The following documents were produced in response to CEI's FOIA requests seeking records of IT and cybersecurity training by then-Secretary of State Hillary Clinton and her aides Huma Abedin and Cheryl Mills. Our two requests were broken down by the State Department into three and assigned FOIA numbers ending in:
- 05781 (cyber security training records Clinton, Abedin, Mills)
- 05043 (IT training records for Clinton)
- 05069 (Separation docs Clinton, Abedin, Mills)
- 05781 (cyber security training records Clinton, Abedin, Mills – part 2)
- 05043 (IT training records for Clinton – part 2)
We have received staggered productions given the requests involved various offices where responsive records might be found.
This production is related to our lawsuit CEI v. United States Department of State. The original FOIA requests were a part of CEI's inquiry into the development of a successor regime to the Kyoto Protocol on global warming, and the decision to pursue treaties (particularly the Paris climate treaty) as non-treaties. CEI sought documents relating to email record keeping, and security practices of Secretary Clinton and her inner circle, including if they submitted the required attestation whether they possessed any work-related emails on non-official accounts or thumb drives. After receiving no cooperation from the State Department on its key threshold request, CEI was forced to sue.
This suit also led to the sole production of Non-Disclosure Agreements, not just for Ms. Abedin and Ms. Mills but also confirming that then-Secretary Clinton signed an NDA that laid out criminal penalties for “any unauthorized disclosure” of classified information. Critically, the second sentence of the very first paragraph acknowledges that "classified information is marked or unmarked classified information".
This disclosure goes beyond the "climate" issue, of course, but is of far broader interest.
One other record of note is the sole documentation that State claimed exists of any of the three officials taking required, annual cyberawareness training. No such records exist for Sec. Clinton or Ms. Abedin. However, the one such documentation asserts that Ms. Mills' single recorded instance of such training took place two months after she had already left the Department's employment. The completion of this required training is, therefore recorded, when it occurs. State has otherwise claimed there are no other records documenting that these three senior officials took the required cybersecurity training, around which much of the controversy currently centers.
The document containing the NDAs and Sec. Clinton's similar Sensitive Compartmented Information Mon-Disclosure Agreement, can be found in full here. Ms. Mills cybersecurity training documentation can be found here.