blherrouJun 24, 2023
Justin Schuh

The Difference Between How Trump, Biden, Pence, and Clinton Mishandled Classified Information

I should first state where I’m coming from (because #IANAL). I served in the US intelligence community from 1996-2004, first as an enlisted Marine, and then as a federal employee at NSA and later CIA. I worked on watchfloors and did ops, but most of that career was spent managing and/or securing classified systems. I was trained at the Fort Washington¹ facility in qualifying SCIFs², had my classified courier card for years, and in my time saw a few classified mishandling cases up close.

Next is a bit of background on how classified information handling works. In the 99.99% case, classified docs are only ever handled in SCIFs (which have fence-lines and armed guards). Printed documents are marked with their classification level, and when not in use everything is locked in a properly rated safe, managed with access logs. Classified computer systems are rated to the maximum level of classified allowed, and also secured when not in use. Systems at different classification levels are air-gapped to prevent leakage (technically it’s more complicated, but accurate for this discussion).

The last bit of background is the legal framework for classified document handling. There actually is no law defining classified information or handling processes. Rather, there’s the 1917 Espionage Act³, plus 100 years of legal precedent and executive orders (most recently EO 13526⁴). The Espionage Act refers to a very broad category of “information respecting the national defense” and makes illegal the dissemination of this information through either “willful intent” or “gross negligence.”

The key point is that the law applies to a broad category of information, and the EOs build a framework for identifying such information and how to securely handle it. This is also the main basis that the courts use to delineate violations of the law, which is why classified mishandling is prosecuted under the Espionage Act.

With all of that out of the way, it’s time to look at each of these cases of classified mishandling. I’ll start with Clinton’s case first, because it’s the weirdest, in that it only barely involves classified data handling. That might seem confusing given all the press coverage in 2016, but the most accurate description of what Clinton did is that she forwarded emails from her official DoS (Department of State) email account to a personal account. The critical thing here is that because her DoS account was on a FOUO (For Official Use Only⁵) system, directly connected to the public Internet, those emails never should have contained any classified information. FOUO systems may contain sensitive information, but are explicitly not for handling classified information.

Accepting that, sometimes classified information leaks to a FOUO system. This tends to happen one of two ways, the first of which is usually in preparing briefings/reports for a lower classification level. It’s common to pull some of that information from classified documents, declassify as needed, and then transfer that to a lower classification system. Sometimes mistakes are made in this process and (now invalid) classification markings are left in the downgraded document. That explains the classification markings found in a few of Clinton’s emails⁶.

Classified information can also leak without being marked, if the substance of discussion simply includes information that would be considered classified. This is why it was reported that Clinton had 2,100 classified email threads⁷. Because, all of her emails were sent to the classification authorities at all of the intelligence agencies, and they reviewed everything, flagging anything they would have viewed as classified. FWIW, I doubt that any senior national security official’s FOUO inbox would make it through this process without coming away similarly flagged (but that's its own very long discussion).

With that context, here’s the first critical thing to understand about Clinton’s emails: The classified information leak was independent of her forwarding her official email to her personal email address. This is because any classified information she received was already leaked on the FOUO systems that the emails were coming from. So, the classified mishandling situation is the same regardless of whether Clinton’s email had remained on the FOUO DoS server or on a machine in Clinton’s basement. Neither are authorized for handling classified information.

So, then what was wrong with Clinton forwarding her FOUO emails to a personal address? Mainly it comes down to the government’s obligations regarding records retention and the mandatory security baseline for the systems they manage. Those are both extremely good reasons for why Clinton shouldn’t have forwarded her emails, but they don’t really have anything to do with classified information handling.

And to be fair to Clinton, since she was using a FOUO system, she had a reasonable expectation that she wasn’t receiving any emails containing classified information. So, unless she personally introduced the classified information into the discussions that got retroactively flagged, it’s entirely possible that she never even mishandled classified herself. Rather, she may have simply had additional copies of emails that had already leaked to FOUO systems. (FWIW, I don’t expect to ever find out the answer to this.)

This gets to the legal repercussions of what Clinton did. Once again, IANAL, but I did see cases of similar infractions. And as long as the offending party cooperated, there was very little in the way of repercussions. About the worst case would be junior enlisted getting slapped with non-judicial punishment⁸ because their commander wanted to make an example of them. But outside of that, pretty much anyone else in the same situation would just be told to stop, or at worst get a minor slap on the wrist.

Either way, I cannot imagine what grounds someone could even be prosecuted over if they're simply forwarding emails from a FOUO account, to their personal account, for the purposes of accessing their email from another device. Moreover, the scope and depth of the Clinton investigation would normally have been reserved for someone stealing actual marked classified information or otherwise bridging classification levels between systems. Clinton genuinely received more scrutiny and greater repercussions than pretty much anyone else in her situation would have. None of this is to say that what Clinton did was a good thing, but it genuinely was far less than it's usually made out to be.

Now, on to Biden and Pence, which are nearly identical cases of classified mishandling. Remember several paragraphs back about the 99.99% case? Well, that’s not the White House, because that place is just weird. It has a mess of spaces cleared for handling classified, and uncleared people endlessly circulating about—some of whom literally live there! The whole thing is a security nightmare, and they should ban printed classified just as a precautionary measure.

That’s why I’m not surprised that Biden and Pence wound up with marked classified papers mixed in with their other documents. TBH I’m surprised it doesn’t happen more often. But that sort of thing is also why the statute sets the bar at “willfully” or “negligent.” Both Biden and Pence did exactly the right thing in notifying the appropriate custodian of the mistake, turning over everything, and complying fully with investigations. It was all by the book, and no one would ever be charged for something like this.

Finally, we get to Trump. His case is highly unusual, but not at all complicated. The indictment⁹ provides mounds of evidence that he “willfully” took large quantities of classified material with him when he left the White House. After NARA (National Archives and Records Administration) contacted him about returning the missing classified material, he chose to lie, evade, and then turn over only some of the stolen documents. Eventually the FBI had to raid Mar-a-Lago to recover 300+ additional classified documents, and it’s still unclear whether everything has been recovered.

The whole point here is that the Trump case is genuinely unprecedented in just how crazy it is. The volume and scope of the theft puts it in league with espionage cases that land people in prison for decades. Even worse, the whole crime is documented with recordings, corroborating witnesses, and pretty much everything a prosecutor could dream of.

While I'm at it I should also quickly knock out some of the more common attempts I’ve seen to dismiss the criminality of Trump’s situation, so here goes:

Are the classified documents in fact Trump’s property? No. The Presidential Records Act is entirely clear on this¹⁰.

Could Trump have declassified these documents already as president? No. EO 13526 sets out the classification process, and if he wanted to expand it to include psychic declassification he had to write a superseding EO laying out such a process.

Does it matter that Trump doesn’t appear to be an agent of a foreign power? No. Just ask Petraeus¹¹ or Schulte¹²; you break the law when you willfully take the information and risk dissemination to those not cleared for access.

Does it matter that Trump stored the information in a locked room? Accepting that a resort with random people ambling about is laughably unsafe, the fact is that there are clear regulations for storage and transport of classified material, and Trump was so far outside the bounds of those that the tiny measures he took are immaterial.

TL;DR: Literally anyone else who did what Trump did would already be sitting in federal prison for at least a decade. Trump is getting an unheard of level of special treatment—entirely to his own benefit! There’s simply no comparison to what Clinton, Biden, or Pence did. The most appropriate comparisons for Trump’s case all involve people currently serving long federal prison sentences… or people who already died in prison.
_
¹ https://en.wikipedia.org/wiki/Interagency_Training_Center
² https://en.wikipedia.org/wiki/Sensitive_compartmented_information_facility
³ https://en.wikipedia.org/wiki/Espionage_Act_of_1917
https://en.wikipedia.org/wiki/Executive_Order_13526
https://en.wikipedia.org/wiki/For_Official_Use_Only
https://www.politico.com/blogs/under-the-radar/2016/07/hillary-clinton-classified-emails-error-225194
https://www.usnews.com/news/politics/articles/2016-02-29/state-dept-wins-dispute-over-clinton-email-on-north-korea
https://en.wikipedia.org/wiki/Non-judicial_punishment
https://www.justice.gov/storage/US_v_Trump-Nauta_23-80101.pdf
¹⁰ https://en.wikipedia.org/wiki/Presidential_Records_Act
¹¹ https://en.wikipedia.org/wiki/David_Petraeus#Criminal_charges_and_probation
¹² https://en.wikipedia.org/wiki/Joshua_Schulte

Interagency Training Center - Wikipedia

Jun 16, 2023 at 1:29amWeb
Show threadwirepairJun 16, 2023
@jschuh dang only read half but thanks for this write up! Will finish when I have more time!
Show threadVoronJun 16, 2023
@jschuh as a former 98c with a TS/SCI I co-sign this
Show threadHavyhh2Jun 16, 2023
@jschuh .....superb summation....am curious to see a list those who have been convicted and sentenced under the Act (with a synopsis of the extent of their infractions), and who either sit in prison or have died in prison....my weekend homework assignment me thinks. Thanks again for this writeup.
Show threadLot⁴⁹Jun 16, 2023
@jschuh Great post. Thank you for this.
Show threadPlan A to YJun 16, 2023

@jschuh That is absolutely fascinating, thank you for the breakdown.

...also what does IANAL stand for? I might be a little out of the loop on that one but it's impressive that you've explained such a complex topic in a way that the only part that confused me was a piece of (what I can only assume is) internet lingo

Edit: "I Am Not A Lawyer", thanks

Show threadVirginicusJun 16, 2023
@Plan_A_to_Y I Am Not A Lawyer
Show threadwrobertsonJun 16, 2023
@Plan_A_to_Y
"I Am Not A Lawyer"
@jschuh
Show threadMythmonJun 16, 2023
@Plan_A_to_Y @jschuh It stands for "I Am Not A Lawyer". It's generally used as a stand in for a longer phrase like "I'm not qualified to give legal advice, I'm not giving legal advice, and you should talk to a lawyer if you need legal advice"
Show threadJason Bowen 🇺🇦Jun 16, 2023
@Plan_A_to_Y @jschuh IANAL ==> I Am Not A Lawyer
Show threadAdam CrosbyJun 16, 2023
@jschuh you’re mostly correct, but it’s important to remember that EOs and regulations are not laws, and do not apply to elected officials such as the President or Congress (VP is a strange case as the positions has changed over the decades).
I’m confused why NARA isn’t taking the rest of the records too…virtually everything a President does in office is NARA property.
Show threadJustin SchuhJun 16, 2023

@uptill3 I'm not sure why you have that impression, but none of that is correct. EOs are often a critical step in executing laws, and at present neither the relevant EOs nor the underlying statute make exceptions for elected officials.

The DoJ does have a policy against charging a sitting president for anything, and it would be very difficult to prove an Espionage Act case against a former president for any actions they took while in office. That's why they're charging Trump only for what he did after leaving office. But there's no law, and nothing in the constitution that forbids it.

The courts have also found certain applications of the Espionage Act to be unconstitutional. So, perhaps you were thinking of Gravel v. United States (1972), which held that the "Speech or Debate" clause indemnifies members of both houses for statements made from the floor, while in session. But that's actually a very narrow exception, and in any other context the liability for them is the same as anyone else.

As for why NARA likely hasn't retrieved all the documents yet, it's because they still don't know exactly what Trump has and where. If they knew that, I'm sure they would have already raided every location and grabbed everything. But since Trump is a former president they're being extremely cautious and giving him an unprecedented level of deference. Were it anyone else he'd already be incarcerated, and likely giving up the remaining documents in hopes of some additional leniency on his sentence.

Show threadAdam CrosbyJun 16, 2023
@jschuh Espionage Act is a law. It applies to everyone in the USA. Agreed.
An executive order is an administrative order signed by the president for the direction of activities and policies *within the executive branch*, such as protecting classified information. This is why there is no criminal penalty for regular folks who, say, downloaded and read Snowden leaks - it’s not illegal for them.
Similarly, congress members don’t get clearances for HASC/SASC/etc briefings.
Show threadJustin SchuhJun 16, 2023

@uptill3 Sorry, but that's all just a bit nonsensical. As I explained in the original post, the EO lays out the classification framework, and the courts rely on that framework to delineate violations of the law. The law also lays out some basic foundations (notably intent) and hits constitutional limits, which is why random people don't get prosecuted for handling publicly leaked classified. However, go take a look at the active case against Julian Assange, who's facing a whole raft of Espionage Act charges specifically for his active involvement in leaking classified.

As for why congress doesn't need clearances to access classified, it's because EO 12333 specifically exempts them, in favor of directly managing their access (anything else would be an administrative nightmare). However, the whole reason why the Gravel v. United States precedent exists is because the DoJ was quite serious about charging Gravel and his aide under the Espionage Act for mishandling classified.

Anyway, I'm kinda getting the impression I'm being trolled here. So, I'm just going to leave it at this, and respond no further.

Show threadAdam CrosbyJun 16, 2023

@jschuh you’re not being trolled, but maybe I’m not being clear.
We completely agree on all aspects of NARA and Espionage Act application. No question.

Either I’m unclear or we disagree on how EOs apply. EO12333 does not exempt Congress from needing a clearance, it allows otherwise cleared/covered folks to disclose covered information to congress without violating their NDA. Gravel vs USA focusing on his aide, not the Senator, is inline with this.

Show threadAdam CrosbyJun 16, 2023
@jschuh as is https://rollcall.com/2021/01/12/when-it-comes-to-security-clearances-rules-for-others-dont-apply-to-congress/
Regarding security clearances, rules for others don’t apply to Congress

It's not clear what consequences lawmakers who voted against election certification face, but don't expect them to lose access to classified information.

Roll Call
Show threadNonya Bidniss 🥥🌴Jun 16, 2023
@jschuh Excellent summary. 👏 One point - not all SCIFs have fencelines and armed guards unless you're referring to accessing the overall installation that the SCIF is established within. I've worked in & visited a variety of SCIFs that have neither a fence nor an armed guard. But also several that had both, so no real quibble 🤷 Also - I bet at WH & other high level it happens way more often than we'd ever hear about. And if they stumble on it & return it, there's no reason we should.
Show threadJustin SchuhJun 16, 2023
@Nonya_Bidniss I was framing the common case for most installations that house SCIFs. I've also spent time in SCIFs with less typical forms of 24/7 monitoring and security, but I didn't see a point in getting that deep into the weeds.
Show threadSimon ZerafaJun 16, 2023

@jschuh

@thegrugq @riskybusiness

Interesting, if long read on US classification process 🙂

Show threadNeal OnionsJun 16, 2023

@jschuh

Thank you Justin, I’ll save this for reference. Seems so strange that Trump still has so much voter support. My American friend still peddles this trash comparison, but leaves Pence out and includes Obama instead.

Show threadCarolyn StearnsJun 16, 2023
@jschuh thank you for such a clear concise explanation
Show threadDanJun 16, 2023
@jschuh with what Biden and Pence did realistically the worst that would normally happen would presumably be some underling being tasked with producing a memo reminding everyone about the correct storage and processes to be distributed widely within the government.
Show threadWingedUnicorn🧙🏻‍♀️🌕🔥Jun 16, 2023
@jschuh long, but interesting read. thanks for posting.
Show threadVHaschJun 16, 2023

@jschuh

We've gotten sloppy and need to wake up to the painfully obvious fact that a large percentage of our own people can not be trusted. Not enlisted, not contractors, not government officials of any rank, and not generals.

Show threadJeff HunsbergerJun 16, 2023
@jschuh this is a super helpful cogent and clear discussion of the issues at hand. Thanks so much for the work putting it together.
Show threadStargeezer SmithJun 16, 2023

@jschuh
I worked most of my career in DOD, and fully understand your explanation. I'd like to know just one more thing.

Why did Trump not get jailed when charged?

Show threadpaulJun 27, 2023
@stargazersmith @jschuh He was processed and arraigned, but immediately released on his own recognizance. He will likely serve no time in a traditional prison even if found guilty. The reason being, US Secret Service is still required to protect him even if in jail. The logistics of this security detail means in all likelihood that will necessitate house arrest as a sentence. He’ll stay at Mar-A-Lago for a while, and that’s all.
Show threadKim LuxhojJun 16, 2023
@jschuh Thank you! I understand a lot more about the handling of classified docs now (I think). It’s amazing the ‘whataboutism’ some ppl can come up with as so-called fact.
Show threaddeliveratorJun 16, 2023
@jschuh excellent write up, but how do you get this level of information in a click baitey headline? 😜
Show threadcofaxJun 16, 2023
@jschuh Thank you, bookmarked! Great discussion, very clarifying.
Show threadjerrylutiJun 16, 2023
@jschuh @donmelton
Show threadMåns NilssonJun 16, 2023
@jschuh Thanks. Very good reality check.
Show threadboyle 🇵🇸Jun 17, 2023
@jschuh
This is brilliant. Thanks.
Show threadJim O'NeillJun 17, 2023
@jschuh @JonathanMosen Thank you for eposting this! I wonder just how many people will read it and give it the attention it deserves!
Show threadCatherine BerryJun 19, 2023

@jschuh

Thank you for this; it aligns with my previous understanding, but provides many useful details.

I must admit that I am flabbergasted at how casual some people are about classified data handling. I used to work with highly classified data, and I was trained and audited to ensure absolute control over every document in my possession at all times. I once lost a few pages of a document; I expected to go to prison, and felt I deserved it. (The pages turned up soon after, fortunately.)

Show threadobscurestarJun 23, 2023
@jschuh One I didn't see covered that's also different between Clinton/Biden and Trump: Trump signed the bill for adding penalty enhancements in 2018. Trump did it after the law took effect.
Show threadJohn PanzerJun 23, 2023
@jschuh Bookmarked and boosted. This is an excellent analysis which nobody in the Trump Cinematic Universe would hear even if read out to them on a high powered megaphone, but that’s on them at this point.
Show threadCineau.Jun 24, 2023
@jschuh great rundown, thanks.
Show threadOpenDNA⚙️Jun 24, 2023

@jschuh Three rather important things to know about all this: (1) each department has its own Classified system and motives, so CIA and NSA expectations do not apply clearly to State;

2) Classifying Authorities are those invested with the power to classify/declassify information, all subordinate authority flows from them,

3) unclassified actions may create information which will become Classified, for whatever reason departments use.

Show threadOpenDNA⚙️Jun 24, 2023

@jschuh A combination of these three are usually where people with your expertise trip up when talking about the Clinton case.

i.e. the SecState's daily schedule was Classified, by her own authority, until the date passes, after which it was automatically declassified. So when she said "declassify today's schedule and send it to my Blackberry", that is all SOP at State (it's her authority) even if inconceivable at CIA or NSA.

Show threadJustin SchuhJun 24, 2023

@opendna EO 13526¹ literally designates the classification authorities and defines the "uniform system for classifying, safeguarding, and declassifying national security information" that they all must comply with. Your whole premise that “each department has its own Classified system” is just pure nonsense, and the rest of your comments are a bit of non-sequitur plus implicit admission that you didn’t actually read the post you’re replying to.

This rampant sort of confidently-wrong-reply-guy bullshit is why Mastodon has never really clicked with me. It's also why I won’t be wasting any more of my time in a back and forth over this.
_
¹ https://obamawhitehouse.archives.gov/the-press-office/executive-order-classified-national-security-information

Executive Order 13526- Classified National Security Information

whitehouse.gov
Show threadOpenDNA⚙️Jun 24, 2023

@jschuh Your beef is with all the ex-CIA/NSA/DOD/etc experts on twitter who ranted about how Clinton should be in prison because "I would be in prison if I did what she did" while ignoring that she was literally the Original Classification Authority in Section 1.1(a)(1) of that EO and they weren't.

A specific charge against Clinton was that she ordered her own schedule declassified and sent to her Blackberry.

I understand if that idiocy offends you, but it's a fact of that "scandal".

Show threadJustin SchuhJun 24, 2023

@opendna No. It doesn't matter if you're the original classification authority or not. You've still broken the law if you didn't follow the mandated process in EO 13526 for handling classified material. That's literally what Deutch and Petraeus both got charged for—even though they were the respective classification authorities for the marked material that they leaked.

But as I explained in the original post, none of that applied to Clinton. I don't care about the non sequiturs regarding her schedule. The critical detail in her case is that she forwarded emails from a FOUO system—which by definition does not handle classified material. Thus her use of a personal email account was never relevant in any discussion of potential mishandling of classified material, and she in fact had a reasonable assumption that no classified material would be present in the emails she received. That's why I noted that her case barely had anything at all to do with handling of classified material.

And I honestly don't care what's been claimed by supposed former IC personnel. The vast majority of commentary around this has been blatantly wrong the whole time. That's why I wrote a post explaining the facts of the situation.

Show threadOpenDNA⚙️Jun 25, 2023

@jschuh Thank you. I follow.

The media coverage must be consistently maddening.

Show threadJustin SchuhJun 25, 2023
@opendna Thanks, I appreciate that. And yes, it's been maddening to watch all this and continue having the same conversation since it all started back in 2015. The media coverage has been awful, and there's been no shortage of politicians and former IC personnel asserting things that are just patently untrue.