The House oversight committee is digging into Jeh Johnson's personal use of Gmail while serving as the head of the Department of Homeland Security.
Last July, Johnson admitted accessing his private webmail account on DHS equipment, after Bloomberg reported he and 28 department senior officials were exempted from a departmentwide policy barring such access.
Now, committee Chairman Rep. Jason Chaffetz, R-Utah, is suggesting Johnson may have skirted the rules to hide official records and says the practice calls into question the agency’s cybersecurity responsibilities.
In a March 10 letter requesting information on personal email access at DHS, Chaffetz said, "the use of an informal process to skirt cybersecurity rules and regulations creates the appearance that senior DHS officials consider themselves above the rules they expect rank and file employees to abide by."
Johnson and the others had been granted an “informal waiver” to a 2014 department ban against accessing personal email on DHS networks issued by the department’s chief information security officer.
The day after Bloomberg's 2015 report, Johnson said he would stop logging into his private account through the DHS network in light of the security risks.
The exemption to the personal email ban at DHS “raises a number of questions, especially in light of DHS' recently expanded cybersecurity role," Chaffetz said, referring to late 2014 legislation that empowered Homeland Security to oversee governmentwide information security operations.
The fact that Johnson and other officials were accessing their private webmail from work for a year, if not longer, presents concerns that those accounts were used for official business, potentially in violation of the Presidential and Federal Records Act, Chaffetz said.
That law, which requires agencies preserve all work-related communications, is at the center of a controversy surrounding presidential candidate Hillary Clinton's reliance on private email while serving as State Department secretary.
In his letter, Chaffetz asks to see by March 24, among other things, all DHS waivers to the personal email ban, the duration of those waivers and the names of the officials who signed off on the exemptions.
He also wants DHS to brief committee staff as soon as possible on how the waiver process works and the risks it poses to government security and transparency.
Committee spokeswoman M.J. Henshaw told Nextgov the letter was sent this month to gain a better understanding of personal email use at Homeland Security. The issue of federal employees using private email falls under the panel's jurisdiction and is a topic of concern, she said.
Nextgov has requested comment from DHS.
The general matter of personal email use at government agencies has become an increasingly sensitive topic for Congress, labor groups and top federal officials.
On March 1, Chaffetz's committee advanced a bill that would allow federal agencies stop employees from accessing personal email and other online programs or using personal devices for security purposes -- without consulting unions.
Pentagon Secretary Ash Carter last December acknowledged erring when he used a personal email account for, what government officials describe as, unclassified routine, administrative business.
There currently is no governmentwide prohibition against conducting work on private email, as long as all official records from those accounts are collected in an agency record-keeping system, National Archives and Records Administration spokeswoman Laura Diachenko told Nextgov last October.