Legal Regulations, Investigations and Compliance
The Clinton Server/Email/Blackberry Scandal
Over the past year, a scandal has erupted over Former Secretary of State, Hillary Clinton's use of a private server during her tenure as Secretary of State which she had set up in her home, and which she used exclusively to carry out U.S. State Department business, as well as her use of a personal blackberry rather than a government issued communication device. The implications of this related to cybersecurity is enormous. On the following pages are excerpts from the New York Times and from Wikipedia related to this scandal.
You, in your capacity as cybersecurity professionals, may someday find yourself in an employment position or as a consultant with the Federal government. It is imperative that you have an overview of federal laws related to what U.S. government employees and officials may and may not do as it relates to electronic communications, the need to protect electronic communications, and to safeguard them from cyber threats.
A complete investigation and analysis of the Hillary Clinton email/personal server scandal is an excellent learning experience for you. To that end please do the following:
1. Research completely the facts related to the Hillary Clinton home server/email/blackberry scandal and give a thorough chronology of the facts as you understand them to be.
2. Explain how, if at all, Secretary of State, Clinton's use of a home server/emails and personal blackberry created potential cybersecurity threats. Include evidence of potential breaches that you discovered through your research.
3. Outline the investigation(s) that have resulted from Secretary of State, Clinton's, conduct as it relates to her use of a personal server and blackberry.
4. Discuss to the best of your ability State Department protocol and procedures that Secretary of State, Clinton, is believed to have violated, if any.
5. List and discuss to the best of your ability Federal laws and regulations that Secretary of State, Clinton, is believed to have broken. For each, discuss the penalty for such violations.
6. Discuss the defenses that Secretary of State, Clinton, her supporters and legal staff have raised in response to allegations that Secretary of State, Clinton, violated State Department protocol and procedures and that she broke a number of federal laws.
7. Discuss how, in your opinion, the conduct of Secretary of State, Clinton, will (if at all) impact the future of cybersecurity and cybersecurity laws in the United States.
8. Based upon the research you have conducted this semester related to Secretary of State, Clinton's conduct, and the laws you have researched, state your position as to whether you believe that Secretary of State, Clinton, broke the law, and if so, which law(s), how she broke them, and whether she should be prosecuted.
It is not necessary that you use any particular model formatting. However, your paper should be submitted in a WORD format, using no less than a 1 inch margin, top, bottom, left and right. Further the paper should be double spaced, and you should use subheadings where appropriate.
Cite all sources. You decide whether you will use endnotes or footnotes. Please include your name and student id on your submission. You should plan to give your submission a title. Please include page number on the bottom center of each page.
BELOW ARE DIRECT EXCERPTS FROM: New York Times; What We Know About Hillary Clinton's Private Email Server; by Alica Parlapiano, May 27, 2016;
https://www.nytimes.com/interactive/2016/05/27/us/politics/what-we-know-about-hillary-clintons-private-email-server.html?_r=0
What Happened While Clinton
Was Secretary of State
January 2009
Mrs. Clinton becomes secretary of state and begins using [email protected], an email account housed on a private server. At the time, the State Department's policy stated that "normal day-to-day operations" were to be conducted on an authorized October 2009 Federal record-keeping guidelines for the use of personal accounts are tightened, requiring that any such records be preserved in federal systems.
September 2012
A United States diplomatic outpost and a C.I.A. facility in Benghazi, Libya, are attacked. Four Americans are killed.
December 2012
The chairman of the House Oversight Committee asks Mrs. Clinton in a letter if she has used a private email account. She does not reply. The State Department later responds, without answering the question.
February 2013
Mrs. Clinton leaves office. Four months later, State Department staff members reviewing the Benghazi attacks discover correspondence, for the first time, between her private email account and the government accounts of her immediate staff.
An Investigation Into the Benghazi Attacks Puts More
Focus on Clinton's Emails
Hearings on Benghazi spur the House speaker, John A. Boehner, to create a special select committee to investigate the attacks and how the government responded.
Officials begin negotiating with Mrs. Clinton's representatives, including her former chief of staff, Cheryl D. Mills, to obtain all of her emails. Ms. Mills says Mrs. Clinton will turn them over, but cautions that it will take some time.
The State Department provides the select committee on Benghazi with 15,000 pages of documents, including a handful of emails from Mrs. Clinton, all from her private account. The committee asks for the rest of the emails.
Clinton Hands Over Emails, and They Are Eventually Made Public
December 2014
After a formal request by the State Department, Mrs. Clinton hands over 55,000 printed pages of more than 30,000 emails.
January 2015
During a hearing of the Benghazi committee, State Department officials are criticized for not providing all documents related to the investigation. Two weeks later, they hand over roughly 900 pages of emails.
February and March 2015
Before The New York Times publishes an article about Mrs. Clinton's personal email account, the State Department tells committee investigators that she relied on it exclusively as secretary of state. Soon after, Mrs. Clinton announces that she has asked the State Department to release emails from the 30,000 she handed over, and says that she deleted another 32,000 personal messages.
Mrs. Clinton announces her candidacy for president.
The State Department begins releasing several thousand pages of her emails, many of them partly redacted. The releases continue until the last of the roughly 30,000 messages are made public in February 2016.
As the Campaign Continues, Classified Information Is Discovered
Government investigators say they found classified information in emails from Mrs.
Clinton's server. The emails were not marked classified at the time, and it is unclear if Mrs. Clinton knew that the information was classified.
The investigators refer the matter to the Justice Department and shortly thereafter the F.B.I. opens an investigation.
January 2016
The State Department announces that it will not release 22 emails that contain "top secret" material. The classifications of the emails were increased after the fact; they were not marked when they were sent. Three days later, the first presidential primary is held in Iowa.
The State Department's inspector general releases a report criticizing Mrs. Clinton's use of the private server, saying that she should have asked for approval and that she violated department policies by not surrendering her emails before leaving office.
How Many Investigations and Legal Proceedings Are Happening?
F.B.I. investigation
An investigation by the F.B.I., which is expected to interview Mrs. Clinton, will determine whether any laws were broken in the handling of classified information. The investigation could drag on past the Democratic National Convention this summer.
Judicial Watch lawsuit
A conservative legal advocacy group, Judicial Watch, has brought a lawsuit against the State Department under the Freedom of Information Act for records relating to the special employment status of Mrs. Clinton's top aide at the department, Huma Abedin.
Depositions are scheduled through the end of June, with Mrs. Clinton's former chief of staff, Ms. Mills, scheduled to testify.
Congressional and agency reports
The select committee on Benghazi interviewed Mrs. Clinton in October, and the investigation is still in progress. Separate inquiries by the Senate Homeland Security Committee, the Senate Judiciary Committee and the Inspector General of the Intelligence Community may also result in reports.
New York Times; What We Know About Hillary Clinton's Private Email Server; by Alica Parlapiano, May 27, 2016; https://www.nytimes.com/interactive/2016/05/27/us/politics/what-we-know-about-hillary-clintons-private-email-server.html?_r=0
According to the New York Times, 30,322 emails have been released. Of those, 2,028 emails have since been classified "confidential," the lowest level of classification; 65 have been classified secret; 22 have been classified "top secret" information; 18 communications with President Obama, to be held until he is out of office, and it is unknown how many missing emails, some discovered when they were handed over to investigators by people she corresponded with.
THE EXCERPTS BELOW ARE TAKEN DIRECTLY FROM: Wikipedia;
https://en.wikipedia.org/wiki/Hillary_Clinton_email_controversy , Hillary Clinton Email controversy. June 10, 2016
The Hillary Clinton email controversy began in earnest in March 2015, when it became publicly known that Hillary Clinton, during her tenure as United States Secretary of State, had exclusively used her family's private email server for official communications, rather than official State Department email accounts maintained on federal servers. Those official communications included thousands of emails that would later be marked classified by the State Department.
Wikipedia; https://en.wikipedia.org/wiki/Hillary_Clinton_email_controversy , Hillary Clinton Email controversy.
Debate continues as to the propriety and legality of various aspects of Secretary Clinton's arrangement. Some experts, officials, and members of Congress have contended that her use of private messaging system software and a private server, violated State Department protocols and procedures, as well as federal laws and regulations governing recordkeeping.
Wikipedia; https://en.wikipedia.org/wiki/Hillary_Clinton_email_controversy, Hillary Clinton Email controversy.
Security experts such as Chris Soghoian believe that emails to and from Clinton may have been at risk of hacking and foreign surveillance. Marc Maiffret, a cybersecurity expert, said that the server had "amateur hour" vulnerabilities. For the first two months after Clinton was appointed Secretary of State and began accessing mail on the server through her Blackberry, transmissions to and from the server were apparently not encrypted. On March 29, 2009 a "digital certificate" was obtained which would have permitted encryption.
Wikipedia; https://en.wikipedia.org/wiki/Hillary_Clinton_email_controversy , Hillary Clinton Email controversy.
Former Director of the Defense Intelligence Agency Michael T. Flynn, former United States Secretary of Defense Robert Gates, and former deputy director of the Central Intelligence Agency Michael Morell have said that it is likely that foreign governments were able to access the information on Clinton's server. Michael Hayden, former Director of the National Security Agency, Principal Deputy Director of National Intelligence, and Director of the Central Intelligence Agency said "I would lose all respect for a whole bunch of foreign intelligence
agencies if they weren't sitting back, paging through the emails."
Wikipedia; https://en.wikipedia.org/wiki/Hillary_Clinton_email_controversy , Hillary Clinton Email controversy. June 10, 2016
Clinton's server was configured to allow users to connect openly from the Internet and control it remotely using Microsoft's Remote Desktop Services. It is known that hackers in Russia were aware of Clinton's non-public email address as early as 2011. It is also known that Secretary Clinton and her staff were aware of hacking attempts in 2011, and were worried about them.
Wikipedia; https://en.wikipedia.org/wiki/Hillary_Clinton_email_controversy , Hillary Clinton Email controversy.
In 2012, according to server records, a hacker in Serbia scanned Clinton's Chappaqua server at least twice, in August and in December 2012.
It was unclear whether the hacker knew the server belonged to Clinton, although it did identify itself as providing email services for clintonemail.com. During 2014, Clinton's server was the target of repeated intrusions originating in Germany, China, and South Korea. Threat monitoring software on the server blocked at least five such attempts. The software was installed in October 2013, and for three months prior to that, no such software had been installed.
EXCERPTS TAKEN DIRECTLY FROM: WASHINGTON POST, MARCH 27, 2016;
https://www.washingtonpost.com/investigations/how-clintons-email-scandal-took-root/2016/03/27/ee301168-e162-11e5-846c-10191d1fc4ec_story.html?tid=magnet
How Clinton's email scandal took root
By Robert O'Harrow Jr. March 27
Hillary Clinton's email problems began in her first days as secretary of state. She insisted on using her personal BlackBerry for all her email communications, but she wasn't allowed to take the device into her seventh-floor suite of offices, a secure space known as Mahogany Row.
For Clinton, this was frustrating. As a political heavyweight and chief of the nation's diplomatic corps, she needed to manage a torrent of email to stay connected to colleagues, friends and supporters. She hated having to put her BlackBerry into a lockbox before going into her own Her aides and senior officials pushed to find a way to enable her to use the device in the secure area. But their efforts unsettled the diplomatic security bureau, which was worried that foreign intelligence services could hack her BlackBerry and transform it into a listening device.
On Feb. 17, 2009, less than a month into Clinton's tenure, the issue came to a head. Department security, intelligence and technology specialists, along with five officials from the National Security Agency, gathered in a Mahogany Row conference room. They explained the risks to Cheryl Mills, Clinton's chief of staff, while also seeking "mitigation options" that would accommodate Clinton's wishes.
"The issue here is one of personal comfort," one of the participants in that meeting, Donald Reid, the department's senior coordinator for security infrastructure, wrote afterward in an email that described Clinton's inner circle of advisers as "dedicated [BlackBerry] addicts."
Clinton used her BlackBerry as the group continued looking for a solution. But unknown to diplomatic security and technology officials at the department, there was another looming communications vulnerability: Clinton's BlackBerry was digitally tethered to a private email server in the basement of her family home, some 260 miles to the north in Chappaqua, N.Y., documents and interviews show.
Those officials took no steps to protect the server against intruders and spies, because they apparently were not told about it.