The shocking truth about the last two Republican secretaries of state has finally come out: Colin Powell and aides to Condoleezza Rice trafficked in classified information on their personal email accounts. This is an enormous scandal!
Oh, wait. No, it’s not.
This news involving Powell and Rice is meaningless except that it sets up a rational conversation (finally) about the Hillary Clinton bogus “email-gate” imbroglio. Perhaps the partisans on each side will now be more willing to listen to the facts. From the beginning, the “scandal” about Clinton using a personal email account when she was secretary of state—including the finding that a few documents on it were retroactively deemed classified—has been a big nothing-burger perpetuated for partisan purposes, with reports spooned out by Republicans attempting to deceive or acting out of ignorance. Conservative commentators have raged, presidential candidates have fallen over themselves in apoplectic babbling, and some politicians have proclaimed that Clinton should be in jail for mishandling classified information. The nonsense has been never-ending, and attempts to cut through the fog of duplicity have been fruitless.
But Powell and Rice’s aides did nothing wrong. (I’m going to focus on them so that partisans who say Clinton broke the law have to attack respected Republicans first.) Start with this: Powell and Rice, like all modern secretaries of state, each had at least two email accounts—one personal and the other for communications designated as highly classified at the time of their creation . For classified information, both of them—and their aides with appropriate clearance—had a sensitive compartmented information facility, or what is known in intelligence circles as a SCIF. Most senior officials who deal with classified information have a SCIF in their offices and their homes.
These are not just extra offices with a special lock. Each SCIF is constructed following complex rules imposed by the intelligence and defense communities. Restrictions imposed on the builders are designed to ensure that no unauthorized personnel can get into the room, and the SCIF cannot be accessed by hacking or electronic eavesdropping. A group called the technical surveillance countermeasures team (TSCM) investigates the area or activity to check that all communications are protected from outside surveillance and cannot be intercepted.
Most permanent SCIFs have physical and technical security, called TEMPEST. The facility is guarded and in operation 24 hours a day, seven days a week; any official on the SCIF staff must have the highest security clearance. There is supposed to be sufficient personnel continuously present to observe the primary, secondary and emergency exit doors of the SCIF. Each SCIF must apply fundamental red-black separation to prevent the inadvertent transmission of classified data over telephone lines, power lines or signal lines.
I could keep going for thousands and thousands of words explaining the security measures used for SCIFs. And all of this— all of this—is designed to protect the confidentiality of emails and communications determined to be classified at the time of transmission.
In addition to the classified email system used in SCIFs, there are personal email accounts. Prior to 2013, these could be accounts inside the relatively unsecure State Department system or private email accounts. If they are private—running through a commercial or personal server—they have to follow some rules set up in the Federal Register . There are no guards, no red-black procedures, no construction rules, no special rooms, no TEMPEST, no TSCM. And most important: Until 2013, there was no rule against using them. In fact, the rules specifically allowed for them. Check out the relevant section in the Code of Federal Regulations (36 CFR Chapter XII, Subchapter B, section 1236.22b) for the rules regarding the use of personal email accounts by any State Department official.
To give an idea of how insecure these communications could be, Powell’s personal email is an AOL account, and he used it on a laptop when he communicated with foreign officials and ambassadors, unless the information qualified for a SCIF. (Clinton sent only one email to a foreign dignitary through her personal account, and her communications with ambassadors were, for the most part, by phone.)
So did Powell and the aides to Rice violate rules governing classified information, since the Freedom of Information Act (FOIA) staff has recently determined that some of their years-old personal emails contain top-secret material? No. The rules regarding the handling of classified information apply to communications designated as secret at that time . If documents that aren’t deemed classified, and aren’t handled through a SCIF when they are created or initially transmitted, are later, in retrospect, deemed secret, the classification is new—and however the record was handled in the past is irrelevant.
There is also an enormous difference between a secretary of state sending an email to someone inside the department and that same email being released to the general public. Put simply, as anyone who has filed a request for a document under the FOIA knows, not every email or other item can be handed out, even if it was not originally deemed to be so confidential that it required SCIF procedures. The determination of what State Department documents can be publicly released is handled by the FOIA staff, both in the State Department and, when deemed appropriate, by officials with the same duties in the intelligence community. In fact, the entire issue right now regarding the emails of every secretary of state concerns which ones can be released under the FOIA. People outraged by the (false) belief that Powell and Rice’s aides broke the law are creating a fantasy world where every official email, no matter its content, must go through a SCIF just in case the FOIA staff eventually determines, sometime in the future and applying different standards, that the information in the email should not be released to the public under a FOIA request out of classification concerns. Given the cumbersome procedures of using a SCIF, that would mean the secretary of state would have to spend a lot of time sitting inside a locked box and sending emails not yet designated as containing secret information, solely to avoid the partisan gnashing of teeth that could potentially occur if someday the FOIA staff were to retroactively decide they should not be released to the public out of classification concerns.
Which brings us to the next most important issue here: classification. Members of Congress should—and probably do—know this, but the public apparently doesn’t. Just because the FOIA staff decides a document is top secret doesn’t mean it contains information of any import. (It’s widely known that, even in the creation of a document, the government over-classifies information, meaning communications are deemed secret that don’t need to be, but that’s another issue.) The FOIA staff is supposed to be extra-cautious when releasing a document to the public. As I mentioned in a previous column, that is why anyone wanting to obtain a document should file multiple FOIA requests for the information—one staffer might deem something secret that another staffer releases without concern. In fact, if someone were to submit a FOIA request for every email in the State Department that has been sent over a system without the extreme protections reserved for information determined to be top secret on creation, there is no doubt that the FOIA staff would call many of the emails classified and refuse the request.
Plus, both Powell and Rice had the authority, granted by President George W. Bush through executive order, to classify and declassify any document created by the State Department. So if either of them had received an email from another agency containing information that had not gone through a SCIF, he or she could have independently declared that it did not need to be secret and sent it along to anyone they chose.
In other words, just because the FOIA staff years later labeled emails sent from Powell and Rice’s aides as classified does not mean those records contain some crown jewels of critical intelligence. In fact, usually they are quite benign. I have seen emails called “top secret” that contained nothing more than a forwarded news article that had been published. (The Associated Press has reported that one of Clinton’s “secret” emails contains an AP article.)
Then there is the issue of servers. Where did Powell and Rice’s staff have their servers? Who knows, and who cares? Maybe they were private with special security and no public access. Or maybe they were just an AOL server. Whichever it was, they would be just as open to hacking as the State Department servers. In fact, the State Department general email system has been hacked multiple times, with terabytes of information improperly downloaded in 2006 alone. There has been no indication that the email accounts of either Powell or Rice’s staff were compromised.
Powell may have made one mistake in all this. He has said he never backed up his emails or printed them out; that was necessary to comply with some of the preservation rules detailed in the Federal Register. Of course, that doesn’t mean they can’t be recovered, since the FOIA staff is now reviewing his emails.
The bottom line: Democrats may try to turn the revelations about the email accounts used by Powell and Rice’s staff into a scandal. They may release press statements condemning the former secretaries of state; they may call for scores of unnecessary congressional hearings; they may go to the press and confidently proclaim that crimes were committed by these honorable Republicans. But it would all be lies. Powell and Rice did nothing wrong. This could be considered a scandal only by ignorant or lying partisans.
So there is no Powell or Rice email scandal. And no doubt, that will infuriate the Republicans who are trying so hard to trick people into believing Clinton committed a crime by doing the exact same thing as her predecessors.