It was a Saturday evening at the Justice Department, and a colleague and I were finishing up a brief to be filed the following Monday. When we tried to put some documents into the secure filing cabinet, the cabinet would not lock properly.
We called the DOJ security officer, who found another secure cabinet to put the files in, and we spent the evening moving files from one cabinet to another – files related to long dormant cases.
These included the DOJ and court files on national security cases dating back to the 1920’s – the Rosenberg case; investigations of Martin Luther King; the Chicago Seven case; parts of the Watergate case.
Those records were all eventually transferred to the National Security Archive, and will ultimately make for a rich heritage for historians.
But in the era of email and digital communications, will future generations be able to learn about the inner workings of the CIA, the Department of Defense, and … um … the State Department? Maybe. Maybe not. And that’s a problem.
So recently there has been a controversy (it will heat up) over allegations that former Secretary of State Hillary Clinton exclusively used a personal email address while conducting official government business at the Department of State. The New York Times has reported that such use “may be illegal.”
Or maybe not.
The law is complicated. The principles are not. Government records (including emails) must be created, stored, maintained and disclosed as provided by law. That’s it.
Whether Hillary’s emails are “government records” does not turn on the domain through which they are sent or received. It depends on the nature of the email and the purpose for creating it.
The Federal Records Act 44 U.S. Code § 3101 requires agency heads (like the Secretary of State) to collect and preserve “agency records” mandating that the agency head “make and preserve records containing adequate and proper documentation of the organization, functions, policies, decisions, procedures, and essential transactions of the agency and designed to furnish the information necessary to protect the legal and financial rights of the Government and of persons directly affected by the agency’s activities.”
It is clear that electronic records, including emails are “agency records” and are required to be managed under both the statute and the relevant regulations.
It’s also clear that the law applies both to the retention and storage of agency records as well as creating a requirement to “MAKE” and preserve the records. What is interesting about the regulations is the fact that the law doesn’t’ speak about “official” or “unofficial” records.
Or “government” provided email accounts or “personal” email accounts. The records laws apply to email messages “created or received in the course of official business.” So if a government employee creates or receives electronic communications in the course of official business, that record is covered by the Federal Records Act for the purposes of storage, retrieval, accessibility, Freedom of Information Act, and other laws.
It doesn’t matter if it’s Secretary@state.gov or Hilary.firstname.lastname@example.org. The test is, and properly should be a functional one. Thus, when a government employee uses personal email for official business, that email may be a government record subject to retention and disclosure. Whether the record is personal or business is dictated by its content and purpose, not the mode of communication. See, Mechling v. City of Monroe.
Most of these cases have been litigated in the context of demands for email under the Freedom of Information Act. In Bureau of National Affairs v. Department of Justice the DC federal court adopted a functional test to determine whether a document constituted a “personal” record of the individual or an official record of the agency. It noted that they would examine “the purpose for which the document was created, the actual use of the document, and the extent to which the creator of the document and other employees acting within the scope of their employment relied upon the document to carry out the business of the agency.”
Even if records are created solely for an individual’s convenience, if they relate to agency functions, they may be official records. Thus, “personal” electronic calendars may be “public” records depending on how they are used. Consumer Federation of America v. Department of Agriculture.
FARA publications recognize that official communications may occur through official email or unofficial email, noting:
According to the regulations, . . . [a]gencies are . . . required to address the use of external e-mail systems that are not controlled by the agency (such as private e-mail accounts on commercial systems such as Gmail, Hotmail, .Mac, etc.). Where agency staff have access to external systems, agencies must ensure that federal records sent or received on such systems are preserved in the appropriate recordkeeping system and that reasonable steps are taken to capture available transmission and receipt data needed by the agency for recordkeeping purposes.
So a government official’s “agency related” communications can be a federal record and must be preserved even if sent through a personal email account. The converse is also true. An employee’s use of a government email account does not make the email itself a “federal record” simply because of the fact that it was sent on a government account, any more than a grocery list scratched out on an official State Department memo pad with an official State Department pen on an official State Department desk becomes a government record.
The law recognizes that some email communications are personal and not government records. See, 5 U.S.C. § 552(b)(6) regarding FOIA exemptions noting “This section does not apply to matters that are “personnel and medical files and similar files the disclosure of which would constitute a clearly unwarranted invasion of personal privacy.”
So whether or not a document is a government record is not determined by whether or not it was send on a government computer or through a government email account.
When various White House and DOJ employees exchanged emails using an email account under the domain GWB43.com (President Bush’s reelection domain) rather than their “official” email addresses, the DOJ refused to produce these records under FOIA, claiming that despite the domain under which they were sent, they constituted “deliberative, predecisional interagency communications” that would be privileged in discovery.
In Democratic National Committee v. United States DOJ, in 2008, the court agreed that these were official records noting that the DNC “fail[ed] to point to any case law that would indicate that the server where an e-mail is housed is relevant to its treatment under FOIA” and—correctly—reasoned that “because the form of the document does not factor into the analysis under FOIA, the Court cannot adopt a per se rule that any e-mails sent on . . . [nongovernmental] servers are not covered by FOIA.”
Moreover, most of the government restrictions on the use of personal email at work, or restricting the use of personal email for government business arise out of practical and security concerns. Using personal email at work (on government computers and through government servers) may introduce malware, and may expose what would otherwise be personal communications to government oversight and review.
Read your Gmail love letters at work (or Facebook postings, or tweets) and your boss may read them as well. Moreover, using personal email at work for the government may expose the agency to over storage. In addition to backing up and archiving official government email, they may end up archiving your kids’ little league schedules and your appointment for body waxing. That doesn’t make it illegal, but it may make it a bad idea.
So that’s using personal email AT government sites or on government computers.
Different issues arise out of using personal email for government work irrespective of where you are doing it. Many agencies prohibit or discourage the use of personal email for government purposes. The main reason is security. But another reason is control.
When you use personal email for government (or corporate) purposes, you circumvent the ability of the agency or company to keep those records as part of an official record.
That can be done deliberately or inadvertently. Most document retention and storage programs apply to “official” communications – meaning communications in the official domain. An “official” email sent through a personal email is still an official email, and the agency must still retain it, but often doesn’t because it doesn’t recognize it as an official email. Separation of personal from official is not so much a legal requirement as a practical one. It’s easier to make the demarcation and say “this I must keep” and “this I may not have to.”
But its never perfect, and getting fuzzier all the time.
When Henry Kissinger moved his official records from the White House to the State Department, and then from the State Department to a private archive, the Supreme Court ruled that these records were not subject to FOIA.
While still serving in the State Department, Dr. Kissinger transferred telephone notes of official conversations from his office to a private location and entered into an agreement deeding those notes to the Library of Congress. Dr. Kissinger treated the notes as his own personal papers. Two of the three FOIA requests in the Kissinger case were filed after the telephone notes had been taken from the State Department.
Those records didn’t have to be produced because the State Department didn’t have them. But as to the other telephone notes held by the State Department the Supreme Court held that they were not “agency records” because they were created when Kissinger was advisor to the President, not Secretary of State even though they were in the physical custody of the State Department. The Court concluded that the mere physical transfer of those documents to the State Department did not render them “agency records” within the meaning of FOIA.
And that’s a problem for Hillary Clinton. As the “agency head” she was required to ensure that “official records” were properly maintained. That includes official records sent through official emails, and official records sent by personal emails. By using personal emails exclusively, it is likely that the records were not routinely stored, archived and treated like official records. Thus, some emails that may constitute “official records” of the Secretary of State may not have been archived properly. So her problem was NOT so much using personal email for official purposes, but not preserving official records in the process.
Unless she did.
You see, at this point we don’t know if the “personal” emails were deleted or destroyed. If not, and if they relate to official functions, they remain official records. No harm (mostly) no foul.
Of course, using personal email for government or official functions is mostly a bad idea. But let’s face it – its done all the time, as is the converse – using official email for personal reasons. You know, emailing the babysitter, or arranging a Girl Scout troop meeting. It’s hard to keep things totally separate. I personally have often sent official email from a personal account – usually for convenience (I had the iPhone with me and not the Blackberry, the recipient wanted to use an encryption protocol I didn’t have on the blackberry, or I had the recipient’s email address on my iPhone…)
The problem with using personal email is that it may not be secure, and it most likely won’t be archived. And for federal records, that’s a problem.
If the former Secretary of State used personal email in order to avoid the records retention policy, that’s a bad thing. Posterity (and about 1,000 House of Representatives’ Committees) needs to have access to official State Department records. If she used personal email and that had the practical effect of avoiding creation and retention of official records, it may be a violation of FARA. If the personal email account was used for convenience (or other potential legitimate reasons) AND the records of the official emails sent through the personal accounts were retained, then it’s a matter of DDoS policies on the use of personal email.
You can bet we haven’t heard the last of this.