NSA Probably Doesn’t Have ALL of Hillary’s Emails … But Maybe Someone Should

I’m among those who believes Hillary Clinton’s use of a privately run email server is an abuse of power. Doing so appears to have skirted laws ensuring good governance and it may well have exposed her communications to adversaries (including some who would have reason to use the contents of her email to help Republicans win the White House), even if her email would have been just as targeted at State, per reports about persistent hacking of it. While I don’t buy — in the absence of evidence — she did so to hide ties with the Clinton Foundation, I do think she did so not just for convenience, but for control, as I laid out last week.

In response to the scandal, some people are calling on NSA to turn over Hillary’s emails (as they earlier did with former IRS official Lois Lerner).

For some Americans, the NSA isn’t an agency that protects them from terrorist threats or keeps this country safe from another catastrophic event. For many people, the NSA represents an intrusion of privacy. However, ‘Emailgate’ is an opportunity for the NSA to show Americans that it can protect the nation from possible security breaches, even when powerful members of government have made these errors of judgment. Nobody is accusing Hillary Clinton of anything treasonous or malicious, after all, Powell and Rice also used private emails at times. The primary concern with this scandal rests in the fact that private email servers were stored in a private residence, with their contents possibly being “sensitive” or “classified.”

If anyone in the country engaged in such behavior, the NSA would have likely had information on all of this citizen’s communication and activities. If  Clinton compromised national security in any way, the most renowned record-keeping agency in the U.S. government should help answer some questions. If the NSA has the full record of Clinton’s emails, it should hand them over to Congress.

There’s little reason to believe that NSA has all of Hillary’s emails — or even metadata on them — though it may well have (had) some.

We’re talking about emails from a non-PRISM US based server that are two to six years old.

Until December 2011, the NSA would have been capturing the metadata from all of Hillary’s email. But according to multiple documents (including sworn documents), NSA destroyed this data in 2011. NSA currently appears to collect US person Internet metadata from two other sources: from PRISM collection, and under SPCMA on data obtained overseas.

According to the 9-page explanation on the emails Hillary sent, “During her time at State, she communicated with foreign officials in person, through correspondence, and by telephone. The review of all of her emails revealed only one email with a foreign (UK) official.” Thus, while many of the people the Secretary of State would interact with could easily be targeted under Section 702, she claims she had email communication with only one of those legitimate targets, and that potentially legitimate target is from the UK, the least likely country to be targeted. This would mean that Hillary’s emails (and therefore metadata) would be unlikely to have been captured under PRISM collection. [Update: I realize now that any private conversations she had with foreigners could have been targeted and would not be among those she kept as official business.]

If she had used a targeted person’s identifier (email or phone number, for example), that might come up under upstream collection, particularly if she sent the email while overseas. The NSA has focused more since 2011 on sorting out the all US person communications captured in that way. But they also appear to go very far out of their way to avoid learning that communications are domestic, because that causes legal problems for them. So that would make it less likely they would ID these emails.

In other words, if NSA had collected Hillary’s emails using upstream collection, they should have destroyed them, and if they didn’t, they would now want to pretend they hadn’t collected them.

That leaves one other way the NSA might have some of Hillary’s emails (if they haven’t hurriedly destroyed them to avoid being caught having collected what would be considered domestic communications): via bulk collection overseas, which is quite possible, given how frequently Hillary would have been overseas, even in countries where the Five Eyes presumably pulls and keeps full take most of the time (though some of her emails sent both sides domestically might well have transited overseas and gotten collected).

By all means, let’s ask the NSA to search on her email identifiers to see what they’ve collected and retained for the 2-6 years in question! It would be a good test of how much “innocent” US person communications are collected incidentally, especially if that person travels frequently to targeted countries. (Though, again, I would imagine NSA has already done a purge to make sure they don’t have this, because if they got caught doing so, it would be … awkward.)

Finally, there’s one more reason to think NSA would not have Hillary’s email. As James Risen and Eric Lichtblau reported on June, 16, 2009 — just 3 months after Hillary started using this email — an analyst once got investigated for targeting Bill Clinton.

He said he and other analysts were trained to use a secret database, code-named Pinwale, in 2005 that archived foreign and domestic e-mail messages. He said Pinwale allowed N.S.A. analysts to read large volumes of e-mail messages to and from Americans as long as they fell within certain limits — no more than 30 percent of any database search, he recalled being told — and Americans were not explicitly singled out in the searches.

The former analyst added that his instructors had warned against committing any abuses, telling his class that another analyst had been investigated because he had improperly accessed the personal e-mail of former President Bill Clinton.

As NSA explained to Congress the day after the report (this notice was attached to the Q3 2009 IOB report), this incident actually dated to 1992.

On November 3, 1992, an analyst wondering how foreign targets were reacting to Bill Clinton’s election typed in a query [redacted]. The query was made against the [redacted]. There were probably very few emails of any kind in there at that time, and there would not [sic] about Bill Clinton. Immediately after the query was entered, the co-worker sitting next to the analyst identified that this was a query on a U.S. person. The analyst immediately realized that the query was wrong and contrary to authorities.


Although this activity occurred 17 years ago, we have used it in our oversight training, even in the last several years, as an illustrative example of queries that are inappropriate and must be reported and investigated. This type of query remains as inappropriate today as it was then and will not be tolerated under any circumstances.

In other words, up until no more than a few years before Hillary became Secretary of State, NSA used illegally querying on her husband as a training example. The server Hillary was using was (as far as I understand it) a Clinton Foundation server — a corporate entity tied to the man used as a training case on illegal targeting.

I’d say the centrality of Bill in NSA training would emphasize the importance of not targeting Bill, his property, and thereby his wife’s undisclosed email. Certainly from buffered collections (which is how NSA sorts full take collection overseas), it’d be less likely anyone would query anything that looked remotely like a Clinton email, even though almost all of Clinton’s foreign donors are likely targets.

Admittedly, a lot of Clinton Foundation emails might be kept for other reasons (and would be legitimately targeted based off their foreign interlocutor). But I would imagine NSA is particularly careful with anything that bears the name Clinton, because of this history.

In other words, while NSA almost certainly doesn’t have all Hillary emails, it might have some — but would have very very big incentives to be able to tell Congress it doesn’t if and when they ask.

Which is not to say someone shouldn’t have these emails.

One thing the recent 702 Minimization Procedures reveal are that all three agencies — NSA, FBI, and CIA — keep some data for a year to conduct security assessments. For example, FBI’s reads:

Similarly, and notwithstanding any other section in these procedures, the FBI may use information acquired pursuant to section 702 of the Act to conduct security assessments of its systems in order to ensure that FBI systems have not been compromised. These security assessments may include, but will not be limited to, the temporary storage of section 702-acquired information in a separate system for a period not to exceed one year. While retained in such a storage system for security assessments, such section 702-acquired information may not be accessed for any other purpose.

To be honest, I don’t understand this provision (as FBI.gov shouldn’t be collected under 702), though the provision may exist more broadly in SIGINT collection procedures, in which case it would seem utterly parallel to the CSEC practice of storing emails sent to the government.

But it seems if the government is retaining emails in the name of security of its own systems, it could also retain emails in the name of ensuring government abides by Federal Records rules. For top officials, who appear to keep changing their identifiers to prevent average citizens from being able to contact them (both Hillary and Eric Holder did this), identifying, retaining, and storing emails seems to have few privacy implications. So maybe NSA should have Hillary’s emails?

16 replies
  1. lefty665 says:

    Keeping an eye on cabinet level official communications practices seems a legitimate com sec role. Once it became clear the Secretary of State was using private email for government communications they’d be derelict not to take a look. Vulnerabilities, like using a default certificate, other issues with the software being used, and the server/OS/network security would be of interest.
    The Russians or Chinese might be more inclined than NSA to provide their copies of traffic. Ask nicely and they might provide an analysis of the juicy parts she didn’t turn over too. They’re not likely the only nations/groups to find clintonemail an interesting target and easy pickings.
    A question for NSA might be how many different entities exploited clintonemail. That would have been of interest to them. Hillary as honeypot, who’d a thunk it?
    Is there any level on which this was not a profoundly dumb stunt?

    • emptywheel says:

      I think the Israelis are even more likely to have a full set.

      Because the current government of Israel is quite intent on seeing a Republican in the White House in 2016, and not only has close tabs on many of the people Hillary communications with personally, but absolutely has the ability to hack a private server.

      • lefty665 says:

        Expect you’re both right. Maybe Dennis Rodman can get a set from Kim next time he goes to play ball.
        Remember that others also used clintonemail, including Bill, and he got hacked talking nominally sensitive stuff. At least 10 other emails have been identified. Huma Abadin had an account, and reportedly others on Hillary’s staff. There’s no indication Hillary coughed up Huma’s emails or others. Wonder if Anthony was sending penis pics over clintonemail?
        Hillary apparently turned over about half her emails, over 90% of which were to .gov addresses she could expect to be recovered from the other end. She destroyed the other half. Most were probably boring, but it doesn’t take many exceptions…

  2. annenigma montana says:

    Doesn’t Israel get all the raw, unfiltered electronic communications, content and all, due to some special deal for special friends that even Five Eyes members don’t get? And with no restrictions on how they use it/share it?

  3. annenigma montana says:

    Hillary’s emails were probably mostly personal, such as helping negotiate a backroom plea bargain deal for Jeffrey Epstein so as to keep Bill out of the picture as much as possible. Epstein sure got a sweetheart deal for pedophile pimping.

    Bailing Bill out of tight spots has to be nearly a full time job for Hillary.

  4. nonpartisan says:

    ‘adversaries (including some who would have reason to use the contents of her email to help Republicans win the White House)’

    And the difference between Republicans and Hils plus 99% of Dems is what?

    If she gets away with this blatant above the law superiority and is elected president we’ll all be debased by it. Oh, to think I used to think it couldn’t get any worse.

  5. annenigma montana says:

    Maybe Israel would want Hillary to be President if they have some incriminating emails to use in the future. They do play hardball.

  6. annenigma montana says:

    Maybe Bill’s friendship with Jeffrey Epstein wasn’t an accident. Epstein did in fact catch a lot of really big fish in his island net, one of whom is a former President married to an aspiring candidate for President. Sounds like some powerful leverage to me.

    [I’ve got 3 comments pending, not including this one. Please email me if there is a problem posting them.]

  7. orionATL says:

    this “scandal” has all the makings of another media-based psuedo-scandal involving those dastardly clintons.

    hang on, though, maybe we’ll discover the clinton foundation worked with the mafia-druggas-chinese to corner the market for europium (or was that a typo for “europe).
    not that we should give a damn, but of curiosity:

    – was clinton’s choice of private e-mail illegal in any serious way?

    – has it been revealed or reasonably suspicioned that clinton was engaging in a criminal activity?

    – has there been published any reasonably trustworthy estimate of the proportion of clinton’s official e-mail while sec of state that were sent privately? 95, 80, 67, 50, 34, 25. ??

    – can a sensible (for legal prosecution purposes) distinction be made between a secstate’s “official” and her “private” e-mail ?

    – was clinton’s conduct unique among secstates’ ? among other cabinet officers? in this or other administrations?

    – was the president aware of clinton’s use of private e-mail?

    it would seem to me absolutely essential from the standpoint of both good goverance and accurate histories that all public officials be required to have all their official communications recorded on public servers.

    even more important, would serm to me to be a legal requirement that all legislators and their all their staff be similarly constrained to leave a public recording of all official business.

    fortunately, we have a trustworthy organization, the u.s. national security administration, already entirely capable of copying and storing such public info.

    but do we yet have a law that would allow nsa to do so?

  8. pdaly says:

    HRC’s choice to use a private email for both State Dept work and private matters was an unforced error in judgment and a deliberate skirting around the spirit of open government. It is charming that she wants to establish privacy walls for herself–even though such walls presumably would encircle FOIA-able material.

    Too bad Hillary doesn’t mention the fact that people in the White House under Bush II similarly used private RNC accounts to conduct government business instead of government email accounts.

    Also surprised Hillary does not bring up the fact that using government email systems sometimes leads to massive losses: remind the People about the millions of Executive Branch emails that were “lost” (or ‘not properly archived’) in the wake of investigations into the 2003 Iraq War/Scooter Libby& Karl Rove’s roles in Plamegate/Cheney’s secretive Energy Task Force meetings.

    • emptywheel says:

      Right. The Democratic tribalist support of Hillary is preventing this from being an opportunity to find some way to add teeth to email retention requirement for all Executive Branch employees.

      People keep yelling at me for talking about it, apparently forgetting I’ve been writing about GOP missing emails for 10 years.

  9. lefty665 says:

    @pdaly – Unforced error in judgement is being very kind, and, yes, charming indeed:). Think maybe she’s saving the Bush era “Everybody does it” argument for the next round?
    @orionATL – it was 100% of her emails, she had no, zero, nada, .gov accounts. The “scandal” is that it was stupendously boneheaded. Not sure I can even come up with anything Duhbya did that was just as plain old dumb, although “You’ve covered your ass, now go away, I’m on vacation” to the CIA briefer in August 2001 comes close.
    @emptywheel – Think they’ll turn over the traffic itself or just let the Repubs know what to look for and where?

  10. lefty665 says:

    From the Q&A released by Clinton’s office. See, it’s all ok because the Sec State has an absolute right of privacy for her emails. Doh, they’re hers! Why don’t you peons go away, leave the goddess alone and quit mucking with her coronation.
    One of the questions in the Q&A: “Do you think a third party should be allowed to review what was turned over to the Department, as well as the remainder that was not?” Clinton’s office answered, in part: “Government officials are granted the privacy of their personal, non-work related emails, including personal emails on .gov accounts. Secretary Clinton exercised her privilege to ensure the continued privacy of her personal, non-work related emails.”
    That characterization of the rules governing government email systems is not accurate.
    State Department policy – spelled out in the Foreign Affairs Manual under “Points to Remember About E-mail” – says there is “no expectation of privacy.” Specifically, 5 FAM 443.5 says, in part: “Department E-mail systems are for official use only by authorized personnel” and “The information in the systems is Departmental, not personal. No expectation of privacy or confidentiality applies.”

  11. Fear the Same says:

    I was genuinely puzzled why Hilary would want for her supersecret E-mails a Clinton.email.com address as this would be a target for hackers looking for a dirt on Bill as well as the SoS. The NSA being explicitly told to stay out of Bill’s bill may be the first reasonable explanation for this.

Comments are closed.