News broke yesterday, via The NY Times, that Hillary Clinton used a personal email account to conduct government business the entire time she was Secretary of State, which would appear to be a violation of record-keeping rules:

Hillary Rodham Clinton exclusively used a personal email account to conduct government business as secretary of state, State Department officials said, and may have violated federal requirements that officials’ correspondence be retained as part of the agency’s record.

Mrs. Clinton did not have a government email address during her four-year tenure at the State Department. Her aides took no actions to have her personal emails preserved on department servers at the time, as required by the Federal Records Act.

It was only two months ago, in response to a new State Department effort to comply with federal record-keeping practices, that Mrs. Clinton’s advisers reviewed tens of thousands of pages of her personal emails and decided which ones to turn over to the State Department. All told, 55,000 pages of emails were given to the department. Mrs. Clinton stepped down from the secretary’s post in early 2013.

WaPo further reports that Hillary created a separate domain for her email just before assuming office:

In March 2013, an adviser to Clinton, Sidney Blumenthal, had his email hacked by “Guccifer” — the Romanian hacker perhaps best known for revealing George W. Bush’s paintings to the world. At the time, Gawker reported that Blumenthal was communicating with an account that appeared to belong to Clinton at the “clintonemail.com” domain. The content of some of those emails was published by RT.com.

Examining the registry information for “clintonemail.com” reveals that the domain was first created on January 13, 2009 — one week before President Obama was sworn into office, and the same day that Clinton’s confirmation hearings began before the Senate.

The Times goes on to note that previous Secretaries of State have used private email on occasion, and that penalties for such violations are rare, since the agency which maintains the national records has limited enforcement power. With Hillary, however, the use was complete — she didn’t even have a secure government email account.

That raises national security concerns. As Secretary of State, Hillary presumably received classified and other protected information via email at least on occasion, since it was her only email account.  That distinguishes her from predecessors, who at least had government email accounts.

We need more facts on her usage, but if Hillary maintained classified documents (including emails) on an unclassified computer device and email account, that could raise much more serious issues than the records violation.

Recall that in 1999 former CIA Director John Deutch had his security clearance revoked for improper handling of classified information:

CIA Director George J. Tenet announced yesterday that he has suspended the security clearance of his predecessor, John M. Deutch, for violating government rules by working with classified material on an unsecured computer at his home.

The unprecedented action against a widely respected and still powerful former official comes at a time of heightened concern over foreign espionage and the handling of classified information. It was clearly intended as a signal that the federal government, and the CIA in particular, is determined to tighten security….

“While serving as Director of Central Intelligence I erred in using CIA-issued computers that were not configured for classified work to compose classified documents and memoranda,” Deutch said. “While it was absolutely necessary for me to work at home and while on travel, in hindsight it is clear that I should have insisted that I be provided the means of accomplishing this work in a manner fully consistent with all the security rules.” …

The Justice Department decided in April not to prosecute Deutch for the security lapses, which were discovered when he left office, when CIA specialists went to his Washington home to remove a classified computer and safe. They discovered 31 files containing highly sensitive classified information on his personal computer.

You can read the unclassified version of the CIA investigative report here.

If the personal email records were shared with people without the necessary security clearances, that could be an additional problem, as David Petreaus is finding out:

Federal prosecutors have recommended that David H. Petraeus face charges for providing classified documents to his biographer, raising the prospect of criminal proceedings against the retired four-star general and former CIA director.

The recommendation follows a federal probe into how the biographer, Paula Broadwell, apparently obtained classified records several years ago while working on a book about Petraeus. Broadwell was also his mistress, and the documents were discovered by investigators during the scandal that forced Petraeus’s resignation as CIA director in 2012.

(added) Petreaus may be entering a plea deal, the NY Times reports today.

The hacking of unclassified State Department computers is a concern, as this February 19, 2015 Wall Street Journal report indicates:

Three months after the State Department confirmed hackers breached its unclassified email system, the government still hasn’t been able to evict them from the department’s network, according to three people familiar with the investigation.

Government officials, assisted by outside contractors and the National Security Agency, have repeatedly scanned the network and taken some systems offline. But investigators still see signs of the hackers on State Department computers, the people familiar with the matter said. Each time investigators find a hacker tool and block it, these people said, the intruders tweak it slightly to attempt to sneak past defenses.

It isn’t clear how much data the hackers have taken, the people said. They reaffirmed what the State Department said in November: that the hackers appear to have access only to unclassified email. Still, unclassified material can contain sensitive intelligence.

We are a long way from demonstrating that Hillary broke laws or rules other than those related to record keeping, but it is a matter that requires full investigation considering that Hillary exclusively used private email in her official capacity.

At a minimum, this episode may demonstrate a willful disregard for national security needs. At a maximum, it may be much more serious.

As Hillary heads towards the presumptive Democratic nomination for President, we need to know what Hillary did with her email account, and when did she do it.