You Can't Punish Stupid


Much talk has been made of the Clinton e-mail scandal over the past several months, but with the investigations finally closed and FBI Director James Comey’s report given to congress, it’s time for a more thorough analysis of what happened, and whether a double standard was applied.

Director Comey’s decision not to recommend prosecution hinges on one thing: intent. He notes that although the law permits him to recommend prosecution based on “gross negligence,” a prosecutor would be the first to do so in about 100 years. Director Comey argues that “no reasonable prosecutor would bring such a case”. Because of this, he would have to prove that Hillary Clinton intended, beyond a reasonable doubt, to mishandle classified material, and he doubted his ability to do so due to Sec Clinton’s apparent lack of “technical sophistication”. In layman’s terms, she was too technologically challenged to understand that classified material belongs on a separate network, or that material marked as classified is classified, or that networks need professional protection to be secure. Let’s look more in depth at these aspects.

First we will talk about network separation. The US government maintains several different networks for processing material at different classification levels. Most commonly, UNCLASSIFIED material is processed on NIPRnet. This network probably resembles the network you use at work. You have access to most of the internet, but not all, and can e-mail your coworkers easily though an outdated version of outlook. The second network, SIPRnet, has no access to the internet. This network is for SECRET level processing only. One of the highest networks is JWICS, which can process up to TOP SECRET//SCI material. SCI means intelligence material which must be protected at a level even higher than TOP SECRET. Now, you can’t accidentally end up on the wrong network. You have to log in to each network on a different computer, and when you do, the desktop background proudly proclaims the level of classification you’re cleared to. To get information off of JWICS, and onto NIPR so that you can send it to Sec Clinton’s personal e-mail server, you have to pull the information up on one computer, and then manually type it into the lower system. This cannot be done accidentally, only with intent. So what would any reasonable person do if they received this kind of information on their UNCLASSIFIED e-mail? Well according to the training every person who handles classified information is required to complete, you physically disconnect the computer from the network and report it to your security manager immediately. Obviously, this didn’t happen.

What about markings? Well it’s fair to say that if classified material isn’t marked, it can be difficult to know it’s classified, especially if it comes from outside your organization. But some e-mails in the Clinton server were marked. Now, I understand that most people won’t know what this looks like, so allow me to demonstrate.

     (U)                   Dolphins live in the ocean

     (S)                   The ocean is very deep

     (C)                   The ocean is wet

     (TS//SCI)          Dolphins live in the deep, wet ocean and eat fish.

Now, you’ve probably never had any training on the subject, but answer me this. Which of the above statements is marked UNCLASSIFIED? Which one is CONFIDENTIAL? Which one is TOP SECRET//SCI? I’ll bet you can figure it out. So are you more “technically sophisticated” than the Secretary of State? But that’s not even the end of it! You’ve only passed the test to be a “derivative classifier”. That is the categorization for government worker bees who are expected to be able to determine the classification of a statement or document based on guides and other materials from the same program. Sec Clinton was an “original classifier”. That means she is trusted to such an extent that she writes those guidelines. She must be able to recognize the harm that leaking a piece of information would do to the country, and classify the information accordingly, on sight. But somehow she can’t recognize marked content on sight? Okay, director.

Last is server protection. Now, I believe that Sec Clinton has no idea how to protect a server, but apparently she also doesn’t know how to hire experts. The server was administrated by at least seven administrators, according to Dir Comey’s testimony, but they collectively failed to implement basic security measures. The server wasn’t running up to date software, and didn’t have intrusion detection or prevention systems. For something this important, you can’t just run a simple anti-virus software, you have to constantly monitor traffic going in and out of the server to notice malicious or abnormal behavior. When Director Comey said he had no evidence of foreign hackers entering the server, it’s not because they didn’t do it, it’s because there was no system in place to produce the evidence. It would be tantamount to saying “we don’t know if they looked in the safe deposit box because there are no locks or security cameras in this bank”. Truly, if foreign intelligence didn’t access the server, they’re just as technically incompetent as Sec Clinton claims to be.

Now that you understand the basics of how classified networks are separated, how material is marked, and how incompetent the protection was, do you believe Secretary Clinton didn’t intend to mishandle the material?