Monday, March 09, 2015

The Real Clinton Email Question

by Michael Dorf

I begin with a confession. At some point in the early 2000s, Columbia Law School, where I was then employed, changed from a buggy antiquated email system to a brand new buggy system. As far as I was able to ascertain, the main reason for selecting the new system was that it was made by the same software developer as the antiquated one, so that faculty who barely knew how to use a computer would feel most comfortable with the transition given the new system's familar look and feel. I had been frustrated by the old system for some time but had used it anyway because I was told by the IT department that it would be replaced by a better one soon. When the decision was made to replace the old system with a newer but still terrible system, I gave up. I got IT to forward all of my email to my personal Gmail account. (Even that sentence tells you something about how terrible the new system was: An individual user couldn't simply set email to forward by himself.)

When I moved to Cornell in 2008, I discovered a usable email system: IMAP or POP3 via Outlook as the pre-configured method but email that could be read from or pulled off of the server using any application or device. I could have switched but because I had a whole lot of email archived on Gmail already, I simply set my Cornell account to forward to my personal account. Occasionally I need to send an email from an "official" address but I've configured Gmail to use my cornell.edu address as an alternative, so that's easy enough. And even for most work-related emails, I simply use my gmail.com address. No one seems to mind or care. I have likewise noticed a similar phenomenon among other academics. I'll sometimes send an email to someone with a .edu address and get a response from a gmail.com or other general-purpose/personal address.

So far as I'm aware, my use of my personal email account for work doesn't violate any rules. I searched the Cornell University website and found that the Medical School instructs faculty, staff, and students not to "use personal email addresses, such as Gmail or Yahoo!, for work-related communications." However, it does not appear that a similar injunction applies to other units of the university (and for all I know, even the Medical School only includes this admonition as a matter of best practice, rather than as a rule backed by sanctions). I would be very surprised if it turned out there were a hidden Cornell rule or policy forbidding personal Gmail accounts for Cornell business, given that Cornell students get a "Cmail" account, which is simply a Gmail account customized for Cornell through a program that Google offers at various universities.

Now to state the obvious: I am not nor have I ever been the Secretary of State. Different rules and policy considerations apply to the Secretary of State versus those that apply to a law professor. Nonetheless, in the last week, the best defense I've seen of former Secretary of State Clinton's use of her personal email account sounds remarkably like my own story: The State Department system was buggy and unreliable. Indeed, it was more vulnerable to hacking than a large commercial service. Note that the story just linked says that commercial services like Gmail have better security than the State Department but it has been suggested that Clinton's "clintonemail.com" account was less secure because it was supposedly run out of her house. However, the interwebs appear to have come to the conclusion that clintonemail.com was processed by and stored on a commercial server operated by Optimum Online, which probably had security at least as good as the State Department had. Thus, absent new information, this story does not appear to have direct national security implications.

It may still have law compliance implications, however. It would not surprise me if one of the House committees that has heretofore been focused on Benghazi starts to investigate whether Clinton violated a provision of the federal criminal code that authorizes up to three years imprisonment for the felony of "willfully and unlawfully conceal[ing], remov[ing], mutilat[ing], obliterat[ing], falsif[ying], or destroy[ing]" a record she is required to retain. Indeed, the right-wing Washington Examiner has already suggested that merely by using her personal email, Clinton may have violated the statute, even if she assiduously preserved all work-related emails. And it's worth noting that the statute provides that, in addition to a possible fine and imprisonment, anyone convicted of violating it "shall . . .  be disqualified from holding any office under the United States."

To be clear, I haven't looked at the relevant legal materials, nor am I sufficiently familiar with the facts to have an informed view about whether a colorable case could be made that Clinton broke the law. But even in my state of relative ignorance, I'm reasonably confident of two things: (1) Clinton will not be prosecuted; and (2) Republican techno-wizards in Congress and elsewhere will launch endless probes into the email question.

With Professor Buchanan, I share the view that most of Clinton's defenders have been doing a terrible job of, well, defending her. The segment on The Daily Show to which he adverted captures just how truly idiotic the defense has been: When the spokesperson is pressed on whether Clinton preserved all of the emails, she said that 55,000 (the number of pages of emails turned over) is a big number, leading Jon Stewart to quip that it is, but that there are even bigger numbers. The sorts of non-explanation explanations offered by many Clinton defenders tend to fuel rather than answer questions.

Let me suggest that one pertinent question is not being asked. Given my own experience, I'm highly sympathetic to Clinton if in fact her use of private email was motivated by the bugginess and compromised security of the official State Department system. If so, she can credibly say to her critics something like this: I needed email to do my job effectively, and so my top priority was having a system that worked and was secure. If there was some technical violation of the law, frankly, that was less important to me than that I be able to promote the global interests of the United States.

But that in turn leads to the follow-up question: What steps, if any, did Clinton take to improve the performance and security of State Department communications during her tenure--a period that included the Wikileaks release of over 250,000 diplomatic cables?