The debate about former Secretary of State Hillary Clinton’s private email server is generating a great deal of heat, but not much light.
Let’s start off by stipulating that having an email server in your home for the purposes of doing your job is a monumentally bad idea if you are a government official, even if you never put a single classified fact on it. Any intelligence service would love to have access to the private emails of the foreign minister of a target country. When intelligence analysts are trying to assess something like a country’s foreign policy, any insights they can get into the personality, state of mind, priorities, or thoughts of a senior policymaker are helpful: precisely the sort of thing that personal emails can provide.
Let’s also agree that it is likely that some information that every reasonable person would agree should have been classified as secret or even top secret probably got onto Hillary Clinton’s private email server. Aside from the fact that the CIA says that it found some emails with classified information, there are a few reasons for this.
First, humans make mistakes. I know that sounds like a lame excuse, but I am willing to bet that every person who has ever had a security clearance has said or written something in an unclassified setting that he or she shouldn’t have. Second, State Department officials often have some naïve ideas about security, or don’t even think about it at all. When I served in the department, I witnessed a good bit of sloppy security behavior, typically by relatively senior people. For instance, when I was doing a brief stint on a crisis task force, I was listening to the secretary of state’s unsecured telephone conversation with the U.S. ambassador in the affected country piped over the speakers. All of a sudden, I heard the secretary ask the ambassador what he thought of the recent CIA clandestine report on such-and-such. Similarly, rumors abounded among my peers that a senior State Department official had been seen on a commercial airline flight reading a highly classified document. Not infrequently, I saw department officials walk out of the building to meetings with classified documents just tucked into a folder instead of being properly double-wrapped. (Of course, carelessness like this is not unique to the State Department, as the experiences of former CIA Directors John Deutch and David Petraeus and former National Security Adviser Sandy Berger attest.)
Even allowing for those facts, however, the uproar about the Clinton email server ignores the reality that, for very good reasons, the CIA and the State Department have different approaches to classification and classified information. These different approaches result from the different functions of the agencies.
Consider the CIA. Its culture and procedures enforce an expansive approach toward classification: You can never be too cautious. The reasons are simple. The bulk of the Agency is devoted to the business of intelligence collection and analysis. These are activities that are usually most successful when nobody on the outside ever notices that anything has happened. For its part, the Clandestine Service has to worry about keeping recruited spies alive. Meanwhile, the writings of CIA analysts directly influence the highest-level, most sensitive strategy formulation and decision-making in the country. These are serious equities, so it is usually best to throw a blanket of secrecy over everything.
The results can be seen everywhere in the agency. For instance, the CIA does as much work as possible inside SCIFs, specially secured, usually windowless rooms. Even unclassified facts reported in the open press about events abroad can become classified if CIA analysts use them. The theory is that the fact the CIA was interested in a story is sensitive. My time at CIA included the last years of the Boris Yeltsin administration, a time when Yeltsin was in very poor health. I used to joke that any day I might see an Agency SitRep saying something like “Russian President Boris Yeltsin died today, according to press reports. (Confidential/NOFORN).”
There are other signs of this security culture. Even CIA officers who are not under cover are discouraged from naming their employer, especially when overseas. Meanwhile, journalists and foreigners have very sharply constrained access to CIA facilities. In addition, the concept of “plausible deniability” that is used to cover covert actions is sensible, but has no built-in limits. There can be “covert actions” that everybody on the planet knows about, but which the CIA will not allow anyone to refer to because it clings to the non-falsifiable proposition that a public reference by a current (or former) U.S. government official might cause some foreigner somewhere (who has not been persuaded by reporting in the New York Times and the Washington Post) to finally have a light bulb go off. Not surprisingly, the CIA has and does conduct a goodly number of non-covert “covert actions.” The agency’s support for the Afghan resistance to the Soviets in the 1980s was one example. An even more prominent one is regularly in the news today but I am forbidden from referring to it, even though I never knew anything classified about this particular covert action … if it actually exists.
All these and related norms are reinforced every day by the CIA culture, and enforced every few years by security clearance reinvestigations — prominently featuring polygraph examinations — that probe into questions about unauthorized disclosures, relationships with foreigners, and relationships with reporters. In short, though it operates overseas, the CIA really faces inward toward the U.S. government.
The State Department is different. Unlike the CIA, it faces outward to the public and other countries. In fact, it exists for the very purpose of talking to foreigners, many of them not especially friendly. Department officials must regularly exchange sensitive information or proposals with these foreigners. State Department officials often conduct their diplomacy in unsecure locations such as restaurants, hotel lobbies, or over regular telephone lines because there is no realistic alternative. When a major political figure in a foreign country calls the U.S. ambassador on a commercial telephone, is the ambassador supposed to refuse the call? If a political officer is invited to lunch by an interlocutor, should he or she restrict conversation to the weather? Of course not. Business must be done. Obviously, then, it is not a natural thought that business conducted in a busy restaurant in a foreign country must immediately then be treated as a state secret.
Also, the CIA’s notion that publicly known facts reported in newspapers should be treated as classified does not work well in the State Department’s environment. The State Department usually cannot conceal its interest in a topic because when it is interested in something its diplomats often must go talk to foreigners about the developments. The department has to live in the real world, where news stories — even if they report classified facts about the activities of other agencies of the government — actually exist and have effects that must be dealt with, often by them. The differences continue: Unlike CIA officers, State Department officials are not discouraged from admitting for whom they work. Quite the opposite; they are meant to be proud and attractive representatives of their country. Finally, foreigners and journalists are an everyday presence in the State Department because they have to be if the department is to inform, persuade, and coerce foreign publics and governments while remaining accountable to American taxpayers.
So, the two agencies of necessity have different approaches to classification. State Department officials are used to operating in discreet but not classified environments, so their first reaction is not to classify things. Moreover, senior State Department authorities are the classifying authorities for their own information, so they exercise their own discretion in making those decisions. Career diplomat, former Ambassador Princeton Lyman, for instance, told the Washington Post that he was chagrined and surprised to find that some of his emails found on the Clinton server were now considered classified. He commented that, “the day-to-day kind of reporting I did about what happened in negotiations did not include information I considered classified.”
The FBI is now investigating the matter of the Clinton email server and a key player has been granted immunity. However, it is always easy to criticize a decision after the fact, especially if you come from a different starting point. Set the FBI and the CIA’s security mavens on any collection of open data and they will always find security problems. While their approach may be defensible, it is not the only way of seeing things.
In short, the missions of the CIA and the State Department differ, so we should not be surprised that they have different cultures and procedures, both formal and informal, including with regard to classification. The simple fact is that classification often stands between diplomats and getting work done. For the CIA, however, classification is often a necessary precondition for getting work done. Unless you want a State Department so secure that it is ineffective, or a CIA so leaky that it is ineffective, these differences are a good thing. In the meantime, as the Clinton email saga unfolds we should take a deep breath and make sure to look at the nitty-gritty facts from all points of view.
Mark Stout is a Senior Editor at War on the Rocks. He is the Director of the MA Program in Global Security Studies and the Graduate Certificate Program in Intelligence at Johns Hopkins University’s School of Arts and Sciences in Washington, D.C.