Answers to all the questions journalists might have about Hillary Clinton’s emails

On Monday night, The New York Times published an explosive story on Hillary Clinton’s exclusive use of a private email address during her time as Secretary of State. Since then, journalistic shrapnel has been scattered across the internet as reporters have raced to further the story from every angle. We’ve picked up the pieces and used them to answer the questions most relevant to journalists.

Were emails sent from Clinton’s private account available under the Freedom of Information Act while she was secretary of state?

No, many of them were not. As Politico points out: “The fact that Clinton’s emails were not a part of official State Department records until recently means many of them would not have been located in response to Freedom of Information Act requests, subpoenas or other document searches conducted over the past six years.”

Gawker provides a first-hand account of an unsuccessful attempt to FOIA Clinton’s emails two years ago. Thanks to a hacker named “Guccifer,” Gawker and other media outlets had evidence back then that a close associate had been sending intelligence-related emails to Clinton’s personal account, hdr22@clintonemail.com, during her time at the State Department.

But when Gawker submitted a FOIA request to see the emails, the State Department said “it could find no records responsive to our request. That is not to say that they found the emails and refused to release them… Instead, the State Department confirmed that it didn’t have the emails at all.”

However, as Clinton’s spokesman Nick Merrill has been repeatedly quoted explaining, emails Clinton sent from hdr22@clintonemail.com to other State Department employees who did have @state.gov accounts would have been caught up in the official records system and probably available under FOIA.

Sign up for CJR's daily email

What about now?

The original Times story reported that two months ago, Clinton’s team turned 55,000 emails from her personal account over in response to a request from the State Department.

During a Tuesday briefing, State Department spokeswoman Marie Harf explained that those emails “covered the breadth of [Clinton’s] time at the State Department.” When asked whether State had any confirmation that the cache included every work-related email Clinton sent during her tenure, Harf said only, “I think 55,000 is a pretty big number.”

As the Times reported in a followup story, the State Department will search whatever emails it has now in response to FOIA requests. But Harf said that to the best of her knowledge, there would be no retroactive searches in response to FOIA requests like Gawker’s from 2013.

The conservative PAC America Rising has already submitted a FOIA request for any emails associated with @clintonemail.com.

Could other high-level officials be keeping emails out of the government’s system?

According to the law, not anymore. In 2013, the Federal Records Act was updated to prohibit the use of personal email addresses unless messages are forwarded or otherwise copied into the government’s system within 20 days. A handful of federal agencies told The Washington Post that their senior leaders used only government-issued email addresses.

That law did not apply while Clinton was Secretary of State, however. While White House spokesman Josh Earnest said the Obama administration has given “very specific guidance” that employees should use government email, both the White House and the State Department have said that Clinton’s exclusive use of personal email did not violate any laws, leaving open the possibility that other officials kept important emails in private hands during that period.

In fact, Clinton’s spokesman has insisted that her email usage was in line with previous secretaries of state, like Colin Powell, who relied on personal accounts. Powell’s team released a statement saying he has no record of the emails he sent during his tenure.

“The account he used has been closed for a number of years,” said the statement, as reported by Politico. “In light of new policies published in 2013 and 2014 and a December 2014 letter from the State Department advising us of these policies, we will be working with the department to see if any additional action is required on our part.” (The December 2014 letter from the State Department is presumably the same one that prompted Clinton’s staff to turn over the 55,000 emails.)

Was the private address secure?

Prompted in part by the Snowden revelations about mass surveillance and last year’s Sony Hacks, a debate about the uses and limits of encryption has been brewing among politicians and journalists. Last week, Clinton herself equivocated when asked about the national security concerns around encryption.

It’s hard to know what safety precautions Clinton took with her own email system as Secretary of State, as the National Journal reported. There are number of security measures Clinton could have taken that would not be obvious to security experts unfamiliar with the details of her network (like using Tor, to give an unlikely example).

Marie Harf of the State Department said Tuesday that Clinton never emailed classified documents, but acknowledged that some official communications could be “sensitive” without being classified.

The Associated Press reported Wednesday that the server @clintonemail.com ran on was registered to Clinton’s private home in Chappaqua, NY. That means security would have been handled entirely by her own team and not supported by major commercial players like Google or Yahoo. Wired has a more detailed discussion of the possible security trade-offs between a private email and a State Department one.

Kevin Gallagher, the systems administer for the Freedom of the Press Foundation, recently tested a number of major media companies to see if they supported a secure email system called STARTTLS, which would allow sources also using STARTTLS to securely contact the news organizations.

“Without it, emails directed to a certain mail server can be snooped on at any point between the sender’s mail provider and that of the recipient,” Gallagher wrote, “and eavesdroppers can obtain the entire contents of the email, assuming PGP isn’t being used.” PGP is another common encryption tools for digital communications.

Gallagher said a similar test showed the server hosting clintonemail.com does support STARTTLS encryption.

“Searching public key servers, there are no @clintonemail.com addresses that are associated with PGP keys, so we can say they have probably not been using that form of encrypted email,” Gallagher added in an email.

Where is the story going from here?

It seems inevitable that many of the emails from Clinton’s private address will be made public eventually. Clinton herself tweeted out a desire to see that happen on Wednesday night:

In response, the AP reports, the State Department will review those 55,000 emails for release, which officials expect will take “some time to complete.”

The House committee investigating the deadly 2012 attacks in Benghazi has also issued a subpoena to the State Department for Clinton’s emails (the State Department has already turned over about 300 of Clinton’s batch of 55,000 emails). In a statement announcing the subpoena, Select Committee on Benghazi Communications Director Jamal D. Ware added, “The Committee also has issued preservation letters to internet firms informing them of their legal obligation to protect all relevant documents.”

Even if a large number of emails from Clinton’s private address eventually see the light of day, the question is whether journalists will ever be satisfied that Clinton’s team did not withhold any relevant messages from the State Department.

Has America ever needed a media watchdog more than now? Help us by joining CJR today.

Kelly J O'Brien is a freelance journalist based in Boston. Follow him on twitter at @kelly_j_obrien