The Hillary Clinton email scandal: An eDiscovery lawyer’s perspective


The Hillary Clinton email scandal: An eDiscovery lawyer’s perspective Ethical BoardroomBy Ralph C. Losey – Practising Attorney at Jackson Lewis, P.C. and author of





Criticism of Hillary Clinton is a popular American pastime. It comes with the turf of being a political figure in the US, especially one running for President. Some of the criticisms may be well-founded but not the attacks based on Hillary’s use of her own email server.

If you were a new high-ranking government official and were given the insecure, outdated piece of junk the government now provides as an email system and could afford it, you would use your own, too. Her refusal to use State Department email servers is perfectly understandable.

As it turns out, it was fortunate for America that Hillary had used her own system because the Russians and Chinese had reportedly hacked the State Department computers and read so-called private emails. We do it. They do it, too.

Putting all legality issues aside, unless and until the government provides its leaders with a decent, secure email system nobody should use it. Those who can afford to, such as the wealthy Clinton family, should create their own system. They should implement state-of-the-art systems and security. Otherwise, they should just assume that all of their email is being read by foreign powers, friendly and hostile.

Bureaucratic inertia

The failure to follow formal rules on email, which may or may not be the case with the Clinton email server, should come as no surprise to attorneys in the field of eDiscovery. The biggest case in our field, Zubulake by Judge Shira Sheindlin, noted back in 2004 the significant difference between what a company’s written information governance (IG) polices require employees to do and what they in fact do. The difference between IG policies and practices is hardwired into the case law and how attorneys practise.

The routine failure of most employees to follow the arcane, often unworkable requirements of the company’s records management policies is why eDiscovery lawyers are admonished to not only investigate the official record’s policies but also to find out what people actually do – the practices. In my nine years of practice solely in the area of eDiscovery law, I have never seen a company with complete convergence between policy and practise. I would hardly be surprised to see any CEO not follow policy, including government leaders. It is full compliance that would surprise me.

Why is that? For one reason, information governance rules are never enforced. IG rules are paper tigers. Aside from situations where emails have been intentionally destroyed to hide evidence, I have never heard of an employee being disciplined for failure to follow email policies. The reality is nobody really cares about these academic policies outside of the records management department or whatever they are now called. Most medium to small-sized organisations do not even have such departments and what policies they have are just forms that nobody even reads. Like Rodney Dangerfield, they get no respect. I am not saying this is good or bad. I am just saying this is IG reality. This will not change unless IG gets teeth and people are actually fined and fired for non-compliance.

Another reason nobody much cares or follows the rules is that the rules are so unrealistic. Most that I have seen would require an hour or more each day for employees to comply. The time would be spent classifying, filing and deleting emails. What a bore. What a waste of time. We are all too busy for that. It brings about a collective yawn and refusal to comply. IG to date has been a game of lip service.

Automated technologies

The answer to this problem is automated classification and filing. That is what the new generation of leaders in IG, like Jason R. Baron are pushing for. They understand we need to harness artificial intelligence to have the computer classify, file and delete for us. We also need advanced search systems. Early software solutions that do just that are already on the market. They will get better and the prices will come down in the near future. Then the employee discipline and enforcement problem will also be solved. The computer will do it. If the AI makes a mistake, just update the code.


“The email system that the US government provides to its employees is archaic. It is a national disgrace… it is insecure”


The reality is that Hillary Clinton has simply done what every other CEO and employee in the US does on a daily basis. She ignored the arcane records rules that supposedly govern email use and filing for government employees. The rules were in transition anyway and who really cares? Sure, archivists and historians care. I get that. So too do political types just looking for another reason to attack Hillary. But aside from that, we do not care.

Historians should know this. There is a long history of non-compliance of records rules by government leaders. The last administration’s Secretary of State Colin Powell did just what Hillary did and set up his own email server. If he had made good his threat to run for President, I am sure this would have provoked outrage by the opposing party. But he did not, so it passed by relatively unnoticed. This is hardly an isolated incident in US government. Most people in the Bush White House for eight years avoided the government email server and instead used the email server of the Republican Party. This is commonplace in Washington.

Why is that? You could assume everybody is just trying to circumvent government in the sunshine and carry on covert operations. No doubt that is part of the reason, but there is much more to it than that. The email system that the US government provides to its employees, including its highest-ranking members like the Secretary of State, is archaic. It is a national disgrace. It is not only clunky and hard to use, it is insecure. As it turns out the emails of the entire State Department were hacked and read by many foreign powers during Hillary’s tenure. We recently learned that White House emails were hacked, too.

Lessons to be learned

As it turns out, we should be grateful that Hillary had the foresight not to rely too heavily on the official email system. At least her personal system could be hardened for greater protection (we do not know if it was or not). In the US, we have very real and pressing dangers to our national security – archival records for future historians is just a distant, secondary concern. That is the real IG lesson here. Security should be the primary concern and then secondarily, ease of use, including automated filing.

The US Congress needs to appropriate funds for a complete overhaul and upgrade of the federal government email system, so that it is both easy to use and secure. Passing more laws and IG regulations is not an answer. Technology is the answer and that costs money. Until we actually get our leaders proper technology, I for one have no problem with Hillary or anyone else using their own systems. The security aspects are especially troubling. Messenger pigeons anyone?



About The Author:

Ralph C. Losey is a Shareholder in the Orlando, Florida, office of Jackson Lewis P.C. He serves as the firm’s National e-Discovery Counsel. Mr. Losey has served for years as an Adjunct Professor at the University of Florida’s College of Law, teaching e-discovery. He is also the co-founder of the IT-Lex foundation and the Electronic Discovery Best Practices group ( Mr. Losey is a prolific author of electronic discovery, having written five books and multiple law review articles in the past six years. His latest book is an iBook available on iTunes: e-Discovery Stories from the Cutting Edge of Law and Technology (Dec. 2012). His last paper book is Adventures in Electronic Discovery (West 2011). Adventures includes an often quoted chapter at page 204 entitled “Child’s Game of ‘Go Fish’ is a Poor Model for e-Discovery Search.”

Mr. Losey is also the principle author and publisher of a popular weekly blog on e-discovery, e-Discovery Team Blog, which now averages over 500,000 visits per year. His recent blog publications include a 20,000-word narrative providing a detailed description of a legal search project. The first installment in the narrative is entitled “Day One of a Predictive Coding Narrative: Searching for Relevance in the Ashes of Enron.”