[interstitial_link url="http://www.washingtonpost.com/video/politics/8-takeaways-from-the-inspector-generals-report-on-hillary-clintons-emails/2016/05/25/f39b5d0e-22aa-11e6-b944-52f7b1793dae_video.html"]VIDEO: 8 takeaways from the Inspector General’s report on Hillary Clinton’s emails[/interstitial_link]

AD

AD

In short, it does seem likely that some of Secretary Clinton’s homebrew emails mentioned Agency officials whose names are protected by law.

It’s possible to make too much of this. While this story confirms how insouciant Hillary Clinton was about endangering classified information on the poorly secured server, we already knew that. And insouciance isn’t necessarily a knowing violation of law. Secretary Clinton may say that she didn’t know the people named in the messages were CIA officers.

Actually, there’s something more troubling and more urgent buried in this story: It could be the FOIA security reviewers themselves who are disclosing CIA identities.

AD

Here’s how: Start with the entirely plausible view that foreign intelligence services discovered and rifled Hillary Clinton’s server. If so, those services already have copies of all her emails. But the emails don’t tell the foreign service which people named in her traffic are Agency officers. For CIA officers serving abroad as State Department officials, being named in the Secretary of State’s email traffic won’t necessarily blow their cover.

AD

Until now. Unhappily, the classification reviewers seem to have given a key to anyone who has the unredacted messages by using “B3 CIA PERS/ORG” whenever they redact names associated with the CIA. So if the foreign service simply compares the messages stolen from the Clinton server to the redacted message released by the government — presto! — the CIA names just fall off the page.

Why did the reviewers do that? Two possibilities occur to me. (1) Maybe they have absolute confidence that no foreign agency was able to obtain access to the unredacted messages, in which case their invocation of “B3 CIA PERS/ORG” is perfectly safe. Or (2) maybe they’re just doing their job the way they’ve always done it, flagging every applicable FOIA exemption for the sake of completeness, without giving any thought to the risks created by that policy in this particular case.

AD

My money is on the second explanation.

AD

If so, the current procedure is boneheaded, and every new FOIA release adds to the risk for CIA employees.