Hillary Clinton's email: Did she follow all the rules?

Throughout the controversy regarding her exclusive use of private email while secretary of state, Hillary Clinton has said she followed the rules. But the truth isn’t so clear cut.

Although some former secretaries of state occasionally used personal emails for official business, Clinton is the only one who never once used an @state.gov email address in the era of email. Some have questioned whether that practice violated rules regulating email use, transparency, records management or security.

At a March 10 press conference, Clinton said, "I fully complied with every rule I was governed by."

Let’s cut to the chase: We interviewed several experts on government transparency and records preservation. While Clinton might be able to put together a case that she "complied" with the rules, experts said her actions are nevertheless hard to defend.

We decided not to put Clinton’s claim on the Truth-O-Meter, because there are a lot of unknowns. But we still wanted to bring out as many facts as possible.

"While Clinton may have technical arguments for why she complied with each of these and the other rules that have been discussed in the news, the argument that Clinton complied with the letter and spirit of the law is unsustainable," said Douglas Cox, a law professor at City University of New York who studies records preservation.

We sent multiple requests for comment to Clinton’s staff, but they didn’t get back to us for this story.

Federal Records

There was not an explicit, categorical prohibition against federal employees using personal emails when Clinton was in office, said Daniel Metcalfe, former director of the Department of Justice’s Office of Information Policy, where he administered implementation of the Freedom of Information Act. High-level officials like Clinton need the flexibility to sometimes use a personal email, such as responding to a national security emergency in the middle of the night.

So it seems she didn’t break a rule simply by using a personal email to conduct business. Rather, by using personal emails exclusively, she skirted the rules governing federal records management, Cox said.

A federal record is any documentary material, regardless of physical form, made or received by a government agency, according to the National Archives and Records Administration (NARA), which oversees federal recordkeeping. Records are preserved as evidence of the agencies’ activities, decisions and procedures. Each agency is responsible for maintaining its records in accordance with regulations.  

It would have been a violation of the NARA's rules in the Code of Federal Regulations for Clinton to use personal email exclusively, Metcalfe said. The code requires federal agencies to make and preserve records that duly document agency activity, so that they are readily available when needed -- such as for FOIA requests or congressional inquiries. Using personal email exclusively is contrary to proper record preservation.

"Anyone at NARA would have said you can’t use a personal email account for all of your official business," said Metcalfe, who held his position in part during former President Bill Clinton’s administration.

Had Clinton used a @state.gov email address, every email sent and received would have been archived in the State Department system. Clinton, who served from 2009 to 2013, has argued that her emails were archived in the system because she was in the habit of sending them to other government employees with .gov email addresses.

However, experts said this defense is insufficient. Under this practice, the State Department records management system would have captured emails from Clinton to a State Department employee, but it would not necessarily capture emails from Clinton to government employees in other departments or non-government employees, said John Wonderlich, policy director for the Sunlight Foundation, which advocates for government transparency.

Although they may contain the same individual emails, Clinton’s outbox and other employees’ inboxes are considered two separate records, which is important for locating the records in response to specific requests.

For example, even if Clinton had sent every email to individuals with state.gov or other federal agency addresses, that procedure would hamper State Department compliance with Freedom of Information Act requests for Clinton’s emails, said David Sobel, who directs a FOIA project at the Electronic Frontier Foundation, a digital freedom advocacy group. It would not be apparent to agency personnel conducting the search that they would need to search the accounts of myriad employees to locate all of Clinton's emails, he said.

"In fact, State likely would have argued that it would be unreasonable to conduct such a far-reaching search," Sobel said.

In 2013, Gawker filed a FOIA request to the State Department for emails between Clinton and long-time adviser Sid Blumenthal after a hacker had revealed emails that Blumenthal sent Clinton. Although the emails were already known to the public, the State Department told Gawker that no such correspondence existed. Gawker believes this shows that Clinton was able to use her personal email to thwart the FOIA process.

"Using a personal email account exclusively is a potent prescription for flouting the Federal Records Act and circumventing the Freedom of Information Act," Metcalfe said. "And there can be little doubt that Clinton knew this full well."

In response to a State Department request last year, Clinton turned over 55,000 pages of emails and documents from her private email server, leaving out emails and documents that she said were of a personal nature, like wedding and funeral plans. She later said she deleted these personal emails.

Cox said the fact that Clinton’s staff -- rather than a State Department federal records officer -- chose which emails to destroy is "honestly breathtaking." Her private employees don’t have the authority to decide what does or doesn’t count as a federal record. Further, when she was making these choices, she was acting as a private citizen, not a government employee.

In Clinton’s defense, we should note that it was only after Clinton left the State Department, that the National Archives issued a recommendation that government employees should avoid conducting official business on personal emails (though they noted there might be extenuating circumstances such as an emergency that require it). Additionally, in 2014, President Barack Obama signed changes to the Federal Records Act that explicitly said federal officials can only use personal email addresses if they also copy or send the emails to their official account.

Because these rules weren’t in effect when Clinton was in office, "she was in compliance with the laws and regulations at the time," said Gary Bass, founder and former director of OMB Watch, a government accountability organization.

"Unless she violated a rule dealing with the handling of classified or sensitive but unclassified information, I don’t see how she violated any law or regulation," said Bass, who is now executive director of the Bauman Foundation. "There may be a stronger argument about violating the spirit of the law, but that is a very vague area."

Security

Whether or not Clinton’s email address complied with security regulations is a harder question. Clinton argues that she never emailed classified information, instead using other secure methods of communication approved by the State Department.

However, in 2005 (before Clinton took office), a State Department manual said information that is "sensitive but unclassified" -- a broad category that covers anything from meeting schedules, to visa applications, to ordinary emails to other federal agencies -- should be emailed through servers authorized by the department.

We also don’t know if the State Department had signed off on Clinton’s private server or if the server met government security standards, though the State Department was aware of the server. At the press conference, Clinton said the server was set up for former President Bill Clinton’s office and that it had "numerous safeguards."

The State Department has said there is no indication her account was breached.

"Her assurance that there was no security breach is an empty assurance, because there’s no way to know that for sure," Wonderlich said.

As we found in a prior fact-check, Clinton’s office sent a memo in 2011 to State Department staff that said they should not use personal email accounts for department business. The memo went to diplomatic and consular staff worldwide in response to a warning from Google that hackers had targeted the Gmail addresses of government workers. While the memo encouraged staffers to avoid using personal email accounts, it fell short of prohibiting their use.

In sum, Clinton’s exclusive use of private email makes it difficult to know with certainty whether she complied with rules governing transparency, recordkeeping and security. We may never know what emails she deleted. Additionally, we may never know the details of her conversations with the State Department officials who briefed her on records management and security, and why they agreed to let her use a private email exclusively.

Metcalfe pointed to Clinton’s use of the word "allowed" and "opted" throughout her press conference, when referring to her decision to use private email. He said both words give the false impression that the law and its proper implementation presented her with a choice. She might have been "allowed" to use only a private email account in that no one stopped her, Metcalfe said, but that’s not the same thing as lawfully complying with rules.