March 12, 2015 / by emptywheel


NSA Probably Doesn’t Have ALL of Hillary’s Emails … But Maybe Someone Should

I’m among those who believes Hillary Clinton’s use of a privately run email server is an abuse of power. Doing so appears to have skirted laws ensuring good governance and it may well have exposed her communications to adversaries (including some who would have reason to use the contents of her email to help Republicans win the White House), even if her email would have been just as targeted at State, per reports about persistent hacking of it. While I don’t buy — in the absence of evidence — she did so to hide ties with the Clinton Foundation, I do think she did so not just for convenience, but for control, as I laid out last week.

In response to the scandal, some people are calling on NSA to turn over Hillary’s emails (as they earlier did with former IRS official Lois Lerner).

For some Americans, the NSA isn’t an agency that protects them from terrorist threats or keeps this country safe from another catastrophic event. For many people, the NSA represents an intrusion of privacy. However, ‘Emailgate’ is an opportunity for the NSA to show Americans that it can protect the nation from possible security breaches, even when powerful members of government have made these errors of judgment. Nobody is accusing Hillary Clinton of anything treasonous or malicious, after all, Powell and Rice also used private emails at times. The primary concern with this scandal rests in the fact that private email servers were stored in a private residence, with their contents possibly being “sensitive” or “classified.”

If anyone in the country engaged in such behavior, the NSA would have likely had information on all of this citizen’s communication and activities. If  Clinton compromised national security in any way, the most renowned record-keeping agency in the U.S. government should help answer some questions. If the NSA has the full record of Clinton’s emails, it should hand them over to Congress.

There’s little reason to believe that NSA has all of Hillary’s emails — or even metadata on them — though it may well have (had) some.

We’re talking about emails from a non-PRISM US based server that are two to six years old.

Until December 2011, the NSA would have been capturing the metadata from all of Hillary’s email. But according to multiple documents (including sworn documents), NSA destroyed this data in 2011. NSA currently appears to collect US person Internet metadata from two other sources: from PRISM collection, and under SPCMA on data obtained overseas.

According to the 9-page explanation on the emails Hillary sent, “During her time at State, she communicated with foreign officials in person, through correspondence, and by telephone. The review of all of her emails revealed only one email with a foreign (UK) official.” Thus, while many of the people the Secretary of State would interact with could easily be targeted under Section 702, she claims she had email communication with only one of those legitimate targets, and that potentially legitimate target is from the UK, the least likely country to be targeted. This would mean that Hillary’s emails (and therefore metadata) would be unlikely to have been captured under PRISM collection. [Update: I realize now that any private conversations she had with foreigners could have been targeted and would not be among those she kept as official business.]

If she had used a targeted person’s identifier (email or phone number, for example), that might come up under upstream collection, particularly if she sent the email while overseas. The NSA has focused more since 2011 on sorting out the all US person communications captured in that way. But they also appear to go very far out of their way to avoid learning that communications are domestic, because that causes legal problems for them. So that would make it less likely they would ID these emails.

In other words, if NSA had collected Hillary’s emails using upstream collection, they should have destroyed them, and if they didn’t, they would now want to pretend they hadn’t collected them.

That leaves one other way the NSA might have some of Hillary’s emails (if they haven’t hurriedly destroyed them to avoid being caught having collected what would be considered domestic communications): via bulk collection overseas, which is quite possible, given how frequently Hillary would have been overseas, even in countries where the Five Eyes presumably pulls and keeps full take most of the time (though some of her emails sent both sides domestically might well have transited overseas and gotten collected).

By all means, let’s ask the NSA to search on her email identifiers to see what they’ve collected and retained for the 2-6 years in question! It would be a good test of how much “innocent” US person communications are collected incidentally, especially if that person travels frequently to targeted countries. (Though, again, I would imagine NSA has already done a purge to make sure they don’t have this, because if they got caught doing so, it would be … awkward.)

Finally, there’s one more reason to think NSA would not have Hillary’s email. As James Risen and Eric Lichtblau reported on June, 16, 2009 — just 3 months after Hillary started using this email — an analyst once got investigated for targeting Bill Clinton.

He said he and other analysts were trained to use a secret database, code-named Pinwale, in 2005 that archived foreign and domestic e-mail messages. He said Pinwale allowed N.S.A. analysts to read large volumes of e-mail messages to and from Americans as long as they fell within certain limits — no more than 30 percent of any database search, he recalled being told — and Americans were not explicitly singled out in the searches.

The former analyst added that his instructors had warned against committing any abuses, telling his class that another analyst had been investigated because he had improperly accessed the personal e-mail of former President Bill Clinton.

As NSA explained to Congress the day after the report (this notice was attached to the Q3 2009 IOB report), this incident actually dated to 1992.

On November 3, 1992, an analyst wondering how foreign targets were reacting to Bill Clinton’s election typed in a query [redacted]. The query was made against the [redacted]. There were probably very few emails of any kind in there at that time, and there would not [sic] about Bill Clinton. Immediately after the query was entered, the co-worker sitting next to the analyst identified that this was a query on a U.S. person. The analyst immediately realized that the query was wrong and contrary to authorities.


Although this activity occurred 17 years ago, we have used it in our oversight training, even in the last several years, as an illustrative example of queries that are inappropriate and must be reported and investigated. This type of query remains as inappropriate today as it was then and will not be tolerated under any circumstances.

In other words, up until no more than a few years before Hillary became Secretary of State, NSA used illegally querying on her husband as a training example. The server Hillary was using was (as far as I understand it) a Clinton Foundation server — a corporate entity tied to the man used as a training case on illegal targeting.

I’d say the centrality of Bill in NSA training would emphasize the importance of not targeting Bill, his property, and thereby his wife’s undisclosed email. Certainly from buffered collections (which is how NSA sorts full take collection overseas), it’d be less likely anyone would query anything that looked remotely like a Clinton email, even though almost all of Clinton’s foreign donors are likely targets.

Admittedly, a lot of Clinton Foundation emails might be kept for other reasons (and would be legitimately targeted based off their foreign interlocutor). But I would imagine NSA is particularly careful with anything that bears the name Clinton, because of this history.

In other words, while NSA almost certainly doesn’t have all Hillary emails, it might have some — but would have very very big incentives to be able to tell Congress it doesn’t if and when they ask.

Which is not to say someone shouldn’t have these emails.

One thing the recent 702 Minimization Procedures reveal are that all three agencies — NSA, FBI, and CIA — keep some data for a year to conduct security assessments. For example, FBI’s reads:

Similarly, and notwithstanding any other section in these procedures, the FBI may use information acquired pursuant to section 702 of the Act to conduct security assessments of its systems in order to ensure that FBI systems have not been compromised. These security assessments may include, but will not be limited to, the temporary storage of section 702-acquired information in a separate system for a period not to exceed one year. While retained in such a storage system for security assessments, such section 702-acquired information may not be accessed for any other purpose.

To be honest, I don’t understand this provision (as shouldn’t be collected under 702), though the provision may exist more broadly in SIGINT collection procedures, in which case it would seem utterly parallel to the CSEC practice of storing emails sent to the government.

But it seems if the government is retaining emails in the name of security of its own systems, it could also retain emails in the name of ensuring government abides by Federal Records rules. For top officials, who appear to keep changing their identifiers to prevent average citizens from being able to contact them (both Hillary and Eric Holder did this), identifying, retaining, and storing emails seems to have few privacy implications. So maybe NSA should have Hillary’s emails?

Copyright © 2015 emptywheel. All rights reserved.
Originally Posted @