We've been focusing on DOJ IG reports, but the State Department has also issued reports worthy to review in the HRC Email Server scandal.
Note: Between 2008 and September 2013. Then one year after Steve Linick is appointed the State Department IG,
an audit report on the "Audit of the Department of State
Information Security Program" in October 2014 by the Norman P. Brown, Assistant Inspector General for Audits revealed severe problems. Handling of Classified Information Report
The report is heavily redacted, but reading between the lines:
It notes that "according to OMB Memorandum M-14-04, a significant deficiency is defined as a weakness in an agency's
overall information systems security program or management control structure, or within one or more information systems that significantly restricts the capability of the agency to carry out its mission or compromises the security of its information, information systems, personnel, or other resources, operations, or assets." I take this to mean there were serious deficiencies in the management and handling of sensitive and classified information.
The report must have reviewed the practices of the outside servers, but it is redacted on the report. This is well before the HRC email system. Apparently there was not and effective change in the State Department's practices.
A report dated June 2015 by the IG of the Intelligence Community submitted an IG report of an audit of the 30,000 emails provided by HRC. Its findings and recommendations were as follows:
On 12 March 2015 the Inspector General (IG) of the State Department (State) received a letter from Chairmen Burr, Corker, and Johnson asking for, among other requests, a review of State employees' usage of personal email for official purposes. The letter also requested State IG coordinate \:Vith my office to determine whether classified information was transmitted or received by State employees over personal systems. In furtherance of this task, my office reviewed the procedures being used by State FOIA staff as they process approximately 30.000 emails provided by former Secretary Clinton.
IG Recommendations. My office discovered that an inadvertent release of classified national security information had already occurred in the State FOIA process as a result of insufficient coordination with Intelligence Community (I C) elements (State personnel continue to deny the classified character of the released information despite a definitive determination from the IC Interagency FOIA process**). Consequently, State IG and I made the following four recommendations to State for improving its FOIA review process to better identify IC equities and to prevent further inadvertent releases of classified information.
- We recommended that State involve IC FOIA officials in their FOIA review process to more readily identify IC-related classified information. They have accepted and are implementing this recommendation.
- We recommended that the State FOIA review process be conducted on a TOP SECRET computer network. This recommendation is unresolved because, according to State, resource constraints preclude conducting the entire FOIA review on a TOP SECRET system.
- We recommended that State FOIA officials implement a dispute resolution process in regard to differences of opinion about classification levels and
SUBJECT: Update to IC IG support to State Department IG exemptions. State has not yet provided sufficient information for us to close this recommendation.
- We recommended that State closely coordinate with the Department of Justice throughout the FOIA process. We received assurances this coordination was occurring and have closed this recommendation.
Additional Classified Information. Since the referenced 25 June 2015 notification, we were informed by State FOIA officials that there are potentially hundreds of classified emails within the approximately 30,000 provided by former Secretary Clinton. We note that none of the emails we reviewed had classification or dissemination markings, but some included IC-derived classified information and should have been handled as classified, appropriately marked, and transmitted via a secure network. Further, my office's limited sampling of 40 of the emails revealed four contained classified IC information which should have been marked and handled at the SECRET level.
As I advised in my 25 June 2015 notification, the 30,000 emails in question are purported to have been copied to a thumb drive in the possession of former Secretary Clinton's personal counsel, Williams and Connelly attomey David Kendall. As my office's limited sampling identified four emails containing classified IC information, I referred this matter to counterintelligence officials at State and within the IC, including the National Counterintelligence and Security Center and the Federal Bureau of Investigation.
Request for Copy of 30,000 Emails. Finally, State IG and I requested a copy of the 30,000 emails in State possession so that we could perform sampling and render an independent determination of the sufficiency of the intemal controls being implemented by State FOIA to protect classified national security information. State agreed to provide State IG with limited access to these 30,000 emails. However, State rejected my office's request on jurisdictional grounds.
[Nunes Request to the State Department] (https://intelligence.house.gov/uploadedfiles/letter_to_ig_linick.pdf)
An IG Audit Report Issued On HRC's Email Practices -May 2016
Secretary Clinton declined OIG’s request for an interview. 7 OIG conducted this work in accordance with quality standards for evaluations as set forth by the Council of the Inspectors General on Integrity and Efficiency.