Former Secretary of State and 2016 Democratic frontrunner Hillary Clinton did not follow federal rules for transparency by using private email, according to a highly critical report delivered to Congress Wednesday morning.
The State Department Office of the Inspector General's "Evaluation of Email Records Management and Cybersecurity Requirements" said Clinton and her staff had an obligation to notify the department about use of "her personal email account to conduct official business," but did not. The department would have likely complied, the audit said, and "would have attempted to provide her with approved and secured means that met her business needs."
The Associated Press was the first to report the IG audit.
Spanning nearly 20 years, the watchdog found "three cases where officials used non-departmental systems on an exclusive basis for day-to-day operations." Along with Clinton, former Secretary of State Colin Powell and Jonathan Scott Gration, a former Ambassador to Kenya were cited. Powell's tenure aligned with more lax policies on network security, but the report noted that State "had an outright prohibition on both the installation of privately owned computers in Department facilities." Powell used a private laptop for email at the time.
The IG noted that records management policies changed over time, and Clinton's practices did not comply with department rules in comparison with others' compliance, saying "Secretary Clinton's cybersecurity practices accordingly must be evaluated in light of these more comprehensive directives."
Clinton, through a representative, told the IG's office that because her emails were sent through private servers to other State staffers via government accounts, the emails were in compliance with Foreign Affairs Manual policies and The Federal Information Security Management Act. The IG did not agree, saying this "did not comply with the department’s policies that were implemented in accordance with the Federal Records Act."
While the report did not specifically address the issue of classified information sent through Clinton's private server or the FBI's ongoing investigation, it chided her for not using secure systems. The report said she "never demonstrated . . . that her private server or mobile device met minimum information security requirements specified by FISMA and the FAM."
The watchdog noted Clinton's lack of complete records has been an issue since before she left the office:
At a minimum, Secretary Clinton should have surrendered all emails dealing with Department business before leaving government service and, because she did not do so, she did not comply with the Department’s policies that were implemented in accordance with the Federal Records Act.
The report's conclusion criticized the entire department, saying State lacks clear directives around record-keeping and transparency. In the report's conclusion, the audit went back to Madeline Albright, concluding that preserving email has been a particular weakness at State.
Longstanding, systemic weaknesses related to electronic records and communications have existed within the Office of the Secretary that go well beyond the tenure of any one Secretary of State.
Using private email to conduct government business is not exclusive to the State Department or to Clinton's time there. Pentagon chief Ashton Carter has been under criticism for his use of email recently and a 2015 Government Executive survey found the practice to be common among federal employees.