By Chetan Hebbale

Editor’s Note: This article was originally published on the author’s blog. The following is an abridged version. The full version can be read here.

Hillary Clinton’s email scandal is one of the most important, yet largely undiscussed issues of the 2016 election. Even though this scandal has been going on for over a year, a vast majority of Americans are still unsure of what exactly she did wrong. Many in the Democratic Party believe this whole controversy has simply been a partisan, Republican attack to damage her Presidential campaign. That view has been reinforced by Sen. Bernie Sanders (D – Vermont) who has refused to raise the issue in the primary elections thus far – something both potential Republican nominees have promised to do in the general election. So what is going on here?

Anyone who has read about the scandal is aware that it involves a private email server and maybe something to do with classified information. Beyond all the confusion over what exactly she may have done, in August 2015 the FBI officially launched an investigation into Clinton’s use of a private e-mail server while she was Secretary of State. The FBI’s involvement should signal that this is no longer a partisan issue, they would only be called in if federal crimes were committed. The investigation is on-going but rumor has it that the FBI is ready to refer Clinton for indictment to the Department of Justice. The decision to prosecute Clinton lies with the Attorney General Loretta Lynch and President Barack Obama. The FBI is rumored to make their official recommendation around May or June with the Democratic National Convention choosing the party’s Presidential nominee in July.

The primary issue that FBI investigators are looking at is whether or not Clinton knowingly retained, transmitted, or deleted classified information from her private server. Communicating this type of information through unsecure means could put highly classified government secrets at risk by making them susceptible to hackers and spies. As of January 2016, the State Department has withheld 22 emails from Clinton’s server as being too classified to release to the public. We know two of these emails surround the movement of North Korean missiles, and the specifics of a drone operation. Clinton has denied wrongdoing by saying these emails have all been retroactively classified, and she neither sent nor received information “marked classified” while Secretary of State. More importantly, as the head of the agency she was the ultimate arbiter of what information would or wouldn’t be considered classified at the time. After Clinton turned over 55,000 pages of emails to the State Department, she subsequently deleted the remaining contents on the server claiming those emails to be personal and not work-related.

There are several laws surrounding the mishandling of classified information which are spelled out under Title 18 US Criminal Codes and Procedures. The two statutes federal investigators are most interested in are Title 18 U.S. Code § 1924 and Title 18 U.S. Code § 793. A violation of Section 1924 is a misdemeanor punishable by a fine and up to a year in prison, while a violation of Section 793, “The Espionage Act,” is a felony punishable by a fine and up to ten years in prison.

The existing legal analysis of this issue has mostly been done by ABC legal analyst Dan Abrams, Emeritus Professor of Law Richard Lempert and Washington Post columnist Ruth Marcus. Their arguments center on the difficulty to find compelling evidence that Hillary Clinton knowingly sent sensitive information, because there are no emails “marked classified” on her server. They also believe it would be hard to prove Clinton intentionally put American secrets at risk with her emailing practices and server security.

Based on the available evidence, I disagree with the existing legal conclusions and there are already signs that the Department of Justice does as well. Here are the reasons Hillary Clinton should and will be indicted for violating Section 1924 and Section 793 of US Title 18 while Secretary of State from 2009 to 2013.

(1) Hillary Clinton’s e-mails with Clinton Foundation employee Sidney Blumenthal contain proof that she knowingly retained “classified information” on her private server and also communicated information of “the national defense” with someone “not entitled to receive it.”

Clinton’s use of a private server was unveiled as a result of the Congressional investigation into the 2012 terrorist attacks which killed 4 Americans at the US consulate in Benghazi, Libya. In December 2014, Clinton turned over all the emails deemed “work-related” to the State Department and the Benghazi investigation. During the review of these emails it was revealed that she had extensively corresponded with someone by the name Sidney Blumenthal while Secretary of State. Sidney “Sid” Blumenthal was a former journalist at the New Yorker who became one of the Clinton’s closest aides and confidants during Bill Clinton’s administration. At the time of the Benghazi attacks, Blumenthal was not a State Department employee, despite having tried, he worked at the Clinton’s large non-profit organization – The Clinton Foundation.

Once his correspondence with Hillary Clinton came to light, Blumenthal was summoned to testify before the Congressional Benghazi committee in June 2015. In a closed door meeting with the committee members, Blumenthal turned over 60 emails that he had exchanged with Hillary Clinton. Once the committee crosschecked the emails that Blumenthal had turned over with the ones Clinton had handed over to the State Department, they found that she had not turned over nine emails and portions of six others – 15 emails in all were unaccounted for. After accusations that she deleted these emails, the State Department released a new 1,500 pages of Clinton’s emails in September 2015 that were previously undisclosed to the Benghazi committee.

One analysis has found that at least 23 messages between Clinton and Blumenthal contain classified information, including ones she sent. Several emails have had select paragraphs and even entire pages redacted. This June 2012 memo has been completely redacted, and this September 2012 memo even has the subject line hidden. Blumenthal in fact prefaced many of his intelligence memos to Clinton by saying they came from “an extremely sensitive source” and the information “should be handled with care”. This throws into doubt Clinton’s argument that she could not know information was classified because it was not “marked classified”. Clinton repeatedly forwarded these emails to her aides, thanked Blumenthal and encouraged him to continue sending her information.

Many have suspected that Clinton’s entire rationale for having the private server was not “convenience” as she has said, but rather to keep under wraps what looks like an, unofficial, unvetted intelligence network run by Blumenthal, Tyler Drumheller, an ex-CIA intelligence officer, and Cody Shearer, a long time Clinton family friend

The most incriminating email from Blumenthal to Clinton is a memo where he reveals the name of a CIA intelligence operative in Libya. In a March 2011 memo, Blumenthal wrote “Tyler spoke to a colleague currently at the CIA, who told him the agency had been dependent for intelligence from [redacted due to sources and methods].” Despite the email not being “marked classified”, information about a current CIA asset which was illegally obtained almost certainly falls under the purview of a 2009 Non-Disclosure Agreement Clinton signed which stipulates that “classified information is marked or unmarked classified information.” John Rizzo, a former general counsel at the CIA, said of the memo “it’s the most sensitive kind of classified information — the true identity of a human source.” J. William Leonard, a former director of the U.S. government’s Information Security Oversight Office (ISOO) who worked for both the Bill Clinton and George W. Bush administrations said of the information “It’s born classified”…for the State Department to say otherwise was “blowing smoke.”

Clinton, by law, was supposed to report this improper disclosure of classified information to Department of State Inspector General. But interestingly during her tenure, there was no Inspector General for the State Department, the longest there had been an absence in that position since 1957. Clinton is one of ten members of the US government which determines what is classified information, yet still forwarded this email to one of her aides – debunking her claim that she never sent classified information through her private server.

“This is a serious breach of national security and a clear violation of the law”, said Army Col. Larry Mrozinski, who served almost four years as a ­senior military adviser in the State Department under both Clinton and Condoleezza Rice. “It’s hard to imagine that in her position she would fail to recognize the obvious…anybody else would have already lost their security clearance and be subjected to an espionage investigation,” Mrozinski added.

If the FBI concludes that the identity and location of this CIA operative was authentic then this is indisputable proof that Hillary Clinton violated Section 1924 for possessing “documents containing classified information” (even if it was not marked classified) at an “unauthorized location” (on her private server). Furthermore, this would prove that Clinton was corresponding about information “of the national defense” with an employee of The Clinton Foundation, even though Blumenthal was never given a security clearance to deal with such sensitive information in the first place. Clinton forwarding his email to others and encouraging additional information be sent could be considered a violation of Section 793, Section 798, and the 2009 Non-Disclosure Agreement for “knowingly and willfully” communicating sensitive information with someone who was not “properly authorized by the United States Government to receive it“.

However, the case to prosecute Clinton under Section 793, “The Espionage Act,” is far weaker than the other statutes. It is easy to piece together certain behavior and claim that she has violated the law, but intent is important when deciding to prosecute. There is an argument to be made based off of a 1941 Supreme Court case that in order to be prosecuted under The Espionage Act, the disclosure of this information would have had to be done in “bad faith” and with “intent” to injure the United States. It is not currently possible to say Clinton intended to injure anyone by forwarding the e-mail, and that likely would not be true anyway. But that does not remove the fact that there was still classified information housed at an “unauthorized location” nor the fact that the security of her private server was poor enough that a hacker could access this information (the next violation of Section 793) and could use it “to the advantage of a foreign nation”.

Interestingly, a Romanian hacker by the alias “Guccifer” hacked into Blumenthal’s AOL account (not Clinton’s) back in March 2013 and leaked four Benghazi-related emails between him and Clinton. One of those emails has not been handed over to the State Department or the Benghazi investigation but details the role of Saudi Arabia, a US ally, in funding the terrorists who attacked the US consulate in Benghazi. Saudi Arabia donated between $10-25 million to The Clinton Foundation in 2014. “Guccifer” is now being extradited to the United States from Romania, perhaps to testify to federal investigators about the authenticity of these leaked emails between Blumenthal and Clinton.

However, Blumenthal’s story does not end there. While most of his memos about Libya dealt with intelligence surrounding the country’s 2011 civil war, many reveal how he solicited Clinton’s support in pushing his business ventures. In an April 2011 memo, Blumenthal suggests that the new Libyan government hire private security firms for training, protection and medical supplies. He suggested that his own firm, Osprey Global Solutions, broker these deals. Clinton forwarded these emails to her aides and said “the idea of using private security experts to arm the opposition should be considered.” In August 2011, Osprey Global Solutions signed a contract with the new Libyan government to provide these services. Blumenthal also suggested that America more intensively support the Libyan rebels by sending A-10 “Warthog” aircraft instead of Predator drones. The United States did in fact deploy six A-10s as part of Operation Odyssey Dawn in the coalition bombing to topple the Gaddafi regime.

There is no evidence from the emails provided that Blumenthal’s suggestions directly translated into State Department policy, but if the FBI retrieves any emails from her “wiped” server that reveals this to be true then she is in violation of foreign lobbying laws and could be charged with public corruption. In fact, the FBI investigation has already expanded to examine charges for public corruption if Clinton awarded State Department contracts to foreign governments in exchange for donations to The Clinton Foundation.

Sidney Blumenthal is currently a narrator on CNN’s “Race to the White House” original series.

(2) Hillary Clinton’s failure to encrypt her private sever for the first two months as Secretary, along with other security lapses, constitutes “gross negligence” while possessing information of “the national defense.”

Once Clinton turned over her server to the FBI in August 2015, reports began to emerge that it was extremely vulnerable to hacking attempts because the server permitted remote-access connections directly over the Internet. Not only that, Clinton did not encrypt any of her emails for the first two months as Secretary of State.

Before becoming Secretary of State in 2009, Clinton purchased a private email server to be installed in her home in New York. On this server she used the email address hdr22@clintonemail.com for all work and personal correspondence throughout her 4-year tenure as Secretary. She did not use, or activate, an official State Department “state.gov” email account throughout this time. This separates her case from former Secretaries of State Colin Powell and Condoleezza Rice who had a private email address, but primarily used their work email. They did not go as far as to have all their communications flow through a private server which only they controlled, nor were they sending highly classified information through their private email. Powell had only two of his e-mails retroactively classified, that too at the lowest level.

After scanning the “clintonemail” domain, a private cybersecurity firm found that from January 2009 to March 2009 the domain had no digital certificate issued by an authority. Without what’s called an “SSL” certificate, data flows through in the form of plain text. This means all of Clinton’s web browser, smartphone and tablet communications would not have been “encrypted,” which allows any hacker to read that information.

Marc Maiffret, who has founded two cybersecurity companies, called her set up “total amateur hour” and that “real enterprise-class security, with teams dedicated to these things, would not do this.” “An attacker with a low skill-level would be able to exploit this vulnerability,” said a Homeland Security Department’s U.S. Computer Emergency Readiness team.

Clinton has so far refused to answer questions about how well her system was secured, the types of safeguards on her server and whether, or how frequently, security updates were applied. Clinton’s first email sent from the server was on January 28th, 2009, but the Clinton’s server wasn’t issued an SSL certificate until March 29th, 2009 – contradicting her claim that this system wasn’t used till after March 2009. During those two months, Clinton’s travel logs show that she visited China, Indonesia, Egypt, Israel, Japan and South Korea and discussed issues about North Korea, Mexico, Afghanistan, military advisers, CIA operations and a briefing for Obama.

There are now reports that, Asian governments may have been reading Clinton’s information during the 3 month window when her server did not have an SSL certificate. While Clinton has claimed there is no evidence that her private server was successfully hacked, there have been two confirmed hacking attempts into Clinton’s email server: one in 2011 from Russia and a second one in 2012 from Serbia. There are now reports of dozens more hacking attempts into her server, some even originating from allies like China, South Korea and Germany.

While the specific safeguards for her email server are still unknown, we know these two things for sure. First, the State Department was aware of these lapses, warned Clinton and attempted to provide her with a secure “state.gov” email account, but she chose not to use it. Second and more damningly, Clinton tried to modify existing State Department security protocols so she would be able to use her unsecured Blackberry in a secure facility (called a SCIF) to view classified information. The NSA said no.

Do all these actions meet the legal definition for “gross negligence”? In 2015, a massive cyber hack into the State Department actually forced the US to pull federal agents out of China to protect them after their identities were revealed. Given that we now know Clinton corresponded about a specific CIA intelligence operative over email, does the lax security for her private server and attempted circumvention of security protocols while there were confirmed hacking attempts into her server demonstrate “reckless disregard for the safety or lives of others”? There are indications that federal investigators may think so.

Last month the Justice Department granted immunity to Clinton’s IT staff member who managed her e-mail server, Bryan Pagliano. A witness is usually granted immunity if he/she will be giving testimony to a grand jury about evidence that relates to an investigation, and usually implicates themselves in a crime. Until now, Pagliano has been pleading the 5th Amendment and has refused to cooperate with the investigation surrounding how the e-mail server was set up and the safeguards put in place. There are even suspicions of fraud involving his hiring and payment, which were all done by the Clintons, and not reported to the State Department.

Many have said a granting of immunity is not evidence of guilt, rather a competent lawyer who is seeking protections for their client before cooperating with an investigation. Pagliano receiving immunity may ultimately be inconsequential, but one former FBI official said, “you don’t start granting people close to Clinton immunity unless you are seriously looking at charges against your target.”

(3) Hillary Clinton transferring the data from her private server to Platte River Networks, a private IT company, constitutes retaining “classified information” at an “unauthorized location.”

Whether or not Clinton’s private email server itself violated The Federal Records Act, The National Archives Regulations or the Freedom of Information Act remains the subject of legal debate. But what she chose to do with her data after leaving office has received little attention.

After Hillary stepped down as Secretary of State in February 2013, she chose to upgrade her private email server. In June 2013, a small IT company in Denver called Platte River Networks won a contract to provide information technology services to Bill and Hillary Clinton, which included taking possession of Hillary’s email server while she was Secretary of State. The role of Platte River Networks was to “upgrade, secure and manage the e-mail server for both the Clintons and their staff beginning June 2013.”

This was a huge contract for a company that had actually never held a federal contract before, had no prior relationship with the Clintons, and who’s most notable accomplishment at the time was winning the 2012 Denver Metro Chamber of Commerce’s Small Business of the Year award. In June 2013, the company took Clinton’s server from her home in New York and transferred it to a secure facility in New Jersey. It was here the data from her original server was “migrated” to a new server for the purpose of making the transition to Platte River Networks.

Platte River Networks did not have clearance to handle classified government information. Cindy McGovern, a spokeswoman for an agency within the Defense Department that vets companies for security clearances, said her office had not extended one to Platte River Networks. The company has admitted that as far as it knows, their employees never held formal government-issued security clearances.

Given that we know there is at least one email considered “born classified” with the identity of a CIA intelligence operative, along with 22 other classified emails the State Department has withheld, Clinton’s decision to transfer this information to a private IT company with no security clearance is not only a violation of Section 1924 for housing sensitive information at an “unauthorized location,” but could even fall under Section 793 for “gross negligence” in handling information of “the national defense.” More so, once the FBI approached Platte River Networks to retrieve Clinton’s original server, there are reports that employees at the company began to fear a cover-up . The company reportedly received a letter from Clinton Executive Service Corp instructing them to “cut the back up”.

The employees did not do so and the FBI has now recovered deleted emails which they considered to contain work-related information. This debunks her claim, which she made under the penalty of perjury, that she turned over all her work-related emails to the State Department. Depending on the nature of these recovered e-mails, she could be charged with tampering of evidence, lying to federal officials, and an obstruction of justice.

Are all of these events as incriminating as the ones that led to the prosecution and conviction of former CIA director David Petraeus? Petraeus pled guilty in March 2015 for mishandling classified information by handing over of notebooks filled with sensitive information to his biographer Paula Broadwell, and lying to federal agents about it. Petraeus was given what’s been considered a light sentence for these charges by receiving a $100,000 fine, a stripping of his security clearance and a two-year probation from public service.

The former chairman of the House Oversight and Government Reform Committee Darrell Issa said that with the “body of evidence” against Hillary Clinton, FBI Director James Comey “really has no choice but to refer this for indictment.” Former US District Attorney Joe diGenova said that the granting of immunity to Pagliano could only been done if there were subpoena’s issued for his bank transactions and official communications – things that would not have been done without a grand jury being assembled to examine evidence.

But what form will that take? An indictment in the neighborhood of Petraeus’s would have to at least entail a stripping of one’s security clearance, which apparently has already been discussed and there has already been speculation on how Clinton would serve probation if she pleads guilty to a misdemeanor crime. It’ll be interesting to see her role as Commander-in-Chief if she can’t look at or handle classified information and has to report to a probation officer monthly. However, there is a legitimate case to be made for criminal charges against Clinton which warrant time in prison by law. But the FBI can only issue a recommendation, it’s the decision of the Department of Justice to prosecute Clinton on these charges. There have been reports that FBI Director James Comey would resign in protest if Attorney General Loretta Lynch declines to prosecute the case. We also can’t rule out the possibility of an official pardon from President Barack Obama, who said this week that Clinton did not “intentionally put America in jeopardy.”

However, with immunity being granted to Clinton’s IT staff member Bryan Pagliano, and the interesting timing of Romanian hacker “Guccifer” being extradited to the United States – here is the remaining evidence that a grand jury has already been convened and Hillary Clinton will be prosecuted.

First, career Justice Department attorneys have been assigned to the case. When Attorney General Loretta Lynch was asked when the investigation would be wrapped up she said, “That matter is being handled by career independent law enforcement agents, as well as career independent attorneys in the Department of Justice.” This is almost indisputable proof that the FBI probe has at least progressed beyond the initial referral. Why would the Department of Justice bring in their own attorneys if the FBI wasn’t going to recommend further action? DOJ agents are now likely using the government’s full investigative tool box – including subpoena power for individuals, business or phone records, as well as witnesses, to create their case against Hillary Clinton. FBI Director James Comey himself will interview Clinton and her aides in the next few days. Second, Lynch would not answer whether or not a grand jury has been assembled yet. If there was no grand jury being convened, Lynch would have likely said so to quell rumors that she will be indicted. If a grand jury is meeting to discuss evidence, she would not legally be allowed to comment on it.

The FBI is expected to officially announce the findings from the investigation around May or June. The Democratic National Convention will choose the party’s nominee for President at the end of July. If Clinton is found guilty of any charges she must either withdraw her name from the Democratic primary, or continue to deny/downplay wrongdoing and hope that she will still collect enough delegates in the remaining primary states to secure the nomination. If a heavy charge is brought down and she chooses to withdraw from the race, Bernie Sanders would likely become the nominee. However, there are rumors there could still be a contested convention because of the party’s high number of super delegates.

What a time to be alive.