The DOJ’s Director of Public Affairs Used Gmail to Send a Work Email. Is That Legal?

Attorney General Jeff Sessions peeks into his conference before the start of a meeting.

Susan Walsh-Pool/Getty Images

On Wednesday, the Washington Post reported that Attorney General Jeff Sessions had spoken twice with Russian Ambassador Sergey Kislyak during the 2016 campaign. While Sessions’ objections to that news were mostly dubious, some were drawn to another aspect of his official response. On Twitter, Edward-Isaac Dovere, Politico’s chief political correspondent, noted that Sarah Isgur Flores, the Department of Justice’s director of public affairs, was using her personal Gmail account to reply to reporters.

There was a degree of immediate irony to Flores’ use of Gmail. As Dovere pointed out, she had previously snarked about Hillary Clinton’s email server. But Flores’ chosen platform also raises a handful of more pressing, immediate issues that she—and others in the government—should consider.

Let’s be clear about one thing: From a security perspective, Gmail is probably a fine option, one that might well be safer than Flores’ official DoJ account. It’s not, of course, perfect: For instance, as Wired reported in February, Gmail has lagged behind other communications platforms in its ongoing failure to support end-to-end encryption, which would ensure that only a message’s sender and receiver can decrypt it.

But as Josephine Wolff has written in Slate, Gmail may still be safer than many of the alternatives. Among other things, Wolff notes, “Google has some fairly effective monitoring tools for anomalous behavior among its users as well as a lot of data on phishing and spam email.” If your only concern is keeping your messages private, you could certainly do a lot worse than Gmail.

The trouble is, Flores was acting in a more public capacity here. Indeed, her use of Gmail for government business raises important legal questions. If Flores routinely uses her personal account to send Department of Justice communications, she may be limiting the accessibility of those emails to the public in the event of a Freedom of Information Act request. In the process, she may also be opening her own emails to more public examination.

This is hardly a new problem—for the Department of Justice least of all. In a 2012 paper for the Federalist Society titled “Gmail.gov: When Politics Gets Personal, Does the Public Have a Right to Know?” Michael D. Pepson and Daniel Z. Epstein discuss an example from 2005 and 2006 in which White House political staff employed their Republican National Committee email accounts to discuss then Attorney General Alberto Gonzales’ dismissal of U.S. attorneys.

In some cases, government officials may rely on such alternatives in an attempt to evade scrutiny. But as James Valvo, counsel and senior policy adviser for Cause of Action told me, the issue also remains widespread because it’s simply more convenient for government representatives to work through their personal accounts. “A lot of this is getting caught up in ease of response. But that’s no excuse,” he said.

As Pepson and Epstein explain, this is a legal gray area:

The practical reality is that, whether for nefarious or innocent reasons, federal agency employees have and will continue to conduct agency business using personal e-mail accounts and personal communications devices. Until Congress or the courts definitively clarify whether these work-related communications are subject to FOIA’s disclosure provisions, a dangerous loophole enabling unscrupulous agency employees to intentionally evade the light of public scrutiny may exist.

Pepson and Epstein go on to write, however, that in the absence of a definitive resolution, work-related emails are likely still subject to FOIA requests:

Common sense, case law, and FOIA’s plain language compel the conclusion that, irrespective of federal executive branch agencies’ employees’ reasons for using personal e-mail accounts or personal communications devices to conduct agency-related business within the scope of their employment, their work-related communications must be subject to FOIA’s disclosure provisions.

In other words, public business that Flores does through her private account may still be a matter of public record. According to Valvo, more recent case law seems to confirm that conclusion, further affirming that private emails can be subject to FOIA requests.

The more pressing problem here may be the question of record keeping—which was an important issue to the Trump campaign in its own attacks on Hillary Clinton. When government personnel rely on private email, it’s difficult to confirm that they’re holding onto relevant communications or that they’re providing those messages when requested. As Pepson and Epstein write, “[I]t would be practically impossible for even the most well-intentioned, experienced FOIA officer to gain access to these communications on behalf of a requester without resort to extraordinary means, e.g., subpoenaing government employees’ e-mail records from Google.”

Thus, short of monitoring all government employee communications—which would raise a host of other privacy concerns—it’s may be hard to know how to proceed. Even when it isn’t nefarious, email usage like Flores’ therefore presents a challenge for those committed to government oversight.

As Valvo observes, it should raise questions for government officials as well. “If government officials are using their personal accounts, they need to be aware, first, that they are not in compliance with federal records laws. And second that they’re opening their personal emails up to search in response to FOIA requests,” he says.

Flores did not respond to a request for comment sent to her Gmail address on Thursday morning.