WASHINGTON — Hillary Clinton’s actions associated with having a server and personal email account for her work as secretary of state don’t appear to rise to the level that would result in an indictment, a cybersecurity expert told members of the Las Vegas Metro Chamber of Commerce.
But it likely wasn’t a good management idea, said Ari Schwartz, managing director of cybersecurity services at Venable, a Washington, D.C.-based law firm that does lobbying.
The Las Vegas chamber heard his comments on Tuesday in Washington, where the business group is spending the week to visit with members of Nevada’s congressional delegation and attend panels on different topics.
Clinton’s use of a personal email account and a server for her government email while she was secretary of state has come under scrutiny, particularly due to the sensitive nature of the correspondence, some of which was later determined to be classified.
“You can’t imagine how difficult it is to work in a classified environment,” Schwartz said, adding that cellphones, social media and Gmail accounts aren’t allowed. Officials deal with it in different ways, such as going out in the hallway for cellphone calls.
Schwartz previously was a member of the White House National Security Council, working as senior director for cybersecurity.
“Lots of people have used their personal email,’” he said. “Setting up the server, though, is a new wrinkle to this.”
His comments on Clinton came in response to an audience question. Most of the presentation was about cybersecurity as it relates to businesses and the need to keep data secure.
The key is intent, and knowing at the time that classified information is being improperly shared, he said, adding, “You can’t accidentally share classified information and be held liable.”
“I don’t think that she’ll be indicted,” he said.
“Was it a good management idea? Probably not a good management idea.”
Schwartz talked about the broader issue of cybersecurity with Shane Tews, a visiting fellow at the American Enterprise Institute’s Center for Internet, Communications and Technology Policy.
They encouraged the group to follow practices that include not retaining data they no longer need, being familiar with their privacy rights, and having a cyber incident plan in place to respond to breaches.
Cybersecurity is a job that’s never done, Schwartz said.
“It’s not a destination,” he said. “It is a risk you have to keep managing over time.”
Contact Ben Botkin at firstname.lastname@example.org or 702-387-2904. Find him on Twitter: @BenBotkin1