> According to the 26-count indictment, on thirteen occasions between February 14, 2018 and June 1, 2020, Unkenholz, lawfully having possession of, access to, and control over NDI, which he had reason to believe could be used to the injury of the United States or to the advantage of any foreign nation, willfully transmitted that information to another person who was not entitled to receive it.
Mark Robert Unkenholz has this patent claim for key escrow: "Device for and method of cryptography that allows third party access" https://patents.justia.com/patent/5631961
He also worked on Clipper apparently. But this patent seems to use public-key techniques for escrow, which Clipper didn't... probably because Clipper was hardware and couldn't handle the cost of those operations.
But besides that, can we just take a facepalm to recognize an NSA employee sending _and_ keeping classified data in a personal email server. Like, how did he not know he would get caught, right?
isnt it obvious that the person believes that they ought to be able to trade that information? rational or irrational, this looks like a fight more than a theft
Tell me more. I would think that everyone with a TOP SECRET/SCI clearance is really clear on what it entails. I can't see someone thinking they could copy it to personal email and send it to someone without a clearance.
It isn't really always clear on what it entails, for example the word "the" will appear in TS documents but you're allowed to use that word without worrying about this happening. Specific pieces of data or groups of data receive a classification based on the harm they can cause if disclosed improperly. However, an entire document receives a classification based on its most sensitive parts so it can be hard to determine what parts of it are actually sensitive. If you don't know, ask, so things like this don't happen. This person should have known better, I can imagine how it's possible to accidently transmit classified data on an unclassified network. But I have a hard time seeing someone make an honest mistake like that 13 times.
Which is excellent advice - and unless you're both a lawyer, and familiar with the conventions of this particular bit of law, you probably shouldn't make any assumptions about what should, and should not be written in this kind of indictment.
Nobody ever asks programmers to provide legal opinions.
On the other hand, understanding formal logic is of practical value in the legal industry; I was thinking of building searches to find electronic documents which is a real thing that (clueless) people (try to) do. Seems to me like it could potentially be very high stakes, at least in hindsight if you screw it up.
I don't know if boolean logic is or used to be part of a law school curriculum. It just seems to me a bit surprising if it isn't.
Do you have any links that document what she did that is worse than this NSA employee's behavior?
My understanding is that she didn't use her personal email for classified information and continued to use a government provided system for that class of information.
“The FBI investigation found that 110 messages contained information that was classified at the time it was sent. Sixty-five of those emails were found to contain information classified as "Secret;" more than 20 contained "Top-Secret" information.”
EDIT: compare with:
“If convicted, Unkenholz faces a maximum sentence of 10 years in federal prison for each of the 13 counts of willful transmission of NDI and for each of the 13 counts of willful retention of NDI.”
I have no direct experience with classified information process in US government. But I highly doubt that anyone can un-classify something without paperwork trail. Imagine a situation when CIA sends top secret briefing to the Secretary of State based on sensitive information from a spy. Declassification of this briefing might result in spy being executed. Thus, I highly doubt that the Secretary of State can declassify this briefing just by herself.
Edit: even the president can’t just declassify docs and had to consult with FBI (and accept their redactions):
> I have no direct experience with classified information process in US government.
You then have an edit where you make a broad claim about the power of the president to declassify documents.
However, the article you linked doesn't make any claim about limits on the Office of the President to declassify documents. It only describes the standard process Trump was following to declassify those documents.
You should take some time to look into this issue more deeply, as there is a lot written about the power of the president to declassify documents. (Unless of course you are attempting to anger the internet into revealing its answers by making bold assertions, in which case well played, my friend :)
Thanks, sorry I should have used different wording. I agree that the president has the power to classify/declassify anything. My example was that the president on the last day in the office followed the procedure to declassify documents highly important for him instead of taking photos on the phone and posting on Twitter ;)
This is specifically the thing that I tend to find so exhausting about these discussions. People get so bent out of shape about their perception the rules are violated when they don't even put the time in to know what the rules are.
Reading section 3.1, Secretary of State has the power to declassify only the information that originally was classified inside that office. In my example above with a CIA briefing, only the CIA itself or the DNI can declassify it (ignoring automatic declassification because of time).
And I’ll reiterate - I am sure there is a form 1234 one needs to fill in to actually declassify something.
I see nothing in there specifically binding an acting Secretary of State, and since none have been prosecuted, I infer there is nothing to prosecute.
You have to also factor in the National Security Act of 1947, which this EO does not supercede.
At the level of Cabinet, mishandling of classified information is a political question, not a legal one.
ETA: Forgot to mention, you also have to consider the actual statue, 8 U.S. Code § 798. That statute makes clear that exempt from the list of unauthorized persons are people cabinet members authorize. It seems self-evident that secretary Clinton authorized secretary Clinton (and her IT staff) to handle classified information.
If one turns one's head and squints, I suppose the secretary could have been held accountable if classified information was leaked from the server to an unauthorized recipient. It didn't happen, so no way to know what the consequences might have been had it occurred.
“ I see nothing in there specifically binding an acting Secretary of State, …”
Section 3.1 from EO 13526 describes the rules for declassification for US government. There are no exclusions for Cabinet or Secretary of State (notice that NDI has a subsection in the EO to cover expanded authority to declassify the information).
“… and since none have been prosecuted”
This is going back to “other people did it” argument.
“You have to also factor in the National Security Act of 1947”
I can’t find anything specific for this discussion. Which section are you referring to?
“At the level of Cabinet, mishandling of classified information is a political question, not a legal one.”
This is not the law. EO 13526 doesn’t make exceptions for Cabinet. It might be current political practice but I hope you agree this is not the right way to have high placed government official above the law (to be clear, I have no problem if the law or EO are changed to say that Cabinet or Secretary of State can declassify anything).
“… secretary Clinton authorized secretary Clinton (and her IT staff)“
Could you please provide a pointer for such an authorization? I am sure there is a form one needs to fill in. BTW, I haven’t seen the argument yet that server in the basement was authorized to handle classified information. I would love to see the form that explains why it is not a problem. Should be a fun read.
“… I suppose the secretary could have been held accountable if classified information was leaked from the server“
Notice that NSA employee was charged with retention of NDI in addition to sharing it with unauthorized recipient. The “leaking” of information to unauthorized party is not required for the prosecution.
> This is not the law. EO 13526 doesn’t make exceptions for Cabinet
They aren't necessary given that the underlying statute is predicated on the idea that the person accessing the classified information was unauthorized.
... and we're back to the authorization issue. The relevant proviso in the law is "without authority." The Secretary of State has authority to authorize and authorizes herself, obviously.
> I am sure there is a form one needs to fill in.
There really isn't for a Cabinet secretary. You have to remember the underlying purpose of state secrets: to allow the executive to do its job in a world where secrets are necessary for that to be done. Whether the job is being done ultimately rests on the decision of the President (and, by delegation, the Cabinet).
Here's a minimum viable authorization.
"Hey Hillary, sounds like your IT guy might be privy to state secrets. Is he authorized to view them?"
"Yes Mr. President."
"Okay then."
One could make the argument that violates his EO because it doesn't follow the formal, documented protocol... Except it's his EO. Whether it's violated rests with the judgement of the President.
On this topic specifically, it really is up to the President whether the Secretary of State has mishandled classified information. The back-stop to that is impeachment of said President and the judgment of the American people (the People were, apparently, dissatisfied with Clinton's behavior on this subject, and she was not elected President. Justice done).
“ The Secretary of State has authority to authorize and authorizes herself, obviously.”
I agree that according to EO quoted above this is true for declassifying information originally classified by the State Department. I would appreciate if you can point me to the laws/EO/… that authorizes Secretary of State to declassify the information originally classified by another government agency (e.g. CIA).
“ Here's a minimum viable authorization.”
Could you please provide pointers that confirm that some kind of authorization by Mr President took place? I would accept pointers to verbal quotes from either Mr President or Hillary. Bonus point - have this authorization happen before classified information was leaked to unauthorized personnel or systems.
All of the things you're asking for hold the whole process to a higher standard than the standard. That's kind of the point of the disagreement in the electorate: some people think there's a rigid framework of rules, the rest understand this was a Cold War infrastructure designed around the ability to wage clandestine warfare (and the President, and his advisors, are the final arbiters on whether it's working).
... it's not designed to tie the hands of the President or his advisors on the question of how to preserve state secrets.
This is somewhat a change of the arguments from your side I think. But let’s discuss this topic as well.
US system is not an absolute monarchy and we have checks and balances in place “to tie the hands of the President or his advisors” not only on the question on how to preserve state secrets, but also on many if not all other questions as well. You can check out links at the bottom of this Wikipedia page for good explanations of why it is important:
Going back to the question of state secrets, the President had the following options:
1) Expand EO to allow Secretary of State to handle confidential information any way she wants;
2) Authorize Secretary of State to handle confidential information any way she wants using President’s authorization (something like you described above);
3) Pardon Secretary of State for misuse of classified information.
What President and his Administration can not do is to say “nothing to see here, move along”. The President and Administration are not above the laws even if they have powers to enact laws themselves (through EO, regulations, etc). I hope you remember the Watergate.
Edit: forgot to say that I am fine with any of the 3 options above applied to the NSA employee from the parent post. I am not asking for “higher” standards —- I am asking for “the same” standards.
In terms of principles, I agree with you. In terms of power, your description is aspirational and not the functional process.
When I say the question of abuse of power of the President and his Cabinet if "political, not legal," I mean that the mechanism by which the things you are describing are Constitutionally enforced are the impeachment powers of Congress, not the judicial powers of the courts. There's no benefit to trying an acting Secretary of State when the president has the authority to just pardon them immediately and the authority to fire them if they have acted to his displeasure.
And functionally, in the realpolitik sense, a failure on Congress's part to impeach any of the Presidents that allowed their secretaries of state to be as lax as they were is a tacit agreement that the current interpretation of these laws is acceptable. Congress has the authority to write these laws. And if Congress is unhappy with how they are enforced, they have the authority to impeach the executive. If the President or the Secretaries are in violation of the law, that's how we stop them. That's what rule of law looks like in the United States... The Constitution is very clear on who has the authority to remove the President from office (and, perhaps, slightly less clear on whether the president's broad pardon power extends to himself; it obviously extends to his cabinet).
You mentioned bribes and banana republics in a peer thread; I recommend reflection on the Iran-Contra scandal on that topic.
... and this is what I mean when I say "People get so bent out of shape about their perception the rules are violated when they don't even put the time in to know what the rules are." I mean that people get angry with the president, or the courts, or demand a Secretary of State be thrown in jail... And incredibly few people ask why Congress allows this to continue. Because ultimately, they have the power to stop it.
So sounds like you agree with me that Hillary did indeed break the law but you argument is that we need to understand "realpolitik" on why she can not be prosecuted. I guess I strongly disagree.
BTW, you other argument is that Mr President should have been impeached over this scandal and refusal to fire Secretary of State who broke the law. This is not a bad idea in general and I would agree that this should have happened.
Yes, completely agree with your assessment of what did not happen and should have happened.
Rule of Law ultimately breaks down if those empowered to enforce and adjudicate it do not do their jobs.
If people want a better US government, they need to take a hard look at why the last several impeachments occurred and the circumstances in which they didn't, and make some harder decisions about their elected Congressional officials than they have in my lifetime. Congress has a 20% approval rating, but 81% of the House of Representatives is on their second or later term.
(The only quibble I have with your comment: did Hillary break the law? Well, Congress is judge and jury on that question, and since they never even tried to adjudicate it, the question "did she break the law" depends on one's philosophical position on the question of innocence-until-guilt-proven.
I think you and I have laid out the argument and counter-argument that would have been made in a Congressional impeachment trial that should have happened and did not).
As we observed in the past four years, the rule of law includes the idea that the guy in the big chair in the Executive has broad, sweeping pardon powers. Including, possibly, an untested authority to self-pardon for criminal activity.
That is rule of law. It's possible for the law itself to be bad, of course.
President’s pardons are part of the presidents powers as defined by laws. I would have no problem if Mr President pardoned Hillary for her misuse of classified information, etc. This is not ethical from my pov but it is legal.
Edit: I would also have no problem with Mr President pardoning the NSA employee from the parent post.
The shortcut we usually see is the Judiciary will not press the issue when it's obvious the President will just pardon the offender (waste of taxpayer money to do so).
As "Will the President just pardon" is often back-room knowledge, it isn't necessarily something that comes up in the public-facing conversation all the time. But this is why the entire question of whether the Secretary of State broke the law is something Congress would have to press in the first place.
So again, you admit that Hillary broke the law but JD “read the mind” of Mr President and just let her off the hook.
Just for the record, compare this with other case (e.g. Flynn) where JD failed to “read the mind” and pushed all the federal government force against a person.
Comey didn't read anybody's mind. He explained why the case wasn't prosecutable.
"In looking back at our investigations into mishandling or removal of classified information, we cannot find a case that would support bringing criminal charges on these facts. All the cases prosecuted involved some combination of: clearly intentional and willful mishandling of classified information; or vast quantities of materials exposed in such a way as to support an inference of intentional misconduct; or indications of disloyalty to the United States; or efforts to obstruct justice. We do not see those things here."
I can copy/paste the Comey’s quote to apply it to the case of the NSA employee from the article. BTW, in Clinton’s case there is a clear effort to go around FOIA so you can call it obstruction of public justice if you want.
"[The accused] willfully transmitted that information to another person who was not entitled to receive it."
Comey found there was no clear effort to go around FOIA either and that Clinton complied with all requests to the best of her ability. I don't know why you're making stuff up when all of this is written in plain English that any of us can read.
Even if they get to set classification, they DIDNT do it. And using the wrong storage/servers (non governmental?!) should not be excused for any State employee. Leadership has a responsibility just as much as a new hire. Everyone is responsible for security
It is not a security issue. The state.gov email server, which is meant for unclassified communication, was hacked during this time, while the clintonemail.com server was not.
It is a document retention issue. If none of the Secretaries were trying to circumvent the retention rules and were emailing or CCing state.gov addresses on most of their emails anyway, the issue becomes fairly small. That is why none of them were prosecuted.
It would also be a security issue if only the state.gov server were used with classified data, which is what would have happened if clintonemail.com weren't used, putting it on both state.gov and clintonemail.com servers. The fact that political officials occasionally use improper channels is something that always happens. Clintonemail.com didn't change that.
The fact that it is a security issue doesn't make it prosecutable.
If multiple Supreme Court justices do exactly the same particular thing that you think is a crime, but none of them are prosecuted, it is very likely that you were incorrect in thinking that what they did was a crime.
Ignoring a police order to disperse is a crime, but a police chief who directed the officer to make that order can generally ignore that order unless they are acting maliciously.
She used her personal email for official communication quite a bit. This is illegal from a public records point of view, as well as from a classification point of view.
A review of emails found classified information there.
She was required to take document management and classified information classes when she became Sec State.
I wish the government folks would actually follow the rules for once. R & D seem to both be terrible, and it only seems to matter when the other side does it.
This absolutely happens in other (non US) jurisdictions. For example the one I'm in. The standard process is that some executive or minister does something untoward and everyone else who works in govt gets sent on mandatory training. It doesn't change the behavior of those who think they are above the rules.
If a couple of politicians got imprisoned for that (like a normal employee probably would get), the rest would be a lot more careful around sensitive data.
But sonce the law treats the rich and influential differently than the "normal people", we have situations like this one now.
> She used her personal email for official communication quite a bit. This is illegal from a public records point of view
Yes, this is not permitted, even if in practice it's not a grave crime (because if it is a grave crime you'd have to lock up 95% of government employees). At least in Dept of State it looks like the IT staff retain emails as records. In the Navy even that doesn't happen, and Navy workers are expected to instead manually export all emails that might be "records" into a whole separate system.
> A review of emails found classified information there.
This is true, but I would like to note that any agency can classify information, whether you knew it was classified or not, and this covered much (I won't claim all) of Clinton's activity.
E.g. a Washington Post article gets sent to her about outcry in Pakistan due to a U.S. drone strike in the area. Huge diplomatic incident. "How should we handle this boss?".
The problem is that the drone strike came from a covert activity run by a different agency. Since it's covert, it's also classified. Now Clinton is "engaged in classified correspondence". It doesn't help that it's already in the public sphere and that she is literally talking about this issue with Pakistani diplomats who are definitely not cleared to receive U.S. classified info.
Nope, in the same way government workers were told to be careful not to comment on news media about Snowden leaks, Clinton is technically guilty of sharing classified info over unclassified (and personal!) email.
I don't know whether the present case is like Clinton's (i.e. mixed in with what you might call innocuous) or actual witting sharing of classified info. I'd probably still bet on the latter.
It is the power of her office. The whole point of the classification system is to allow the Executive branch to function in a world where secrets are necessary. The President (and by delegation, his Cabinet) are empowered to decide if that function is being carried out.
The Secretary of State could start publishing the names of covert operatives every Friday, and the back-stop would be they'd be fired for incompetence.
Only the President has absolute authority to declassify at will. And her major crime wasn’t mishandling classified materials. It was destroying evidence that was the subject of a congressional subpoena. She probably did it because she realized that by comingling her personal and official business, she exposed her embarrassing (or worse) personal affairs to being disclosed to Congress. Look how much political damage Podesta’s leaked emails did to her. Imagine every single email she sent and received for several years.
That’s very disingenuous. Impeachment is extremely rare. The bar for conviction, 2/3rds of the Senate, is essentially insurmountable. The decision to impeach is essentially a political one, and it is rarely in anyone’s interests to go down that road. Also, by the time it was clear that the FBI had decided to let her get away with it, it was only a few months until the election. Impeaching under those circumstances would be seen as undemocratic and trying to take the choice away from the people.
I'm not sure why we're calling it disingenuous. I believe you have correctly described how the system works. What aspect of that description is disingenuous?
The decision to impeach a Cabinet member is a political decision. I believe you have correctly identified why it would have been an inexpedient political decision.
And ultimately, the consequences for her actions were that the American people chose not to elect her President.
The consequences of all of these political interlocks are that even though the ultimate authority rests with the President, it is de facto delegated to the Cabinet as well, because Congress cannot hold them accountable without implicitly holding the President accountable. The President, of course, could also hold a Secretary accountable; in this situation, the President chose not to, so no harm no foul.
She had been out of office for two (plus?) years when the scandal came to light, so no, President Obama could not have done anything to discipline her. I don’t know what you’re talking about. And like I said, it’s not really about the classified information. It’s about brazenly violating a subpoena by destroying evidence. If you or I did that, we’d be in jail. Your response is: well, Congress should have impeached her. But that’s not a substitute for criminal prosecution. And for that matter, being “punished” by not being elected President is also not a substitute for criminal prosecution.
You're correct; I was mistaken on the timeline. No impeachment to be had if she's not in office.
That having been said, there's no evidence she ordered the server wiped in response to a subpoena. In fact, when she ordered the server wiped the subpoena hadn't been issued, it appears (https://thehill.com/policy/national-security/298272-fbi-no-e...).
Can't really prosecute someone for destroying evidence they weren't in possession of, and can't really prosecute someone for destroying evidence they weren't aware was subpoenaed. Sounds like an unfortunate game-of-telephone error.
As Sec State, she has a limited authority to declassify certain things.
However, that would follow a regulated protocol.
Casually using a private email server for state business - that act in itself is illegal. It contravenes records laws and regulations, and is a direct afront to transparency. Also, it is not part of any declassification protocol.
Just because a Sec State has power does not mean they have the authority to do something any way they please. This is the essence of Rule of Law.
Various information gets classified at different levels according to the classification guide for a program. It could be as simple as a program name in certain instances.
Now I doubt they'd prosecute for inadvertent inclusion of minor yet technically classified things, but it's hard to know.
The phrasing in the press release makes it sound like this is some sort of intrinsically grave offense, but it's quite possibly an innocent mistake. It sounds like this guy's colleague switched companies from one where they were cleared to one where they were not, but they continued to communicate about classified stuff.
Maybe that meant Unkenholz emailed a PDF marked TOP SECRET to his colleague in order to help some foreign entity harm US interests (obviously a terrible thing to do and worth being outraged about). But it could have also been him sending an email along the lines of "What SD cards did you order for [classified widget]? We're making more of them and I want to be sure I get all the same parts that you did for the prototype?"
Both cases violate the letter of the law, but locking a human being in a cage for a decade or more over the second one seems like a horrific misinterpretation of the concept of justice. Wish the press release was clearer on what side of the line this case falls on.
> Popehat notes that this kind of reporting often oversells the likely sentence
This isn't reporting and it doesn't even purport to characterize the likely sentence except by saying “Actual sentences for federal crimes are typically less than the maximum penalties.”
It’s a little more than “letter of the law” when he’s using a personal email address for NSA work, and also sending anything classified outside of official channels. He definitely knew better.
I have no source on this, but I don't believe NSA employees have unclassified/public email addresses. It might be common to use a "personal" email for some work-related communication like this.
On the subject of classification, that has no excuse.
Um, no. I've definitely sent unclassified emails to @nsa.gov addresses, when I worked in government. They would be crippled if they didn't have some way to email the outside world.
- Blaming people for accidents is stupid. Throwing them into prison for accidents is even stupider.
- Proper security is designed in a way that people can make mistakes and it doesn't mean the end of the world.
Him knowing better about this isn't really a response to OP's initial comment of being against a lengthy prison sentence.
The prison sentence accomplishes absolutely nothing. You're just ruining a person's life as they were retiring and breaking a family apart. Makes no sense if this was indeed an accident.
Your comment doesn't really make any sense. It seems to imply that the DoD rules are backwards and that it's actually the fault of the NSA that the guy leaked this. Which I don't understand.
If he emailed a classified document, there is absolutely no way in hell that was an accident. You are never, ever, ever supposed to put classified information onto an unapproved system. This is like saying, "Oh, I forgot which pedal does which, so I slammed the gas instead of the brakes and killed someone, but it was an accident so I shouldn't go to jail." No, you're definitely going to jail, you 'forgetting' how to drive doesn't mean you didn't ruin someone's life.
(There's a small chance that he could have wrote something classified from his brain into the body of an email and sent it. People don't get sent to jail for this, provided it's a one-time incident. If he's getting charges pressed it was pretty egregious. The term "gross negligence" comes to mind.)
And it really could be that critical. Classified information is classified because it can be damaging. If you leak the names of people spying for you in foreign countries, they might be captured or even killed. How do you "design the system" to allow for that "mistake"?
Finally, the prison sentence lets people know that security is serious. There are many rules and it takes effort to follow them. People get lazy and cut corners when there aren't consequences.
DCSA and whatnot cannot constantly watch everyone all the time. They also cannot prevent every single possible edge case and scenario. If they tried, nobody would get anything done.
You could be told classified information, go home that day, and tell your wife the same thing. There is literally nothing they can do to prevent that except make sure people know there are consequences to doing so.
There are many such examples. Classified CDs is a good one. There are many rules related to classified CDs, but at some level you have to trust your people are following these rules. This is why getting a clearance is more difficult than the average job interview, and why people from the Intel communities take leaks so personally. It has to be part of the culture.
Funny that no one in a financial institute has access to private mail (Switzerland), USB is deactivated, to Surf the Web you need another laptop, no one has access to backups (Mainframe etc) without the knowledge of the CEO but maybe the data is more worth?
But yes at the end of the day you have to trust your peoples....but private email from your working-machine....that's borderline dangerous.
Nearly all classified networks are airgapped. Many are isolated to a single building or even room. I seriously doubt he had his Gmail up on his classified workstation.
> Oh, I forgot which pedal does which, so I slammed the gas instead of the brakes and killed someone, but it was an accident so I shouldn't go to jail.
People do stamp on the wrong pedal sometimes…if it's genuinely an accident I haven't heard about people going to jail?
Yeah, I was thinking to myself in the shower this morning how this wasn't the best analogy and someone was going to nitpick it.
Maybe a better one is a forklift operator dropping something on someone because they didn't do their company-mandated safety training and pressed the wrong button. It was an accident, the guy didn't mean to hurt anyone, but he did because he was negligent and there has to be consequences for that.
I literally don't get this "revenge" view point. Maybe we're just going to disagree here. The same way punishments don't work on dogs, children, etc. They also don't "stop" security incidents from happening.
Your example is bad because proper access controls would:
1. Be designed in such a way that humans can follow them and that humans __do__ follow them.
2. If humans can't follow them, then humans shouldn't be involved at all.
There are so many examples in this thread of "well this is against security training, but everyone does it anyway". That's a bad design. That's created for selective enforcement and makes the entire thing a joke.
It seems like we are just going to disagree. Talk to literally anyone who works with this kind of information and they would laugh at your comment. Your requirements as written cannot be practically implemented at scale across all organizations accessing classified info. Read an Security Classification Guide sometime, you will very quickly understand. There has to be a policy somewhere that says "We know you can technically do $THING, but don't or you will go to jail."
EDIT: Sorry @dang I know I keep editing my comments a lot and you probably don't like that, but the more I think about it the more ridiculous these claims are the more miffed I get. Seriously, to all these people telling me that the NSA is just incompetent because someone went out of their way to commit a crime, imagine the following scenario: you tell someone a piece of classified information, they then walk over to an unclas computer and type that sentence in verbatim into their Gmail and hit 'Send'. Please design a crypto system, ACL, network architecture, workflow, any technical solution that could practically prevent that from happening across hundreds of organizations and probably millions of employees. I would bet you a lot of money you cannot.
DOJ doesn’t prosecute “innocent” crime. Unless there’s a pressing political angle, they don’t bring prosecutions unless the wrongdoing rises to a fairly serious level. It’s not normally enough that you violate the letter of the law.
108 comments
[ 1.7 ms ] story [ 181 ms ] threadMark Robert Unkenholz has this patent claim for key escrow: "Device for and method of cryptography that allows third party access" https://patents.justia.com/patent/5631961
I love how whoever wrote this clearly does not understand technology, and thinks that somehow the _data_ was stored within the _address_.
I would like to see the indictment, if it's not secret itself. There wasn't a link, was there?
Just like how a long fall doesn't kill you, the sudden stop at the end does. It's a distinction without a difference.
Because you don't have knowledge of the subject.
The subject at hand being the law.
On the other hand, understanding formal logic is of practical value in the legal industry; I was thinking of building searches to find electronic documents which is a real thing that (clueless) people (try to) do. Seems to me like it could potentially be very high stakes, at least in hindsight if you screw it up.
I don't know if boolean logic is or used to be part of a law school curriculum. It just seems to me a bit surprising if it isn't.
To disrupt any empathic thoughts towards the defendant
As well as convey omniscience of the government
If not, I think it’s an effective idea someone should start doing, and i was inspired by reading a few indictments
My understanding is that she didn't use her personal email for classified information and continued to use a government provided system for that class of information.
“The FBI investigation found that 110 messages contained information that was classified at the time it was sent. Sixty-five of those emails were found to contain information classified as "Secret;" more than 20 contained "Top-Secret" information.”
EDIT: compare with:
“If convicted, Unkenholz faces a maximum sentence of 10 years in federal prison for each of the 13 counts of willful transmission of NDI and for each of the 13 counts of willful retention of NDI.”
I highly doubt that anybody will buy “other people did this in the past too” as a defense argument. Though I am sure lawyers will try.
Edit: even the president can’t just declassify docs and had to consult with FBI (and accept their redactions):
https://www.politico.com/news/2021/01/19/trump-doj-declassif...
Wanton burning of intelligence assets is generally backstopped by the President firing an incompetent Secretary of State, not the law.
For offices below the Secretary of State, there are laws.
> I have no direct experience with classified information process in US government.
You then have an edit where you make a broad claim about the power of the president to declassify documents.
However, the article you linked doesn't make any claim about limits on the Office of the President to declassify documents. It only describes the standard process Trump was following to declassify those documents.
You should take some time to look into this issue more deeply, as there is a lot written about the power of the president to declassify documents. (Unless of course you are attempting to anger the internet into revealing its answers by making bold assertions, in which case well played, my friend :)
https://en.wikisource.org/wiki/Executive_Order_13526
Reading section 3.1, Secretary of State has the power to declassify only the information that originally was classified inside that office. In my example above with a CIA briefing, only the CIA itself or the DNI can declassify it (ignoring automatic declassification because of time).
And I’ll reiterate - I am sure there is a form 1234 one needs to fill in to actually declassify something.
You have to also factor in the National Security Act of 1947, which this EO does not supercede.
At the level of Cabinet, mishandling of classified information is a political question, not a legal one.
ETA: Forgot to mention, you also have to consider the actual statue, 8 U.S. Code § 798. That statute makes clear that exempt from the list of unauthorized persons are people cabinet members authorize. It seems self-evident that secretary Clinton authorized secretary Clinton (and her IT staff) to handle classified information.
If one turns one's head and squints, I suppose the secretary could have been held accountable if classified information was leaked from the server to an unauthorized recipient. It didn't happen, so no way to know what the consequences might have been had it occurred.
“ I see nothing in there specifically binding an acting Secretary of State, …”
Section 3.1 from EO 13526 describes the rules for declassification for US government. There are no exclusions for Cabinet or Secretary of State (notice that NDI has a subsection in the EO to cover expanded authority to declassify the information).
“… and since none have been prosecuted”
This is going back to “other people did it” argument.
“You have to also factor in the National Security Act of 1947”
I can’t find anything specific for this discussion. Which section are you referring to?
“At the level of Cabinet, mishandling of classified information is a political question, not a legal one.”
This is not the law. EO 13526 doesn’t make exceptions for Cabinet. It might be current political practice but I hope you agree this is not the right way to have high placed government official above the law (to be clear, I have no problem if the law or EO are changed to say that Cabinet or Secretary of State can declassify anything).
“… secretary Clinton authorized secretary Clinton (and her IT staff)“
Could you please provide a pointer for such an authorization? I am sure there is a form one needs to fill in. BTW, I haven’t seen the argument yet that server in the basement was authorized to handle classified information. I would love to see the form that explains why it is not a problem. Should be a fun read.
“… I suppose the secretary could have been held accountable if classified information was leaked from the server“
Notice that NSA employee was charged with retention of NDI in addition to sharing it with unauthorized recipient. The “leaking” of information to unauthorized party is not required for the prosecution.
They aren't necessary given that the underlying statute is predicated on the idea that the person accessing the classified information was unauthorized.
> retention of NDI
It's always hard from the reporting to find exactly what someone is being charged with, but I assume it's https://www.law.cornell.edu/uscode/text/18/1924.
... and we're back to the authorization issue. The relevant proviso in the law is "without authority." The Secretary of State has authority to authorize and authorizes herself, obviously.
> I am sure there is a form one needs to fill in.
There really isn't for a Cabinet secretary. You have to remember the underlying purpose of state secrets: to allow the executive to do its job in a world where secrets are necessary for that to be done. Whether the job is being done ultimately rests on the decision of the President (and, by delegation, the Cabinet).
Here's a minimum viable authorization.
"Hey Hillary, sounds like your IT guy might be privy to state secrets. Is he authorized to view them?"
"Yes Mr. President."
"Okay then."
One could make the argument that violates his EO because it doesn't follow the formal, documented protocol... Except it's his EO. Whether it's violated rests with the judgement of the President.
On this topic specifically, it really is up to the President whether the Secretary of State has mishandled classified information. The back-stop to that is impeachment of said President and the judgment of the American people (the People were, apparently, dissatisfied with Clinton's behavior on this subject, and she was not elected President. Justice done).
I agree that according to EO quoted above this is true for declassifying information originally classified by the State Department. I would appreciate if you can point me to the laws/EO/… that authorizes Secretary of State to declassify the information originally classified by another government agency (e.g. CIA).
“ Here's a minimum viable authorization.”
Could you please provide pointers that confirm that some kind of authorization by Mr President took place? I would accept pointers to verbal quotes from either Mr President or Hillary. Bonus point - have this authorization happen before classified information was leaked to unauthorized personnel or systems.
... it's not designed to tie the hands of the President or his advisors on the question of how to preserve state secrets.
US system is not an absolute monarchy and we have checks and balances in place “to tie the hands of the President or his advisors” not only on the question on how to preserve state secrets, but also on many if not all other questions as well. You can check out links at the bottom of this Wikipedia page for good explanations of why it is important:
https://en.wikipedia.org/wiki/Separation_of_powers_under_the...
Going back to the question of state secrets, the President had the following options: 1) Expand EO to allow Secretary of State to handle confidential information any way she wants; 2) Authorize Secretary of State to handle confidential information any way she wants using President’s authorization (something like you described above); 3) Pardon Secretary of State for misuse of classified information.
What President and his Administration can not do is to say “nothing to see here, move along”. The President and Administration are not above the laws even if they have powers to enact laws themselves (through EO, regulations, etc). I hope you remember the Watergate.
Edit: forgot to say that I am fine with any of the 3 options above applied to the NSA employee from the parent post. I am not asking for “higher” standards —- I am asking for “the same” standards.
When I say the question of abuse of power of the President and his Cabinet if "political, not legal," I mean that the mechanism by which the things you are describing are Constitutionally enforced are the impeachment powers of Congress, not the judicial powers of the courts. There's no benefit to trying an acting Secretary of State when the president has the authority to just pardon them immediately and the authority to fire them if they have acted to his displeasure.
And functionally, in the realpolitik sense, a failure on Congress's part to impeach any of the Presidents that allowed their secretaries of state to be as lax as they were is a tacit agreement that the current interpretation of these laws is acceptable. Congress has the authority to write these laws. And if Congress is unhappy with how they are enforced, they have the authority to impeach the executive. If the President or the Secretaries are in violation of the law, that's how we stop them. That's what rule of law looks like in the United States... The Constitution is very clear on who has the authority to remove the President from office (and, perhaps, slightly less clear on whether the president's broad pardon power extends to himself; it obviously extends to his cabinet).
You mentioned bribes and banana republics in a peer thread; I recommend reflection on the Iran-Contra scandal on that topic.
... and this is what I mean when I say "People get so bent out of shape about their perception the rules are violated when they don't even put the time in to know what the rules are." I mean that people get angry with the president, or the courts, or demand a Secretary of State be thrown in jail... And incredibly few people ask why Congress allows this to continue. Because ultimately, they have the power to stop it.
BTW, you other argument is that Mr President should have been impeached over this scandal and refusal to fire Secretary of State who broke the law. This is not a bad idea in general and I would agree that this should have happened.
Rule of Law ultimately breaks down if those empowered to enforce and adjudicate it do not do their jobs.
If people want a better US government, they need to take a hard look at why the last several impeachments occurred and the circumstances in which they didn't, and make some harder decisions about their elected Congressional officials than they have in my lifetime. Congress has a 20% approval rating, but 81% of the House of Representatives is on their second or later term.
(The only quibble I have with your comment: did Hillary break the law? Well, Congress is judge and jury on that question, and since they never even tried to adjudicate it, the question "did she break the law" depends on one's philosophical position on the question of innocence-until-guilt-proven.
I think you and I have laid out the argument and counter-argument that would have been made in a Congressional impeachment trial that should have happened and did not).
I think we often understand we are under a rule of law. We are. But not them.
“At the cabinet level, accepting bribes is a political question, not a legal one”
“At the family of the president level, accepting bribes is a political question, not a legal one”
…
Just wonder, where should we draw the line before we become yet another banana republic?
That is rule of law. It's possible for the law itself to be bad, of course.
Edit: I would also have no problem with Mr President pardoning the NSA employee from the parent post.
As "Will the President just pardon" is often back-room knowledge, it isn't necessarily something that comes up in the public-facing conversation all the time. But this is why the entire question of whether the Secretary of State broke the law is something Congress would have to press in the first place.
Just for the record, compare this with other case (e.g. Flynn) where JD failed to “read the mind” and pushed all the federal government force against a person.
"In looking back at our investigations into mishandling or removal of classified information, we cannot find a case that would support bringing criminal charges on these facts. All the cases prosecuted involved some combination of: clearly intentional and willful mishandling of classified information; or vast quantities of materials exposed in such a way as to support an inference of intentional misconduct; or indications of disloyalty to the United States; or efforts to obstruct justice. We do not see those things here."
Flynn's case followed existing precedent.
"[The accused] willfully transmitted that information to another person who was not entitled to receive it."
Comey found there was no clear effort to go around FOIA either and that Clinton complied with all requests to the best of her ability. I don't know why you're making stuff up when all of this is written in plain English that any of us can read.
It is a document retention issue. If none of the Secretaries were trying to circumvent the retention rules and were emailing or CCing state.gov addresses on most of their emails anyway, the issue becomes fairly small. That is why none of them were prosecuted.
An unclassified server was hacked. That’s a security issue on unclassified data
An unclassified, non-State server was used with classified data. That’s a security issue on classified data.
You can pretend it’s only a document retention issue, but it’s both
The fact that it is a security issue doesn't make it prosecutable.
This seems a very similar argument to one suggesting that a supreme court justice can never be charged with a crime.
Ignoring a police order to disperse is a crime, but a police chief who directed the officer to make that order can generally ignore that order unless they are acting maliciously.
She used her personal email for official communication quite a bit. This is illegal from a public records point of view, as well as from a classification point of view.
A review of emails found classified information there.
She was required to take document management and classified information classes when she became Sec State.
Frickin' US politics.
If a couple of politicians got imprisoned for that (like a normal employee probably would get), the rest would be a lot more careful around sensitive data.
But sonce the law treats the rich and influential differently than the "normal people", we have situations like this one now.
Yes, this is not permitted, even if in practice it's not a grave crime (because if it is a grave crime you'd have to lock up 95% of government employees). At least in Dept of State it looks like the IT staff retain emails as records. In the Navy even that doesn't happen, and Navy workers are expected to instead manually export all emails that might be "records" into a whole separate system.
> A review of emails found classified information there.
This is true, but I would like to note that any agency can classify information, whether you knew it was classified or not, and this covered much (I won't claim all) of Clinton's activity.
E.g. a Washington Post article gets sent to her about outcry in Pakistan due to a U.S. drone strike in the area. Huge diplomatic incident. "How should we handle this boss?".
The problem is that the drone strike came from a covert activity run by a different agency. Since it's covert, it's also classified. Now Clinton is "engaged in classified correspondence". It doesn't help that it's already in the public sphere and that she is literally talking about this issue with Pakistani diplomats who are definitely not cleared to receive U.S. classified info.
Nope, in the same way government workers were told to be careful not to comment on news media about Snowden leaks, Clinton is technically guilty of sharing classified info over unclassified (and personal!) email.
I don't know whether the present case is like Clinton's (i.e. mixed in with what you might call innocuous) or actual witting sharing of classified info. I'd probably still bet on the latter.
And that’s why Benghazi wasn’t about Benghazi, but getting her server. He remembered, and played it well.
It is the power of her office. The whole point of the classification system is to allow the Executive branch to function in a world where secrets are necessary. The President (and by delegation, his Cabinet) are empowered to decide if that function is being carried out.
The Secretary of State could start publishing the names of covert operatives every Friday, and the back-stop would be they'd be fired for incompetence.
Make of that what we will.
The decision to impeach a Cabinet member is a political decision. I believe you have correctly identified why it would have been an inexpedient political decision.
And ultimately, the consequences for her actions were that the American people chose not to elect her President.
The consequences of all of these political interlocks are that even though the ultimate authority rests with the President, it is de facto delegated to the Cabinet as well, because Congress cannot hold them accountable without implicitly holding the President accountable. The President, of course, could also hold a Secretary accountable; in this situation, the President chose not to, so no harm no foul.
That having been said, there's no evidence she ordered the server wiped in response to a subpoena. In fact, when she ordered the server wiped the subpoena hadn't been issued, it appears (https://thehill.com/policy/national-security/298272-fbi-no-e...).
Can't really prosecute someone for destroying evidence they weren't in possession of, and can't really prosecute someone for destroying evidence they weren't aware was subpoenaed. Sounds like an unfortunate game-of-telephone error.
However, that would follow a regulated protocol.
Casually using a private email server for state business - that act in itself is illegal. It contravenes records laws and regulations, and is a direct afront to transparency. Also, it is not part of any declassification protocol.
Just because a Sec State has power does not mean they have the authority to do something any way they please. This is the essence of Rule of Law.
Various information gets classified at different levels according to the classification guide for a program. It could be as simple as a program name in certain instances.
Now I doubt they'd prosecute for inadvertent inclusion of minor yet technically classified things, but it's hard to know.
See page 24+, in Security Classification Guidance Student Guide, for some examples of things in a classification guide. https://www.cdse.edu/Portals/124/Documents/student-guides/IF...
(The French had a solution for air gapping the brain, but productivity becomes a problem).
Maybe that meant Unkenholz emailed a PDF marked TOP SECRET to his colleague in order to help some foreign entity harm US interests (obviously a terrible thing to do and worth being outraged about). But it could have also been him sending an email along the lines of "What SD cards did you order for [classified widget]? We're making more of them and I want to be sure I get all the same parts that you did for the prototype?"
Both cases violate the letter of the law, but locking a human being in a cage for a decade or more over the second one seems like a horrific misinterpretation of the concept of justice. Wish the press release was clearer on what side of the line this case falls on.
So it’s very possible this could end with a far less significant penalty, depending on the circumstances.
This isn't reporting and it doesn't even purport to characterize the likely sentence except by saying “Actual sentences for federal crimes are typically less than the maximum penalties.”
On the subject of classification, that has no excuse.
- Blaming people for accidents is stupid. Throwing them into prison for accidents is even stupider.
- Proper security is designed in a way that people can make mistakes and it doesn't mean the end of the world.
Him knowing better about this isn't really a response to OP's initial comment of being against a lengthy prison sentence.
The prison sentence accomplishes absolutely nothing. You're just ruining a person's life as they were retiring and breaking a family apart. Makes no sense if this was indeed an accident.
If he emailed a classified document, there is absolutely no way in hell that was an accident. You are never, ever, ever supposed to put classified information onto an unapproved system. This is like saying, "Oh, I forgot which pedal does which, so I slammed the gas instead of the brakes and killed someone, but it was an accident so I shouldn't go to jail." No, you're definitely going to jail, you 'forgetting' how to drive doesn't mean you didn't ruin someone's life.
(There's a small chance that he could have wrote something classified from his brain into the body of an email and sent it. People don't get sent to jail for this, provided it's a one-time incident. If he's getting charges pressed it was pretty egregious. The term "gross negligence" comes to mind.)
And it really could be that critical. Classified information is classified because it can be damaging. If you leak the names of people spying for you in foreign countries, they might be captured or even killed. How do you "design the system" to allow for that "mistake"?
Finally, the prison sentence lets people know that security is serious. There are many rules and it takes effort to follow them. People get lazy and cut corners when there aren't consequences.
Exactly that, how is it possible to have access to Highly-secret stuff but also to your personal email? Something is not right here.
Well then it's like i said....there is something wrong ;)
You could be told classified information, go home that day, and tell your wife the same thing. There is literally nothing they can do to prevent that except make sure people know there are consequences to doing so.
There are many such examples. Classified CDs is a good one. There are many rules related to classified CDs, but at some level you have to trust your people are following these rules. This is why getting a clearance is more difficult than the average job interview, and why people from the Intel communities take leaks so personally. It has to be part of the culture.
Funny that no one in a financial institute has access to private mail (Switzerland), USB is deactivated, to Surf the Web you need another laptop, no one has access to backups (Mainframe etc) without the knowledge of the CEO but maybe the data is more worth?
But yes at the end of the day you have to trust your peoples....but private email from your working-machine....that's borderline dangerous.
I hope not ;)
People do stamp on the wrong pedal sometimes…if it's genuinely an accident I haven't heard about people going to jail?
Maybe a better one is a forklift operator dropping something on someone because they didn't do their company-mandated safety training and pressed the wrong button. It was an accident, the guy didn't mean to hurt anyone, but he did because he was negligent and there has to be consequences for that.
I literally don't get this "revenge" view point. Maybe we're just going to disagree here. The same way punishments don't work on dogs, children, etc. They also don't "stop" security incidents from happening.
Your example is bad because proper access controls would:
1. Be designed in such a way that humans can follow them and that humans __do__ follow them.
2. If humans can't follow them, then humans shouldn't be involved at all.
There are so many examples in this thread of "well this is against security training, but everyone does it anyway". That's a bad design. That's created for selective enforcement and makes the entire thing a joke.
EDIT: Sorry @dang I know I keep editing my comments a lot and you probably don't like that, but the more I think about it the more ridiculous these claims are the more miffed I get. Seriously, to all these people telling me that the NSA is just incompetent because someone went out of their way to commit a crime, imagine the following scenario: you tell someone a piece of classified information, they then walk over to an unclas computer and type that sentence in verbatim into their Gmail and hit 'Send'. Please design a crypto system, ACL, network architecture, workflow, any technical solution that could practically prevent that from happening across hundreds of organizations and probably millions of employees. I would bet you a lot of money you cannot.
1. Undoes the damage done by the leak.
2. Prevents further leaks happening in the future.
The only thing it does is ruin a person and their families life as they were entering retirement.