We asked a cybersecurity expert if Hillary could get indicted

In light of Hillary Clinton’s recent appointment as Democratic presidential nominee, the email scandal has come up again.

The entire debate, revolving around whether or not she has endangered national security, has revived itself in various news outlets and publications with questions of her character, professionalism and ability to even be president.

Many argue, including Clinton herself, that the use of her personal email account rather than the protected server advised does not and will not threaten national security.

To get to the bottom of this issue and find out what all this really means, we sat down with Stewart Baker, the first Assistant Secretary for Policy at the US Department of Homeland Security under President George W Bush.

So tell us what’s happened so far.

Hillary Clinton did not use the email system provided by the state department and protected by the state department. She wanted to be able to guard her communications from scrutiny from people inside the government, so she kept all of her communications on a server that she paid for and that was set up by someone that she knew from the Clinton Foundation. That server was not well secured. There is some evidence to suggest that it was very badly secured, and not secured as well as the security department. That gives rise to a reasonable assumption that any emails that were on that server were compromised by one or more foreign governments, but we don’t know that for sure, but it’s a proven assumption.

There’s a Freedom of Information Act proceeding that’s going on now, in which the communications involved Secretary Clinton. When this became an issue, she erased any emails that she decided were personal and provided roughly half of the emails that had been on the server to the government. There is a Freedom of Information Act request for those emails and before they can be released, they have to be subjected to a classification review. That has been controversial for some time, because of course if those emails are classified, then there are arguments that by keeping classified information on an insecure server, she compromised national security. That’s been the debate thus far.

What I have pointed out is that there is a second risk to national security, which is this: people from the CIA are going through and finding the names of CIA employees and saying, well, you’ve got to keep those names secret because there’s a special statute that protects the identity of CIA employees. They have a special label for CIA employee information and whenever they find out, they say we are withholding that from the people filing the Freedom of Information request because it’s a CIA employee’s name. That’s usually fine, because no one knows what’s under that stamp, they don’t learn anything other than there’s a CIA employee in the memo.

But if a foreign government has an entire set of emails, then we are telling them something new. We’re telling them if you go to page 42 and you look for this email and go down to the 10th line, you’ll see a name. In an email, it’s just a name, but now the CIA has told you that is the name of a CIA employee. So, if there is any reason to believe that a foreign government might have compromised the underlying emails, then we should not be using this particular category of protected data. We should find some other way to withhold it and some other designation for the information. Unfortunately, we have already revealed 40 or 50 circumstances where we said this is a CIA name and if those emails are already in the hands of a foreign government, then we have compromised those identities.

What would you say Hillary should be held accountable for?

What she did was quite irresponsible. She says: “I didn’t know there was anything classified in there,” but she could have predicted that there would be some sensitive information and probably that there would be information that was classified.

She never should have set up this server in this fashion and she deserves to be censured for her irresponsibility, particularly because it was a reflection of a kind of determination about how the law would respect how this information was supposed to be maintained or stored. So, I think that’s really the fundamental problem that she acted irresponsibly and withheld information that should have been disclosed.

What would happen if she were found guilty?

I’m not convinced that this is a matter of a criminal prosecution. An irresponsible action is not the same as a criminal action. There are arguments about whether what she did was criminal, but I’m skeptical.

So, let’s say it’s October and the election is coming a close and it comes out that there was negative consequences. Could this affect her presidency or her even becoming president?

Yes. I think that she needs to be accountable for how she handled this information and that means her behavior in handling information needs to be carefully scrutinized, at a minimum.

What do you say to the counter arguments that say that this was not a big deal and shouldn’t be blown out of proportion?

There are times when it is very inconvenient or worse to deal with the constraints that classified information rules impose on government officials. There may even be times when it makes sense to ignore them or to compromise with them and so, having been inside government and knowing hard it actually is to get your job done and at the same time observe all the classified rules, I would cut Hillary Clinton something of a break on how she handled classified information, but if you’re going to take shortcuts, you have to, nonetheless, be extraordinarily careful about how the information you’re handling ends up in the process and she was not. She should be held accountable for her failure to exercise reasonable care about the protection about these emails.