The FBI is now in possession of the private email server Hillary Clinton used for work-related correspondences while she served as secretary of state during the first term of the Obama administration.
And what they find could give Clinton’s political rivals the ammunition they need to forcefully attack her presidential campaign.
“If investigators find that her server was ever compromised, the GOP is going to have a field day,” cybersecurity expert Alex McGeorge, a senior security researcher at Immunity Inc., told Business Insider.
Though Clinton’s use of a private email address was not illegal and was permitted by State Department rules, the federal government has standards for how servers are built, how they are secured, and how their data is stored.
If Clinton failed to take one or all of the required steps to secure her private server — and if it is confirmed that classified information made its way into an insecure inbox — proving that this sensitive intelligence might be in the hands of foreign adversaries would be the GOP’s “fastest path to victory” in the 2016 presidential election, McGeorge said.
Furthermore, demonstrating that the “clintonemail.com” server was hackable would be relatively easy, he said.
“Subpoena the exact configuration of the Clinton email server, and create a duplicate system as best as you are able,” McGeorge said. “Put a legitimate bug bounty on it for real money (over $100k), to the first person who’s able to get emails off of it. This gives the GOP proof that the system was hackable as configured.”
‘Top Secret/Sensitive Compartmented Information’
Clinton, the Democratic presidential front-runner in the 2016 election, has repeatedly said as recently as late July that she was “confident” she did not send or receive classified information by email.
But Charles McCullough, the inspector general for the US intelligence community, recently said the server potentially included hundreds of classified emails, some of which include information derived from US intelligence agencies.
And this week, McCullough told Congress that he discovered two emails that were classified as “Top Secret/Sensitive Compartmented Information,” which is one of the government’s highest levels of classification. Those two emails were drawn out of a batch of 40 emails randomly selected from about 30,000 “work-related” emails Clinton turned over to the State Department.
The Associated Press reports that the two emails “include a discussion of a news article detailing a US drone operation and a separate conversation that could point back to highly classified material in an improper manner or merely reflect information collected independently.”
What’s still unclear is how much classified information was consciously shared in the tens of thousands of emails — or what particular safeguards were taken to protect it.
“If Clinton knowingly used her private server to handle classified information, she could have a problem,” Time senior correspondent Massimo Calabresi said recently. “But if she didn’t know the material was classified when she sent or received it, she’s safe.”
‘Hillary Clinton’s big problem now is legal’
“Hillary Clinton’s big problem now is legal,” Charles Lipson, a professor of international politics at the University of Chicago, argued in RealClearPolitics. “And it could well be insurmountable politically.”
Lipson, the director of the Program on International Politics, Economics and Security at the University of Chicago, then listed several “legal questions with huge political ramifications.”
“Did the Clinton server meet the federal government’s standards for how servers are built, how they are secured, and how data is retained? Was all sensitive material encrypted or did it circulate without those protections?” he wrote.
“Did anybody hack into the server? Did Secretary Clinton, who says she erased all ‘personal’ emails from the server, actually erase some government documents? If so, was that inadvertent or a possible cover-up? Who handled IT security for this server? Could he read the materials if he wished?”
Clinton’s unusual email system was originally set up by a staffer during Clinton’s 2008 presidential campaign, replacing a server used by her husband, former President Bill Clinton.
The new server was run by Bryan Pagliano, who had worked as the IT director on Hillary Clinton’s campaign before joining the State Department in May 2009. In 2013 — the same year she left the State Department — Clinton hired the Denver-based company Platte River to oversee the system.
It’s possible that Clinton’s private server was more secure than the private email accounts of the nation’s other top officials, “purely because it’s a smaller target,” cybersecurity expert Joe Loomis, the founder and CEO of CyberSponse, told Business Insider.
“Only she and a few other people are using it,” he said.
‘A serious management mistake’
“Even if Secretary Clinton or her aides didn’t run afoul of any criminal provisions, the fact that classified information was identified within the emails is exactly why use of private emails … is not supposed to be allowed,” Bradley Moss, a Washington attorney who specializes in national-security matters, told McClatchy recently.
“Both she and her team made a serious management mistake that no one should ever repeat.”
And Clinton’s choice to eschew the State Department’s email system looks particularly egregious, given her standing within the department.
If she felt the State Department’s server wasn’t secure enough, she “would have been in a good position to demand change,” said McGeorge, the senior security researcher at Immunity Inc. “But if it was a problem, and you decided to use your own server, then what did you do for your department?”
And then there are the deleted emails.
Last October, the House of Representatives committee dedicated to investigating the 2012 terrorist attack on the US diplomatic compound in Benghazi, Libya, asked Clinton for any emails she had relating to the attack.
Clinton obliged a separate request from the State Department, handing over roughly 55,000 pages of emails — about 60,000 emails in total. She deleted about 30,000 others that were “personal” in nature.
The fact that the State Department has no record of Clinton’s email exchanges now that she has wiped her server clean also means Clinton may have skirted the rules governing federal-records management, which require that anything relating to agency activity be captured on the department’s server.
Interestingly, McGeorge said, “the FBI can now only investigate anything Clinton didn’t take the time to erase” because she used the “clintonemail.com” address.