WHAT FUN IS THAT?:

Start with this: Powell and Rice, like all modern secretaries of state, each had at least two email accounts--one personal and the other for communications designated as highly classified at the time of their creation. For classified information, both of them--and their aides with appropriate clearance--had a sensitive compartmented information facility, or what is known in intelligence circles as a SCIF. Most senior officials who deal with classified information have a SCIF in their offices and their homes.

These are not just extra offices with a special lock. Each SCIF is constructed following complex rules imposed by the intelligence and defense communities. Restrictions imposed on the builders are designed to ensure that no unauthorized personnel can get into the room, and the SCIF cannot be accessed by hacking or electronic eavesdropping. A group called the technical surveillance countermeasures team (TSCM) investigates the area or activity to check that all communications are protected from outside surveillance and cannot be intercepted.

Most permanent SCIFs have physical and technical security, called TEMPEST. The facility is guarded and in operation 24 hours a day, seven days a week; any official on the SCIF staff must have the highest security clearance. There is supposed to be sufficient personnel continuously present to observe the primary, secondary and emergency exit doors of the SCIF. Each SCIF must apply fundamental red-black separation to prevent the inadvertent transmission of classified data over telephone lines, power lines or signal lines.

I could keep going for thousands and thousands of words explaining the security measures used for SCIFs. And all of this--all of this--is designed to protect the confidentiality of emails and communications determined to be classified at the time of transmission.

In addition to the classified email system used in SCIFs, there are personal email accounts. Prior to 2013, these could be accounts inside the relatively unsecure State Department system or private email accounts. If they are private--running through a commercial or personal server--they have to follow some rules set up in the Federal Register. There are no guards, no red-black procedures, no construction rules, no special rooms, no TEMPEST, no TSCM. And most important: Until 2013, there was no rule against using them. In fact, the rules specifically allowed for them. Check out the relevant section in the Code of Federal Regulations (36 CFR Chapter XII, Subchapter B, section 1236.22b) for the rules regarding the use of personal email accounts by any State Department official.

To give an idea of how insecure these communications could be, Powell's personal email is an AOL account, and he used it on a laptop when he communicated with foreign officials and ambassadors, unless the information qualified for a SCIF. (Clinton sent only one email to a foreign dignitary through her personal account, and her communications with ambassadors were, for the most part, by phone.)

So did Powell and the aides to Rice violate rules governing classified information, since the Freedom of Information Act (FOIA) staff has recently determined that some of their years-old personal emails contain top-secret material? No. The rules regarding the handling of classified information apply to communications designated as secret at that time. If documents that aren't deemed classified and aren't handled through a SCIF when they are created or initially transmitted are later, in retrospect, deemed secret, the classification is new--and however the record was handled in the past is irrelevant.

Tweet   @brothersjudd