The next few years will see some major trials on the fundamental issues of information governance that are basic to preserving our democracy.
Today we are particularly concerned that a leading candidate for President of the United States now faces an ordeal in the House of Representatives and elsewhere as a result of the apparent deliberate destruction of federal electronic communication records not under the control of any federal archivist and being sought in a Congressional investigation. How can such a thing have happened? Can it happen again under existing rules? And where is the law going regarding the destruction of evidence in a pending or likely investigation or litigation? These are questions to be addressed in future posts and articles; this post will lay some of the factual groundwork for those answers.
The lion’s share of the attention in the Clinton email scandal has focused and will continue to focus on transparency, but other risks relating to the records of senior Cabinet officials are equally important. Particularly critical to the records of such federal departments as State and Defense are the extraordinary resources devoted to secure and resilient communication networks designed to protect sensitive electronic communications against unauthorized access and disclosure and to respond to and recover from cyber-attacks. As important to the functioning of our democracy are archival standards designed to assure public accountability, disaster recovery and accessibility of records under freedom of information statutes.
In this case, all such standards appear to have been bypassed by a private communication system the legality of which will be tested under the law in effect at the time of its establishment and use. No information has been provided regarding the information security of this private system, or how it responded to the constant hacking to which it was almost certainly subject, whether its managers were aware of such hacking or not. Most troubling, however, is that decisions were apparently made simply to destroy all communications deemed “personal” in this system without any review by a trusted third party, on the purported basis of protecting the “privacy” of all such communications, even though those who made the decision to destroy all such records were undoubtedly well aware that the privacy of all such communications could easily have been preserved by such a privileged and confidential third-party review.
John Cassidy reported on Secretary Clinton’s Tuesday press conference in the New Yorker as follows:
Shortly before Clinton spoke, David Gergen, a former communications adviser to Bill Clinton and other Presidents, suggested, from his perch at CNN, that she should “surprise everyone” by promising to hand over the family server and to submit to an independent review process, in which a respected third party would go through all of the server’s contents and decide if it contained anything else that should be forwarded to the official archives. “I think concrete steps are going to go a lot further,” Gergen said, referring to the expected verbal statements.
On the face of it, that seemed like sound advice. But it turned out to be advice that Clinton wasn’t in a position to take. “We went through a thorough process to identify all of my work-related e-mails and deliver them to the State Department,” she said. “At the end, I chose not to keep my private personal e-mails.” Why so? The messages she jettisoned were “about planning Chelsea’s wedding or my mother’s funeral arrangements, condolence notes to friends, as well as yoga routines, family vacations, the other things you typically find in inboxes.” She added, “No one wants their personal e-mails made public, and I think most people understand that and respect that privacy.”
It took a few seconds for me to grasp what Clinton was doing: she was attempting to appeal to voters’ sense of fair play, over the heads of her opponents and the media. Not only did she have no intention of handing over more e-mails but the material had been deleted months ago, or so it seemed, without any outside review.
Many of the hundreds of thousands of you who, like me, deal with legal burdens regarding the preservation of information relevant to a pending or reasonably likely investigation or litigation and legal requirements to maintain “reasonable security” regarding sensitive personal information — let alone the information sent by government officials to the Secretary of State and let alone the greater demands of real, adaptive information security — may be thinking what I (a lifelong Democrat, and, until this moment, a fan of Secretary Clinton’s, BTW) thought when I just read these words: This is Watergate, and then some. In this case, a high government official simply states at a press conference that she destroyed the documents in controversy, avoiding what could have been a simple, standard, privacy-preserving, confidential review by a trustworthy third party. And she says it as a prelude to running for President! I am only amazed that I have heard so little outrage thus far. In the background of Secretary Clinton’s famous email picture above sits a former Dean of Yale Law School. Will we hear from the legal community with a bipartisan voice?
In what might be judged as a weak effort at bipartisanship, let us now look at the more idiosyncratic if less legally questionable approach to electronic communications of that very security-minded recipient of the most sensitive intelligence information, Senator Lindsey Graham:
What I do, basically, is that I’ve got iPads, and I play around. But I don’t e-mail. I’ve tried not to have a system where I can just say the first dumb thing that comes to my mind. I’ve always been concerned. I can get texts, and I call you back, if I want. I get a text, and I respond not by sending you a text, but calling you if I think what you asked is worthy enough for me calling you. I’m not being arrogant, but I’m trying to jealously guard myself in terms of being able to think through problems and not engage in chat all day. I’ve had a chance to kind of carve out some time for myself not responding to every 15-second crisis.
Although this approach probably makes him a much less efficient public servant than Secretary Clinton, it is of course much smarter than Secretary Clinton’s when it comes to protecting Senator Graham. Even if he really means SMS text messages, which are of course discoverable and are routinely kept by some carriers for up to seven years, his own responses — assuming his reasonable paranoia prevents him from leaving long, substantive voice mails — are harder to pin down. That is particularly important for Senator Graham, given his apparent penchant for racist and sexist humor (e.g., “white men in male-only clubs,” Pelosi plastic surgery). Not only does it do nothing for us on the transparency front, however; it may force all the communications to him to be (generally) insecure text messages or commercially but not FedRAMP-secure text messages, and says nothing at all about the security of the phone communications in response.
Compared to both of these two Presidential contenders, the current President with his secure Blackberry is a model of both transparency and security. But all he needs to do is use the system given to him to communicate (given that he is not particularly drawn to hate speech). Edward Snowden, to focus on another possible upcoming information governance trial of interest, has had real skin in the communications security game; his freedom and perhaps his life have depended on secure communications for years now.
No, I am not suggesting that either the Clinton or Graham campaign bring on Snowden as a security or ediscovery consultant. I am suggesting that the ever-stranger arc of the moral universe is giving us a great opportunity to think more deeply about many aspects of the governance of electronic communications, including their security, accessibility, transparency and privacy. Let the trials begin!