Saturday, 22 August 2015

The Real Security Rules That Applied to Hillary Clinton's Email Server

NEWS ANALYSIS: There's been a lot of conflicting claims from all sides about whether former Secretary of State Hillary Clinton improperly handled classified government email. Read on to learn what the rules actually say.

The potential misuse of classified information in the office of the Secretary of State has been at the top of the news daily for quite a while, but while there have been claims and counter-claims, almost nobody seems to understand what this all means.
In fact, there are specific rules about how sensitive government information handled in electronic communications and those practices could have an impact on how your company handles its own sensitive communications.
First, about the rules. The issue of electronic messaging security and specifically the use of email for classified information is the subject of US regulation. It's specifically addressed in an Executive Order issued by President Obama in 2009, and that order covered the Secretary of State during the time Hillary Clinton held that office.
However, it's worth noting that those are not the only laws that cover the email activities of public figures who are government employees.

As explained by my friend David Gewirtz, journalist and director of the US Strategic Perspective Institute, an independent public policy think tank, when those government employees are participating in any political activity, no matter how minor, they are prohibited from doing so using any government resource by a law called the Hatch Act.

What this means is that conducting any political activity requires that employee use an email account that does not belong to the government.
Because Hillary Clinton has been running for President since sometime in the last millennium she was required by law to use a private email account for those activities.
It also means that she can only conduct official business using email on a system that meets the security requirements that covers the most sensitive information that may pass through that system. So if she's handling any Top Secret email, ever, then the email system has to meet the requirements for top secret.
However, that does not mean that every official email that emanates from the Secretary of State's email account is top secret, only that the email system in its entirety be able to meet the qualifications for that level of classification.
Those qualifications, incidentally, do not include using a server or an email service belonging to the government, which means that a privately owned email server can also meet those qualifications, if the server, the network to which it communicates and the physical surroundings of the server and network equipment meet federal standards for secure processing.
So what about sending and receiving classified email, which is at the center of the whole email controversy? In terms of creating and sending classified documents, the Secretary of State is authorized to originate classified information.
In addition, several of her senior employees were also authorized to originate classified documents, including messages. The Secretary of State is empowered to delegate the ability to classify messages and documents to others and may specify the classification level for the communications they create.

No comments:

Post a comment

Note: only a member of this blog may post a comment.

Popular Posts