2016 Postmortem
In reply to the discussion: Forbes: OIG email report vindicates Clinton [View all]The Federal Records Act that was in effect during Hillarys term is at the Wiki link below. It was amended to specifically include emails in 2014, after she left office.
https://en.wikipedia.org/wiki/Federal_Records_Act
And the article below may be of interest.
http://www.newsweek.com/2016/02/19/colin-powell-emails-hillary-clinton-424187.html
In addition to the classified email system used in SCIFs, there are personal email accounts. Prior to 2013, these could be accounts inside the relatively unsecure State Department system or private email accounts. If they are privaterunning through a commercial or personal serverthey have to follow some rules set up in the Federal Register . There are no guards, no red-black procedures, no construction rules, no special rooms, no TEMPEST, no TSCM. And most important: Until 2013, there was no rule against using them. In fact, the rules specifically allowed for them. Check out the relevant section in the Code of Federal Regulations (36 CFR Chapter XII, Subchapter B, section 1236.22b) for the rules regarding the use of personal email accounts by any State Department official.
To give an idea of how insecure these communications could be, Powells personal email is an AOL account, and he used it on a laptop when he communicated with foreign officials and ambassadors, unless the information qualified for a SCIF. (Clinton sent only one email to a foreign dignitary through her personal account, and her communications with ambassadors were, for the most part, by phone.)