WASHINGTON - Hillary Clinton and her team ignored clear guidance from the State Department that her email setup broke federal standards and could leave sensitive material vulnerable to hackers, a department audit has found. Her aides twice brushed aside concerns, in one case telling technical staff "the matter was not to be discussed further."
The inspector general's review on Wednesday also revealed that hacking attempts led forced then-Secretary of State Clinton off email at one point in 2011, though she insists the personal server she used was never breached.Clinton and several of her senior staff declined to be interviewed for the investigation.
Earlier this month, Clinton declared that she was happy to "talk to anybody, anytime" about the matter and would encourage her staff to do the same.
Opponents of her Democratic presidential campaign pointed to the audit as proof that Clinton has not been truthful about her private email use and fresh evidence she is not trustworthy or qualified to be commander in chief.
Campaigning in California, presumptive Republican presidential nominee Donald Trump noted solemnly thatClinton had received "a little bad news" and then railed against her "horribly bad judgment."
Clinton, also campaigning in California, didn't mention the controversy and ignored reporters' shouted questions. A spokesman for Clinton, who served as the nation's top diplomat from 2009 to 2013, declared the audit showed her email use was consistent with what others at the department have done.
The 78-page analysis, a copy of which was obtained by The Associated Press, says Clinton ignored clear directives. She never sought approval to conduct government business over private email, and never demonstrated the server or the Blackberry she used while in office "met minimum information security requirements."
Twice in 2010, information management staff at the State Department raised concerns that Clinton's email practices failed to meet federal records-keeping requirements. The staff's director responded that Clinton'spersonal email system had been reviewed and approved by legal staff, "and that the matter was not to be discussed any further."
The audit found no evidence of a legal staff review or approval. It said any such request would have been denied by senior information officers because of security risks.
The inspector general's inquiry was prompted by revelations of Clinton's email use, a subject that has dogged her presidential campaign.
The review encompassed the email and information practices of the past five secretaries of state, finding them "slow to recognize and to manage effectively the legal requirements and cybersecurity risks associated with electronic data communications, particularly as those risks pertain to its most senior leadership."
Clinton campaign spokesman Brian Fallon underscored that point Wednesday.
"The inspector general documents just how consistent her email practices were with those of other secretaries and senior officials at the State Department who also used personal email," Fallon said.
The audit did note that former Secretary of State Colin Powell had also exclusively used a private email account, though it did not name any other prior secretaries who had done so. But the failings of Clinton were singled out in the audit as being more serious than her predecessor.
"By Secretary Clinton's tenure, the department's guidance was considerably more detailed and more sophisticated," the report concluded. "Secretary Clinton's cybersecurity practices accordingly must be evaluated in light of these more comprehensive directives."
Republicans said Wednesday the audit showed Clinton was in clear violation of the Federal Records Act and endangered national security.
The State Department has released more than 52,000 pages of Clinton's work-related emails, including some that have since been classified. Clinton has withheld thousands of additional emails, saying they were personal.
Critics have questioned whether her server might have made a tempting target for hackers, especially those working with or for foreign intelligence services.
Separately from the State Department audit, the FBI has been investigating whether Clinton's use of the private email server imperiled government secrets. It has recently interviewed Clinton's top aides, including former chief of staff Cheryl Mills and deputy chief of staff Huma Abedin. Clinton is expected to be interviewed.
Clinton has acknowledged in the campaign that the homebrew email setup in her New York home was a mistake. She said she never sent or received anything marked classified at the time, and says hackers never breached the server.
The audit said a Clinton aide had to shut down the server on Jan. 9, 2011, because he believed "someone was trying to hack us." Later that day, he said: "We were attacked again so I shut (the server) down for a few min."
The next day, a senior official told two of Clinton's top aides not to email their boss "anything sensitive," saying she could "explain more in person."
On CBS' "Face the Nation" this month, Clinton said, "I've made it clear that I'm more than ready to talk to anybody, anytime. And I've encouraged all of (my staff) to be very forthcoming."
The audit said four of her closest State Department aides - Mills, Abedin, policy chief Jake Sullivan and strategy aide Philippe Reines - all declined interview requests.
Key findings from inspector general report on Clinton emails
WASHINGTON - Key findings from the State Department inspector general's report on former Secretary of State Hillary Clinton's emails and private server and the department's email practices: * The report concluded that Clinton's use of a private server to exchange messages with other State Department officials violated the department's cybersecurity guidelines as well as requirements under the Federal Records Act. Clinton's exclusive use of private emails to conduct government business was "not an appropriate method of preserving any such emails that would constitute a federal record," it said. The report added that Clinton "should have preserved any federal records she created and received on her personal account" and turned them over to the department before she left office in February 2013. Instead, Clinton kept all of her emails and surrendered only about half of them - about 55,000 pages - to the department in March 2015, after media accounts revealed she had never used a department account to conduct official business. * Clinton told longtime aide Huma Abedin in November 2010 that she did not want to release her private email address to the State Department or use a government email address because "I don't want any risk of the personal being accessible." Clinton's expressed fear of outside access to her emails is at odds with her statement during a 2015 news conference that she "opted for convenience to use my personal email account." * Clinton has given repeated assurances that she would cooperate with an FBI investigation into her use of the private server, but she and several of her top aides declined to be interviewed by the inspector general's office. Clinton's former chief of staff, Cheryl Mills, former deputy chief of staff for operations Huma Abedin and former deputy chief of staff for policy Jake Sullivan, declined to cooperate, and former deputy secretary of state for management and resources Thomas Nides did not respond to interview requests. Abedin and Nides are now senior campaign aides to Clinton, Mills heads an African business growth operation and Nides is vice chairman of the Morgan Stanley investment firm. Lawrence Wilkerson, chief of staff to former Secretary of State Colin Powell, also turned down an interview. * Some State Department officials were aware as early as March 2009 that Clinton was using a private server located in the basement of her family's home in Chappaqua, New York. A March 2009 memo prepared by staff in the department's executive secretariat identified the private server and its location. But the inspector general said many senior State Department officials who were interviewed said they were "unaware of the scope or extent" of Clinton's use of her private account even though many of them sent emails to her private address. The report found no evidence of a legal staff review or approval for her use of the server, and added she would not have received approval if she had asked. * Suspected hacking attacks on Clinton's private server led her aides to shut down her server at least twice in January 2011. An unidentified technical adviser to former President Bill Clinton who worked on the server told Abedin that he had shut the system down because "someone was trying to hack us." Later the same day, the aide again shut down the server after a second intrusion. The next day, Abedin emailed Mills and Sullivan not to send Clinton "anything sensitive" in their emails. Clinton also told a top aide in May 2011 about an email with a suspicious link she received a day earlier. Those incidents were not reported to State Department computer security personnel, the report said. Clinton's campaign has repeatedly said there is no evidence Clinton's server was ever breached. * While Clinton's campaign website assures that "robust protections" guarded her private server, the inspector general said that State Department diplomatic and computer security officials reported that Clinton "never demonstrated to them that her private server or mobile device met minimum security requirements" specified by Foreign Service and cybersecurity guidelines. Clinton received a classified briefing about cybersecurity risks and was warned in a 2011 memo about the risk of hackers targeting personal, unclassified email accounts, the report said. * The State Department issued numerous warnings about the use of private emails dating back a decade. But the inspector general criticized the agency for being "slow to recognize and to manage effectively the legal requirements and cybersecurity risks" that have grown as the federal government has relied increasingly on emails for its operations. * The inspector general found that four unnamed top aides to Clinton also extensively used private email accounts for official business but failed to turn those records over for preservation when they left office. The four "failed to comply" with Department policies intended to carry out government preservation of documents. The top aides were not named but their listed titles identified them as Mills, Abedin, Sullivan and former top communications and strategy aide Philippe Reines. Some email records for all four have since been produced by the department in court proceedings as part of public records lawsuits.