Classified emails passed through commercial email services like Google and AOL on their path to or from a private server maintained by Hillary Clinton when she was secretary of state, but so far, the government appears to have done little to retrieve or secure the messages.

A POLITICO review of Clinton emails made public by the State Department shows that at least 55 messages now deemed to include classified information appear to have been sent to or from private accounts other than Clinton’s. That number is certain to grow substantially as State processes all Clinton emails and sorts through emails turned over to the department by several of her top aides.


Only about a quarter of the former secretary’s messages have been released up to this point, and her advisers sent emails on the same topics that never reached Clinton. The nonchalant response to messages stored on commercial servers contrasts sharply with recent FBI efforts to take possession of email copies on a thumb drive maintained by Clinton’s attorney David Kendall and on a server kept by a Denver tech company that managed Clinton’s account.

“They are discordant, and they reflect inconsistent notions of information security,” said Steven Aftergood of the Federation of American Scientists. “They are totally incompatible positions.”

“The logic is classic government logic: If I know classified material is in place X, I’m going to go get it,” said one former senior State Department official. “They’re not going to, without reasonable cause, start searching everyone’s home email. In a sense, [Clinton] is suffering the mortification on behalf of the entire department.”

The most evident example of the discrepancy in the government’s response is the private email account used by former Clinton chief of staff Cheryl Mills.

In a July 31 letter to lawyers for Mills and other former officials, State Department Undersecretary for Management Patrick Kennedy — who had previously allowed ex-officials to keep copies of any records they were returning to the department — struck a newly urgent tone.

“For records management purposes, the Department asks that you and your client now take steps to return all copies of potential federal records in your possession to the Department as soon as possible,” Kennedy wrote. “The Department’s Office of Information … will contact you regarding additional steps with respect to the disposition of your and/or your client’s electronic copies of these documents.”

Mills’ lawyer Beth Wilkinson replied that Mills planned to delete her electronic copies of work-related emails on her personal account after she finished providing copies of those emails to the State Department.

However, U.S. District Court Judge Emmet Sullivan stepped in, asking Mills, fellow Clinton aide Huma Abedin and Clinton not to delete any records in their possession. All three agreed.

The result is that any classified emails Mills has in her account now can’t be erased without a court order but are housed outside the government’s control and without the usual safeguards taken to protect classified information.

The status of Abedin’s emails is less clear because most of her work-related emails sent on a private account appear to have involved an account she had on Clinton’s server. Attorneys for Mills and Abedin declined to comment for this story.

Because the information was not marked classified at the time it was sent, some of those who now have such messages in their accounts may not even know it. One lawyer reached by POLITICO expressed surprise that information his client received from Clinton is considered classified.

“Nobody contacted me,” said the attorney, who asked not to be named. “It doesn’t make a lot of sense.”

Asked about efforts to recover classified information from commercial email services, the FBI declined to comment. A State Department official was vague about precise actions.

“The Department is taking appropriate steps. There are reviews and investigations underway, so beyond that we cannot comment any further,” said the official, who asked not to be named.

A spokesman for Google, which operates Gmail, declined to discuss specifics. However, the spokesman said the company would usually encourage the government to contact a user directly to get sensitive data erased. In the absence of such an agreement, some type of legal order would be required, the Google spokesman said. An AOL spokeswoman suggested that the company would not erase user data without a legal order or customer permission.

“Federal law and our privacy policy prohibits us from disclosing information about our users or their use of our services absent legal process or user consent,” spokeswoman Natalie Azzoli said.

The former head of the federal government’s classification policy office said the discrepancy between the handling of Clinton’s server and the private accounts could reflect a conclusion that trying to recover all classified material might just draw more attention to it.

“In reality, what it does reflect is the challenge that once stuff gets out into the wild, it is almost impossible to corral it again,” said Bill Leonard, former director of the Information Security Oversight Office. “When I’ve confronted situations like this in the past, one of the first things you should do is a gain-loss type of assessment of what the gain is and what you are losing by trying to corral all this material. Sometimes, just by going after material, you bring more attention to it and cause greater damage than if you just kind of let it lay low.”

It’s also possible the State Department or other authorities have decided to try to recall all copies of “secret” or “top secret” information but not anything classified at the lowest tier of classification, “confidential.”

So far, only one document containing information officially designated “secret” has been released — in edited form — from Clinton’s email trove: a Nov. 18, 2012, memo about arrests in Libya possibly related to the deadly attacks on U.S. facilities in Benghazi two months earlier. The copy of that message forwarded to Clinton does not appear to have circulated outside official but unclassified State Department accounts, although it is difficult to know whether anyone in the chain might have forwarded it to others.

However, intelligence agencies contend that even more sensitive classified information — which should have been marked “top secret” — was found during a review of a small sample of Clinton’s messages. Those messages reportedly related to drone strikes in Pakistan and nuclear tests in North Korea. The State Department is disputing the classification of those messages.

But even the kind of triage that allows “confidential” information to live unmolested outside the government’s control would appear to run afoul of claims by some in the intelligence community that individual government employees, as Clinton and her aides were, have a duty to step in whenever classified information appears to have “spilled.”

Indeed, some national security specialists have argued that President Barack Obama’s executive order on classification and the State Department’s rules require that all or most information obtained from a foreign government be classified at least at the “confidential” level and treated as such.

Others say that treating all such information as classified would bring the work of the State Department and the National Security Council to a screeching halt.

“The daily operations of State and, I would add, the White House, would not be possible if everyone put everything on the classified email system that involved foreign government information,” the former State official said. “Classification has an element of discretion given to the person responsible for classifying. There’s a lot of stuff you would get from a foreign government that you would say ‘let’s not put that on the unclassified system’ and you’d put it on the classified system, or you’d run down the hall and have a meeting, [but] it doesn’t make sense to me that every single conversation with a foreign government official is per force classified.”

Aftergood also noted that State Department regulations actually allow classified “confidential” foreign government information to be handled on official, unclassified email accounts under certain circumstances.

That’s something that would be anathema at many intelligence agencies where most employees don’t even have unclassified work email accounts.

Part of what is playing out in the furor over Clinton’s emails is a culture clash between intelligence agencies that allow little or no interaction with the public by their employees and places like State or the White House that must regularly engage journalists, foreign officials and think tanks.

“The fact that the intelligence community inspector general is involved in this means you’re basically applying different rules from different universes. You have one universal classification system, but it applies quite differently in different agencies,” the former State official said.

Leonard said he’s convinced it was a mistake for Clinton to use a private email server, in part because there were certain to be different views about what was classified and some degree of seepage of classified information into her unclassified email.

“If you examine any senior government official’s email account, I guarantee you’ll find material in there that somebody considers classified. It’s a given,” the former classification director said. “All of it speaks to the perils of using nongovernment controlled servers in the first place.”

