Mike Pence Used His AOL Email For Indiana State Business -- and It Got Hacked

An anonymous reader quotes a report from The Verge: Vice President Mike Pence used a personal AOL email account to conduct sensitive state business -- including issues related to homeland security -- as the governor of Indiana, according to a report from The Indianapolis Star. Not only that, but Pence's email account was also compromised last year, the report reveals. Because personal email accounts are not subject to same types of public transparency laws, it's up to the official and his or her transition staff to hand over any sensitive state-related messages for archiving. Emails from a state account are automatically stored on state servers and subject to public records requests. Pence's office claims the contents of his personal AOL account used for state business are in fact in the process of being archived. A larger concern, however, is security. By using a private AOL account to conduct sensitive state matters, Pence could have exposed sensitive state business. In the hacking incident last year, Pence's email account was compromised by a scammer who used it to try and extort money from members of his contact list by claiming Pence and his wife were stranded in the Philippines, The Indianapolis Star reports. This hack didn't appear to have had been designed specifically to breach Pence's office, which made clear that his AOL account could be compromised by relatively benign breaching techniques designed by spammers and low-level hackers. It is not illegal in Indiana to own and use a personal account while in office, nor is it against the law to handle work-related matters from a personal account -- so long as those emails are in some way archived. However, the Star reports that Pence made no efforts to preserve his AOL emails under after he left office and is only just now doing months after public records requests were first made. "Similar to previous governors, during his time as governor of Indiana, Mike Pence maintained a state email account and a personal email account," reads a statement given to the The Indianapolis Star. "As governor, Mr. Pence fully complied with Indiana law regarding email use and retention. Government emails involving his state and personal accounts are being archived by the state consistent with Indiana law, and are being managed according to Indiana's Access to Public Records Act."

Re:Let's compare Mike to Hillary

Did Mike share top secret information over his personal email? No.
      Actually, we do not know what was shared. They are explicitly witholding "sensitive" emails.

Did Mike use his personal email to discuss P4P "donations" to a personal charity? No.
      See above.

If there is no issue, then why is Indiana explicitly withholding emails due to sensitive nature?
http://www.indystar.com/story/news/politics/2017/03/02/pence-used-personal-email-state-business----and-hacked/98604904/
---
The administration of Pence’s successor, Gov. Eric Holcomb, released 29 pages of emails late this past week. But it withheld others, saying they are deliberative or advisory, confidential under rules adopted by the Indiana Supreme Court or the work product of an attorney.

Holcomb’s office declined to disclose how many emails were withheld.

Re:Nope, nothing to see here

[dwillden]

Any illegality would fall on the DHS staffer who sent sensitive information to the Governor's private account. Hillary is not liable for classified emails sent to her account but for emails containing classified information sent by her to others.

I've read a few variations on this article now. And not one of them has indicated any wrong doing on his part. p.s. Sensitive does not equal classified.

Re:Nope, nothing to see here

[dwillden]

Except that the FBI conclusion flew in the face of the law. Comey laid out a clean cut case of over 100 counts of felony failure to protect classified information through negligence, then tried to excuse it by saying it couldn't be prosecuted because there was no criminal intent. The problem with that is the very crime he specified has no intent requirement. If you are entrusted with classified information and through your negligence allow it to be exposed to unauthorized access, you are guilty of a felony. And as moving Top Secret information (as Comey said was found in at least 8 emails) to an unclassified server from the physically separate TS network is always considered an intentional act she should have been prosecuted for Deliberate Security Compromise.

If you have access to Classified information you handle it carefully and keep it on the systems it is supposed to be on.

Hillary should have faced charges (hopefully she still will) for her criminal negligence with out nation's secrets. The outrage at Comey giving her a pass (days after AG Lynch met with Bill Clinton on the tarmac in AZ) was not false it is fully justified.

Re:Nope, nothing to see here

If you have access to Classified information you handle it carefully and keep it on the systems it is supposed to be on.

Hillary should have faced charges (hopefully she still will) for her criminal negligence with out nation's secrets. The outrage at Comey giving her a pass (days after AG Lynch met with Bill Clinton on the tarmac in AZ) was not false it is fully justified.

However, President Trump using an unsecured Android phone even after he'd been issued a secure replacement by the Secret Service is nothing to be concerned with. Is nothing like Hillary's email server. Right, Trumpster?

Nothing to see here either, is there, Trumpster? Everybody needs to relax a bit, is that it now?

Fucking hypocrit.

Re:Nope, nothing to see here

[dcooper_db9]

More specifically, the responsible person is the one who takes classified information out of a secure system. If for example, Hillary Clinton had received classified material and forwarded it that would not be illegal (unless she were aware of it's classification status). This is why she was not and could not be prosecuted. All the classified information found in her emails was received by her.

Re:Let's compare Mike to Hillary

EXCEPT, when this began coming out and she didn't turn them all over, Congress issued a subpoena for the rest of them. 3 days after she received the subpoena, yes exactly 3 days AFTER, she deleted 30,000+ emails from her server and all the backups she had. We even have the email requesting everything be wiped, with the date of 3 days after the subpoena.

So handing over stuff you know won't cause you issues is what you are claiming shows she is not guilty. Deleting evidence AFTER a subpoena is what I am saying makes her guilty of... destruction of evidence during an investigation, by definition.

Re:Nope, nothing to see here

As a guy who has held a clearance for more than 20 years, wrong. You are not liable for classified material that is emailed to you PROVIDED you report it in a timely manner preventing it from being caught in backups and restricting it from further distribution by the original party who emailed it to you who clearly does not understand classified material handling and would be at risk of emailing it to someone else. Sit on it for several months, or /*gasp*/ forward it to someone else, and you have compounded the error by not doing your duty, and you gather lots of liability onto yourself, and I've seen clearances yanked and jobs lost for very similar activities.

Now here's where you pull out that old chestnut about it the emails not being marked as classified, which doesn't matter a whit.

Re:Let's compare Mike to Hillary

[Attila+Dimedici]

Now, what would you expect someone that was trying to avoid scrutiny to do, at this point, when they received the first official request for those emails?

I would expect them to do EXACTLY what Hillary did: turn over a limited number of the requested emails and delete the remainder while claiming that the ones turned over were all of them.

Re: No, because it FUCKING FAKE NEWS AGAIN

[benjymouse]

Clinton and Pence both hired a law firm to determine which emails would be considered private and which emails would be subject to the records keeping act. It was not illegal for neither Pence nor Clinton to use a private (non-gov) account, as long as they submitted all "official business" emails for record-keeping. Both did.

There is no material difference between using an AOL account or using a private server. Indeed, one could argue that using a private server you can at least account for who have had access to the emails. In the AOL case, there is no way of knowing. A private account - on AOL or a private server - cannot be used for classified material.

In the Clinton case it *was* determined that she had sent
- some emails where the contents was retroactively classified. This is not criminal, as Clinton the material *was not* classified at the time.
- A total of 3 emails which contained classified information at the time. However, the "classfied" markings were non-standard which could explain why Clinton did not notice them.

It was not illegal to set up at private server. Clinton was clearly aware that she should not use it for classified material; otherwise you would see a lot of classified material with standard markings on the server. Which there was not.

Maybe she should have realized that there was a risk that she may accidentally send classified material. IMO the greater risk was that state dept. employees would send classified material *to* her account. Was it reckless? Possibly. Criminal? No.

If Pence has sent classified material from his AOL account, it is equally illegal, regardless of whether the account was "official". If he did not instruct aides to avoid sending classified material *to* his account, it would be equally reckless.

Fun fact: Pence was hacked. Clintons email server was not.

Re:Nope, nothing to see here

[msauve]

Don't forget HRC's failure to comply with the Federal Records Act, until long after she left her government position, and only after she was exposed. From the reports, it appears that Pence's requirements under the similar state law were already in the process of being fulfilled before this story broke. If that weren't the case, the story wouldn't have had any detail on what those emails contained.

Re:Nope, nothing to see here

To charge under the Espionage Act scienter is required. You are wrong, and Comey is right.

The statute you are referring to is 18 US 793(f):

(f) Whoever, being entrusted with or having lawful possession or control of any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, note, or information, relating to the national defense, (1) through gross negligence permits the same to be removed from its proper place of custody or delivered to anyone in violation of his trust, or to be lost, stolen, abstracted, or destroyed, or (2) having knowledge that the same has been illegally removed from its proper place of custody or delivered to anyone in violation of its trust, or lost, or stolen, abstracted, or destroyed, and fails to make prompt report of such loss, theft, abstraction, or destruction to his superior officer—
Shall be fined under this title or imprisoned not more than ten years, or both.

It looks like you're right (and I'm sure the Republican news sources you read agree), but you're wrong.

"But we find no uncertainty in this statute which deprives a person of the ability to predetermine whether a contemplated action is criminal under the provisions of this law. The obvious delimiting words in the statute are those requiring 'intent or reason to believe that the information to be obtained is to be used to the injury of the United States, or to the advantage of any foreign nation.' This requires those prosecuted to have acted in bad faith. The sanctions apply only when scienter is established."Gorin v. US, 312 US 19, 27-28 (1941)

I'm guessing Comey is familiar with Gorin. Without the scienter requirement the clause is unconstitutionally vague. See Id. at 26-27. The reason he said no reasonable prosecutor would pursue the case is because that's the standard for Rule 11 sanctions.

Re:Nope, nothing to see here

[tbannist]

Here is a guy prosecuted for a much less-important violation of the same: http://legalinsurrection.com/2...

Only if by "less-important", you mean "more-important". The guy who's story you linked to, deliberate took pictures of equipment he was specifically prohibited from photographing with intent to distribute the pictures to people who were not cleared to see them. As I understand it, from having previously looked at this case, he was specifically warned that what he was doing was illegal, and that he could go to jail for what he was doing and continued to do it. So he deliberately broke the law with full knowledge that he was doing so and what the punishment would be if (when) he was caught.

Hillary, on the other hand has been crucified because she received several emails that contained, improperly marked, classified information over the course of her four years at the State Department. Material that the State department is on record saying it does not believe should have ever been classified.

Do you see the difference here? Because everyone who isn't blinded by partisanship does.

Re: No, because it FUCKING FAKE NEWS AGAIN

[steveha]

In the Clinton case it *was* determined that she had sent
- some emails where the contents was retroactively classified. This is not criminal, as Clinton the material *was not* classified at the time.
- A total of 3 emails which contained classified information at the time. However, the "classfied" markings were non-standard which could explain why Clinton did not notice them.

Try 110 emails containing classified information, including 65 "Secret" and 22 "Top Secret", as well as the spy satellite emails that any sensible person would know was extremely secret. Also, as Secretary of State, she had the power to write emails that would be classified, and she was supposed to know how to handle such emails.

https://en.wikipedia.org/wiki/Hillary_Clinton_email_controversy

Also, Hillary Clinton was required to take classes on the handling of classified documents. She was required to re-take th class each year. We know she took the class once but there is no evidence that she ever re-took the class in later years. Then she testified to the FBI that she had no idea that the mark "(c)" might refer to a document being classified.

Fun fact: Pence was hacked. Clintons email server was not.

How do you know Hillary's email server wasn't hacked? Nobody can check it, since she had it wiped (despite being under subpoena to turn over everything). We know that Microsoft Exchange Server is prone to being 0wned and we know that the IT guy Hillary had working on her server asked Reddit for help when he couldn't get security patches to apply. So there was a period where security patches were not applied to the server, and its IP address and domain name were posted on Reddit.

http://truepundit.com/hillary-clinton-it-guru-posted-servers-security-keys-on-public-forum-opening-door-for-hackers-to-access-emails/

Microsoft Exchange, known to not have all security patches applied, IP address posted on Reddit, and the Russian and Chinese and Israeli spy organizations had to have figured out that she was running her own server. In my mind the only question is how many different people or organizations cracked her server, not whether it happened at all.

I saw a news story that said "logs from the wiped server did not show any signs that a spear phishing attack had happened" which of course means that nobody ever cracked the server ever by any means. Right?