The Washington Post has published a long story about when and how Hillary Clinton used her private email account during her tenure as Secretary of State, a subject that has been dogging her presidential campaign for more than a year. There’s not much breaking news in the piece besides a somewhat vague section on State Department officials not being aware that Clinton used a private server and the revelation that the FBI has 147(!) agents investigating whether Clinton or her staffers were involved in any illegal security breaches. But it’s still useful as a comprehensive timeline of just how many times Clinton ignored security and transparency concerns in order to exclusively use her private server.

Here’s the bad news for Hillary (all of which, besides the first item, has been previously reported elsewhere):

State Department security specialists, at least initially, had no idea Clinton was using a personal server. Clinton was sworn in as Secretary of State on Jan. 21, 2009. She conducted State Department business via her private email account, run through a server in her New York home, for the duration of her term. According to the Post, State Department security and technology officials were told at a high-level early meeting that Clinton wanted to conduct official business on a BlackBerry. They also knew that she didn’t use a government-issued BlackBerry and was thus using a personal device and some sort of personal email account. But it apparently did not occur to any of these officials that Clinton’s email hosting might literally be coming from a server in her basement. “Those officials took no steps to protect the server against intruders and spies, because they apparently were not told about it,” the Post writes. (The Post does not say when, if ever, these security officials found out any further details about the server. And on that front, not to excuse Clinton, but couldn’t the State Department’s top security people have just asked the Secretary of State about her email server?)

Her private server didn’t get basic encryption protection until she’d been Secretary of State for more than two months. The private Clinton server did not “receive a ‘digital certificate’ that protected communication over the Internet through encryption” until March 29, 2009, the Post notes. Her server was thus operated for two months “without the standard encryption generally used on the Internet to protect communication.” Considering that we’re talking about the Secretary of State here, failing to implement standard Web encryption for two months is a major oversight.



Clinton was specifically warned that using a personal BlackBerry was not ideal from a security standpoint. This one is pretty straightforward:

In early March, Assistant Secretary for Diplomatic Security Eric Boswell delivered a memo with the subject line “Use of Blackberries in Mahogany Row.” … He emphasized: “Any unclassified Blackberry is highly vulnerable in any setting to remotely and covertly monitoring conversations, retrieving e-mails, and exploiting calendars.”

Nine days later, Clinton told Boswell that she had read his memo and “gets it,” according to an email sent by a senior diplomatic security official.

She kept using the personal BlackBerry, though.

State Department employees were warned, in an official memo sent under Clinton’s name, not to do exactly what she was doing. A memo issued under Clinton’s name June 28, 2011, instructed State Department staffers to “avoid conducting official Department business from your personal email accounts” for security purposes.

She was supposed to archive her emails for public-transparency purposes before the end of her term but didn’t. A government rule called for all email records to be compiled “at the end of the Secretary’s tenure or sooner if necessary.” Clinton didn’t submit her email archives until 10 months after her term ended—and then only after the State Department had to issue a request for her to do so.

One of Clinton’s top aides specifically rejected a plan that would have allowed her to use a BlackBerry that was subject to public-records requests. In August 2011, a State Department staffer named Stephen Mull wrote to Clinton aides including Huma Abedin that he could get Clinton a government-issued BlackBerry “with an operating State Department email account (which would mask her identity, but which would also be subject to FOIA requests).” Abedin wrote back that such a solution “doesn’t make a whole lot of sense.” A Clinton spokesman now claims that Abedin responded thusly because she “opposed the idea of [Clinton’s] identity being masked.” That claim doesn’t seem to wash; email “masking” generally refers to the practice of sending an email such that the reply-to address is not the actual sending address. But if Clinton wanted a government BlackBerry that didn’t mask her address, she almost certainly could have gotten one: Presumably the thousands of other government employees using official BlackBerrys at the time weren’t using masked identities. To me, Mull’s email reads as if he was under the impression that Clinton’s staff wanted her identity masked given Clinton’s known preferences.

The Post piece is not all bad for Hillary, though! Here’s the good news:

There’s still no smoking gun. There’s direct evidence that Clinton was irresponsible about the security of her correspondence and there’s circumstantial evidence that she used personal email because she wanted to circumvent the Freedom of Information Act. But there’s no evidence that she knowingly sent or received classified information that was classified at the time it was sent or that she ever explicitly acknowledged that she was circumventing FOIA on purpose.

That’s not a long list of good news items! But it’s an important one: It means that there’s no reason to prosecute Clinton and it means there’s no simple, damning item that Clinton’s political opponents can circulate to suggest that she put national security at risk or knowingly tried to evade the law. The status quo for months has been that a majority of voters believe Clinton “did something wrong” in using the private account—and yet she’s still won most Democratic primary delegates and is doing well in general-election polls. So far, 147 FBI agents haven’t done anything to change that math.