Former Secretary of State Hillary Clinton violated State Department rules by using a personal email account tied to a private server, the department’s independent auditor has concluded.
“Secretary Clinton should have preserved any federal records she created and received on her personal account by printing and filing those records with the related files in the Office of the Secretary,” the State Department’s Inspector General said in a report on department email policies released on Wednesday.
Because she did not turn over all work-related emails to department staff when she left office in 2013, the report said, “she did not comply with the Department’s policies that were implemented in accordance with the Federal Records Act.”
Clinton’s use of a private email account and server has drawn criticism from security experts and independent watchdog organizations that accuse her of stifling transparency and putting sensitive government documents at risk of theft. On Wednesday, a hacker who claimed that he had repeatedly breached her server pleaded guilty to separate computer-crimes charges.
Although the report criticized the entire State Department for systemic recordkeeping failures dating back decades, its criticism of Clinton will prove the most potent as the likely Democratic presidential nominee prepares to face presumptive Republican nominee Donald Trump in the November election.
The Republican National Committee was quick to pounce on the report’s findings, blasting out a statement that read in part, “The stakes are too high in this election to entrust the White House to someone with as much poor judgment and reckless disregard for the law as Hillary Clinton.”
The report highlights several email exchanges that suggest that Clinton wanted to use a personal account to avoid scrutiny of her official actions. When her deputy chief of staff for operations suggested that she use an official government address, Clinton responded, “Let’s get separate address or device but I don’t want any risk of the personal being accessible.”
In another exchange, the technician maintaining Clinton’s server told her deputy chief of staff for operations that he needed to take it offline because he suspected “someone was trying to hack us.”
Clinton, like three of her predecessors, did not sign a form that all departing employees are required to sign indicating that they did not take government property with them. A Clinton State Department staffer told the inspector general’s team that, in the report’s words, “as the head of the agency, the Secretary is not asked to follow the exit process.”
The inspector general’s office interviewed current Secretary of State John Kerry along with Clinton’s predecessors Condoleeza Rice, Colin Powell, and Madeleine Albright. Clinton declined a request to be interviewed by the team.
Clinton’s allies downplayed the report’s findings by arguing that Clinton was merely following her predecessors’ precedent in using a personal account, as Powell and Rice had done.
“Republicans need to stop wasting taxpayer dollars singling out Secretary Clinton just because she is running for president,” Rep. Elijah Cummings (D-Md.), the top Democrat on the House Oversight Committee, said in a statement. “If Republicans really care about transparency, they will work constructively with Democrats to focus on fixing what this report shows are longstanding, systemic flaws in the State Department’s recordkeeping practices for decades.”
House Oversight Committee Chairman Jason Chaffetz (R-Utah), one of Clinton’s most dogged critics on the email issue, responded to the report’s findings with a surprisingly nonpartisan statement.
“Long-standing weaknesses with the preservation of federal email records clearly exist within the Office of the Secretary of State,” Chaffetz said. ”Over time, those weaknesses may have been exploited by Department officials for self-serving purposes. The State Department should immediately undertake the IG’s recommendations to ensure both proper compliance with the Federal Records Act and adoption of a far more robust cybersecurity protocol.”