Not sure what to believe about the State Department report on the investigation into Hillary’s emails? We separate the Fact from Fiction for you.
The ‘big’ news outlets have all taken the initiative to spin Friday’s report on Hillary’s emails into the framing they want us to view it.
But what do the reports ACTUALLY say? We’ve heard the ‘bottom line’ numbers, about violations, and valid-but-not-culpable numbers but what do they mean?
We have the full report here, courtesy of Chuck Ross, if you’d like to go through it yourself:
But for anyone NOT interested in combing through the legalese, and wondering what this report DOES and does NOT mean for the progress of the email investigation, we will cut through the lawyer-speak and give a fairly short summary of the key ideas.
- It was officially titled “The DS Report on Security Incidents Related to Potentially Classified Emails sent to Former Secretary of State Clinton’s Private Email Server”
- It explains both the process and rationale behind the investigation and leaves the door open for any future revelations concerning Hillary’s private email server to be likewise scrutinized.
- The report examined emails that have been known to have been sent to her Private Server to determine whether any of them ‘represented security incidents’ in accordance with DoS rules.
- 33,000 individual emails were sorted, organized and grouped when they were part of a single conversation.
- The investigation required more than 3 years to complete.
Let’s get the dry stuff out of the way, first:
This was not a legal investigation of the sort that involves a broad scope of investigative powers, including subpoena powers. This is an internal review of what was done by current and former employees, with no mechanism available to compel former or retired employees to participate.
The division that conducted the investigation — Program Applications Division — is not a primarily punitive program so much as an investigative and corrective one.
Investigation Standards and Categories of ‘Incidents’
To negate the spin we have seen in some publications, it’s helpful to understand the rules of the game. There are two categories of ‘incidents’, violations and infractions.
1) Infractions: a failure to safeguard classified information but could not reasonably be expected to result in an authorized disclosure of classified information.
2) Violations: any introduction of classified material to an unclassified information system or network that results in its transmission outside DoS control
TWO Questions They Are Trying To Answer
1) Did a valid incident actually occur (validity)
2) Can individual culpability be established for the incident?
What does ‘unfounded’ mean?
If there is any uncertainty over whether the info was classified at the time it was shared or not, OR if there was no ‘failure to safeguard’ information, the incident is thrown into the ‘unfounded’ pile.
If the incident is ‘VALID’ (classified when shared PLUS failure to safeguard) they look into the ‘culpability’ of that incident.
There are two possible outcomes in this step.
(a) the investigation turns up circumstances that ‘mitigate individual culpability’ without invalidating the incident it is identified as ‘Valid But not Culpable’ (VnC)
(b) the investigation confirms culpability. In that case, it is identified as simply ‘valid’.
This gives us three possible categories of incident: Incidents that are ‘unfounded’; Valid, But not Culpable; and Valid.
Every violation is referred, but infractions are not (although too many infractions in a short window will trigger a referral).
The Part that Matters
Among the thousands of emails reviewed over more than 3 years, 91 valid violations were identified — which will have triggered referrals — involving 38 individuals.
497 other valid violations fell into the ‘Valid but not Culpable category’.