The Real Security Rules That Applied to Hillary Clinton's Email Server

By Wayne Rash  |  Posted 2015-08-19 Print this article Print
Clinton email server

The rules for what constitute classified information are laid out in a variety of places, but they include communications on the foreign relations of the United States. Some seemingly innocuous messages, such as making a lunch date with a senior official may in fact be classified because they specify the movement of a senior official who may be under threat.

Receiving classified information, on the other hand, is slightly different, if only because the receiving party has little control over what is being sent by someone else. So even if the Secretary of State were to have received those secret satellite images as claimed, she didn't break the law in receiving them.

However, because of her position in government, she should have requested the guidance of the Information Security Oversight Office. Before she was allowed to handle classified information, the Secretary of State is required to have received training in how to handle that.

Note that I haven't mentioned the classified markings on messages, which is another topic of discussion lately. Those markings are important, and before any message containing classified information leaves any office, it must be marked accordingly. Those markings are Confidential, Secret and Top Secret. There may be additional restrictive modifiers, such as NOFORN which means that the information may not be given to any person who isn't a U.S. citizen.

It's the content that determines the classification of a message, not the label. Longer documents or messages may have sections classified differently, so one paragraph may be Confidential, for example, while another may be Top Secret. The overall classification of the message or document is determined by the highest level of any part of the content in a message.

If a document containing information is found without an appropriate label, then it's required that the appropriate level of classification be applied to the document or message. This means that if the Secretary of State received information that was not marked classified, but which contained information that should have been, then a classification should have been added.

Note that nobody expected Secretary Clinton to have read and managed all of this email, nor its many permutations. This is why the secretary has a staff, after all, and it's normally their responsibility to handle this. One former State Department official, Carroll McKibbin, explained how all of this works in his fascinating column in the Des Moines Register.

The bottom line of all of this is that the secretary's email certainly contained material at some level of classification, but most of it was unlikely to have been Top Secret. But even confidential material requires some level of protection, and the real question now is whether it got that.

Now that you've learned all of this, think about the email in your own company. Is your personal email account really secure enough for your company's most sensitive information? Probably not. Maybe it's time to straighten that out.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel