I completely concede the email controversy, that is Hilary Clinton, has been disputed, debated and ultimately disappointed many of us. Especially those who have had to deal with the responsibility of handling classified information. The objective here is not to continue down the road of Hillary bashing, there are vastly better controversies for that. The intent in this article is to explain why the failure to charge Ms. Clinton for mishandling our Nation’s secrets is just not going to hold water with those of us who’ve been vetted for access the same information. Effectively, this article is for those who have never been around classified material. It’s unfair for us to expect others to understand why this is such a black and white issue if we don’t make an attempt to inform.
So to be clear, this is not a hit piece, although clearly in opposition to what our “Justice” Department officials have concluded. As such, I will do my best to provide a concise explanation as to how classified information is processed and controlled. The objective is to justify my, and many others, opinions that anyone who has been allowed behind the curtain can never say, “Oops, I didn’t mean it” when they “unintentionally” mishandle classified information. In fairness to Ms. Clinton I can’t find a record of her saying that. Unfortunately, lack of Intent was used as justification not to formally charger her.
So get your sarcasm sensors calibrated and let’s get to it.
Generally intelligence gathering is what creates classified information. Admittedly this is not the author’s area of expertise. I’ll leave the details to the experts. A quick google search reveals the following types of intelligence gathering.
Human-Source Intelligence (HUMINT)
Signals Intelligence (SIGINT)
Imagery Intelligence (IMINT)
Measurement and Signature Intelligence (MASINT)
Open-Source Intelligence (OSINT)
Geospatial Intelligence (GEOINT)
What is interesting about this is the organization responsible for collecting and classifying the intelligence, also has the authority to grant permission to disclose it. So, after you’ve gone through the rigorous background investigation that grants you a Clearance, you are then scrutinized for “Need to Know,” after which you are either granted or denied permission to disclose what you’ve been exposed to. Certainly, in the field this is difficult to enforce the disclosure piece. Even so, the former Secretary can’t use that as an excuse, though she might try… But this is not a hit piece…
There is vastly more to the aggregation of what ultimately becomes classified data. To leave it at such a high level seems unjust when you consider the effort and risk that goes in to obtaining it. However, in an effort to get to the point, let’s move on to the actual classification of data.
Security Classification 101:
There are 2 main categories of official information, Unclassified and Classified.
Seems counter intuitive but, yes, Unclassified is indeed a form of “Classification”.
“Unclassified” is a security classification assigned to official information that does not warrant the assignment of Confidential, Secret, or Top Secret markings but which is not publicly-releasable without authorization. (Source: http://www.fas.org/sgp/eprint/bagley.html)
Real quick… The text in bold should be something that resonates with everyone reading this… Even unclass information requires authorization to be released.
Summary – Most everything in this category is probably available to the public in some non-government form. However, “loose lips sink ships”. So, let’s play it safe with this information. In truth, this is a bit over protective. The best example I can give is Ship’s Movement. Anyone within eyesight of an aircraft carrier can tell when they are getting ready to leave port. Yet, Sailors are instructed not to discuss actual departure dates and times publicly. Don’t give the bad guys advanced information inhibiting their ability to plan ahead. In other words, authorization is not given to disclose when a ship is leaving or entering port.
Within Classified there are three main groups, Confidential, Secret and Top Secret.
“Confidential” shall be applied to information, the unauthorized disclosure of which reasonably could be expected to cause damage to the national security. (Source: http://www.fas.org/sgp/library/quist2/chap_7.html)
Summary – This category is again comprised of information that can probably be obtained through public domain. This is where the “I cannot confirm or deny” rationale comes in to play. Yes the enemy may already know this information, but we don’t want them to be sure.
“Secret” shall be applied to information, the unauthorized disclosure of which, reasonably could be expected to cause serious damage to the national security. . (source: http://www.fas.org/sgp/library/quist2/chap_7.html)
Summary – Now we’re in the, “shut your mouth” space. Meaning the information in this category has probably been used in the battlefield. It’s something the enemy has probably seen us do but may not be sure why or to what benefit. So, in order to be able to continue to utilize this information to our advantage, shut the foxtrot up.
Top Secret (To include Sensitive Compartmented Information)
“Top Secret “shall be applied to information, the unauthorized disclosure of which, reasonably could be expected to cause exceptionally grave damage to the national security. (source: http://www.fas.org/sgp/library/quist2/chap_7.html)
Summary – “I could tell you but I’d have to kill you…” This is the stuff that gets people killed. Period.
As you can tell there is some grey are between the different classifications. However, the generally preferred practice is, when it doubt go with the higher classification
Now that we have established the correct classification of our data, let’s talk about the controls around Unclassified and Classified material.
The DoD has the following list of “Safeguards” for unclass data… Remember, this is essentially the lowest classification level… The following are a sample of that list. (DoDI 8582.01, June 6, 2012)
“Do not process Unclassified DoD information on publically available computers (e.g., those available for use by the general public in kiosks or hotel business centers).”
Don’t type any unclass stuff on the local library computer. Or, on your personal laptop (Non-Government Equipment) while on the local Starbuck’s wifi.
“Protect Unclassified DoD information by at least one physical or electronic barrier (e.g., locked container or room, logical authentication or logon procedure) when not under direct individual control of an authorized user. “
Even unclass stuff must be kept in a securable place. A locking file cabinet with solid top, bottom, back and sides will do fine.
“Transmit e-mail, text messages, and similar communications containing Unclassified DoD information using technology and processes that provide the best level of privacy available, DoDI 8582.01, June 6, 2012 8 ENCLOSURE 3 given facilities, conditions, and environment. Examples of recommended technologies or processes include closed networks, virtual private networks, public key-enabled encryption, and transport layer security (TLS). “
The DoD calls this the NIPRNet – Non-classified Internet Protocol Router Network. Imagine that… an entire government wide secure network for UNCLASS Information…
“Do not use external IT services (e.g., e-mail, content hosting, database, document processing) unless they provide at least the same level of protection as that specified in the contract or other written agreement.”
This one speaks for itself… Did I say this was all for the lowest… ya, I did…
So, In the interest of time, let’s jump to Top Secret, of which the Democratic nominee had a total of 22 emails in that category on her “private” email server… Which would be a big deal if this were a hit piece… But this is not a hit piece…
Again, this is from the perspective of the DoD. So, let’s begin with removing Top Secret data from the government facility accredited to contain it. Who could approve that?
“Only the Secretary of Defense, the Secretaries of the Military Departments, the Chairman of the Joint Chiefs of Staff, the Combatant Commanders, or the senior agency officials appointed pursuant to section 5.4(d) of Reference (d) may authorize the removal of Top Secret information from designated working areas for work at home. Such officials may also authorize removal of information for work at home for any lower level of classification.” (DoDM 5200.01-V3, February 24, 2012)
I know what you’re thinking; she was, in fact, the Secretary of State. So by comparison she should have been able to authorize herself to send Top Secret emails to her private server… just throttle back there, Patty Progressive…
Just because you are authorized to remove Top Secret information and take it home doesn’t quite give you permission to email them to your “G-14 Classified” private email server… (Google it)
“Top Secret information shall be transmitted only by:
a. Direct contact between appropriately cleared persons.
b. Electronic means over an approved secure communications system (i.e., a cryptographic system authorized by the Director, NSA, or a protected distribution system designed and installed to meet the requirements of National Security Telecommunications and Information Systems Security Instruction (NSTISSI) 7003 (Reference (ay))). This applies to voice, data, message (both organizational and e-mail), and facsimile transmissions.”
Not only were people with ZERO security clearance allowed access to her server, clearly, it was not, “a cryptographic system authorized by the Director, NSA, or a protected distribution system designed and installed to meet the requirements of National Security Telecommunications and Information Systems Security Instruction (NSTISSI) 7003.”
And finally I give you the SF-312. One final piece of documentation that each and every person, military or civilian, must read and sign for each and every DoD command/facility where they access classified information, in which it states,
“I hereby acknowledge that I have received a security indoctrination concerning the nature and protection of Classified information, including the procedures to be followed in ascertaining whether other persons to whom I contemplate disclosing this information have been approved for access to it, and that I understand these procedures.” (Standard Form 312 (Rev. 7-2013))
Look, I could go on a massive rant about guarding classified material on a Navy vessel, or shipmates of mine who were busted down for the unintentional mishandling of classified information. I could write about system and facility accreditations which are required to validate the level of classification they can transmit or contain. Instead I’ll just leave you with this. Many have been convicted for far less, others are currently under indictment for self-reporting their own security violations. In contrast I’d love to post the video of Trey Gowdy railing the director of the FBI, if only to remind us that the idea of accountability is forever lost on the former First Lady.
Bottom line: If you have willingly or unwillingly mishandled or disclosed any classified information, you are wrong. And you deserve whatever punishment you get. Why? Because, there is no way you can say, you didn’t know better.
Standing by for the punishment to fit the crime…
Chris Valdez is a nine year Navy veteran followed by 11 years as a defense contractor. While on active duty, he served as a Naval Aricrewman, Rescue Swimmer, Tactical Sensor Operator and Instructor for Aircraft Carrier deployed helicopter squadrons. As a contractor he focused on providing technology solutions in support of Navy shore facility Anti-Terrorism and Force Protection (AT/FP) activities. Currently, Chis is consulting with a company in the unmanned maritime space, splitting time with his day job as a technology Project Manager.
Image courtesy of Reuters