The State Department on Wednesday conceded that two dozen of Hillary Rodham Clinton’s emails did contain classified information, a fact that could trigger a U.S. policy that authorizes the government to take control of her private server and sanitize the contents.
A former senior intelligence official told The Washington Times the policy also requires the government to check other Internet paths her secret information could have taken.
The procedures are spelled out by the National Security Agency’s special panel on controlling leaked secrets, called the Committee on National Security Systems. It published a policy, “Securing Data and Handling Spillage Events,” that fits the case of Mrs. Clinton’s unauthorized private server, kept at her home while she was secretary of state, according to the retired officer’s reading of the regulations.
States the policy: “Malicious attacks are alarming, but more often spillages occur from unintentional user error or negligence.”
“Hillary Clinton’s server has classified information and should be taken by the government and sanitized, wiped clean or destroyed,” said the former officer who conducted cybersecurity. The source asked not to be identified because he still does business with the intelligence community.
The intelligence source told The Times it is unclear at this point whether these steps already have been taken in the case of Mrs. Clinton, the Democratic Party front-runner for the presidential nomination. The source said investigators would not just be concerned with her server, but with any server through which the classified information could have passed.
The NSA policy contains an “After Incident ‘To Do’ List” once it is determined that classified information has spilled into unauthorized servers, software or other systems.
The NSA “to do” list contains this directive: “Isolate and contain to minimize damage and preserve evidence that may be required for damage and risk assessment, law enforcement, or counterintelligence purposes. Identify all information hardware and software systems and applications affected, and execute approved procedures to ensure that spilled data does not propagate further.”
Under the heading of “Sanitization and Recovery,” the guidance tells government officials the options are to sanitize, destroy or dispose of the “contaminated media,” which would include Mrs. Clinton’s server since it was not authorized to handle classified information.
Mrs. Clinton said last spring that none of her thousands of emails contained classified information.
“When authorized, execute approved sanitization procedures using approved utilities to permanently remove spilled data from contaminated systems, applications, and media,” the policy directs.
The intelligence source said Mrs. Clinton’s communication, whether telephone or emails, would have been targeted by a number of foreign agencies. This source said it is likely her private server was breached.
A senior State Department official testified before a Senate committee that Mrs. Clinton’s use of a private server for government business violated regulations and was “not acceptable.”
The NSA defines data spillage as “the transfer of classified or sensitive information to unaccredited or unauthorized systems, individuals, applications, or media.”
“The risk of data spillage is a problem largely because of inadequate end user security awareness, unmanageable networks, and poorly implemented data policies,” states the policy.
Republican congressional investigators have said they would like to inspect Mrs. Clinton’s server for evidence of any cover-up in their Benghazi investigation.
The State Department released 3,000 pages of Mrs. Clinton’s emails Tuesday night, and 25 were redacted because they contained classified information.
State spokesman John Kirby said on Wednesday those 25 were deemed classified at the time of review and that it does not necessarily reflect on Mrs. Clinton.
“In the review process it was deemed that some of the information, at least some of the information in that traffic, should be classified, and so it was,” Mr. Kirby said. “That doesn’t mean that at the time it was sent it needed to have been classified.”
When asked whether State will try to determine that, he said, “I’m not aware of any investigative effort to affix blame for that.”
The intelligence source told The Times that State did not have the option of classifying them in the past because they did not know they existed until an internal State review and pressure from the House committee investigating Benghazi.