Last week, I offered my two cents about the misguided criticism of the U.S. State Department and Hillary Clinton regarding the alleged email “scandal” (a.k.a. circus) and concluded with the following: “So the real question is, should governmental agencies and their officials be held, de facto, to more lenient standards than private litigants, as appears to be the case in these circumstances?”
This question is even more relevant now that Clinton officially launched her presidential campaign over the weekend. I can’t help but think of the Robert De Niro and Dustin Hoffman movie “Wag the Dog.”
To keep this simple, I wonder what the right response will be when someone along the campaign trail asks what was done to protect any highly sensitive information that was in Hillary’s personal email account? Were there safeguards in place to prevent the possibility of a data breach, whether by a 15-year-old computer whiz or, far worse, a terrorist organization? Would a sufficient response be to indicate that the very reason for deleting the entirety of the personal email server, which was announced just two weeks ago, was to protect us all from a possible cyberattack? Not from my perspective. Would it be sufficient to respond that Clinton cannot answer a question that necessarily requires an official response from the State Department? Perhaps. And maybe that’s the proper extent of Clinton’s accountability, if there was any to begin with.
In any event, no response is likely to assuage the possible concern that a cyberattack may have occurred at some point during the several years that Clinton was using the personal email account for government affairs. Maybe there were safeguards in place and maybe there weren’t. We’ll probably never know. What we do know is that generic email servers that many of us use may be, and have often been, hacked or corrupted with viruses. Whether the “ClintonEmail.com” server used by the State Department and its official had adequate security protection in place remains an open question. So too is accountability for answering the foregoing.
In a time when cyberattacks are rampant and huge companies like Target Corp., Wal-Mart Stores Inc., Sony Corp., Anthem Inc., Premera Blue Cross, just to name a few, are in a position of defending lawsuits due to data breaches, and are spending enormous amounts of money in doing so, I ask again whether governmental agencies and their officials should be held to lower standards of care.
It goes without saying that while many of the private-entity data breaches of late could severely impact those individuals whose private information was leaked, any data breach that might expose highly sensitive government information could put every member of society at risk.
Again, I don’t have an opinion as to whether the State Department and/or Clinton appropriately used a personal email address — nor do I really care — but I have to wonder if whoever gave the directive to permanently delete the personal email server did so in part both to obviate the pending lawsuits demanding further disclosure from the State Department (since there’s no longer anything to disclose), and relatedly, to suppress the public’s interest and attentiveness as to the alleged “scandal” in favor of more important things, like a successful presidential campaign.
Originally published in Law360 on April 14, 2015.