WASHINGTON — Earlier this summer, the inspector general of the nation’s intelligence agencies contacted the longtime lawyer for Hillary and Bill Clinton with a pointed question. Classified information had been found in a small sample of 30,000 messages from the former secretary of state’s private email account. The inspector general, I. Charles McCullough III, wanted to know from the lawyer, David E. Kendall, where copies of the message collection might still be stored.
Mr. Kendall’s answer, like so much in the story of the Clinton emails, pointed in an unexpected direction. The official communications of the nation’s 67th secretary of state, it turned out, were handled by a little Colorado I.T. company, Platte River Networks, previously best known for being honored in 2012 as Denver’s “small business of the year.”
Last week, F.B.I. agents showed up at Platte River’s modest brick building, opposite a candy factory. Now that government secrets had been found in Mrs. Clinton’s email, the agents wanted to know about the company’s security measures.
Whether Americans believe Mrs. Clinton’s decision to use only a private email account for her public business is a troubling scandal well worth an F.B.I. inquiry, a pragmatic move blown out of proportion by Republican enemies, or something in between, may depend more on their partisan leanings than the facts of the affair itself.
But the email account and its confusing reverberations have become a significant early chapter in the 2016 presidential race and a new stroke in the portrait of the Democrats’ leading candidate.
Interviews with former State Department officials, law enforcement and intelligence officials, experts on classified information and members of Congress provide further insight into how the controversy developed and where it might lead.
Mrs. Clinton, who has said she now regrets her unorthodox decision to keep private control of her official messages, is not a target in the F.B.I.’s investigation, which is focused on assessing security breaches. Against the backdrop of other current government computer security lapses, notably the large-scale theft of files from the Office of Personnel Management, most specialists believe the occasional appearance of classified information in the Clinton account was probably of marginal consequence.
But exempting herself from the practices imposed on the 24,000 Foreign Service officers and Civil Service workers she oversaw has led to resentment from some former subordinates. And by holding onto the official emails until the State Department was prompted by Congress to ask for them, and then deciding for herself which to preserve, Mrs. Clinton may have provoked mistrust even as she asks American voters to send her to the Oval Office.
The Clinton campaign declined to comment for this article.
Republicans are eager to exploit the issue. House Speaker John A. Boehner has issued a stream of news releases on the emails and the questions he thinks they raise, while the House committee investigating the 2012 attacks on the United States mission in Benghazi, Libya, has expanded its inquiry to include the emails.
There are still unanswered questions: Who at the State Department advised Mrs. Clinton that she could send all her email communications from a private account? What specific criteria did her lawyers use to decide which emails would be deleted on the grounds that they were personal? And what exactly was the classified information that government inspectors say was improperly included in her emails? Outside the political maelstrom, some security experts believe the ultimate judgment of her conduct will come not in a court or from Congress but at the ballot box.
“I think the whole set of circumstances has been scrambled by political considerations surrounding the presidential campaign,” said Steven Aftergood, director of the Project on Government Secrecy at the Federation of American Scientists. He said the inadvertent “spillage” of classified information into an unclassified system is quite common.
“If there’s a penalty,” he said, “it may cost her some votes.”
Others say more than politics is at stake. “I was stunned to see that she didn’t use the State Department system for State Department business, as we were always told we had to do,” said William Johnson, a former Air Force officer who served at the department from 1999 to 2011.
Mr. Johnson said his concerns were only compounded by the discovery of classified information in the emails. “If I’d done that, I’d be out on bond right now,” he said. He said he believed that someone should be punished — if not Mrs. Clinton, then career employees whose job was to safeguard secrets and preserve public records.
“It’s not the end of the world; she didn’t give away the crown jewels,” Mr. Johnson said. “But this is not how things are supposed to be done.”
The email controversy breaks into three clear phases: Mrs. Clinton’s initial choices about how to set up her email; her decision to destroy messages she judged to be personal; and the discovery of classified information in an account where it is not allowed by law.
On the first day of Mrs. Clinton’s confirmation hearing in January 2009, a longtime aide to her husband bought the Internet domain name clintonemail.com from a company called Network Solutions in Jacksonville, Fla. The aide, Justin Cooper, then shifted management of the account to an Atlanta company called Perfect Privacy.
Privacy was something Mrs. Clinton valued but had rarely enjoyed. As first lady in the 1990s, she had weathered multiple investigations of various alleged misdeeds and her husband’s much-publicized infidelity. At a fund-raiser in 2000, she said she had decided to do without email.
“As much as I’ve been investigated and all of that,” she said, “why would I ever want to do email?”
But changing times, and the practical needs of a secretary of state, evidently overcame that instinct. When she took office in 2009, with ever more people doing government business through email, the State Department allowed the use of home computers as long as they were secure; nine months later a new policy required that steps be taken to make sure emails were captured in the department’s records. There appears to have been no prohibition on the exclusive use of a private server; it does not appear to be an option anyone had thought about.
A server was set up at Mrs. Clinton’s home in Chappaqua, N.Y., evidently with backup provided in Denver at Platte River Networks. To the surprise of many colleagues, she never had a standard State.gov account.
The role of Platte River Networks and the F.B.I.’s investigation was first reported by The Washington Post.
Mrs. Clinton has said she decided in 2009 to handle all her email, official and personal, on one account to avoid carrying multiple electronic devices. Yet early this year she joked that she was “two steps short of a hoarder. So I have an iPad, a mini iPad, an iPhone and a BlackBerry.”
So there may have been other reasons for using a private server. For an oft-attacked politician considering a presidential run, the server would give Mrs. Clinton some control over what would become public from her four years as the nation’s top diplomat. “I’ve been following it very carefully,” said Shiva Ayyadurai, an email pioneer who has designed email systems for both government and large corporations. A private system, he noted, “would make it possible to decide what would be disclosed and what would not.”
There is another factor that some former colleagues say puts Mrs. Clinton’s decision in a more reasonable light: the archaic, dysfunctional computer systems at the State Department. Only a tiny fraction of emails sent on the State.gov system in recent years have been permanently archived. And former State Department employees describe the unclassified email system in 2009 as frustratingly inadequate.
Using State Department email outside the building involved “incredibly unreliable software,” said one former senior official. “If you had to write a priority message that was more than a paragraph long, it could leave you streaming sweat and screaming at the screen. And that’s when people would turn to their private accounts out of desperation.”
Another official described landing in foreign capitals late at night and having to go to the American Embassy and wake people up simply to check his unclassified email. He called the situation “ludicrous,” though he said the system slowly improved, especially as more people got government BlackBerry devices.
All of these former officials asked not to be named, fearing they might offend Mrs. Clinton or, worse, draw a subpoena from the House Benghazi committee. Several former Clinton aides have hired private counsel at personal expense. “The basic feeling is, if you haven’t been mentioned by the committee, you should keep your name out of it,” said one official.
From the emails the State Department has begun releasing in stages, a pattern emerges. Mrs. Clinton rarely went in for long exchanges, preferring quick messages of a sentence or two at most, delivering pats on the back, sending queries or instructions to aides and occasionally delivering wisecracks.
To John D. Podesta, who served as her husband’s chief of staff at the White House and is now the chairman of her campaign, she offered homespun advice: “Please wear socks to bed to keep your feet warm.” She quizzed her aide, Huma Abedin, about how to use a fax machine: “I thought it was supposed to be off hook to work?”
Mrs. Clinton seemed to reserve sensitive subjects for face-to-face meetings. As her aides discussed a forthcoming New Yorker profile of Richard C. Holbrooke, the envoy to Afghanistan and Pakistan, she weighed in.
“I know more about this if you wish to discuss,” she wrote.
Curiously, she seemed to want to improve her email skills. She asked another aide, Cheryl Mills, to lend a book called “Send: Why People Email So Badly and How to Do It Better.”
As Mrs. Clinton and her staffers have repeatedly pointed out, most of her emails — they say about 90 percent — were automatically captured on State Department servers because she was writing to aides and colleagues who had State.gov addresses. Some were not captured, however, because a few top aides also used private addresses.
After meeting with two of her closest aides, Ms. Mills and Philippe Reines, State Department officials decided last year to ask for any emails in the custody of Mrs. Clinton — and of her three predecessors as secretary of state, who said they had none. She turned over 30,490 emails last December, nearly two years after leaving office.
But it turned out that she had destroyed a slightly larger number of messages from her account — 31,830 — because she or her aides judged them to be personal in nature.
“At the end, I chose not to keep my private, personal emails,” she told reporters in March. “Emails about planning Chelsea’s wedding or my mother’s funeral arrangements. Condolence notes to friends, as well as yoga routines, family vacations — the other things you typically find in inboxes. No one wants their personal emails made public.”
That explanation might win public sympathy. But it did not take long for evidence to surface that the culling may have included some work-related emails as well.
In June, the State Department said that it had not been able to find in Mrs. Clinton’s emails some 15 messages from Sidney Blumenthal, an old friend and aide, who had independently turned them over to the House Benghazi committee. The messages involved Libya — Mr. Blumenthal was passing along analysis from a former C.I.A. officer — and they appeared to involve policy.
The Clinton campaign has not explained the discrepancy. In sorting through more than 60,000 emails, it is easy to imagine slip-ups. But this small window on the deletion process, carried out privately by Mrs. Clinton’s lawyers and aides, offered little assurance to skeptics that the work email collection was complete.
Shortly after Mrs. Clinton said in March that her private email account had contained no classified information, the Republican chairmen of the Senate intelligence and foreign relations committees decided to test that claim. The senators — Richard M. Burr of North Carolina and Bob Corker of Tennessee, — asked the inspectors general for the State Department and Intelligence Community to investigate whether she and other State Department officials had kept classified information on personal email accounts.
Mr. McCullough, a former F.B.I agent and the watchdog for the intelligence agencies, took the lead in examining Mrs. Clinton’s emails. In 900 pages of emails about Libya that the State Department had handed over to the Benghazi committee, his team found one email they judged to contain classified information — but the State Department had already posted it on the web.
Mr. McCullough then looked at a sample of 40 more messages and found four that he concluded contained information that should have been marked “secret.” In last month’s court-ordered State Department release of an additional 2,200 pages of emails, 64 passages from 37 messages were blacked out because they were judged too sensitive to be released. Officials said hundreds more messages from the full archive might contain classified information.
Because the classified passages are blacked out, it is impossible to gauge how much damage their disclosure might have caused. There is a broad consensus that the government classifies far too much innocuous material. “If you’re assistant secretary or above,” said one former diplomat who held such a post, “it’s hard to burp without someone thinking it’s classified.”
Moreover, “spillage” — the technical term for classified information slipping into an unclassified system — is so common that the government has a protocol to deal with it. A 2008 guide, “National Instruction on Classified Information Spillage” treats it as a regrettable but not-so-rare occurrence. It lays out how such errors should be assessed and reported, mentioning, well down in the to-do list, “Determine whether the incident should be referred to the Department of Justice for investigation and/or criminal prosecution.”
In the case of Mrs. Clinton’s email, the F.B.I. is conducting an investigation of just how the classified material was stored in Denver, as well as on a thumb drive kept by her lawyer, Mr. Kendall, and whether it might somehow have landed in the hands of adversaries. Officials say the bureau at this point has no target in mind and no evidence that a crime was committed.
But the investigation takes place in an administration that has taken an especially hard line on the handling of classified information.
Scott Gration, ambassador to Kenya, resigned after a 2012 inspector general’s report accused him of flouting government rules, including the requirement that he use State Department email. “He has willfully disregarded Department regulations on the use of commercial email for official government business,” the report said.
A New York firefighter and decorated combat veteran who served in the Marines in Afghanistan, Jason Brezler, is currently fighting dismissal from the Marine Corps for sending, via his personal account, an email attachment the government says was classified. His lawyer, Kevin Carroll, says he sent the message in response to an emergency request from a base in Afghanistan.
Mrs. Clinton and her aides have noted that the material the inspectors general call classified was not labeled as such in the emails. But in 2010, Thomas Drake, a former senior National Security Agency official, was indicted under the Espionage Act for keeping an agency email printout at home that was not marked as classified. (Mr. Drake pleaded guilty to a misdemeanor.)
J. William Leonard, a former director of the government’s Information Security Oversight Office, said that in Mrs. Clinton’s case, criminal charges like those against Mr. Drake are highly unlikely. But as a former security official, he said, he was dismayed by her exclusive use of private email. The State Department has an obligation to monitor unclassified email for exactly this kind of classified spillage, he said, as well as to protect computer systems and provide emails to Congress or the public when required by law.
“The agency can’t fulfill those legal responsibilities if it doesn’t have control over the server,” Mr. Leonard said.
What Might Be Next
The man whose dogged Benghazi investigation brought to light the email issue, Representative Trey Gowdy, Republican of South Carolina, insists he is not running a partisan witch hunt to damage Mrs. Clinton’s presidential run. A former prosecutor and chairman of the select committee, he said in an interview that what he called “this arrangement she had with herself” has raised important questions about preserving public records and protecting government secrets.
Mr. Gowdy expressed satisfaction that the email investigation is now “in the hands of the premier law enforcement agency in the world,” the F.B.I. The discovery of the email issue alone refutes claims that after multiple congressional inquiries into Benghazi, there was nothing more to find, he said.
The committee’s top Democrat, Representative Elijah E. Cummings of Maryland, said his concern has always been that the Benghazi inquiry — which he said comes on top of “seven or eight” investigations already conducted — would become a tool for Republicans who want to bash Mrs. Clinton. He said he believed that to a considerable degree, that is what has happened. “We have basically an unlimited budget to go after Hillary Clinton,” he said.
But Mr. Cummings noted that the former secretary of state has herself said it was a mistake to use only the private email, and said he agreed that it was “inappropriate.”
“I think it’s very important that the public knows what’s going on with regard to government,” he said. “I think the public should have access to that information, period.”