presume Clinton’s team was her lawyer and his staff, perhaps working with a personal assistant

              Low-balling this, we’re talking the lawyer (1 person), his staff (2 people), and a personal assistant (1 person). That’s 4 people. If even one of them was not cleared, would we agree that this has been mishandled?

              Is it more fair to assume that these 4 people have been cleared or is it more fair to say “this is something that needs to be demonstrated”?Report

              • Avatar Morat20 says:

                Is it more fair to assume that these 4 people have been cleared or is it more fair to say “this is something that needs to be demonstrated”?

                Has to be demonstrated.

                If, for instance, staffer 4 wrote a PERL script that parsed all cleartext emails looking for emails marked with a lengthy series of words (ranging from TOP SECRET to just the word “classified”, which was then run by someone with clearance…does that count? Staffer 4 wrote a script, but never saw any text.

                Honestly, it feels like everyone’s just assuming it wasn’t on the up-and-up and is straining at gnats, generating hypothetical after hypothetical.

                “Maybe the lawyer wasn’t cleared!”. Maybe he was. Why would you assume he wasn’t? It’s the lawyer for a former Secretary of State. Well, maybe the people had helping him weren’t cleared. Maybe they were — the lawyer was looking for classified material, would he choose people who weren’t cleared?

                Although in the real world, I suspect something like the following: HRC is ordered to turn over all these emails as part 55 of Benghazi, Surely There’s Something. She takes it to the lawyer she’s had for years, who contracts the job out to a company in the DC or Virginia area who specialize in something similar, probably filled with ex-government people who find it more lucrative to do this then toil in a basement in DC — but retain security clearances.

                She gives a secured thumb drive to her lawyer and one to the contractors.

                They parse her email, looking for the identifiers of classified materials (the markings, almost certainly) and report “We didn’t find anything”. Hillary reports that and turns over copies to the Benghazi, One Day We’ll Find Something, committee.

                I’d imagine there’s a dozen or more firms in DC and Virginia that specialize in data mining and analytics with security clearances.Report

              • Avatar Jaybird says:

                “Maybe the lawyer wasn’t cleared!”. Maybe he was. Why would you assume he wasn’t? It’s the lawyer for a former Secretary of State. Well, maybe the people had helping him weren’t cleared. Maybe they were — the lawyer was looking for classified material, would he choose people who weren’t cleared?

                From what I understand, this isn’t a criminal investigation but a national security one.

                I think that the assumptions on the part of the investigators are of the form “please provide documentation proving that the lawyer is cleared” rather than “we are going to prove that the lawyer is not”.

                Is there a system that can quickly verify whether a particular person is cleared or not? (There must be, right?)

                This is something that is so easily provable that arguing that we should assume yes or assume no is almost silly. It’s demonstrable.

                Has it been demonstrated?Report

              • Avatar Morat20 says:

                Actually, as I understand it it’s an IG investigation. Which means it’s no more “processes and procedures” and less “witch-hunt”.

                And the only reason you’ve even heard of it, much less care, is because of the Benghazi committee.

                Which should make you a little suspicious before swallowing, given their history.Report

              • Avatar Jaybird says:

                This is something that is so easily provable that arguing that we should assume yes or assume no is almost silly. It’s demonstrable.

                Has it been demonstrated?Report

              • Avatar zic says:

                It is not an unreasonable thing to ask.

                But as an aside, I wonder, at what point does the pile of reasonable questions, asked to determine if Hillary’s done something shady, all perfectly reasonable as individual questions and turning up a squat, reaches some level of harassment?Report

              • Avatar zic says:

                Low-balling this, we’re talking the lawyer (1 person), his staff (2 people), and a personal assistant (1 person). That’s 4 people. If even one of them was not cleared, would we agree that this has been mishandled?

                Yes, I would, though qualified with wanting to know how security tags should have functioned throughout the process. If there were no tags suggesting the stuff was classified, I’d have some system issues.Report

              • Avatar Burt Likko says:

                By “personal assistant,” do we mean Secretary Clinton’s assistant, the lovely and talented Huma Abedin? If so, it’s quite likely she is cleared since she was working closely with Clinton when she was actively serving as Secretary of State.

                Or do we mean the attorney’s “assistant?” I can’t speak for how other firms do business. Everywhere I’ve worked, the team doing the hands-on work on a matter has consisted of 1) a senior attorney, typically the one who originated the work, sculpts the general strategy, and has a relationship with the client; 2) a more junior associate attorney, who does the bulk of the actual hands-on legal work and might have a hand in sculpting the strategy as well as executing it; and 3) a single assistant, usually called a “paralegal” or sometimes a “legal secretary,” who handles the physical and electronic documents.Report

              • Avatar nevermoor says:

                Not to disagree too strongly, but for this many docs I’d expect outsourced reviewers (still attorneys, so still privileged) to do the bulk of the tagging. Since these are emails, I assume classified docs would have identifying metadata that would allow them to be filtered out so those reviewers don’t see the docs at issue in this thread.

                I’d be stunned if there aren’t people with sufficient access to see the classified docs. That said, the points elsewhere about that being easily provable are true (and shouldn’t be privileged). At minimum, the senior lawyer should be able to do a declaration stating that no classified docs were reviewed by people without sufficient clearance.Report

              • Avatar Morat20 says:

                Can he? I mean, this is all being done by a Congressional committee (that’s where all the leaks are from) or from an IG investigation?

                I’d be shocked it Clinton or her lawyers were allowed to talk freely about it, whereas of course the Honored Congressmen of the Benhazi Select Committee can say whatever they want. (And in fact, such enlightened gentlemen and women have endangered or otherwise canned prosecutions and investigations in the past by opening their gobs).Report

              • Avatar nevermoor says:

                I’d be shocked it Clinton or her lawyers were allowed to talk freely about it

                Why? “I directed the production of records requested by [the Benghazi lunatics / IG / whoever]. I certify that the attached production is complete and that no classified information was disclosed to anyone without proper clearance.”

                Doesn’t seem different from what everyone does in e-discovery when required. What would prevent it?Report

              • Avatar Michael Cain says:

                And she’s already said it, repeatedly. Also, “By statute, I’m not allowed to personally disclose the contents of those records; you’ll have to talk to the Department of State about that.”Report

              • Avatar nevermoor says:

                And I’m not saying I have a problem with that. But for those who are convinced she’s a liar (not me! I think she’ll be a very good president but not Obama level) it won’t be the least bit persuasive.Report

  2. Avatar Kim says:

    As always, it depends. Some stuff is so sensitive that the answer is pretty much “no”. [but maybe not law, so much as executive rulemaking governing “holy shit” level secrecy. Lawyer client privilege may as a matter of law extend to things that the executive branch would far rather it not.]

    HRC may not have anything that is that sensitive, however (she’s not a spymaster, seriously!). So far I’m only hearing Top Secret, which in classic bureaucratic shenanigans isn’t all that secret.Report

  3. Avatar zic says:

    Here’s an NPR fact check.

    The bottom line is this: No one will likely ever know what was deleted from Clinton’s server. Barring one of the 30,000 emails Clinton turned over to the State Department being deemed “classified,” it’s also unlikely she will ever be found to have violated the letter of the law.

    Report

    • Avatar notme says:

      If you were brainwashed you might think that the server was wiped for that reason. However we all know there’s nothing shady about the Clintons.Report

    • Avatar Jaybird says:

      Barring one of the 30,000 emails Clinton turned over to the State Department being deemed “classified,” it’s also unlikely she will ever be found to have violated the letter of the law.

      I thought that investigators have determined that a non-zero number of the 30,000 emails Clinton turned over to the State Department were, in fact, deemed “classified”. That’s what this says, anyway.

      I don’t know how well the argument that the information was not classified at the time it was being discussed will hold up under scrutiny. Maybe it will.

      In talking about this yesterday with a security guy who has a clearance, he told me “this isn’t something that will result in anybody going to jail, even if a normal Joe did it… but a normal Joe would have his clearance yanked PDQ.”Report

      • Avatar zic says:

        Remember, these are emails, mostly, that were forwarded to her and often contained information that was classified, but not in terms of the original forwarded source, so did not contain proper ‘classified’ identifications.

        I think that’s what the FBI is looking at; I could be wrong.

        That Grassley’s going after the attorney’s suggests that the NPR fact check I linked is probably accurate — she lived within the letter of the law; and this is why I asked about council’s required clearances and how that system works.

        So we sort-of know there’s a line here on attorney’s handling classified information for clients; who’s job (legally) is it to recognize that line, the attorney or the client-with-clearance?

        edited for clarityReport

        • Avatar Burt Likko says:

          That, I can answer — the person who is cleared to receive information is personally responsible for controlling who else has access to it. So, Clinton, not her attorney, is potentially on the hook according to this line of reasoning.Report

          • Avatar zic says:

            Thank you, @burt-likko (and @jaybird too).

            I think I agree that this was, if the attorney doesn’t have clearance, a forced error on her part, though I don’t attribute malice to her.

            Going on down through the layers of the onion; if the her lawyer did have clearance (one would hope, given the task,) does that responsibility pass to council with regard to staff?Report

          • Avatar Morat20 says:

            That’s IIF (if and only if) the lawyer lacks clearance AND if the documents were marked when Clinton received them. (If she personally stripped markings and sent them, that’s different.). To put her back on the hook for unmarked documents is a hard sell, because you have to show she knew it was classified. And ‘proper classification’ is an full-time job for experts, and not something upper management can figure out. (Especially given how much crap gets classified to the level in question. If it’s an engineering diagram for a nuclear weapon, sure. But the government has happily marked as ‘secret’ stuff that is actually in the public domain, or is compiled from public sources).

            If the lawyer was part of the vetting process, he’d have to have clearance. (If the lawyer has been working for Clinton as far back as when she was Secretary of State, he almost certainly has sufficient low level clearances).

            Look, Clinton didn’t parse 55,000 emails on her own. She handed them to SOMEONE and since the question is “Were any of these classified” I don’t think it’s crazy to extend to her the basic competence of having it done by people who were cleared to do so. Which would include, in basic Washington ass-covering way, a lawyer.Report

            • Avatar Jaybird says:

              I don’t think it’s crazy to extend to her the basic competence of having it done by people who were cleared to do so. Which would include, in basic Washington ass-covering way, a lawyer.

              Is this something that is fair to ask about, though?

              “Can you demonstrate that the people who did these things were cleared?”

              I don’t mean for you or me to ask that, of course. We should assume that they were cleared.

              I’m asking if it’s fair for the investigator to ask that.Report

        • Avatar Jaybird says:

          I want to say that the person with the clearance is responsible for protecting the data under his or her charge. Someone without a clearance (and who has never held one) can’t be expected to know what his or her responsibilities are regarding the data.Report

          • Avatar Damon says:

            Actually, uncleared folks are told exactly what their responsibilities and obligations are, should they run across classified data: secure it and report it to the security office. My company has annual training on that subject, in addition to EAR and ITAR related issues. You have to sign a form to acknowledging your receipt/understanding too.Report

            • Avatar Jaybird says:

              When I worked at the restaurant, I never once received training on classified data. Same for when I worked at Huge Multinational Global Conglomerate.

              It wasn’t until I started working in the same building as classified that I started to get training on this sort of thing.

              And the question is whether the legal office in question is more like the restaurant/HMGC or whether it is more like working in the same building as classified.

              (Of course we should assume that Hillary hired lawyers who were familiar with this sort of thing, though. Of course. The investigators might not be willing to say “we assumed that she hired a lawyer who was familiar with this sort of thing.”)Report

              • Avatar Damon says:

                Well of course my comments were addressing those who work in an area where classified data is handled or where they may accidentally come into contact with it. I’d think that was understood. Anyone connected with the gov’t, the state dept, etc. should know this stuff. And disclosing to your lawyer classified info when discussing your legal case is likely to get several people in hot water.Report

          • Avatar Kim says:

            Jay,
            my responsibilities towards data that I don’t have clearance for is simple:
            Don’t Touch It!
            (I was pulling a paycheck from the military, too).Report

            • Avatar Michael Cain says:

              But in this case, the situation is like this: (1) Someone in your organization sends you an e-mail; (2) You read it, and perhaps forward it to a subordinate to take action; (3) Some years later, a different organization declares that e-mail text to be classified. Now what?Report

              • Avatar Kim says:

                Michael,
                Well, if you’ve been behaving reasonably responsibly, you’ve been treating the data as if it was Secret, anyhow. Not telling people who didn’t need to know, and otherwise having a chain of custody for information (this should be done for ALL information, but if you’re really being quizzed on something that could Reasonably Be Assumed to never be important enough to classify…you’ve got a case on that alone. Classifying Clinton’s Yoga Schedule would be so outlandish that people might understand if you said “I don’t KNOW who might have heard about that!”).

                I’d say you have a responsibility to make certain your department treats the data as classified now (so everyone who knew about it is told to keep their mouths sealed — and to be safe, anyone who might have been told).

                You need to justify any data usage in your organization (including proper encryption, which should be on every e-mail. it’s a computer, dammit!), but it’s done with a level of “need to know” that’s more along the lines of “is it your job to handle this information?”

                The earlier post I made drew heavily from military security. This post is more about health care data management, as PHI protocols are relevant, here (not the same regulations, but you can assume similar levels of “we care about this”)Report

              • Avatar Michael Cain says:

                Based on the discussions I’ve read, the e-mails in question seem to be more along the lines of — and these are made-up specifics — “We need to run down the bona fides of person X, who may be taking part in negotiations for the other side.” That got forwarded to some junior flunky to do the actual work. Now the spies are saying something like “That we knew person X might be going to be involved at that point in time should have been classified because it says something about our ability to gather intelligence.”

                That may or may not be true. It may have come out of a classified report, in which case someone dropped the ball on security practices. It may have been speculation by a generally well-informed analyst, which is an entirely different thing. It’s unlikely that we’ll ever know what actually happened.Report

        • Avatar DensityDuck says:

          “these are emails, mostly, that were forwarded to her and often contained information that was classified, but not in terms of the original forwarded source, so did not contain proper ‘classified’ identifications. ”

          In no way would that be considered an excuse for improper handling of classified information. Particularly when we’re talking about the Secretary of State who should, one thinks, have a pretty good handle on whether a particular piece of information is classified.

          We’re not talking about, e.g., “you said this was part of program TREADSTONE but it’s actually part of BLACKWALL”, we’re talking about “this is marked TOP SECRET and you’re putting it on a thumb drive you got from Costco”Report

          • Avatar zic says:

            A thumb drive from CostCo is not what we’re discussing in any way, shape or form, but you’re welcome to keep thinking that. The comment reminds of of the “Hillary set up her own server out of the box” that spurred me to suggest, to some degree or another, we’re all brainwashed when it comes to how we perceive Hillary Clinton.

            She’s not in the kitchen baking cookies, she’s down in her basement setting up servers and copying old servers onto thumb drives. Total nerd.Report

            • Avatar Morat20 says:

              That’s like the ‘she deleted the server’. No she didn’t. The firm that owned the server, whose main job is…contractor out secure servers to the government for all sorts of things, got told she wasn’t using it anymore and was either scrapping it or refreshing it for later use.

              Unless you actively PAY to retain information, they scrub it all out (it’s part of due diligence on their part, because part of their job is making sure your data is gone and not left for someone else to accidentally access) and continue on with their job.

              It’s not nefarious. It’s basic IT.Report

              • Avatar zic says:

                excellent clarificationReport

              • Avatar Jaybird says:

                The firm that owned the server, whose main job is…contractor out secure servers to the government for all sorts of things, got told she wasn’t using it anymore and was either scrapping it or refreshing it for later use.

                The person who told the contractor this… was that person aware that there was an active investigation?Report

              • Avatar Morat20 says:

                Jesus Christ, Jaybird.

                This is like a game of whack-a-mole. Or arguing with a Creationist. “What about the transitional fossil between THAT transitional fossil and this other one? No answer, smarty pants?”

                So sure, they deleted it as a cover-up. Also Hillary set up the server in the basement of her home using Windows Home Server, and the set-up wizard. She also hired a lawyer she knew wasn’t cleared, gave copies of her personal emails to anyone she met using cheap thumb-drives, and her hobby as Secretary of State was taking classified documents, cutting out the markings, and emailing them to Rush Limbaugh.

                At this point you’re just speculating wildly on the apparent basis that Hillary MUST have done something, somehow.

                All I know is this: The only reason you’ve heard of it is because of the Benghazi committee, which should invoke some minor sense of skepticism in your brain and apparently does not. And that everyone who isn’t a Republican seems to think there’s no “there” there, just like Benghazi. And every other ‘scandal’.

                Seriously, at what point do you grow even a little skeptical?Report

              • Avatar greginak says:

                Skepticism isn’t warranted until there is an even dozen Bengazi investigations that show nothing. Until then the game is afoot.Report

              • Avatar Jaybird says:

                Well, we’re learning more about stuff.

                The argument that maybe stuff was not done according to procedure but, hey, the only reason that we know that stuff was not done according to procedure is that she wasn’t being investigated for good reasons but more malicious ones…

                Well, that’s an argument that makes sense to this group of partisans and doesn’t make sense to that one.Report

              • Avatar Jaybird says:

                Oooh, and the article itself has a timeline:

                June 2013 – Hillary’s team shifts control of the email domain to an outside IT contractor in Denver called Platte River Networks, and sends the original server hardware to a data center facility in New Jersey, where it is erased

                August 11, 2014 – Following a congressional subpoena and more than a year of delays, the State Department hands over a small number of Clinton’s private emails, 10 in all, to a House committee investigating the 2012 terror attack on a State Department compound in Benghazi, Libya – including some emails from the hdr22@clintonemail.com address

                The question had an answer and everything.Report

          • Avatar Michael Cain says:

            So far as I can tell, the only claims about classified information that haven’t been refuted are members of the intelligence community saying “The text of this e-mail message should have been classified.” Not “a top secret document was put on a thumb drive” or even “a top secret document was sent as an attachment”, but the text of the message itself.

            Historically, the intelligence community has erred grossly in the direction of wanting to classify things that shouldn’t be.Report

            • Avatar DensityDuck says:

              And one of the first things they tell you, when you sign the paper that gives you a security clearance, is that if you’re caught with classified information in a non-secure location then your ass is grass and Security is a lawnmower. “It should have been marked classified” is not an excuse; it’s grounds for getting your clearance revoked that day.Report

              • Avatar nevermoor says:

                Huh?

                Are you seriously asserting that you were trained to believe that if you are holding any information in a non-secure location that someone later concludes should have been classified, that’s “not an excuse”?

                Sounds exactly backwards to me.Report

              • Avatar Kim says:

                This probably just means “don’t take ANYTHING off premises” ya know?
                Furbies got banned because they could learn classified info.Report

  4. Avatar Burt Likko says:

    I’ve many clients with clearances. I’ve never needed a clearance of my own to deal with their legal issues. A process exists, I am certain, by which private counsel can be cleared if there is a need. But the need is exceeding rare and, as @jaybird points out, probably unlikely to arise even here.Report

    • Avatar nevermoor says:

      The only exposure I had was DOJ-related, and they would assign the attorney with proper clearances over the one without in those cases. That doesn’t say its necessary, but makes sense when its just an assignment prioritization issue.Report

    • Avatar Michael Cain says:

      I have a brother-in-law who got one of the higher security clearances, that allowed him into NATO’s command-and-control bunkers as a civilian contractor doing software installation. It took months to get. At one point he got a phone call from his brother back in the small Nebraska town where he grew up: “What have you done? The FBI is running around town asking everyone questions about you…”Report

  5. Avatar Kazzy says:

    Practically speaking, does it really matter if the documents were marked “Classified” or not? I mean, isn’t it safe to assume that we don’t want ANYONE but the Secretary of State to have access to the Secretary of State’s emails?

    I mean, suppose she followed all the proper protocols and her email was still hacked by ISIS. Would we be saying, “Well, ya know, most of that stuff wasn’t classified so who cares if they have it?” Or would we be saying, “HOLY SHIT THERE IS A WHOLE BUNCH OF STUFF THERE THAT WE DON’T WANT OTHER PEOPLE SEEING???”

    I think we’d be saying the latter.

    I get why the official status matters for legal reasons and the like. But, practically speaking, it seems bad that someone with lots of power and lots of access to information handles their data in a less secure way because of convenience.Report

    • Avatar nevermoor says:

      Did that happen? Because it might have to emails on the government system. Her way may be more secure simply by virtue of being less targeted (e.g. Macs a decade ago).

      Also, of course, this is the kind of Clinton-only standard that drives people like @zic (justifiably) crazy. Clinton does thing that people before her had routinely been doing. Nothing bad comes from it. Then comes the “how could she be so careless/lazy/evil/whatever” handwringing with endless list of bad things that could (perhaps, but maybe not!) have happened.Report

      • Avatar Kazzy says:

        @nevermoor

        I had no idea that her predecessors did it and I do not have the technical knowledge to know what is safer. On the former, I suppose I’ve been snookered.

        All that said, I think it fair to insist that the Secretary of State — whomever it may be — be expected to use the most secure system for email we have.Report

        • Avatar nevermoor says:

          My understanding of the facts are that Albright didn’t email, Powell had a private account (with all emails destroyed and not archived), and Rice had both a public and private account but rarely emailed. That’s about as far back as you can go before you get to the pre-email era.

          As for the security concerns, is the criticism really only “I have no idea which is safer so I’m assuming state.gov is and therefore handwringing about possible exposure even though her email was never hacked so all of it is (at best) a tempest in a teapot”? Sounds pretty Clinton-Rules-y to me.Report

          • Avatar Kazzy says:

            @nevermoor

            It’s politics so people are going to see what they want.

            For me? I just want our leaders being smart. If they were (and @morat20 makes a good case that there was nothing wrong with Clinton — or Rice or Powell’s — approach), then my reservations are removed.

            My initial objection was, “Why did Clinton flout this rule?” because I think an unprecedented flouting of rules is something worth knowing about a Presidential candidate. Given that this seems to be standard operating procedure (with a limited sample size), I’m comfortable rescinding that objection.Report

            • Avatar Jaybird says:

              I’m wondering how the data was in the emails.

              If it was something like “dude, we seriously need to discuss this attachment!” and the attachment was a classified document, that’s one thing.

              If it was something like “dude, I just got out of a meeting with the Area 51 people and they’re telling me that the Aliens are willing to trade us a vaccine for ebola if we get them a playable demo of Half-Life 3” then that’s another entirely.

              Do we know which it was?Report

              • Avatar Morat20 says:

                Honestly, given the history of the Benghazi committee and Clinton? I would expect the latter.

                Taking a classified document, removing the “classified” markings and emailing it to Clinton’s non-governmental email takes either the world’s most incompetent employee (and no telling if it’s a civil servant or a Clinton appointed staffer) or a mustache twirling “the rules don’t apply to me!” employee.

                However, sending a quick synopsis of a meeting that you knew the boss was interested in but couldn’t attend, and including stuff like that? That’s a very human sort of mistake.

                In fact, that’s the very sort of mistake that the HR folks at my company keep hammering on because that’s the sort that keeps happening. Far more often someone says or writes something that should have had a ‘classified’ marking stamped on it and treated properly than someone deliberately flouts the rules.

                So when it’s revealed there’s “classified” material in her archives, unmarked? I’m leaning towards the most common mistake I’m aware of — which when someone talks about something without thinking “Oh wait, what I’m saying is based on that presentation that had the ‘Proprietary’ and “Sensitive’ footers on the bottom”. Especially if the stuff is the low-level crap that everyone at the company knows about.

                Given, as I understand government’s weird classifications, the ‘top secret’ stuff being discussed here is low-level and thus probably half or more of the State Department knows about it….

                No need to ascribe to malice what simple human behavior explains.Report

              • Avatar Kim says:

                How is it that Health Care is doing better than the rest about this sort of stuff? Maybe it’s just that it’s easier to tell what is PHI? Easier to deidentify? Do you guys have protocols for deidentifying data?Report

              • Avatar Morat20 says:

                Easier to identify health data, I’d imagine — it’s pretty stock with common practices.

                Spy and diplomacy stuff seems harder, because some of it’s scraped from public domain, some of is analysis from public meetings (if Bob from the State Department met Cindy from the Germany equivalent for a meeting to set up upcoming negotiations, is Bob’s report classified? What parts?), some from spies, some from the NSA, whatever.

                I mean if you’re told the Germans or Russians are really torqued off about Demand X, did that information come from public statements? Water cooler gossip from staffers? Breaking into someone’s email?

                It’s pretty hard in the export-control world. A simple example: Some engine data is fine, other data sin’t?. Depends on rather complex parameters (is this data for a commercial engine? Or does it look suspiciously like the sort that’d go on a fighter jet or attack copter? Doing an analysis on one is fine for a foreign customer, not so much for the other. And if it’s the latter, the customer is generally lying about what it’s for so you have to deduce it…which requires specialized staff to determine. And lawyers for when the inevitable happens and you have to prove good faith.Report

          • Avatar Kim says:

            I’d prefer that we not say her e-mail wasn’t hacked.
            it was probably not hacked, but…
            if anyone did get stuff, they kept mum about it.Report

            • Avatar zic says:

              Yes; I agree.

              As I understand it, one of the things that’s being looked at is if it got hacked.

              Lots of times, it happens and is discovered some time later, which suggests a lot has happened that’s unknown. It’s one of Rumsfeld’s known unknown unknowns.Report

              • Avatar Kim says:

                SoS data would be something… kinda weird to sit on (particularly past SoS changeover). I suppose you could sell it to other countries, who might keep a bit quiet on it…

                IDK what the hell is going on with that Ashley Madison hack — looks well more like trolling than an actual “we can make profit off this” (because, you totally could make a fortune of blackmail off that data).Report

              • Avatar zic says:

                I’ve been waiting for the inevitable Ashley Madison discussion.

                It will, I think, be a good one.Report

              • Avatar Kim says:

                Haven’t dared to bring it up to my source in the company.
                (now, remember, you aren’t supposed to believe me. Folks certainly didn’t about my source at Sony… and that’s all for the best.)

                I do suspect the response I’d hear is “I told them their security was shit, but they didn’t hire me for security.”Report

        • Avatar Michael Cain says:

          Hillary used a personal address. Her three predecessors used personal addresses. The changes to the law so that this practice is no longer allowed was introduced by a House Democrat, was supported by every House Democrat, passed quickly through a Democrat-controlled Senate, and was signed by a Democratic President. It strikes me that the Republicans have very little room here to criticize.Report

    • Avatar nevermoor says:

      So, basically what I said they’d be able to do above.

      Also, that is one DAMN expensive doc review if they did it all themselves. I bet each of them bill in the $800-$1200/hour band. And any kind of careful doc review is less than 100 docs/hour. And senior lawyers aren’t going to be the most efficient at it.Report

      • Avatar Morat20 says:

        Nah, you can have someone write a script to parse the emails into a few ‘buckets’ based on certain criteria. Or, honestly, I suspect any big lawyer already HAS tools for parsing email based on a lot of criteria anyways, so you probably don’t need anything custom.

        Everything with documents goes into one bucket. Everything that lacks a document gets split — those with certain phrases embedded (make a list of classification markings) go into a ‘review’ and the other into a ‘clean’ bucket.

        Take all the attached documents and run them by hand (or through document processing software) under the same criteria.

        The vast bulk won’t have attachments, and can get parsed in moments automatically.

        Everything flagged for review gets handled directly.

        And again — everyone, from Hillary to the lawyers — is relying on proper classification markings. Without those markings, there’s no way to know if it’s classified. Determining whether something is classified is a specialist’s job for any given type of information. Hillary, or her lawyers, aren’t going to be able to tell if there’s classified information there unless it’s something ridiculously obvious like “Here’s our super secret Area 51 alien autopsy report”Report

        • Avatar nevermoor says:

          I suspect any big lawyer already HAS tools for parsing email based on a lot of criteria anyways

          I don’t suspect. I know. We do have some, but (at least in litigation, maybe not this purpose) the law doesn’t really allow you to use them without agreement from the other side.

          those with certain phrases embedded (make a list of classification markings) go into a ‘review’

          The problem with this kind of thing is email footers usually have ALL the keyword’s you’d want, and are difficult to programmatically exclude in practice.

          everyone, from Hillary to the lawyers — is relying on proper classification markings.

          Don’t have access to the article, but my understanding is that Clinton’s attorneys’ goal wasn’t to identify classified information but to identify information that should not be given to the State Department (e.g. personal emails). The State Department then reviewed for classified info before producing further.Report