Clinton’s iPad while secretary of state not certified as 'secure,' sources say

Not only was Hillary Clinton exclusively using a personal email account for government business, but according to her own memoir she relied on an iPad -- though security and investigative sources tell Fox News the device was not certified as "secure."

A security source familiar with the situation told Fox News that Clinton wanted to use an iPad in her role as secretary of state, but the department’s technical experts concluded the device was vulnerable. Despite the finding, she used it anyway, according to a second investigative source.

In her book “Hard Choices,” which documents her four years as secretary of state, Clinton discusses “digital diplomacy” and writes of her iPad dependence. “I myself am not the most tech savvy person – although I surprised my daughter and my staff by falling in love with my iPad which, I now take everywhere I travel – but I understood that new technologies would reshape how we practiced diplomacy,” she wrote.

Fox News is told the request by Clinton’s team to use an iPad came early in her tenure as secretary of state, in the 2009 and 2010 timeframe. But the security source said efforts to bring the device in line with security requirements could not be met, but she went ahead anyway.

An intelligence community directive known as ICD503 established the “Intelligence Community (IC) policy for information technology systems security risk management, certification and accreditation.” The 10-page document, available on the web and signed by then-Director of National Intelligence Mike McConnell in 2008, states that devices are cleared for use only if certain conditions are met.

More On This...

    It says: “A Delegated Authorizing Official shall only accredit an information system if the Authorizing Official determines that a breach of security of that information system would result in no more than a low to moderate potential impact on organizations or individuals.”

    And the directive emphasizes that there is a zero-tolerance policy. “In no case shall a Delegated Authorizing Official make an accreditation decision for a system when an Authorizing Official deems a breach of security of that information system would result in a high potential impact on organizations or individuals.”

    If the iPad’s geolocating and back-up functions were not disabled, the security source said the data was vulnerable to a universe of hackers including those that are state-sponsored. The security source said Clinton’s team had done a pretty good job attempting to protect the servers but there were indications of “seepage.”

    Fox News posed a series of questions to State Department spokeswoman Jen Psaki and her deputy Marie Harf on whether she used her iPad in her role as secretary of state as her biography states; whether Clinton used an iPad for email; whether the device was certified as secure; and what preventative measures were taken to disable geolocating and iCloud functions.

    Nearly a day after the initial query was sent, Psaki responded and directed Fox News’ questions to Clinton spokesman Nick Merrill -- though security certification normally would fall to the State Department and the intelligence community.

    “I was not working for her at the time so I would certainly point you to Secretary Clinton and her team on whether she used an iPad and what she used it for,” Psaki said.

    While there was no immediate response from Merrill, Clinton insisted to reporters Tuesday that there were no security breaches.