Few could have known it, but the email system operated in those first two months without the standard encryption generally used on the Internet to protect communication, according to an independent analysis that Venafi Inc., a cybersecurity firm that specializes in the encryption process, took upon itself to publish on its website after the scandal broke.

Not until March 29, 2009 — two months after Clinton began using it — did the server receive a “digital certificate” that protected communication over the Internet through encryption, according to Venafi’s analysis.

It is unknown whether the system had some other way to encrypt the email traffic at the time. Without encryption — a process that scrambles communication for anyone without the correct key — email, attachments and passwords are transmitted in plain text.

“That means that anyone could have accessed it. Anyone,” Kevin Bocek, vice president of threat intelligence at Venafi, told The Post.

The system had other features that made it vulnerable to talented hackers, including a software program that enabled users to log on directly from the World Wide Web.

Pagliano thinks he can be prosecuted for something if he speaks about the Clinton email server in his FOIA deposition. Check the first story above to review what he can speak about.

There will perhaps be political consequences from this. Will there be legal consequences? Keep reading.

◾ One of the laws that may have been broken is 18 U.S. Code § 793 – Gathering, transmitting or losing defense information.

Note first that the information listed below doesn’t require a formal “classified” designation to be relevant, and second, that “intent” is not necessary to trigger the law’s penalties. “Gross negligence” is sufficient. Again, my emphasis below:

f) Whoever, being entrusted with or having lawful possession or control of any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, note, or information, relating to the national defense, (1) through gross negligence permits the same to be removed from its proper place of custody or delivered to anyone in violation of his trust, or to be lost, stolen, abstracted, or destroyed, or (2) having knowledge that the same has been illegally removed from its proper place of custody or delivered to anyone in violation of its trust, or lost, or stolen, abstracted, or destroyed, and fails to make prompt report of such loss, theft, abstraction, or destruction to his superior officer—

Shall be fined under this title or imprisoned not more than ten years, or both.

(g) If two or more persons conspire to violate any of the foregoing provisions of this section, and one or more of such persons do any act to effect the object of the conspiracy, each of the parties to such conspiracy shall be subject to the punishment provided for the offense which is the object of such conspiracy.

Your third takeaway — Unless this law doesn’t apply for some other reason, it seems perfectly applicable for the reasons noted above. All sorts of State Department business and communications could be considered “relating to the national defense,” including simple travel itineraries of top officials, such as President Obama’s.

“Gross negligence” in allowing such documents to be “lost” or “stolen” is, under this law, a criminal act subject to fines, imprisonment, or both. If the server was hacked, broken into, the above law appears to apply.