At the same time that then-Secretary of State Hillary Clinton was using her personal email account to conduct official business, the Inspector General for the U.S. State Department issued a scathing report questioning the leadership of a U.S. Ambassador over, among other items, refusing to abide by State Department directives regarding “the nonuse of commercial email for official government business, including Sensitive But Unclassified information.”
The 2012 Inspector General’s report repeatedly cited Ambassador to Kenya Scott Gration’s use of “commercial email for official government business” saying it was against policy to do so “except in emergencies,” which created morale problems, “confusion and discouragement within the embassy community.”
The report states that the State Department Assistant Secretary for Diplomatic Security directly cautioned Gration, a retired Air Force General, “against such practice, which he asserted to the OIG team that he had not seen.”
A spokesman for Hillary Clinton had no comment when asked about the apparent double standard. Spokeswomen for the U.S. State Department did not respond to request for comment. Gration could not be reached for comment, though in 2012 he told Foreign Policy that he did nothing wrong in using his commercial email.
“I did all my official business on the State Department communications system. I supplemented it with my personal e-mail, but it was never a security issue,” he said. “I have a background in secure communications. I know what is right and what is wrong. I did everything correctly, and I have nothing to be ashamed of and nothing to hide.”
Gration was criticized for a number of other things in the IG report, to be sure, but it’s also very clear that his using commercial email instead of State Department email was a real concern.
The report repeatedly hammers Gration for the use of “commercial email for official government business.” The safety and security of the email seemed to have been of primary concern to the Inspector General.
“The Department email system provides automatic security, record-keeping, and backup functions as required,” the report stated. “The Ambassador’s requirements for use of commercial email in the office and his flouting of direct instructions to adhere to Department policy have placed the information management staff in a conundrum: balancing the desire to be responsive to their mission leader and the need to adhere to Department regulations and government information security standards. The Ambassador compounded the problem on several occasions by publicly berating members of the staff, attacking them personally, loudly questioning their competence, and threatening career-ending disciplinary actions. These actions have sapped the resources and morale of a busy and understaffed information management staff as it supports the largest embassy in sub-Saharan Africa.”
The report did not note that the head of the U.S. State Department at that time was engaging in a similar, if not the same, practice.
It “is the Department’s general policy that normal day-to-day operations be conducted on an authorized information system, which has the proper level of security controls,” the report stated. “The use of unauthorized information systems increases the risk for data loss, phishing, and spoofing of email accounts, as well as inadequate protections for personally identifiable information. The use of unauthorized information systems can also result in the loss of official public records as these systems do not have approved record preservation or backup functions. Conducting official business on nonDepartment automated information systems must be limited to only maintaining communications during emergencies.”
The IG recommended that the Embassy in Nairobi “cease using commercial email to process Department information and use authorized Department automated information systems for conducting official business.”
Gration resigned from his post in June 2012, before the IG report became public.