U.S. ambassador to Japan Caroline Kennedy is under fire, along with several other high-ranking diplomats and government officials, for using a personal email address to conduct official State Department business.
There were several instances where “sensitive but unclassified” information exchanged with was sent to or received from personal email accounts, according to a report released Tuesday by State Department inspector general Steve Linick.
The department’s inspector general “received reports concerning embassy staff use of private email accounts to conduct official business,” Linick wrote in the report evaluating the American embassy in Japan.
The agency has “previously reported on the risks associated with using commercial email for official government business,” including email spoofing and phishing, data loss, and hacking that could expose personal identifying information.
Kennedy was appointed ambassador in 2013 and has voiced “that she wants all her activities to be conducted in accordance with U.S. Government regulations,” the report stated.
News of Kennedy’s bad email habits come in the midst of fellow Democrat and presidential candidate Hillary Clinton’s email scandal, which uncovered her persistent use of a private email server during her stint as secretary of state.
Brought to light in March, the issue and its potential security risks have clouded her campaign as a Justice Department probe recently uncovered some top secret content among the 55,000 emails stored on the private servers Clinton turned over in August.
The State Department expects employees to use “approved, secure methods to transmit Sensitive but Unclassified information when available and practical,” according to the report. But staff behavior is demonstrably misaligned.
The report focuses solely on communications with the U.S. embassy in Japan but outlines a broader national security issue of poor digital hygiene among government employees.
Kennedy was one of nearly two dozen government officials working as State Department chiefs of staff, or other government agencies including the Department of Homeland Security, Justice Department, Drug Enforcement Agency, and Treasury Department.
The State Department had not yet addressed security vulnerabilities and suffered from loosely defined roles and protocol between junior and senior embassy staff, according to the report.
“Embassy staff members lack the guidance they need to make day-to-day decisions on optimal allocation of limited U.S. government resources,” the inspector general wrote.
As a result, the department plans to take up all 65 recommendations set forth in Tuesday’s report to provide more guidance and influence behavior around email security.