Dan Metcalfe spent more than thirty years working at the U.S. Department of Justice, at which he served from 1981 to 2007 as director of the Office of Information and Privacy, where he was responsible for overseeing the implementation of the FOIA throughout the entire executive branch. He now teaches secrecy law at American University’s Washington College of Law.

I thought when I retired from the Justice Department in 2007, I was done with records-related scandals. By that point, I had spent more than a quarter-century as founding director of the Justice Department’s Office of Information and Privacy, effectively serving as the federal government’s chief information-disclosure “guru.” In that position, I had weathered many a Clinton records scandal during the 1990s—about two dozen, all told, including two that amazingly have still never become public—and I thought I had seen the last of them. At the very least, I thought I had become immune to being shocked by anything in that vein.

It turns out I was wrong on both counts.


We now have former Secretary of State Hillary Clinton being revealed as someone who took the unprecedented step of arranging to use her personal email account for all of her official email communications. What’s more, she decided to use her own email server equipment, rather than a commercial Internet service provider, so that the records of her email account would reside solely within her personal control at home. And if that were not enough, she then proceeded blithely—though not uncharacteristically—to present herself to the public, at a press conference held on March 10, as if there were really nothing “wrong” about any of this at all.

Well, as the saying goes, “reality is not her friend.”

For anyone considering this sad tale carefully—including the media, members of Congress and the public at large, whether from “inside the Beltway” or not—some basic points of both law and reality should be borne in mind.

First, while it is accurate for Secretary Clinton to say that when she was in office there was not a flat, categorical prohibition on federal government officials ever using their personal email accounts for the conduct of official business, that’s a far different thing from saying (as she apparently would like to) that a government official could use his or her personal email account exclusively, for all official email communications, as she actually did. In fact, the Federal Records Act dictates otherwise.

That law, which applies to all federal agency employees who are not within the White House itself, requires the comprehensive documentation of the conduct of official business, and it has long done so by regulating the creation, maintenance, preservation and, ultimately, the disposition of agency records. When it comes to “modern-day” email communications, as compared to the paper memoranda of not so long ago, these communications now are themselves the very means of conducting official business, by definition.

To be sure, this cannot as a practical matter be absolute. When Obama administration officials came into office in 2009, the Federal Records Act certainly allowed room for the occasional use of a personal email account for official business where necessary—such as when a secretary of state understandably must deal with a crisis around the world in the middle of the night while an official email device might not be readily at hand. That just makes sense. But even then, in such an exceptional situation, the Federal Records Act’s documentation and preservation requirements still called upon that official (or a staff assistant) to forward any such email into the State Department’s official records system, where it would have been located otherwise.

This appears to be exactly what former Secretary of State Colin Powell did during his tenure, just as other high-level government officials may do (or are supposed to do) under such exceptional circumstances during their times in office. Notwithstanding Secretary Clinton’s sweeping claims to the contrary, there actually is no indication in any of the public discussions of this “scandal” that anyone other than she managed to do what she did (or didn’t) do as a federal official.

Second, the official availability of official email communications is not just a matter of concern for purposes of the Federal Records Act only. It also makes an enormous (and highly foreseeable) difference to the proper implementation of the Freedom of Information Act (known as the “FOIA” to its friends, a group that evidently does not include Secretary Clinton). That is because the starting point for handling a FOIA request is the search that an agency must conduct for all records responsive to that request’s particular specifications. So any FOIA request that requires an agency first to locate responsive email messages sent to or from that agency’s head, for instance, is necessarily dependent on those records being locatable in the first place. And an agency simply cannot do that properly for any emails (let alone all such emails) that have been created, and are maintained, entirely beyond the agency’s reach. Or, as it sometimes is said somewhat cynically in the FOIA community, “You can’t disclose what you can’t find.”

In this case, which is truly unprecedented, no matter what Secretary Clinton would have one believe, she managed successfully to insulate her official emails, categorically, from the FOIA, both during her tenure at State and long after her departure from it—perhaps forever. “Nice work if you can get it,” one might say, especially if your experience during your husband’s presidency gives you good reason (nay, even highly compelling motivation) to relegate unto yourself such control if at all possible.

Third, there is the compounding fact that Secretary Clinton did not merely use a personal email account; she used one that atypically operated solely through her own personal email server, which she evidently had installed in her home. This meant that, unlike the multitudes who use a Gmail account, for instance, she was able to keep her communications entirely “in house,” even more deeply within her personal control. No “cloud” for posterity, or chance of Google receiving a congressional subpoena—not for her. No potentially pesky “metadata” surrounding her communications or detailed server logs to complicate things. And absolutely no practical constraint on her ability to dispose of any official email of “hers,” for any reason, at any time, entirely on her own. Bluntly put, when this unique records regime was established, somebody was asleep at the switch, at either the State Department or the National Archives and Records Administration (which oversees compliance with the Federal Records Act)—or both.

Now, what Secretary Clinton would have one believe is that this is all just a matter of her choosing one available email option over another, that she really did nothing that her predecessors had not done before her and that she can be trusted to “have absolutely confidence” that what she did “fully complied with every rule that [she] was governed by.” In other words, the thrust of her March 10 press conference was: “Everything was fine, nothing to be seen here, so let’s all just move along.”

But having spent a quarter-century at the forefront of the government’s administration of the FOIA, including its transition to electronic records and its involvement in so many Clinton administration “scandals du jour,” I know full well that both what Secretary Clinton arranged to do and what she now has said about that are, to put it most charitably, not what either the law or anything close to candor requires. At a minimum, it was a blatant circumvention of the FOIA by someone who unquestionably knows better and an attempted verbal “cover” of the situation (if not “cover-up”) that is truly reminiscent of years past.

And I say that even as someone who, if she decides to run for president and is the Democratic nominee, will nevertheless vote for her next year.

I cannot tell you how many times, during the eight years of the Clinton administration, I heard someone say, “The cover-up is worse than the crime.” For those of us who knew what most of the alleged record “cover-ups” actually were, even if not the full extent of each “crime,” I can tell you that this sometimes was true—but not always. In fact, the exact phrasing of the public explanations given, with their sly connotations versus denotations, could make all the difference.

Let’s start with her opening sentences of the press conference: “First, when I got to work as secretary of state, I opted for convenience to use my personal email account, which was allowed by the State Department….”

This statement, right off the bat, gives a false impression, through two key words that are used and one that is missing. Her use of “opted” (which, incidentally, was readily accepted by her first questioner) strongly implies that she actually had a choice under the Federal Records Act; she did not. And the word “allowed” likewise connotes that what she did was permissible as a matter of law. It was not. It obviously was “allowed by the State Department” in one sense because it did proceed to happen; no one tackled her in the hallway before she could do it. But that does not mean that it was properly allowed, which is what she repeatedly implies. The missing word, of course, is “exclusively.” Officials were not absolutely barred from ever using their personal email accounts. But again, that is a far cry from what this answer falsely implies—that the law and regulations, either back then or now, allow the use of a personal email account exclusively. She never should have been using a personal account exclusively for her email correspondence. That’s the key ingredient that made her email setup contrary to policy, practice and law.

Let’s take, as another example, her claim that what she did was in compliance with law because “the federal guidelines are clear.” OK, please now tell us, Secretary Clinton, exactly which “federal guideline” (even one will do, notwithstanding your claim of plurality) makes it “clear” that you can unilaterally decide, dispositively and with such finality, which of your work-related records are “personal” and which ones are not, even with FOIA requests pending? Years ago, I worked on a case in which a presidential appointee—who shall remain nameless though not blameless—after becoming caught up in an especially controversial matter, intransigently declared that all of the records on a credenza behind his desk were “personal” and thus were beyond the reach of the FOIA (and that of the agency FOIA officer, whom he physically prevented from going back there). This official was severely castigated by a federal judge after it was found that he was, in no small part, quite mistaken about both things; the judge’s opinion was so pointed that we used the case regularly in our FOIA training programs. So yes, Secretary Clinton’s suggestion that federal officials can unilaterally determine which of their records are “personal” and which are “official,” even in the face of a FOIA request, is laughable.

It is not at all uncommon for the average federal employee on a day-to-day basis to bear the responsibility of “separating the wheat from the chaff” under the Federal Records Act, as well as when that employee departs from federal service. Even relatively high-level employees such as myself (as an ES-5 in the Senior Executive Service) often are able, as a practical matter, to determine such things, just as I did when I retired from the Justice Department eight years ago. But I certainly could not have taken with me the sole copy of any agency-generated document, nor could I have properly stymied any pending FOIA request—not even for a record in my office that I was convinced was 100 percent “personal.” In fact, at Justice we created a formal process to govern things that departing officials sought to “remove.” The first official to which the policy was applied, at her own insistence, was Attorney General Janet Reno, at the end of the Clinton administration. (This stood in stark contrast with the sad case of Attorney General Edwin Meese, who was so overreaching upon his departure that we had to scour his garage in Virginia to retrieve about a dozen boxes of records that he wrongfully took with him in violation of the Federal Records Act, among other things.) One cannot help but wonder how Secretary Clinton’s departure process was handled.

Beyond the problematic things that Secretary Clinton actually said at last week’s press conference—such as her brazen suggestion that if the “vast majority” of her emails were handled in a certain way, that should be good enough—were the things that largely went unaddressed, including the official sensitivity of her emails and specifically whether any part of them might have warranted classification on national security grounds or even special handling as “Sensitive But Unclassified” information. The current executive order on national security classification, which was issued by President Obama in December 2009 (i.e., after Secretary Clinton’s special arrangement commenced), continues the traditional emphasis on protecting both “foreign government information” and information the disclosure of which could be expected to cause “foreign relations harm”—broad categories that can easily be implicated through even indirect reference to serious international matters at a high level. It is not easily imaginable (although not inconceivable) that a 21st-century secretary of state could manage to go four years without including at least some information in her official email traffic that at the very least called for a careful classification review. And if such a short-cut was taken here, which remains to be seen, it would have been a heavy institutional price paid for what was, put most benignly, a matter of Secretary Clinton’s “personal convenience.”

Similarly, though of a lesser concern, is the matter of what since 9/11 has been universally called “Sensitive But Unclassified” information, which pertains to the labeling and safeguarding of anything that an agency chooses to give special handling to on one sensitivity basis or another. As the author of the seminal White House memorandum on this particular subject (in March 2002), I am sensitive to the fact that the State Department regularly uses record designations (such as “Nodis” and “Noforn”) within this realm that could readily be deemed incompatible with Secretary Clinton’s “personal email account/private server” scheme upon proper attention to it. These are just some of the concerns and questions that remain in the wake of her first seemingly comprehensive attempt to explain why and how she managed to indulge in such extraordinary treatment for her email communications alone.

By the way, much as Secretary Clinton might like to claim personal “credit” for this successful scheme when talking with her friends about it within the privacy of her own home—perhaps while leaning against her private Internet server in her basement—the fact is that she didn’t invent this form of law circumvention; she just uniquely refined it. Yes, it was the Bush administration—specifically, the White House Office of Administration in concert with Vice President Dick Cheney, Karl Rove and the Republican National Committee—that likewise succeeded with wholesale email diversion back in the pre-smartphone days of freewheeling Blackberry usage.

Unfortunately for all of us, the competition for perverse “honors” in the world of circumventing both the letter and the spirit of federal records laws is indeed quite stiff.