Did they need to be warned? When a spot audit on a small sample of unsecured e-mail shows that 10% of it contained classified material without proper markings or handling, the presumed “spillage rate” applied to 33,000 e-mails will involve thousands of communications, not just hundreds. The warning reported by the Washington Times today went to the members of the House and Senate committees overseeing intelligence, and may understate the potential damage:

The U.S. intelligence community is bracing for the possibility that former Secretary of State Hillary Rodham Clinton’s private email account contains hundreds of revelations of classified information from spy agencies and is taking steps to contain any damage to national security, according to documents and interviews Thursday.

The top lawmakers on the House and Senate intelligence committee have been notified in recent days that the extent of classified information on Mrs. Clinton’s private email server was likely far more extensive than the four emails publicly acknowledged last week as containing some sensitive spy agency secrets.

A U.S. official directly familiar with the notification, who spoke only on the condition of anonymity, said the notification of possibly hundreds of additional emails with classified secrets came from the State Department Freedom of Information Act office to the Office of Inspector General for the Director of National Intelligence. …

“We were informed by State FOIA officials that there are potentially hundreds of classified emails within the 30,000 provided for former Secretary Clinton,” DNI Inspector General I. Charles McCullough III late last week wrote Sen. Richard Burr, North Carolina Republican; Sen. Dianne Feinstein, California Democrat; Rep. Devin Nunes, California Republican; and Rep. Adam B. Schiff, California Democrat.

“We note that none of the emails we reviewed had classification or dissemination markings but some included IC-derived classified information and should have been handled as classified, appropriately marked and transmitted via a secure server,” Mr. McCullough wrote the four lawmakers.

This clarifies a couple of points. The “markings” issue, as I surmised, relates to the failure of Hillary Clinton to properly mark the material within her communications, not whether the data was properly marked when she received it. It also emphasizes what the IG spokesperson said earlier this week — the material was classified at that time, not later as Hillary’s defenders and Hillary herself have tried to claim.

The Washington Times source also noted that the IG believes Hillary’s attorney has the entire collection of 33,000 e-mails that she gave the State Department on a thumb drive in his office. Politico’s Rachel Bade and Josh Gerstein also reported on that development late yesterday:

Hillary Clinton’s private lawyer has a thumb drive containing classified information from as many as five U.S. intelligence agencies — but the State Department told POLITICO the law firm is taking “appropriate measures” to secure the files.

The agency declined to detail steps made to protect the sensitive information in attorney David Kendall’s possession, but the issue is raising concern among Republicans on Capitol Hill who’ve criticized Clinton’s handling of the email controversy. The thumb drive has copies of emails Clinton kept on a private server while she served as secretary of state, a trove now known to contain classified documents.

The agency told POLITICO that Clinton “does have counsel with clearance.” Kendall, a prominent Williams & Connolly attorney who defended former CIA director David Petraeus against charges of mishandling classified information, declined to comment. …

“The thumb drive is secure,” said Nick Merrill, a spokesman for the Democratic front-runner’s presidential campaign, referring questions to state.

Well, Merrill and his team have also assured people that Hillary Clinton’s e-mail server never had classified material on it, and then changed that story to argue that the data wasn’t classified at the time Hillary sent it. Both claims of secured national security data have proven false. Don’t blame Republicans if Team Hillary turns out to be less than credible on the security of classified material.

Does Kendall have clearance? He certainly could; he would likely have needed it in the Petraeus case, but not all clearances are equal, either. Does he have clearance to access NSA or National Geospatial-Intelligence Agency (NGA) data, among the most sensitive and highly classified forms of data in the US? On top of that, does Kendall have the facilities to store such material? Who is the Facility Security Officer, and if it’s not Kendall, does he or she have the kind of clearance to handle it? Do they have the requisite alarm systems needed for that kind of storage? The issues of access and storage are related but complicated by many factors, not the least of which is the construction of the offices themselves. And let’s not forget that the thumb drive itself almost certainly won’t meet the requirements of secure data storage.

Others are asking the same questions, and not getting good answers in return:

A State Department spokesman, Alec Gerlach, said that the agency had provided Kendall and his law firm “with instructions regarding appropriate measures for physically securing the documents and confirmed via a physical security expert that they are taking those measures.”

But Bradley Moss, a Washington lawyer who handles national security information, said he is perplexed by the arrangement.

“As a general rule, private non-government individuals, even those maintaining a security clearance, are not authorized to privately store classified information,” Moss said.

No, they are not — and it’s actually a crime to do so. Just ask David Petraeus and his biographer.

In other words, this is an ongoing disaster — not just for Hillary’s political career, but for national security and our ability to collect intelligence now and in the future. Had anyone other than Hillary Clinton done this, they’d be facing criminal charges.

Update: The proper acronym for the National Geospatial-Intelligence Agency is NGA, not NGIA. I’ve fixed it above.