WASHINGTON — Hillary Clinton disregarded various State Department guidelines for avoiding cybersecurity risks, an internal audit found Wednesday.

The inspector general’s 78-page analysis, a copy of which was obtained by The Associated Press, cites “longstanding, systemic weaknesses” related to the agency’s communications. These started before Clinton’s appointment as secretary of state, but her failures were singled out as more serious.

Despite guidelines to the contrary, Clinton used mobile devices to conduct official business on her personal email account and private server. She never sought approval from senior information officers, who would have refused the request because of security risks, the audit said.

“By Secretary Clinton’s tenure, the department’s guidance was considerably more detailed and more sophisticated,” it concluded. “Secretary Clinton’s cybersecurity practices accordingly must be evaluated in light of these more comprehensive directives.”

Clinton has been dogged by questions about her email practices for more than a year, since the AP revealed that the clintonemail.com server was in the basement of Clinton’s New York home while she served as the nation’s top diplomat from 2009 to 2013. It’s also been raised as an issue in her campaign for the Democratic presidential nomination.

Separately from the State Department audit, FBI agents have been probing whether Clinton’s use of a private email server imperiled government secrets.

Clinton has acknowledged in the campaign that her homebrew email setup was a mistake, but said she never sent or received anything marked classified at the time.

State Department spokesman Mark Toner said the agency is “already working” to improve its email and records management system.

Toner said “it is clear that the department could have done a better job preserving emails and records of secretaries of state and their senior staff going back several administrations.” He said the State Department also agrees that compliance with its rules has been “inconsistent across several administrations.”

The independent review by the department’s inspector general was prompted by the revelations of Clinton’s email use, but the audit also encompassed the email and information practices of the last five secretaries.

The report said the department and its secretaries were “slow to recognize and to manage effectively the legal requirements and cybersecurity risks associated with electronic data communications, particularly as those risks pertain to its most senior leadership.”


Only subscribers are eligible to post comments. Please subscribe or to participate in the conversation. Here’s why.

Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.

filed under: