Hillary Rodman Clinton (“HRC”)‘s campaign for President has been wrought with controversy. But the most telling issue is Hillary’s direct run-in with national security. This article shines a bright light on why Colin Powell said: “Don’t Pin It On Me!”

Important questions remain concerning how the DOJ checked and verified classified information given to HRC. Who from the White House, National Security Agency, Federal Bureau of Investigation, Department of Defense or Central Intelligence Agency authorized & approved Confidential, Secret, Top Secret and SAP (“classified”) information to be given to HRC and her staff? What periodic checks and counter-checks were in place to ensure such classified information given to HRC and her staff was properly marked, dated, secured and stored according USG mandates and EO safeguards?

HRC created untold national security risks by comingling State Department, Clinton Foundation and personal business on her unsecured private server and hand-held devices. It now appears evident that HRC’s private server and hand-held devices did not comply with the Insider Threat Task Force (“ITTF”) and Senior Information Sharing and Safeguarding Steering Committee reporting requirements imposed by Executive Order 13587 (10/7/11); nor had HRC’s private server and personal devices been approved for classified information “special situation” deviations by the Director Of Information Oversight Office (“ISOO”).

It is quite apparent that HRC did not have adequate safeguards in place for classified email transmissions. Even the U.S. Department of Justice (“DOJ”)‘s investigatory findings revealed “Confidential,” “Secret,” “Top Secret” and “Special Access Program” (“SAP”) information appeared in email transmissions on her private server.

It’s truly mind boggling how enemy nation-state players and sophisticated hackers could have gained access to HRC’s confidential information describing covert personnel, operations, foreign sources and sources’ families. Indeed, nefarious players had a myriad of creative ways (multiple access points) to hack & tap (hacking and wiretapping) back and forth, between and around the State Department, the Clinton Foundation, HRC’s private server, and HRC’s family & friends’ personal computers and devices, not to mention other espionage tradecraft means. This should not have been permitted to occur where American lives were at stake!

HRC’s storing of non-classified information with classified information raises other serious questions: Who was doing what with the high-impact classified information? Where was it being done—at home or abroad? Who now possesses such information and can the possession of it cause immeasurable damage? Did the DOJ question HRC about these matters and were her responses satisfactory?

The non-classified “brats,” “dogs” and “burgers”-type “cook-out” information HRC kept on her unsecured personal server was stored with “Confidential,” “Secret,” “Top Secret” and “Special Access Programs” information. Had the national security classified information protection system to which HRC was subject been functioning properly, it would not have permitted these two distinct information types to be conflated or commingled. At the very least, it would have prevented the practices that had rendered the classified information HRC had possessed from falling vulnerable to sophisticated hackers to steal!

Failure to Very Classified Information Whereabouts, Disposal and Security Clearances

We do not know where classified information ended up. Aside from being in the possession of Hillary Clinton, classified information may have appeared on the computers and/or personal devices of HRC staff members both inside and outside of the U.S. government domain. Classified information may have been mixed in with non-classified information involving personal family, friends or close associates, Clinton Foundation personnel, donors or outside contractors, or with a variety of other individuals with whom the Clinton family does business.

Had the national security classified information protection system to which HRC was subject been functioning properly, it would have ensured that sensitive information was carefully disposed of. It still remains questionable whether only non-classified information had been deleted from HRC’s server(s) and personal devices, apart from the classified information. If non-classified information alone had been deleted, the company that had been paid to delete such information, presumably, would not have bragged about how it had “Bleachbit” the information prior to the FBI investigation. In other words, if, as the FBI concluded, HRC lacked the requisite intent to violate the law, why then did she permit the use of such a software program?

HRC was first investigated by State Department Inspector General, Steve Linick and the First Intelligence Inspector General, Charles McCoullough, and then by the FBI Director James Comey. However, these investigations failed to determine definitively whether strict security mandates for disposal of classified information had been followed. It is not clear, for example, whether HRC, Cheryl Mills, David Kendall, Heather Samuelson or other individuals had sought counsel or attained approval from the inspector generals, the source agency or the FBI to review and then dispose of the information on HRC’s unsecured private server. It also remains uncertain whether Cheryl Mills, David Kendall, Heather Samuelson or other individuals had disclosed the identities of those (Huma Abedin, Jake Sullivan, Datto, Inc, and Platte River Networks (State Department employees/contractors)) who had handled, reviewed or deleted HRC’s classified information, and whether they had secured the appropriate security clearances to do so.

This raises numerous red flags about the potential for gross negligence and criminality in connection with the marking, dating, handling, storing, securing and then deleting (destruction) of classified information. Indeed, it has not yet been confirmed whether a flash drive holding thousands of the deleted pieces of information exists, and whether that information was later downloaded to another computer at another location!

National Security Undermined and Personnel Exposed

The DOJ did not publicly address how Hillary had primed herself for espionage attacks. With possible disclosure of Top Secret and Special Access Programs, dire consequences exist for intelligence personnel who can be targeted, tortured and killed. Covert intelligence and military operations can be compromised. Our enemies can kidnap, hold ransom, torture or kill covert agents’ family members traveling overseas or at home in San Diego, Chicago and NYC. In other words, U.S. national security can be seriously compromised at multiple levels inside and outside of government agencies in the United States and around the world.

Justice Department’s Inability to Secure Answers to Most Questions

How is it possible that the DOJ did not find that any of HRC’s actions ran afoul of at least one of the many provisions of the Espionage Act of 1917 (as amended), the Hiss Act of 1954, the Patriot Act, the Computer Fraud and Abuse Act, or the Foreign Intelligence Surveillance Act? Surely, HRC’s actions as a Cabinet member should have triggered some form of sanction, rather than the slap-on-the-hand admonition she received. Her actions were at the very least negligent, and these negligent actions contravened E.O.s 13526 and 13587 and their implementing directives and guidelines.

Even deeper national security concerns arise regarding the extent to which the whole USG inter-related computer system network infrastructures at the Executive Branch and on the Hill are and remain “cybersecurity-sound.” If Hillary, a cabinet member, can easily operate outside-the-security-box, it is likely other exceptions have been made and security mandates undermined. Every cabinet member and USG official entrusted with Secret, Top Secret and Special Access Program information must adhere to the highest standards so innocent lives are not sacrificed by sloppy and misguided notions of national security. What security gaps now exist at the Executive Branch and on the Hill?

Hillary Clinton’s Fiasco to Publicly Account for Classified Information

Had HRC publicly accounted for the failures in protecting her private server and personal hand-held devices and those belonging to her personnel and USG assistants/staffers, and had HRC’s follow-up actions prevented the national security compromises that have since occurred, this article would not have been written.

Hillary and Bill Clinton have been around the national security block for at least twenty-one (21) years: President/First Lady (8 years), Senator (8 years), and Secretary of State (5 years). Consequently, the American people expect that Hillary Clinton, as Presidential Candidate, will be able to thoroughly explain what duties and responsibilities she will bear to preserve U.S. national security if she were elected President of the United States of America.

In order to appear credible in providing such an explanation, however, Presidential Candidate Hillary Rodman Clinton must also thoroughly explain to the American People how her prior actions, as former Secretary of State, had failed to ensure that national security would not be compromised. To do this, she needs to answer the following important national security questions before and at the first debate:

Did your private server and personal devices meet the NSA Suite B and Fed FIPS 140 certification for voice, text, emails, and teleconferencing (seamless mobile encrypted communication)—protecting from sensitive data loss, infiltration, espionage or sabotage. If not, why not?”

Were your private server and personal devices set up to withstand vulnerabilities from a) passive radio attacks, b) active radio attacks, c) insider attacks, d) network attacks, e) and device attacks?

Were your private server and personal devices set up to withstand unwanted attacks, taps 3rd party exploits, tower spoofing and surveillance by domestic/foreign corporations or foreign governments? If not, why not?

Were your private server and support team able to instantly identify an attacker which aligns enterprise defense to the adversary’s offense 24/7 real time reporting and analysis and engagement metrics along with giving detailed technical and strategic analysis of adversary capabilities? If not, why not?

Were your private server and support team able to identify the adversary tradecraft/activities (adversary-in-motion, reconnaissance, exploitation, privilege escalation, lateral movement and exfiltration)? If not, why not?

Presidential Candidate Hillary Rodman Clinton’s ability to adequately respond to these questions will speak volumes about her fitness to become the next Commander in Chief.

Chuck Floyd is CEO of Security Solutions Technology, LLC, and possesses more than 25 years of experience driving strategy, business development, market penetration, regulatory compliance, acquisitions, program management, and joint ventures with industry and the U.S. Departments of State, Defense, Homeland Security, Health & Human Services, Justice, Veteran Affairs, and the U.S. Congress. Chuck Floyd was a Presidential Appointee who worked with Colin Powell at the State Department. He run embassy operations around the world and accounted to Congress for a $1.6 billion dollar budget.

Bruce J. Moran is a Senior National Security Advisor to Security Solutions Technology, LLC focusing on strategic planning for national security issues. He has consulted with the U.S. Departments of Defense State and Commerce, various national security-related Congressional committees and not-for-profit think tanks on national security and foreign policy matters, including, but not limited to, Crisis Preparedness and Crisis Readiness scenarios and security operations & Hi-Tech systems (connectivity, interoperability, and interfacing) such as SMART* Fusion protocols and applications.