While the report doesn’t find an email with Hillary writing: heh, heh, heh, they’ll never FOIA my emails NOW!!!!” — what it does lay out is deeply troubling, even though her supporters have already begun the typical defense of “nothing to see here, move along.”

It lays to rest the longtime Clinton defense that this use of a private server was somehow normal and allowed by government rules: It was not normal, and was not allowed by the government rules in place at the time.  Hillary Clinton broke the rules in her use of a private email server while serving as secretary of state, according to a report by the State Department’s inspector general May 25, 2016. (Reuters)

It also shreds the defense that “Well, Colin Powell did it too” into very fine dust, and then neatly disposes of the dust. As the report makes very clear, there are substantial differences between what the two secretaries of State did:

– Powell says he set up a private email account, in addition to his internal account, because at the time the State Department “email system in place only only permitted communication among Department staff. He therefore requested that information technology staff install the private line so that he could use his personal account to communicate with people outside the Department.” This is a quite plausible reason that, around the turn of the millennium, a secretary of state would have wanted to use his own account. Powell seems not to have done enough to ensure that those records were maintained, which is a problem (though it’s not clear that he was aware that he should have turned those emails over). But as far as I can tell, the most plausible explanation of Clinton’s behavior is that she set up her email server expressly to keep those emails from being archived as records (and subject to Freedom of Information Act requests), which is a great deal more problematic than setting up an inadequately archived email system because there’s no other way to use an increasingly vital communications technology.

– Powell had an outside line set up in his office, into which he plugged a laptop, which he used alongside his State Department computer. The IT department was, in other words, aware that this was going on, and it seems to have come up in discussions of his drive to get everyone at State access to the Internet at their desk. While the quality of information about Powell’s Internet usage is not as high as it is about Clinton’s (after 10 years, memories fade, people become hard to contact, and records degrade), there’s no indication that he was less than transparent with staff. But folks at State clearly had no idea what was going on with Clinton’s email server and, troublingly, at least two people who asked about it were apparently told to shut up and never raise the subject again.

– Three things have changed pretty dramatically since Powell’s day: the magnitude (and appreciation) of cybersecurity threats, the quality of the State Department systems and government rules surrounding both recordkeeping and cybersecurity. One can argue that Powell should not have used a private computer during his tenure, but he seems to have done so in consultation with the IT folks, at a time when the policy surrounding these things was “very fluid” and the State Department “was not aware of the magnitude of the security risks associated with information technology.” By 2009, the magnitude of the risks was clear, and the policy was also much clearer. As far as the OIG could determine, Clinton took no action to ensure that she was in compliance with that policy, which, in fact, she emphatically was not. Officials at State told the OIG in no uncertain terms that they would not have approved her reliance on a personal email server.

– The OIG found only three instances in which State employees had relied exclusively on personal email: Powell, Clinton and Ambassador J. Scott Gration, U.S. emissary to Kenya from 2011 to 2012. Gration, who served under Clinton, was in the middle of a disciplinary process initiated against him for this email use (among other things) when he resigned. So it is impossible to argue not only that this was somehow in compliance with State’s guidelines but also that Clinton might have thought it was in compliance, unless she somehow failed to notice when or why her ambassador to Kenya went missing.

– The OIG found evidence that the server was attacked and that Clinton’s staff members (and presumably Clinton herself) were aware of it. (Clinton at one point seems to have expressed concern that people might be trying to hack her email.) These incidents should have been reported to computer security personnel, but OIG found no evidence that they were. Clinton’s supporters have offered the wan defense that “attacked” doesn’t mean “actually hacked,” but of course, since they didn’t report it, there was no timely investigation, so we don’t really know what happened, or even whether her server setup and/or server administrator were sophisticated enough to detect a penetration had one taken place.

– This is the most profoundly amazing part of the whole story: Clinton’s server administrator was hired by State as a political appointee, from which position he continued to provide support to Clinton’s private email server during working hours, without telling anyone this was happening:

Why is Clinton being held to a lower standard?  Well, because she’s a Clinton, and the Clintons have always acted as if the rules applied only to others. And given that Democrats boxed themselves into her name on the ticket so early on, Team Blue had little choice but to rally around and pretend that this is just a minor peccadillo, like forgetting to date the signature on your FEC filings. Lord knows, this election cycle, there’s good reason to view this sort of behavior as the lesser of two evils.

But it isn’t minor. Setting up an email server in a home several states away from the security and IT folks, in disregard of the rules designed to protect state secrets and ensure good government records, and then hiring your server administrator to a political slot while he keeps managing your system on government time is unacceptable behavior in a government official. If Clinton weren’t the nominee, or if she had an R after her name rather than a D, her defenders would have no difficulty recognizing just how troubling it is.

That doesn’t mean you necessarily have to prefer Donald Trump to her. Back when I was surveying #NeverTrump voters, I heard from more than one conservative intelligence type who basically said “I think Clinton should be in jail for what she did, and I still think she’s a better choice than Trump for the presidency.”

Politics is not simply a team sport, and good government is possible only if we’re willing to call out misbehavior no matter who does it. Even if we still hold our nose and pull the lever for the misbehaver come November.