Investigating Hillary Clinton: Which secretaries of state violated the Federal Records Act?

Albright, Powell, Rice, Clinton, Kerry: Who flunked digital record-keeping? Presidential email expert David Gewirtz examines recently released government documents to reveal a pattern of chronic inattention and mismanagement.
Written by David Gewirtz, Senior Contributing Editor

Image: ZDNet

We are in the throes of one of the most unpleasant (yet oddly entertaining) election seasons in modern memory. Accusations of "crooked" and "temperamentally unfit" fly back and forth between the presumptive candidates of their associated parties. It's ugly out there, and it's going to get uglier between now and November.

At the core of one of the accusations is the question of Hillary Clinton's use of email while she was secretary of state under President Barack Obama. This is a legitimate question (even if posed by Donald Trump in his usual crude way). As I've discussed since the days of the George W. Bush administration, email use in government can have far-reaching implications.

Because Mrs. Clinton's use of email is both of historical interest (how a former secretary of state may have used or misused this critical communications mechanism) and of current ripped-from-the-headlines interest (she's her party's presumptive nominee), I'll be following this issue closely throughout the election and investigation cycle.

In this article, I'll be digging back 20 years. I'll discuss the Federal Records Act and whether or not there were violations of its requirements by any of the five most recent secretaries of state: Madeleine Albright, Colin Powell, Condoleezza Rice, Hillary Clinton, and John Kerry.

For those of you who don't have time to take the deep dive with me, I'll take pity on you with a TL;DR.

Technically, Powell and Clinton broke the Federal Records Act themselves as did their staffs. Albright and Rice didn't use email, but their staff didn't fully follow the rules. Kerry is too early to call, but so far he's following the rules.

There's a lot more nuance to all of that -- including why I called it a technicality. But for that, you have to read on. Trust me: It's worth it.

Ground rules

Let's establish some ground rules. I used these ground rules very successfully in my in-depth investigation into Bush 43 email usage. Because of the rigorous methodology used, the observations have stood the test of time.

The key ground rule is this: I only use official government documents as the basis for my investigations. While it can be said that government documents themselves tend to be "spun" in the best light, I have found that they serve well for investigation, in that they provide a baseline for inappropriate behavior.

Government documents are often like puzzles. You can parse what the official source has said, assess what they're admitting to, consider why they're revealing what they're revealing, and speculate on what details may remain hidden.

In other words, if they're willing to admit to something bad, you can generally assume that whatever is being discussed has been put into the best light possible. Essentially, we're almost always looking at the tip of the iceberg, but at least we can measure, evaluate, and make projections from what we can see from the part of the ice that's showing.

By using only official sources, we can reduce the question of rumor, innuendo, and possibly biased reporting - and still get a disturbingly clear view of what seems to be a never-ending and administration-spanning disregard for the importance of email.

Record keeping vs. national security

The second ground rule we'll be following for this article is that I'm only specifically looking at compliance with the Federal Records Act and not at the security implications of any compliance infractions. The FRA is all about record-keeping, and mandates how those records (which are a specific form of information defined in the law) are turned over to the National Archives and Records Administration (NARA).

In the Hillary Clinton case, there is a question of whether the use of a private server violated national security. While that is a valid question, I will not be discussing that element here. I will only be discussing whether she (and other secretaries of state) properly maintained and turned over qualifying records to the NARA at the end of their terms of service.

I know, for some of you, that the national security implications are more disturbing than the issue of record keeping. But when doing this sort of deep dive, it's an effective forensic practice to clearly delineate the boundaries of each investigatory tangent, and not allow the issues to cross-pollute or cross-pollinate.

Official government source documents

For this article, I'll be using the recently released Office of the Secretary: Evaluation of Email Records Management and Cybersecurity Requirements [PDF] prepared by the Office of the Inspector General (OIG) of the United States Department of State Office of Evaluations and Special Projects.

This 84-page unclassified document is filled with interesting information. It will serve as the core document for my investigation for this article, as well as additional articles I'll be working on in the coming weeks.

As a secondary source, I'll be using an official letter [PDF] from Margaret P. Grafeld, Deputy Assistant Secretary for Global Information Services, Bureau of Administration, U.S. Department of State to Paul M. Wester, Jr., Chief Records Officer for the United States Government, National Archives and Records Administration. The letter summarizes the Bureau of Administration's understanding of the use of email by the five secretaries of state covered in this article.

I will also be looking at a practice called "The Capstone Approach," introduced in NARA Bulletin 2013-02, Guidance on a New Approach to Managing Email Records, on August 29, 2013. Fundamentally, what Capstone does is allow an agency to designate certain employees' email accounts as entirely consisting of Federal records. Therefore, any email message forwarded to a Capstone-designated account becomes a Federal record. This is intended to make it easier for Federal employees to capture email information, particularly in the case of personal email use.

I'll be using the NARA bulletin, as well as the April 2015 NARA document [PDF], "White Paper on The Capstone Approach and Capstone GRS," to evaluate Secretary Kerry's email retention practice. GRS stands for General Records Schedule.

Additionally, I will be citing research from my own book, Where Have All the Emails Gone? During the George W. Bush administration, I did exhaustive research into the administration's loss of 5 million email messages. All of the research sources, including some captured and saved personally because of the link rot that occurs when administrations change, are available for your review.

Secretaries of State

When I wrote the history section for my book, I explored administration email use as far back as the 1980s Reagan administration.

Back then, when serving as Deputy National Security Advisor and subsequently as National Security Advisor, Admiral John Marlan Poindexter used email as a back-door channel for discussing issues related to Iran Contra. Email was considered so obscure that it was a way of hiding conversations from observation.

As it pertains to the use of email by secretaries of state, the OIG placed originating use of email at about 20 years ago. Therefore, our look at secretaries of state begins with The Honorable Madeleine Jana Korbel Albright.


Madeleine Albright

Madeleine Albright

Secretary of State Madeleine Albright was born in 1937 as Marie Jana Korbelová near the west bank of the Vltava river of the Smíchov district of Prague, in what was then Czechoslovakia and is now the Czech Republic.

On January 23, 1997, the day she was sworn in as Bill Clinton's SecState, Secretary Albright became the highest ranking woman ever (up to that point in time) in American government.

While some students of Edith Bolling Galt Wilson may dispute that statement, given Mrs. Wilson's role of "stewardship" after her husband Woodrow's stroke in 1919, Secretary Albright had the highest official rank for a woman in the U.S. government up to that time.

Secretary Albright also technically became fourth in the order of succession to the presidency of the United States. Because she was not native-born, had the order of succession been activated to her level, she most likely would have been passed over for the presidency in favor of then Secretary of Treasury Paul Rubin (who is now the chair of the Council on Foreign Relations).

While email was certainly available at the time of Secretary Albright's tenure, the OIG determined, "Desktop unclassified email and access to the Internet were not widely available to Department employees." This statement may technically have been true in terms of availability via the State Department. However, services like AOL, CompuServe, and various Internet-based email providers were certainly available during the period of 1997 to 2001.

In fact, during my historical review of email use in the White House as part of Where Have All The Emails Gone?, it became clear that the Clinton White House not only did not want its own email messages to be made public, but as far back as 1993, it defended George H.W. Bush's attempts in the U.S. Court of Appeals to classify email messages as something other than records so email messages wouldn't be subject to the record-preservation requirements of the Presidential Records and Federal Records Acts.

As evidence of this (beyond the court documents), Clinton administration Senior Advisor on Policy and Strategy Advisor was quoted in the May 18, 1993 issue of The Washington Post as saying, "Like Bush's White House, the Clinton White House does not want succeeding, potentially unfriendly administration pawing through its computer memos." He, of course, was referring to Pappy Bush 41, father of President George W. Bush 43.

The historical precedent of the Clinton administration's opposition to email message disclosure can be discussed further. But for the purposes of this article, we'll simply use it as a measure when validating how the accuracy of the OIG's description of email during Albright's time in office as being "not widely available."

According to records and interviews, including an interview the OIG held with Secretary Albright herself and members of her staff in 2015 and 2016, OIG "did not find any evidence to indicate that Secretary Albright used either Department or personal email accounts." Two staff members indicated that they retained email messages on "Department servers," from which the OIG concluded "staff may not have consistently complied with the preservation requirement to print and file emails containing Federal records."

Determination: Albright did not violate FRA requirements, but some of her staff may have been sloppy.


Colin Powell

Colin Powell

General Colin Luther Powell was also born in 1937, but in Harlem rather than Smichov. Raised in the Bronx, General Powell joined ROTC (Reserve Officers' Training Corps) in college, and enlisted in the Army on June 9, 1958 as a second lieutenant.

33 years later, Powell became a full general in the Army, having made brigadier general ten years earlier, and then passing through the ranks of major general and lieutenant general. Then, in October of 1989, Powell became the youngest ever Chairman of the Joint Chiefs of Staff, the top ranking officer in the United States military.

On January 20, 2001, Powell was sworn in as the 65th Secretary of State under the just inaugurated new president, George W. Bush. Adding to his list of firsts, Powell became the first African American SecState.

During Powell's tenure, the State Department introduced OpenNet, an intranet connecting State Department unclassified networks with links to the overall Internet. Powell did not use a State department email account. According to Powell's 2012 book, It Worked for Me:

I installed a laptop computer on a private line. My personal email account on the laptop allowed me direct access to anyone online.

This statement was officially confirmed later in the Grafeld letter [PDF]. In that letter, Grafeld informed Wester that "Secretary Powell's representative" said he did not "retain those emails or make copies."

Additionally, the OIG report claims that a representative of Secretary Powell stated that, "emails would be captured on Department servers because the Secretary had emailed other Department employees." In both uses of the term "representative," the individual was not identified and may be the same person.

It should be noted that this, alone, does not indicate a violation of FRA requirements, as long as the email messages sent and received were archived in some way. However, "Secretary Powell did not retain those emails or make printed copies," says the OIG report. There is also the security concern, which mirrors some of the issues in the news regarding Secretary Clinton. We'll look at that in a separate article.

Determination: Powell clearly violated FRA requirements. Further, while a representative claims records would be preserved based on the recipients using State Department accounts, Powell himself, in his own book, indicated he had access to "anyone online," which could clearly extend beyond State department functionaries. These records are likely lost.


Condoleezza Rice

Condoleezza Rice

Dr. Condoleezza Rice was born in 1954, in racially-segregated Birmingham, Alabama, which is also where she grew up. Her parents worked at the local high school. Her father was a guidance counselor. Her mother taught science and music.

While Professor Rice eventually found a career in diplomacy, music was part of her life since the earliest days. Her name, Condoleezza, is derived from the music term "con dolcezza," a term meaning sweet tempo. She learned to play piano at a young age, with the goal of becoming a concert pianist. That was not to be, but she did perform with Yo-Yo Ma at Constitution Hall in 2002.

Rice's transition from musician to diplomat was the result of a confluence of two events. She participated a music forum where there were players she considered of greater talent than herself. She also attended a political science class taught by Josef Korbel, father of the then future secretary of state and predecessor to Rice, Madeleine Albright.

Rice's career took her from Stanford University professor to Provost of the university to National Security Advisor under George W. Bush, to secretary of state. She took on that role during Bush II's second term, beginning on January 26, 2006.

Like Bush 43, Secretary Rice did not use either personal or Department email for official business, as stated by the April 2, 2015 Grafeld letter. OIG's research confirmed that there was no evidence Secretary Rice "used such accounts during her tenure."

Some of her staff were not as careful, however. Some staff, according to OIG's research, "did use personal email accounts to conduct official business."

Determination: Rice did not violate the FRA, although some members of her staff did.


Hillary Clinton

Hillary Clinton

What is there to be said about Hillary Diane Rodham Clinton that hasn't already been said? Born in Chicago, Secretary Clinton was once a Republican, a supporter of conservative Barry Goldwater, and part of a cadre of enthusiastic young women known as "Goldwater Girls".

Her father, Hugh, sold draperies and window shades. Her mother, Dorothy (who grew up in a very rough environment), was primarily a homemaker. Dorothy lived until 92, long enough to see her daughter become First Lady, Senator of New York, and Secretary of State.

In Secretary Clinton's triumphant speech the night she clinched the 2016 Democratic presidential nomination, she said she wished Dorothy could see her become the first woman nominee for President of the United States.

We have discussed Secretary Clinton's use of a private email server extensively here on ZDNet, including my own informal recommendation that she not run because of the possible security violations this practice may have caused.

In this article, I'm adhering specifically to the question of whether the Secretary violated FRA practices. If that was done using a private server or a personal laptop, as Secretary Powell did, it is not consequential for this discussion.

According to the OIG report, while OIG did interview Secretaries Albright, Powell, Rice, and Kerry, they were unable to interview Secretary Clinton. According to the report, "Through her counsel, Secretary Clinton declined OIG's request for an interview."

The Clinton case is obviously complicated by her presidential run. According to the OIG, Clinton did turn over 55,000 pages of hard copy covering 30,000 email messages. According to the OIG report:

At a minimum, Secretary Clinton should have surrendered all emails dealing with Department business before leaving government service and, because she did not do so, she did not comply with the Department's policies that were implemented in accordance with the Federal Records Act.

However, the OIG is not the Federal entity that determines FRA compliance. That is the responsibility of NARA. According to the OIG report, NARA told OIG that, "Secretary Clinton's production of 55,000 pages of emails mitigated her failure to preserve emails."

Essentially, NARA is good with what Secretary Clinton produced. However, the story gets a bit messier, because the OIG reports that the emails provided were incomplete. In particular:

... production included no email covering the first few months of Secretary Clinton's tenure - from January 21, 2009 to March 17, 2009, for received messages; and from January 21, 2009 to April 12, 2009, for sent messages.

While it might be argued that Secretary Clinton didn't send or receive email during that period, OIG was able to identify 19 messages sent between Secretary Clinton and David Petraeus, who was then Commander of United States Central Command. These messages were sent during the period when Secretary Clinton was not gathering email and were discovered by OIG when the Department of Defense turned over messages from Petraeus' email logs.

Petraeus, of course, eventually became director of the CIA under President Obama and was forced to resign because of a scandal involving a mistress and classified messages. He eventually pleaded guilty to a misdemeanor for improperly handling classified messages.

Neither Secretary Clinton nor many of her immediate State Department staff were particularly responsive to the OIG investigation. Not only did Mrs. Clinton deny an interview, of 26 questionnaires sent by OIG to Secretary Clinton's staff, only five replied. Additionally, of those immediate staff members who did not reply, OIG did learn that four of them made "extensive use of personal email accounts."

Some of the documents generated by staff email use were produced for the OIG. During the summer of 2015, "representatives" (still undefined in the report) produced "nearly 72,000 pages in hard copy and more than 7.5 gigabytes of electronic data."

According to the OIG report, "one of the staff submitted 9,585 emails spanning January 22, 2009 to February 14, 2013, averaging 9 emails per workday sent on a personal email account." By that metric, and being generous in assuming only four of the 26 senior staff members used personal email accounts, there are nearly 30,000 email messages unaccounted for.

There are two final points worthy of note.

First, because Secretary Clinton did eventually produce printed copies of 55,000 printed documents, NARA concluded that "these subsequent productions mitigated their failure to properly preserve emails that qualified as Federal records."

Second, and perhaps the most troubling of the entire report was the statement, "OIG did not attempt to determine whether these productions were complete." What this means is while there is some known loss of email records during the beginning of Mrs. Clinton's time as Secretary of State, the OIG did not do a complete examination of the records Secretary Clinton did produce.

Determination: While a State Department investigation did take place, the investigators dropped the ball at perhaps the most important point: was Secretary Clinton's production of private records complete? Clearly, like with Secretary Powell, Secretary Clinton's use of private email was a violation of the FRA.


John Kerry

John Kerry

In what will hopefully not be a trend, John Forbes Kerry became the second failed presidential candidate to take the job of secretary of state. His term started on February 1, 2013.

Kerry is married to the former Maria Teresa Thierstein Simões-Ferreira. Known to most Americans as Theresa Heinz Kerry, Mrs. Heinz Kerry was married former Senator (and ketchup fortune heir) Henry John Heinz III before he died in 1991.

John Kerry was an Army brat. He was born in 1943 at the Fitzsimons Army Hospital in Colorado. Kerry's career in the Army is well-documented (and became the target of "swift boat" attacks during his presidential campaign).

After four years in the Army, Kerry became an anti-war activist and eventually went into politics. He failed in an early run for Congress, but eventually became Lieutenant Governor of Massachusetts. He became a Senator in 1985. He served until 2013, when he became secretary of state for President Obama's second term.

According to the OIG report, the currently serving United States Secretary of State, John Kerry, "uses a Department email account on OpenNet and stated that, while he has used a personal email account to conduct official business, he has done so infrequently."

According to Secretary Kerry, when he does use his personal account, he "either copies or forwards such emails to his Department account and copies his assistant."

Secretary Kerry's email practice followed the Capstone Approach, and so while he did use personal email, he used an approved method for preservation of such messages. It should be noted that Capstone was introduced after Hillary Clinton left her post as secretary of state.

Determination: Secretary Kerry has not violated the FRA. While some of his staff also use personal email accounts, many of them are complying with Capstone. That said, some are printing their records, some are forwarding them, but there is still no cohesive, centralized method for email capture and archiving in the State Department.


Lax management of email records is not a problem unique to Hillary Clinton. While her use of a private server may yet prove her undoing, it's clear that Mrs. Clinton is far from the first to misuse and otherwise ignore the importance of email record-keeping.

When it comes to email record-keeping in the Federal government, there are two key laws worthy of our attention: the Presidential Records Act and the Federal Records Act. I explored the PRA in depth in my book, but it's the FRA that's of concern in this article and in the Hillary Clinton case.

The FRA is law, yes, but because of its lax enforcement, it's almost as if agencies think of the FRA as genial suggestions, not the law of the land. Determination of an FRA violation is assigned to the Archivist of the United States, a NARA official. Enforcement is subject to the Justice Department.

According to the OIG report, Secretaries Powell and Clinton - along with staff members of most of the Secretaries - did not comply with FRA requirements. But since it's up to NARA to determine if the FRA was violated, and NARA reports that any violations were "mitigated" by the email message dumps provided, it's clear that NARA does not consider FRA-related prosecution of any kind against the two Secretaries or members of the State Department senior staff to be warranted.

Secretary Powell did not turn in a full set of records, and there is no statement by NARA whether his lack of compliance with FRA was mitigated or not. As such, he may be the only current or former secretary of state who, according to NARA guidance, may have violated the FRA and not mitigated that violation.

It's important to note, however, that NARA itself is not without its faults. Back in 2008, I wrote U.S. government agencies' cyber-security and record-keeping worse than previously thought. This article was based on a U.S. Government Accountability Office report [PDF], National Archives and Selected Agencies Need to Strengthen E-Mail Management, on record-keeping failures and security flaws - including flaws are Homeland Security and the FTC.

According to the GAO report, "NARA has not consistently reported details on records management problems or recommended practices that were discovered as a result of its studies."

Also, rather than proactively conducting investigations into agency behavior, the GAO report indicated that NARA does not get involved until the agency who may have violated FRA requirements actually calls in NARA to do an investigation.

Admittedly, that report was eight years ago. Given that the State Department's own investigation indicated violations of the Federal Records Act across administrations, and also that NARA decided to give those violations a pass because some records of indeterminate completeness were turned in, we can reasonably assume that NARA is still unwilling to carry out its Federal investigation mandate.

Back in 2008, I concluded "The National Archives and Records Administration (NARA) has completely abdicated responsibility for investigating records management in the U.S. government, putting all U.S. government record-keeping at risk."

It appears that eight years haven't changed that. Additionally, as we've been seeing across three administrations and five secretaries of state, email at the highest levels of the United States Government is simply not given the attention it should be in a digital world that runs on electronic communication.

Over the next few months, we'll find out if that inattention to the electronic plumbing of modern communication will prove to be the downfall of a presidential candidate. And no, I haven't forgotten the security concerns of using private email for confidential communications. I'll look into that soon.

See also:

By the way, I'm doing more updates on Twitter and Facebook than ever before. Be sure to follow me on Twitter at @DavidGewirtz and on Facebook at Facebook.com/DavidGewirtz.

Editorial standards