Key findings from the State Department inspector general’s report on former Secretary of State Hillary Clinton’s emails and private server and the department’s email practices:
— The report concluded that Clinton’s use of a private server to exchange messages with other State Department officials violated the department’s cybersecurity guidelines as well as requirements under the Federal Records Act. Clinton’s exclusive use of private emails to conduct government business was “not an appropriate method of preserving any such emails that would constitute a federal record,” it said. The report added that Clinton “should have preserved any federal records she created and received on her personal account” and turned them over to the department before she left office in February 2013. Instead, Clinton kept all of her emails and surrendered only about half of them — about 55,000 pages — to the department in March 2015, after media accounts revealed she had never used a department account to conduct official business.
— Clinton told longtime aide Huma Abedin in November 2010 that she did not want to release her private email address to the State Department or use a government email address because “I don’t want any risk of the personal being accessible.” Clinton’s expressed fear of outside access to her emails is at odds with her statement during a 2015 news conference that she “opted for convenience to use my personal email account.”
— Clinton has given repeated assurances that she would cooperate with an FBI investigation into her use of the private server, but she and several of her top aides declined to be interviewed by the inspector general’s office. Clinton’s former chief of staff, Cheryl Mills, former deputy chief of staff for operations Huma Abedin and former deputy chief of staff for policy Jake Sullivan declined to cooperate, and former deputy secretary of state for management and resources Thomas Nides did not respond to interview requests. Abedin and Nides are now senior campaign aides to Clinton, Mills heads an African business growth operation and Nides is vice-chairman of the Morgan Stanley investment firm. Lawrence Wilkerson, chief of staff to former Secretary of State Colin Powell, also turned down an interview.
— Some State Department officials were aware as early as March 2009 that Clinton was using a private server located in the basement of her family’s home in Chappaqua, New York. A March 2009 memo prepared by staff in the department’s executive secretariat identified the private server and its location. But the inspector general said many senior State Department officials who were interviewed said they were “unaware of the scope or extent” of Clinton’s use of her private account, even though many of them sent emails to her private address. The report found no evidence of a legal staff review or approval for her use of the server, and added she would not have received approval if she had asked.
— Suspected hacking attacks on Clinton’s private server led her aides to shut down her server at least twice in January 2011. An unidentified technical adviser to former President Bill Clinton who worked on the server told Abedin that he had shut the system down because “someone was trying to hack us.” Later the same day, the aide again shut down the server after a second intrusion. The next day, Abedin emailed Mills and Sullivan not to send Clinton “anything sensitive” in their emails. Clinton also told a top aide in May 2011 about an email with a suspicious link she received a day earlier. Those incidents were not reported to State Department computer security personnel, the report said. Clinton’s campaign has repeatedly said there is no evidence Clinton’s server was ever breached.
— While Clinton’s campaign website assures that “robust protections” guarded her private server, the inspector general said that State Department diplomatic and computer security officials reported that Clinton “never demonstrated to them that her private server or mobile device met minimum security requirements” specified by Foreign Service and cybersecurity guidelines. Clinton received a classified briefing about cybersecurity risks and was warned in a 2011 memo about the risk of hackers targeting personal, unclassified email accounts, the report said.
— The State Department issued numerous warnings about the use of private emails dating back a decade. But the inspector general criticized the agency for being “slow to recognize and to manage effectively the legal requirements and cybersecurity risks” that have grown as the federal government has relied increasingly on emails for its operations.
— The inspector general found that four unnamed top aides to Clinton also extensively used private email accounts for official business but failed to turn those records over for preservation when they left office. The four “failed to comply” with Department policies intended to carry out government preservation of documents. The top aides were not named but their listed titles identified them as Mills, Abedin, Sullivan and former top communications and strategy aide Philippe Reines. Some email records for all four have since been produced by the department in court proceedings as part of public records lawsuits.