2016 Postmortem
Related: About this forumFrom the Office of Inspector General: Evaluation of Email Records Management
and Cybersecurity Requirements
CONCLUSION
Longstanding, systemic weaknesses related to electronic records and communications have existed within the Office of the Secretary that go well beyond the tenure of any one Secretary of State. OIG recognizes that technology and Department policy have evolved considerably since Secretary Albrights tenure began in 1997. Nevertheless, the Department generally and the Office of the Secretary in particular have been slow to recognize and to manage effectively the legal requirements and cybersecurity risks associated with electronic data communications, particularly as those risks pertain to its most senior leadership. OIG expects that its recommendations will move the Department steps closer to meaningfully addressing these risks.
https://assets.documentcloud.org/documents/2842429/ESP-16-03-Final.pdf
---------------------------------------
Mother Jones
IG Report on Clinton Email Concludes With...Nothing New
Kevin DrumMay 25, 2016 11:58 AM
snip....
In other words, this is pretty much all the stuff we already knew. The Department of State apparently has epically bad email systems. Nonetheless, Hillary Clinton should have consulted with State's IT staff about her personal email account. She didn't. She should have turned over her work emails sooner. She didn't. Ditto for her staff.
And that's about it. Hillary screwed up. The IG report doesn't present any evidence that her system was ever hacked. Nor does it suggest that Hillary was deliberately trying to prevent work-related emails from being retained. Nor was she the only one conducting official business on a personal account. Colin Powell did it too, as well as dozens of other State employees.
Nonetheless, Hillary exercised poor judgment here. That's been clear for a long time. Beyond that, though, there's not much more to say.
http://www.motherjones.com/kevin-drum/2016/05/ig-report-clinton-email-concludes-withnothing-new
Press Virginia
(2,329 posts)RobertEarl
(13,685 posts)Hillary exercised poor judgement
----------------------
What great reasons to vote for her. Except the FBI report is next. That may just destroy her whole campaign!!
jmg257
(11,996 posts)"Secretary Clinton: By Secretary Clintons tenure, the Departments guidance was considerably
more detailed and more sophisticated. Beginning in late 2005 and continuing through 2011, the
Department revised the FAM and issued various memoranda specifically discussing the
obligation to use Department systems in most circumstances and identifying the risks of not
doing so. Secretary Clintons cybersecurity practices accordingly must be evaluated in light of
these more comprehensive directives."
...
Secretary Clinton used mobile devices to conduct official business using the personal email
account on her private server extensively, as illustrated by the 55,000 pages of material making
up the approximately 30,000 emails she provided to the Department in December 2014.
Throughout Secretary Clintons tenure, the FAM stated that normal day-to-day operations
should be conducted on an authorized AIS,147 yet OIG found no evidence that the Secretary
requested or obtained guidance or approval to conduct official business via a personal email
account on her private server. According to the current CIO and Assistant Secretary for
Diplomatic Security, Secretary Clinton had an obligation to discuss using her personal email
account to conduct official business with their offices, who in turn would have attempted to
provide her with approved and secured means that met her business needs. However, according
to these officials, DS and IRM did notand would notapprove her exclusive reliance on a
personal email account to conduct Department business, because of the restrictions in the FAM
and the security risks in doing so.
During Secretary Clintons tenure, the FAM also instructed employees that they were expected
to use approved, secure methods to transmit SBU information and that, if they needed to
transmit SBU information outside the Departments OpenNet network on a regular basis to nonDepartmental
addresses, they should request a solution from IRM.148 However, OIG found no
evidence that Secretary Clinton ever contacted IRM to request such a solution, despite the fact
that emails exchanged on her personal account regularly contained information marked as SBU.
Similarly, the FAM contained provisions requiring employees who process SBU information on
their own devices to ensure that appropriate administrative, technical, and physical safeguards
are maintained to protect the confidentiality and integrity of records and to ensure encryption
of SBU information with products certified by NIST.149 With regard to encryption, Secretary
Clintons website states that robust protections were put in place and additional upgrades and
techniques employed over time as they became available, including consulting and employing
third party experts.150 Although this report does not address the safety or security of her
system, DS and IRM reported to OIG that Secretary Clinton never demonstrated to them that her
private server or mobile device met minimum information security requirements specified by
FISMA and the FAM. "
etc. etc.