Don’t Blame Hillary for the Classified Email Scandal

One of the latest twists in the drawn-out saga over Hillary Clinton’s State Department emails centers on whether her aides erred in forwarding sensitive information on unclassified email systems. The argument is that while these emails were not marked classified, they should have been so designated and that top aides should have known as much and kept the information confined to high-security channels. But a politically driven focus on individual aides and specific emails masks a larger set of issues of real consequence for U.S. national security and foreign policy: the gaping absence of technologies that enable government officials to securely and reliably transmit information with the speed and flexibility that the digital age demands. Having served as a deputy assistant secretary of state for international organizations during Barack Obama’s first term and, prior to that, as a senior advisor at the U.S. Mission to the United Nations in New York toward the end of Bill Clinton’s administration, I can vouch that the systems used for classified information have not kept up with the times.

A key point that seems lost in this latest discussion is the challenge posed to the State Department, and presumably other federal agencies, in maintaining information security in a world where on-the-go encrypted mobile communications have become indispensable to conducting everyday business.

Information security is a mainstay at the State Department. Long before a new employee can start, he or she will submit extensive background information to enable an elaborate security-clearance process. If you don’t pass, you don’t get the job. Once at the State Department, staff rightly live in fear of misplacing or mishandling classified information, obsessing over protocols that are drilled in from the moment a new employee enters the building and well before they are allowed to touch a computer or department-issued BlackBerry. My own attitude toward classified documents evoked that old childhood game, hot potato. I wanted to absorb what was in those documents, but as soon as that was done I wanted them off my hands and back in a safe landing place.

For those who previously worked outside government, dealing with classified material demands immediate adjustments in how you receive and transmit information. Neither then-Secretary of State Hillary Clinton nor her aides had a classified smartphone (I am not sure who does or whether such a thing exists), which would have allowed them to send and receive secure emails while on the move. Therefore, to even just view classified information required being stationary: working at a classified computer at one’s office desk (or, in a very small handful of cases, including that of Clinton herself, using a special setup installed in the homes of very senior government officials).

Those classified desktop computers required a separate login that took over your desktop. In other words, if you were reviewing classified email or working on a classified memo, you had to exit out of it entirely in order to check your regular email or figure out what MINURSO stands for. (Compounding the problem, the government-issued BlackBerrys did not get reliable service inside the State Department building itself.) Classified information was also available in the form of closely controlled printouts that could be taken out briefly from locked safes and could often be viewed only in designated secure rooms accessible only to staff with the proper security clearance. Those constraints were necessary to keep information secure, but they sharply limited the times and ways in which information could be accessed.

This system worked relatively well in a world where most work was done by officials sitting at their desks during normal office hours — that is, through the early 2000s. But by the time Clinton arrived at Foggy Bottom, the world of diplomacy — like every other sphere — had been overtaken by mobile communications. The expectation that information and communications would be available everywhere and at all times unavoidably reshaped the handling of much State Department information. People were in constant communication with colleagues and counterparts around the world, absorbing information and making decisions that would shape policy day and night.

Because unclassified emails were available on mobile devices — and classified information was not — working with unclassified communications offered an immense practical and strategic advantage in a mobile-enabled world. As a result, a great deal of information that might have been classified in an earlier era was now designated unclassified — often with the designation of sensitive but unclassified, or SBU. (SBU information must be treated with care, but can be transmitted unencrypted over the Internet.) For all the complaints in recent years about the problem of overclassification of government material, the rise of mobile devices has actually bred an opposite impulse: to avoid classifying sensitive material in order to make it more readily accessible whenever and wherever an official may need to see it.

One of the messages that is now being scrutinized for possible underclassification — a missive in which a Clinton aide conveys information from Chris Stevens, then the U.S. special envoy to the Libyan opposition — is a case in point. It is marked “(SBU) Per Special Envoy Stevens,” meaning that Stevens — not Clinton’s aide — assumed responsibility for the level of classification designated. The message itself describes the deteriorating security situation in Benghazi, Libya, and deliberations over whether the envoy and his delegation should depart. While we don’t know why Stevens chose to designate the message SBU rather than classified, practical considerations may have been at work. If Stevens or his team did not have access to a classified terminal (they were staying at a hotel), or if they wanted to be sure that the information would be seen as quickly as possible by certain officials back in Washington (it was sent by Clinton’s aide Timmy Davis at 6:48 a.m. on a Sunday), SBU may have been judged the best avenue. (Tragically, 17 months after conveying that message, Stevens and two other U.S. personnel would be killed in the U.S. diplomatic compound in Benghazi.)

Nowadays, decisions on classification often factor in the need for speed of dissemination and accessibility of information. Sharing something on the classified system — the so-called “high side” — means that people can look at it only when sitting at their desks at the office and when they have time to log in to a separate system. For those traveling or even just moving around to diplomatic meetings or functions during the course of the day — or for any developments that occur after hours — sharing info on the classified system can involve hours or even days of delay. Because access to classified systems is constrained, there is also uncertainty about how quickly a message will be seen. While the State Department does have a 24-hour Operations Center that can alert officials to important classified messages, even the Ops Center cannot convey that classified information to them unless and until they can get themselves to a terminal or a secure phone line. Another thing: An unclassified message cannot be made classified unless the recipient retypes the text while sitting at a classified terminal or sends it through to an IT administrator. The converse is also obviously and necessarily true: A classified message cannot be converted over to the unclassified system other than through a lengthy process involving the department’s systems administrators. The classified and unclassified systems don’t talk to one another, and information born on one system almost invariably lives and dies only there.

In situations where a time-sensitive message needs to get to an official who is headed to the airport, is sitting in a U.N. meeting, or is in the midst of negotiations overseas, sending a classified email runs the risk that they may not see the information soon enough to act on it. When negotiations are in progress, when breaking news developments demand an immediate response, or when considerations of imminent safety and security are at stake, immediacy is not a matter of convenience, but of necessity. While the secretary of state had better access to classified information than most of her colleagues (due to special setups at her home and on the road), much of the information being funneled to her was already on the unclassified system because everyone else who needed to see it could do so far more quickly that way.

Also, a significant portion of classified information — instructions on how to vote as a U.N. resolution reaches the floor, details on a fast-changing security situation, or advance word of breaking events — needs to be classified only very briefly. Once the vote is cast, the situation changes, or the events are public, the details may no longer be sensitive. The same factors that make always-on information channels an unequivocal necessity for running virtually any modern business or institution also operate in the round-the-clock world of diplomacy.

This does not mean that officials are dismissive of the importance of classification or the imperative of treating classified material with utmost care. We all knew that the act of leaving a document marked classified on an unattended desk, leaving a safe unlocked, or bringing a cell phone into a secure room would result in State Department staff violations that would affect our career and promotion prospects. But we made time each day we were in the office to access cumbersome classified channels because doing so offered important information that could not be made available in any other way.

The lack of a State Department classified network accessible via mobile devices is a major problem in our 24/7, always-on world. It forces officials to make tough choices about the trade-off between security and the need for timely transmission of vital information. In the furor over Clinton’s emails, policymakers, pundits, and technology experts should not lose sight of the larger imperative of developing new systems that don’t pit the imperative of security against the need to communicate, share information, and reach decisions at the pace that breaking world events demand.

Photo credit: Yana Paskova/Getty Images