Published by The Lawfare Institute
in Cooperation With
The first notable thing in FBI Director Jim Comey's statement on the Clinton email flap is that he issued it at all. Normally, the FBI does not issue reports on its investigative findings separate from Justice Department decisions regarding what to do with those findings. Much less does it make public its recommendations, particularly in a fashion that effectly preempts the Justice Departments prosecutorial decisions with respect to those recommendations.
The second notable feature of his statement is this line: "I have not coordinated or reviewed this statement in any way with the Department of Justice or any other part of the government. They do not know what I am about to say." This is clearly a reference to Bill Clinton's perhaps unintentional—but nonetheless very damaging—decision to compromise Attorney General Loretta Lynch by jumping on her airplane and having a private meeting with her. The import of Comey's move here is that conservatives and skeptics of the attorney general—who is a political appointee, after all—no longer have to rely on her integrity to put this matter behind him. This sentence says that they can rely on Comey's and the FBI's alone.
Before turning to his findings, Comey identifies three areas of investigation:
- "whether there is evidence classified information was improperly stored or transmitted on that personal system, in violation of a federal statute making it a felony to mishandle classified information either intentionally or in a grossly negligent way";
- whether anyone violated "a second statute making it a misdemeanor to knowingly remove classified information from appropriate systems or storage facilities"; and
- "whether there is evidence of computer intrusion in connection with the personal e-mail server by any foreign power, or other hostile actors."
Note here what this investigation did not include: despite a lot of unified field theorizing in the conservative press, the conduct of the Clinton Global Initiative, Benghazi, Clinton's relationship with Wall Street banks, and a lot of other things were not part of this investigation.
Comey then goes on to detail some of the bureau's activities and findings. This is, as I say, an unusual step. Normally, the bureau sends its findings to prosecutors and says nothing about them in public. In this case, however, Comey says "I am going to include more detail about our process than I ordinarily would, because I think the American people deserve those details in a case of intense public interest."
The first key finding is that there was, indeed, a significant amount of classified material on Clinton's server. How much?
From the group of 30,000 e-mails returned to the State Department, 110 e-mails in 52 e-mail chains have been determined by the owning agency to contain classified information at the time they were sent or received. Eight of those chains contained information that was Top Secret at the time they were sent; 36 chains contained Secret information at the time; and eight contained Confidential information, which is the lowest level of classification. Separate from those, about 2,000 additional e-mails were “up-classified” to make them Confidential; the information in those had not been classified at the time the e-mails were sent." In addition, there were other work-related emails recovered that were not stored on the server, though the bureau found no evidence that any were deleted in an effort to conceal them: "With respect to the thousands of e-mails we found that were not among those produced to State, agencies have concluded that three of those were classified at the time they were sent or received, one at the Secret level and two at the Confidential level. There were no additional Top Secret e-mails found. Finally, none of those we found have since been 'up-classified.'"
Comey next reports that "there was no intentional misconduct in connection with th[e] sorting effort" on the part of Clinton's lawyers in identifying and turning over her work related emails after the server was disclosed.
The bad news for Clinton comes next. And don't let anyone kid you. It's bad. "Although we did not find clear evidence that Secretary Clinton or her colleagues intended to violate laws governing the handling of classified information, there is evidence that they were extremely careless in their handling of very sensitive, highly classified information," Comey says:
For example, seven e-mail chains concern matters that were classified at the Top Secret/Special Access Program level when they were sent and received. These chains involved Secretary Clinton both sending e-mails about those matters and receiving e-mails from others about the same matters. There is evidence to support a conclusion that any reasonable person in Secretary Clinton’s position, or in the position of those government employees with whom she was corresponding about these matters, should have known that an unclassified system was no place for that conversation. In addition to this highly sensitive information, we also found information that was properly classified as Secret by the U.S. Intelligence Community at the time it was discussed on e-mail (that is, excluding the later “up-classified” e-mails).
None of these e-mails should have been on any kind of unclassified system, but their presence is especially concerning because all of these e-mails were housed on unclassified personal servers not even supported by full-time security staff, like those found at Departments and Agencies of the U.S. Government—or even with a commercial service like Gmail.
This will be a politically damaging finding—as well it should be. It's not uncommon for high-ranking officials to treat classification rules with a lack of deference. That said, it's upsetting every time it happens. And notably in this case, this is not—as some prior reporting suggested—merely a case of Clinton's passively receiving New York Times articles that contained, in an unmarked fashion, classified material. Comey makes clear that she both sent and received classified material and that "any reasonable person" in her shoes would have known better than to have such conversations.
These are strong words. And this paragraph will make for a lot of Republican talking points over the next few months. In all honesty, Clinton deserves these talking points every time. She should have known better.
Did it matter? The short answer is that it seems that it likely, but not certainly, did—at least to some degree:
With respect to potential computer intrusion by hostile actors, we did not find direct evidence that Secretary Clinton’s personal e-mail domain, in its various configurations since 2009, was successfully hacked. But, given the nature of the system and of the actors potentially involved, we assess that we would be unlikely to see such direct evidence. We do assess that hostile actors gained access to the private commercial e-mail accounts of people with whom Secretary Clinton was in regular contact from her personal account. We also assess that Secretary Clinton’s use of a personal e-mail domain was both known by a large number of people and readily apparent. She also used her personal e-mail extensively while outside the United States, including sending and receiving work-related e-mails in the territory of sophisticated adversaries. Given that combination of factors, we assess it is possible that hostile actors gained access to Secretary Clinton’s personal e-mail account.
This paragraph is carefully worded, and I suspect that it would have been worded differently had the FBI concluded that an intrusion was unlikely.
Put it all together and you get a pretty damaging case in the political arena. Clinton behaved in a fashion a reasonable person would not have with respect to discussing highly sensitive material in a non-secure setting. We know that "hostile actors" gained access to the systems of her correspondents. And we can't rule out that her own system was compromised. It's not a pretty picture.
And that said, it's very clearly not the sort of thing the Justice Department prosecutes either. For the last several months, people have been asking me what I thought the chances of an indictment were. I have said each time that there is no chance without evidence of bad faith action of some kind. People simply don't get indicted for accidental, non-malicious mishandling of classified material. I have followed leak cases for a very long time, both at the Washington Post and since starting Lawfare. I have never seen a criminal matter proceed without even an allegation of something more than mere mishandling of senstive information. Hillary Clinton is not above the law, but to indict her on these facts, she'd have to be significantly below the law.
Comey's recommendation in this regard is unambiguous: "our judgment is that no reasonable prosecutor would bring such a case."
His reasoning, at least in my judgment, is clearly correct: "In looking back at our investigations into mishandling or removal of classified information, we cannot find a case that would support bringing criminal charges on these facts. All the cases prosecuted involved some combination of: clearly intentional and willful mishandling of classified information; or vast quantities of materials exposed in such a way as to support an inference of intentional misconduct; or indications of disloyalty to the United States; or efforts to obstruct justice. We do not see those things here."
Comey's full statement is a peculiar document because it is simultaneously emphatic that Clinton and her staff behaved inappropriately and equally emphatic that no reasonable prosecutor would want to bring a case against them. His reputation for personal probity and apolitical behavior is such that both statements must be taken seriously. The former should be profoundly embarassing to Clinton. The latter should put to rest the notion that she should face charges. If she is to face accountability for her email server, that accountability will and should be in the political realm.