Former Secretary of State and presumed presidential candidate Hillary Clinton has taken a pasting this week for using her own email server and personal smartphone for official government business while running the nation's diplomatic corps.
Whatever your politics (let's be honest -- politics are what most conversations about this issue are about, not the true underlying question), Clinton's mixing of personal and work communications is a complex challenge that nearly every company faces in some form.
Clinton now says she should have carried two smartphones while in office, one for official State Dept. communications and one for personal use, as then-Defense Secretary Chuck Hagel did.
But it's not that simple.
Mobile devices make separation harder to maintain
First, remember that Clinton was secretary of state in the early days of modern mobile devices. Not even the BlackBerry, then the corporate and government standard, supported dual-but-separate use as current smartphones do. You had to carry two devices.
Having a work laptop and a personal laptop has long been standard procedure for many government employees, particularly those involved with defense, spy, and high-level policy issues.
You use a computer at a desk, so switching between two devices is not a horrible experience -- the real effort comes in schlepping the two laptops around. (That may explain why, a decade earlier earlier, then-Secretary of State Colin Powell used his personal email account to conduct government business.)
That two-computer approach carried over to mobile devices (meaning BlackBerrys) in the early mobile days. But a mobile device is different: You use it frequently, and you're not very likely to leave it on a desk or in a drawer when not in use -- it's at hand because you never know when you'll want or need to use them.
For example, former Defense Secretary Hagel, who had a personal BlackBerry and a work BlackBerry, acknowledged that he occasionally used the wrong BlackBerry, thus mixing personal and work communications. Today's devices let you have multiple email accounts in the same client but managed by independent servers or even separate workspaces where the user can access separate email clients for each account. But accidental intermingling is still possible.
I believe we have to accept that reality, whether people have one device or two.
It's the policy, stupid
Rather than focus on the number of devices, the focus should be on having clear, manageable policies around data retention, service usage, and all the rules that can quickly become bureaucratic and burdensome and thus discourage compliance.
The Clinton email controversy is exceptional in some ways, but the underlying issues exist at every company: How to manage communications in jobs where you're never really off, so personal and work time are intermingled. We have better tools to manage that confluence today, but tooling alone doesn't solve the problem.
There's probably not a right answer, simply a set of right answers for different classes of users. Federal rules on using personal accounts for email for official communications vary widely -- and that's probably the right approach for an organization as complex as the U.S. government. There shouldn't be a single policy, but appropriate policies for the various classes of circumstances.
Perhaps the State Department's rules were too lax for its highest-level executives -- those, ironically, who have the greatest ability to get exceptions to any rules that exist. Sure, a secretary of state could likely get an exception if push comes to shove, but the decision to do so would take on greater weight and risk.
The bottom line: If there was a failure, it was a failure of policy.
The realpolitik of business communications
Of course having policies alone won't save you from poor compliance or simply bad appearance. Judgment matters. Clinton is experiencing such consequences now: It appears that Clinton's actions were permitted by the State Department's rules, but she's still in the hot seat for the appearance of working outside the rules, inflamed by her political opponents' agendas.
Those State Department rules allowed use of only approved personal email accounts -- and they were enforced: For example, a U.S. ambassador was fired during Clinton's tenure for using Gmail, a public email system whose content Google monitors for ad-serving purposes, which is not what you want to send sensitive information over.
Then again, the State Department's own inspector general reports that the agency is sloppy about records retention by employees using personal email accounts. The rules don't seem to be well enforced.
In Clinton's case, she says she used a private email server set up for her husband, former President Bill Clinton, and the server was under the control of the U.S. Secret Service and approved by the State Department. It was not a rogue operation.
Clinton's decision to have her own email server also makes sense in the larger context: A political power couple sharing a government-guarded private server sounds quite rational, especially when you realize that celebrities and political lightning rods like the Clintons fear people snooping into their private lives. Understandably so -- remember when then-Republican vice presidential nominee Sarah Palin's email account was hacked?
Few want to admit another reason why an executive may work outside the formal corporate communications systems: secrecy. Whether you're plotting against the board of directors or exploring a merger, there are some communications you simply don't want recorded. It's not only your email chitchat with kids and your spouse that you want to keep separate.
I defy any experienced executive to deny they've used personal emails accounts and personal phones to conduct business at times for such secrecy or deniability reasons.
Government operates by different rules, of course where such off-system secrecy is largely outlawed, and internal private channels are used instead. But it's naive to believe that presidents, secretaries of state, and so on use only those channels. They of course use private communications as well.
What we don't know -- this is the real political issue -- is whether Clinton is hiding anything government-related in her personal email records. There's no independent party going through them all to know if she's delivered to the State Dept. all the relevant emails as she's claimed; if this were a legal case, discovery would be compromised.
Secrecy may be critical in some cases, but it comes at a price.
The three big lessons for us all
Whatever the merits of the Clinton concerns, policies need to be realistic, and periodically assessed for the reality of the day, including whether you trust your executives and staff. Context matters -- and sometimes you get in trouble for doing what's permitted and technically correct.
Those are the biggest lessons every corporate, nonprofit, and government agency should draw from the kerfuffle over Clinton's email.