News Stay informed about the latest enterprise technology news and product updates.

The Clinton email brouhaha and information governance

Hillary Clinton's use of a personal email account raises information governance issues that need to be addressed.

The information governance universe was shaken to its core with the revelation that Hillary Clinton used her own...

personal email account while she was secretary of state. What was even more interesting to the entire IT community was that she had her own email server.

This extends the concept of shadow IT beyond current limits. We typically see people use a cloud service for work when their IT department either does not provide, or inadequately provides, a needed solution. In this instance, Clinton used a home-grown system to provide the most ubiquitous of cloud services, email.

Bypass email

When Clinton took office in 2009, the only option for external email access was a government-issued BlackBerry. The iPhone was only two years old and still faced challenges entering the corporate world. When presented with the prospect of juggling two devices, Clinton chose another route:

I opted for convenience to use my personal email account, which was allowed by the State Department, because I thought it would be easier to carry just one device for my work and for my personal emails instead of two.

Just like that, Secretary Clinton opted out of federal IT just as her predecessors had. Clinton believed that by using her personal email she could be more productive.

This is a classic fallacy that is especially dangerous in the federal government. The regulations and the ownership of information go beyond standard enterprise requirements. All information is subject to Freedom of Information Act, or FOIA, requests, and many communications are categorized as permanent records because of their historical value.

When Clinton used her own email account rather than a government-issued one, she bypassed all mechanisms for digital capture of her messages as records. While there were provisions for using personal email accounts, they were meant for extraordinary circumstances, not as default behavior.

When Clinton used her own email account rather than a government-issued one, she bypassed all mechanisms for digital capture of her messages as records.

The fact that all email was on the server indicates that Secretary Clinton may not have been trying to skirt the records requirements. That is simply the end result. History has likely already been lost, and nobody alive today is equipped to identify all the emails written in the past five years that are historically relevant.

This is more than emails regarding Benghazi or Iraq, two areas that are clearly of significance today. If email had existed in 1950, would a quick email about potential military aid for Vietnam have attracted attention? Maybe not. Today that email would be viewed as having historical significance because it was the first step of the U.S. becoming embroiled in the Vietnam War.

Private domain

When the story of Clinton's email usage first broke, the most intriguing aspect was the existence of a private email server used by both President Bill Clinton and Secretary Clinton. Later revelations indicated that the server was initially set up for President Clinton's use and resides on their property in New York. It is guarded by Secret Service as part of the standard security granted to all former U.S. presidents.

In some ways, this is an improvement over using a personal email account provided by Google or Microsoft. It allows direct access to the email server for the purpose of archiving and retrieval in order to meet information governance requirements. That is, it would if anyone equipped with those tools were permitted to access the server.

Secretary Clinton turned over 55,000 pages of emails to the State Department. If the ratio of 900 printed pages for 300 email messages for Benghazi-related email messages is representative of the entire collection, that is less than 20,000 emails over a four-year span. That equals approximately 14 emails a day.

Very few executives send and receive fewer than 20 work-related emails a day. Given the likelihood of Clinton being copied on a large volume of email and the seven-day-a-week nature of the job, even 60,000 emails would seem like a low number.

A culture of acceptance

The real issue is the culture of acceptance that made the use of a personal email account acceptable. Secretary Clinton's use of a personal email account was not a secret. That email account was the only way to communicate with her. The fact that it was technically legal for her to use the email works counter to the requirement for the State Department to capture her work email as permanent records.

It is possible that Clinton did turn over all of her work-related emails in those 55,000 pages. She may have deleted email that she no longer needed during her tenure as secretary of state. Email may have been deleted to ensure there was enough storage or to help the server perform better. Those 55,000 pages may represent only the emails that she felt she absolutely had to keep, and those remaining at the end of her term she never had to purge.

We will never know. Until a better solution is broadly adopted, one that is easy for people to use in their daily, personal life and that offers automatic classification and retention, similar stories of people bypassing IT will keep occurring.

Next Steps

Five rules to live by with content governance

Securing your assets, not the perimeter, in the cloud

This was last published in March 2015

Dig Deeper on Information governance management

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

6 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How has shadow IT affected your company?
Cancel
A while back, people were using their computers to download software that could help them increase their productivity, and our dept had no idea. We solved our problems through improved serviceability and performance. We also started using cloud services to make sure we have software employees can use.
Cancel
Every company I've worked for (mostly technology) centric had significant use of non-IT-endorsed technologies. And none of them thought of it as "Shadow IT", but rather "being productive". 
Cancel
That says a lot, Brian - it's not like users are using non-approved technologies maliciously most of the time, it's just that they are trying to use the tools that are best suited for the job. The more IT recognizes that (and doesn't see it as something adversarial), the easier it will be to address. 
Cancel
I wonder: have the rules regarding the use of a personal email been clarified/changed to prevent these kind of issues in the future.
Cancel
The clarification of policies and following them needs to be both transparent and public knowledge. On one hand I understand the logic of trying to keep things simple. On the other hand, government is a public space, and having public civil servants having their own shadow IT operations, even if it is for their convenience, doesn't sit well with me. that's our tax dollars funding that infrastructure, I want to know that information is ultimately contained and protected.
Cancel

-ADS BY GOOGLE

SearchBusinessAnalytics

SearchDataManagement

SearchERP

SearchOracle

SearchSAP

SearchSQLServer

Close