DS then notified the Ambassador via cable on July 20, 2011, that the FAM did not permit him to
use non-government email for day-to-day operations.161 The cable stated in relevant part:
The language in 12 FAM 544.3, which states that “it is the Department's general policy
that normal day-to-day operations be conducted on an authorized [automated
information system]” is purposely included to place employees on notice that if they are
given a tool that provides an adequate level of security encryption, such as an OpenNet
terminal … or any other Department-supplied security mechanism that works in the
given circumstance, they must use it. 12 FAM 544.3 goes on to say that in the absence of
a Department-supplied security solution employees can send most SBU information
unencrypted via the internet only when necessary, with the knowledge that the nature of
the transmission lends itself to unauthorized access, however remote that chance might
be. … Given the threats that have emerged since 2005, especially in regard to phishing
and spoofing of certain web-based email accounts, we cannot allow the proliferation of
this practice beyond maintaining contact during emergencies. We are all working toward
the same end—to protect the availability, integrity and confidentiality of Department
information and systems, while recognizing that emergency situations may arise,
particularly for our employees serving overseas. … The Department is not aware of any
exigent circumstances in Nairobi that would authorize a deviation from the requirement
to use Department systems for official business.
However, the Ambassador continued to use unauthorized systems to conduct official business.
The Department subsequently initiated disciplinary proceedings against him for his failure to
follow these directions and for several other infractions, but he resigned before any disciplinary
measures were imposed
