In 2010, Clinton’s first full year as secretary of state, an internal study finds that in one week, more than 9,200 emails are sent from the State Department’s Executive Secretariat servers to 16 web-based email domains, including gmail.com, hotmail.com, and att.net. These could include both work-related and personal emails. (US Department of State, 5/25/2016)
It will remain publicly unknown until the video is leaked to Fox News in October 2016.
In the video, Clinton says that employees have a “special duty” to recognize the importance of cybersecurity. “The real key to cybersecurity rests with you. Complying with department computing policies and being alert to potential threats will help protect all of us.”
According to a later account by Fox News, “Clinton goes on in the video to underscore the important work the State Department Bureau of Diplomatic Security and IT department were doing to guard against cyber-attacks. She warns hackers try to ‘exploit’ vulnerabilities and penetrate department systems. She then urges staffers to log onto the internal cybersecurity awareness website or subscribe to their ‘cybersecurity awareness newsletter.’”
Representative Jason Chaffetz (R), chair of the House Oversight and Government Reform Committee, will later find the video ironic, given Clinton’s own security issues with her private email server. He will say, “Hillary Clinton needs only to look into the mirror to find the biggest cybersecurity risk.”
Clinton spokesperson Brian Fallon will say, “This is not new. It has been widely reported that during Clinton’s tenure the State Department issued these kinds of warnings about possible cybersecurity to employees. These warnings were more than appropriate given that it was subsequently confirmed that State’s email was hacked.” (Fox News, 10/22/2016)
Bill Johnson, the State Department’s political adviser to the special operations section of the US Pacific Command (PACOM), will later claim that he is present in Honolulu, Hawaii, while Clinton comes to visit. During her trip, news breaks of a large earthquake in Haiti, which takes place on January 12, 2010.
Clinton goes to a security communications facility in the basement of PACOM headquarters to help organize a humanitarian response to the earthquake. She wants to communicate with her top staff back at State Department headquarters in Washington, DC, but she and her aides are not allowed to bring their cell phones into PACOM headquarters because they are using unsecured, personal devices. They ask Johnson for an exception to the rules, but he refuses, citing alarms and lockdowns that would be automatically triggered if anyone brought an unauthorized signal-emitting unit into the building.
So instead, according to Johnson, “She had her aides go out, retrieve their phones, and call [State Department headquarters] from outside,” using open, unsecure lines. “It was really an eye-opener to watch them stand outside using nonsecure comms [communications] and then bring messages to the secretary so she could then conduct a secure [call] with the military” and the State Department. (Newsweek, 5/25/2016)
It is not known if it is a borrowed phone or her phone. (Getty Images) (Getty Images) In 2015, after her use of only one private email address will become public, she will claim that this was because she only had one phone. She will mention that she bought an iPad in 2010, but the first iPad model will not be released until April 2010 and she will not buy one until July 2010. (The Associated Press, 3/11/2015) (The Washington Post, 3/31/2015) (US Department of State, 8/31/2015)
She emails her chief of staff Cheryl Mills and USAID Administrator Rajiv Shah and tells them, “I sent you emails [redacted] before removing their email info so pls [please] do not forward to anyone and delete after reading.” The reason for the instruction is unclear, as the email she is referring to is later redacted. (Politico, 2/29/2016) (US Department of State, 8/31/2015)
Clinton emails her aide Jake Sullivan that she wants to read a statement regarding Jose Miguel Insulza, secretary general of the Organization of American States (OAS). Sullivan emails back that he can’t send it to her immediately because the State Department has put it on the classified network. Clinton quickly replies, “It’s a public statement! Just email it.” However, Sullivan responds, “Trust me, I share your exasperation, But until ops [operations] converts it to the unclassified email system, there is no physical way for me to email it. I can’t even access it.” (The Washington Post, 3/27/2016)
Clinton’s deputy chief of staff Huma Abedin sends an email to Justin Cooper, an aide to Bill Clinton. She forwards a message from Clinton’s chief of staff Cheryl Mills to Clinton that had bounced, and asks Cooper, “HRC [Clinton] email coming back—is server okay?”
He replies, “UR [You are] funny. We are on the same server.” His reply goes to Mills as well as Abedin, indicating that both of them are aware of the existence of Clinton’s private server.
Cooper’s email domain will be redacted when this email is released in 2016, but his comment indicates his email is on the clintonemail.com domain, the same as Clinton’s. (Abedin has an email account on that domain too, but she sends this email from her State Department state.gov account.) (US Department of State, 6/20/2016)
Cooper is not a government employee and apparently has no security clearance, but other reports indicate he helps Bryan Pagliano manage Clinton’s server.
Huma Abedin, Clinton’s deputy chief of staff, writes Clinton that after another aide named Judith wrote Clinton an email, “It bounced back. She called the email help desk at state (I guess assuming u had state email) and told them that. They had no idea it was YOU, just some random address so they emailed.” (US Department of State, 8/31/2015)
The permanent position of State Department inspector general has been vacant since 2008, before Obama became president. An inspector general serves as a department’s internal watchdog. Some time in March 2010, Clinton’s chief of staff Cheryl Mills emails Clinton about a possible nominee for the position. Mills writes, “Let me know if you DON’T want to proceed.”
Clinton writes back, “Are you ok [with] him?”
Then Mills writes, “Yes – he’ll be good.”
It is not known who they are talking about since the name will later be redacted, but Obama will not nominate anyone for the position until mid-2013, after Clinton’s term as secretary of state is over.
The Wall Street Journal will later comment, “The exchange raises questions about the independence of the inspector general’s office. Government inspectors general have broad latitude within government agencies to investigate cases of waste, fraud, mismanagement, and abuse.” (The Wall Street Journal, 2/20/2016)
In an email to State Department IT [Information Technology] staffer Bryan Pagliano, Mills writes, “Somewhere [between] my house and the plane to NYC yesterday my personal BB got misplaced; no one is answering it though I have called.” Mills uses both a personal and a government-issued BlackBerry, and it is her personal BlackBerry that gets lost. However, details in released emails show that Mills sometimes sent and received work-related emails from her personal BlackBerry, including emails that were retroactively classified. It is unclear if Mills ever finds her BlackBerry after losing it. (The Daily Caller, 1/26/2016) (US Department of State, 1/15/2016)
A New York Observer article will later comment that Mills “was using her personal BlackBerry for work, including the transmission of classified email. That alone is a crime. Then, in a move worthy of a dark comedy, [she] proceeded to lose that BlackBerry. This would be a career-ender, at best, for any normal US government employee. [But she] suffered no penalties of any kind for this astonishing security lapse.” (The New York Observer, 1/28/2016)
An email from Bryan Pagliano to Cheryl Mills, Clinton’s chief of staff, on this day that will later be made public shows that Pagliano sometimes uses the email address email@example.com for work matters. Pagliano is a State Department employee at the time, but he also is managing Clinton’s private email server. In the email, he tells Mills, “Sent a reply from my [redacted] address, but delivery tends to be delayed going to state.gov addresses.” This shows he uses a government email address for work as well. (US Department of State, 1/15/2016)
The hillaryclinton.com domain was used for people working for Clinton’s 2008 presidential campaign, as Pagliano did. Apparently that domain was kept operational long after the campaign ended.
Clinton confidant Sid Blumenthal sends Clinton an email with the subject heading: “Kyrgyzstan Update.” He also marks it “Confidential.” It starts with [redacted] “my friend with deep contacts in Kyrgyzstan and who testified this week on the latest developments there before the House Oversight Committee, has sent me a memo containing important new information and including some recommendations.”
Three pages of analysis from this friend about recent developments in Kyrgyzstan follow, and virtually all of it will be later unredacted. However, there is a section with the title “Criminal Investigation Targeting” [redacted]. That section is later redacted due to four classification codes, including “foreign relations or foreign activities of the US including confidential sources,” and information that could “disclose investigative techniques.” Due to this section, the email will later be classified at the “secret” level, the level below “top secret.”
Clinton sends three emails in response. One is to Blumenthal, thanking him and his friend. Another is to an aide to print the email. A third email goes to Assistant Secretary of State for South and Central Asian Affairs Bob Blake and two others, asking for their assessment.
All of these emails are later deemed “secret” as well, since they contain Blumenthal’s original email. (US Department of State, 2/29/2016) (US Department of State, 2/29/2016) (US Department of State, 2/29/2016)
The Freedom of Information Act (FOIA) request is apparently for Clinton’s schedules, not her emails. In March 2015, it will be reported the request still had not be fulfilled, causing the Associated Press to finally sue to force the issue. (The New York Times, 3/3/2015) (The Associated Press, 3/11/2015)
Clinton confidante Sid Blumenthal email Clinton his latest intelligence report, this one regarding high-level intrigues inside the British government. Like many of his emails, it is marked “CONFIDENTIAL,” the lowest official classification level. Clinton comments, “I shared your emails w Bill who thought they were ‘brilliant’! Keep ’em coming when you can.” “Bill” is a likely reference to Hillary’s husband Bill Clinton. (US Department of State, 8/31/2015)
In May 2015, Clinton will dramatically downplay her enthusiasm for Blumenthal’s emails, merely saying, “He sent me unsolicited emails which I passed on in some instances.” (Real Clear Politics, 5/20/2015)
According to publicly available computer records, the IP [Internet Protocol] address for the mail.presidentclinton.com server is 188.8.131.52 from at least 2009 to 2011. Records also show that mail.clintonemail.com server has the same exact IP address, 184.108.40.206, from at least May 21, 2010 to October 21, 2010. That means the two servers must have been in the same location for that overlapping time period.
Computer records can also indicate where the IP addresses are physically located, and that IP address at that time is somewhere in the middle of Manhattan, New York City. That makes sense for presidentclinton.com, since former President Bill Clinton’s offices are there, and the Clinton Foundation headquarters is also there. But that would suggest that Hillary Clinton’s clintonemail.com server used for all her secretary of state work is also based in Manhattan and not Chappaqua, New York, for at least part of 2010. (DNS History, 9/7/2015) (DNS History, 9/7/2015) (IP Tracker, 9/3/2015)
According to a September 2016 FBI report, Justin Cooper, a Bill Clinton aide who is helping to manage Clinton’s private server, contacts a Secret Service agent at some point during Clinton’s tenure as secretary of state. It is not clear when this happens, but apparently it is not long after the server begins to be frequently targeted by brute force hacking attacks around the middle of 2010.
Cooper will be asked about this in a September 2016 Congressional hearing shortly after the FBI report is published. He will say, “when we first experienced some of the repeated failed login attempts, I reported them to the Secret Service. … There was an instance where we shared some logs with [them]. … The Secret Service looked at logs from the server and made some recommendations to [server manager Bryan] Pagliano about the possible origins of those failed logins and some techniques he might use to mitigate that problem.” (The Secret Service agent will give advice on improving the server’s security that will not be followed.)
However, when Cooper is asked by Representative Blake Farenthold (R), “Did you turn over the logs and notifications that you received to the FBI, the emails of brute force attacks?” Cooper will say the FBI was not contacted.
Additionally, when Representative Jody Hice (R) will ask if Cooper consulted with any other “department or agency in the government,” Cooper will say, “No. No consultations of that type.” He will also specifically mention the State Department wasn’t consulted. (US Congress, 9/13/2016)
It’s possible that Pagliano contacted others, but the FBI will interview both Cooper and Pagliano in its investigation and then will mention only the contact with the Secret Service in its final report.
The number of hacking attacks steadily grows through the rest of Clinton’s time in office. (Federal Bureau of Investigation, 9/2/2016)
Bryan Pagliano, the manager of Clinton’s private server while she is secretary of state, will be interviewed by the FBI in December 2015. According to an FBI report, he will claim that the server suffered no known security breaches. However, “he was aware there were many failed login attempts, which he referred to as brute force attacks. He added that the failed attempts increased over the life of the [server], and he set up the server’s logs to alert [Justin] Cooper when they occurred. Pagliano knew the attempts were potential attackers because the credentials attempting to log in did not match legitimate users on the system. Pagliano could not recall if a high volume of failed login attempts emanated from any specific country.”
The FBI report will explain, “A brute force attack is a trial-and-error method used to obtain information, such as a password… In a brute force attack, passwords may be attempted manually or automated software can be used to generate a large number of consecutive guesses as to the targeted information.” (Federal Bureau of Investigation, 9/2/2016)
Cooper, a Bill Clinton aide who helped Pagliano manage the server, will be asked about brute force attacks in a September 2016 Congressional hearing. He will respond, “I can’t say with any specificity how many had happened. They happened with some limited frequency over the period of, I’d say the last two and a half years, while she was in office. But we had developed systems to tamper these down.”
Representative Blake Farenthold (R) will ask Cooper that if the brute force attacker managed to enter the correct user name and password, “you wouldn’t have been notified, would you? You would have thought it was Mrs. Clinton or some legitimate user actually getting in?”
After further questioning, Cooper will admit that he only looked at failed attempts and didn’t check for related successful log-ins. (US Congress, 9/13/2016)
Carlos Pascual, a State Department official based in Mexico City, writes an email meant to be passed to Clinton discussing US government assistance to Mexico after Hurricane Alex. The subject heading and more text in the email will later be redacted with a code indicating the mention of a name of a secret Defense Department official. The message is forwarded to email, but there’s no apparent reply from her. (US Department of State, 2/29/2016)
Deputy National Security Advisor Ben Rhodes sends an email to over a dozen US officials. One name and email address will later be redacted because they are of a secret CIA official. The content and even the subject heading of the email are later completely redacted. Clinton aide Jake Sullivan receives the email and forwards it to Clinton. (US Department of State, 2/13/2016)
A US official whose name is later classified sends an email to at least two dozen other US officials. Most of their names will later be classified as well. At least one redacted recipient’s name is that of a secret CIA official. The email concerns a recent WikiLeaks release of classified documents and includes an attachment that has a statement by senior Defense Department officials and relevant talking points. Clinton aide Jake Sullivan forwards the email to Clinton. (US Department of State, 2/26/2016)
Clinton and Philippe Reines have an email chain about Clinton’s new iPad. Reines is Clinton’s press secretary and a senior advisor. It is a Saturday and apparently Clinton is at her home in Washington, DC, and trying to get her new iPad to work. She cannot connect to the Internet with it, so she asks Reines, “I don’t know if I have wi-fi. How do I find out?” (Wi-Fi technology allows one to connect to the Internet using a wireless local area network.)
Reines responds, “Let me talk to Justin & Huma to check out the situation, and if there is wi-fi I’m happy to swing by and set it up.” “Justin” is a likely reference to Clinton aide Justin Cooper, who registered Clinton’s private server in her Chappaqua, New York, house, and “Huma” is a likely reference to Clinton’s deputy chief of staff Huma Abedin. (US Department of State, 11/30/2015)
It is not known what happens, but it appears Reines is prepared to enable Clinton to regularly use her iPad at her home using a typical Wi-Fi network, without any extra security measures. Clinton begins using her iPad for her emails the next day, while continuing to use her BlackBerry. (US Department of State, 8/31/2015)
An email exchange shows her iPad has recently arrived, and she is excited to learn how to use it. An account on her official website in 2015 will say, “When the iPad came out in 2010, she was as curious as others and found it great for shopping, browsing, and reading articles when she traveled. She also had access to her email account on her iPad and sometimes used it for that too.” (Hillaryclinton.com, 7/13/2015) (US Department of State, 8/31/2015)
Clinton aide Jake Sullivan forwards Clinton an email chain that has been discussing the recent releases of classified US government information by WikiLeaks and Julian Assange. Over 30 US officials are included in the email chain; the name and email address of one of them will later be redacted because that person is a secret CIA official. (US Department of State, 2/13/2016)
Clinton writes an email to former senator George J. Mitchell (D), who is the US Special Envoy for Middle East Peace at the time. The subject heading is “Here’s my personal email,” and the entire message is “Pls [Please] use this for reply–HRC [Hillary Rodham Clinton].” (US Department of State, 9/30/2015)
Mitchell replies, “I talked with Frattini again and went over the point again. He said he understands and agrees.” The rest of his email is later redacted because it contains “foreign government information.” “Frattini” is a likely reference to Italian Foreign Minister Franco Frattini.
Clinton replies, “I told Papandreou the same.” “Papandreou” is a likely reference to Greek Prime Minister George Papandreou. (US Department of State, 9/30/2015)
Mitchell then discusses communicating with “Moratinos,” a likely reference to Spanish foreign minister Miguel Angel Moratinos.
Clinton replies by mentioning a plan to call “Ashton,” a likely reference to the European Union foreign policy chief Catherine Ashton, and “Bibi,” the nickname of Israeli Prime Minister Benjamin Netanyahu. (US Department of State, 9/30/2015)
It is not clear why Clinton invites Mitchell to discuss such high-level diplomatic communications via her unsecure personal email address. In 2015, J. William Leonard, former director of the US Information Security Oversight Office, will make the general comment, “If a foreign minister just told the secretary of state something in confidence, by US rules that is classified at the moment it’s in US channels and US possession. […] It’s born classified.” (Reuters, 8/21/2015)
Huma Abedin, Clinton’s deputy chief of staff, writes to Clinton in an email, “OK I will [redacted] just FedEx secure cell phone from [Washington] DC. Anthony leaving office to bring me to airport now so hopefully will make it just in time.”
Four hours later, Clinton responds, “Maybe one of Anthony’s trusted staff could deliver secure phone?”
“Anthony” is a reference to Anthony Weiner, who is both Abedin’s husband and a member of Congress at the time. He will resign one year later, due to a sex scandal.
The Associated Press will later comment, “The emails show the degree of trust Clinton had for Weiner before he was hit by scandal.”
It is unclear where Clinton is on this day. State Department schedules list no public events for her between July 27, 2010 and August 2, 2010. But the Associated Press will also note, “The use of secure cell phones is commonplace among State Department staff when traveling to countries with advanced cyber-espionage capacities, such as China or Russia.”
These emails will be released in November 2016. They were not part of the 30,000 work-related emails Clinton turned over in December 2014, even though they are clearly work-related. It will be one of thousands of emails deleted by Clinton that were later recovered by the FBI.
After the release, State Department spokesperson Mark Toner will say it is unclear how the phone might have been delivered, or if it was at all. He will suggest that, in theory, sending a secure phone through FedEx could have been appropriate if the necessary safeguards were taken. “In 2010, secure cell phones were available to State Department employees, and they could be configured in such a way as to render them suitable for transport. When configured in this manner, the device would be inoperable until paired with additional components.” (The Associated Press, 11/3/2016)
Matt Lussenhop, a press officer at the US embassy in Kabul, Afghanistan, sends an email to over a dozen other US officials. The email is sent to Clinton aide Jake Sullivan, who emails it to Clinton. Lussenhop’s email concerns an article that New York Times reporter Dexter Filkins is about to get published. Filkins contacted the embassy in Kabul to get quotes for his story, which alleges that Muhammed Zia Salehi, an aide to Afghan President Hamid Karzai, is on the payroll of the CIA. The email is two paragraphs long, but the first paragraph will later be completely redacted and deemed classified at the “secret” level, the level below “top secret.” (US Department of State, 2/29/2016)
The article will be published in the Times two days later, on August 25, 2010. (The New York Times, 8/25/2010)
In Clinton’s July 2016 FBI interview, she will be asked about this email. According to the FBI, “Clinton stated she did not remember the email specifically. [She] stated she was not concerned the displayed email contained classified information [redacted] but stated she had no reason to doubt the judgment of the people working for her on the ‘front lines.'” (Federal Bureau of Investigation, 9/2/2016)
Salehi was arrested by Afghan police in July 2010, one month before the Times article about him, due to a US government wiretap on him as part of an anti-corruption case. But he was released the next day on the orders of Karzai. In 2013, Foreign Policy will confirm that not only was Salehi working for the CIA, but he actually was an intermediary who was giving secret CIA cash payments to Karzai. (Foreign Policy, 5/4/2013)
Given that this is one of a small number of emails Clinton will be asked about in her FBI interview, as well its classification at the “secret” level, it stands to reason that Lussenhop confirmed Salehi’s CIA connection.
State Department official Mary Sanderson emails over a dozen other officials some analysis about Turkey from the department’s Bureau of Intelligence and Research (INR). State Department official Judith McHale forwards the email to Clinton and a couple of her aides. Nothing in the analysis will later be deemed classified, but it appears four other recipients of Sanderson’s email are secret CIA officials. (US Department of State, 9/12/2010)
Clinton and her deputy chief of staff, Huma Abedin, discuss the fact that Clinton’s emails to other State Department employees are sometimes not being received. Apparently, they are getting discarded as spam because they are coming from an unofficial address.
Abedin tells Clinton in an email that “we should talk about putting you on state email or releasing your email address to the department so you are not going to spam.”
In response, Clinton writes, “Let’s get separate address or device but I don’t want any risk of the personal being accessible.” (US Department of State, 5/25/2016)
In 2016, the New Yorker Magazine will comment that Clinton’s “personal being accessible” comment “seem[s] to confirm what many observers have suspected from the outset: Clinton’s main motive in setting up the email system wasn’t to make it easier for her to receive all her messages in one place, or to do all her business on her beloved BlackBerry; it was to protect some of her correspondence—particularly correspondence she considered private—from freedom-of-information requests and other demands for details, for example, from Republican-run congressional committees.” (The New Yorker, 5/26/2016)
These emails between Clinton and Abedin will not be included in the 30,000 work-related emails that Clinton turns over to the State Department in December 2014, even though they clearly discuss work matters. The State Department will later discover them through other means, most likely from Abedin’s email inbox. (The Associated Press, 5/26/2016)
An email sent or received by Clinton on this day has the subject title ‘‘MbZ call – 7:15am.” Very little is publicly known about its content, such as who sends or receives it, because it will not be included in the over 30,000 work-related emails Clinton will give to the State Department in December 2014. But the FBI will recover the email through other means and ask Clinton about it in her July 2016 FBI interview.
According to the FBI summary of that interview, “Clinton stated she recalled the time period of the WikiLeaks disclosures because it was a difficult time for State. She spent long hours on the phone with foreign diplomats addressing the WikiLeaks disclosures and ensuring no one was in danger as a result of the disclosures. Regarding the specific email, Clinton did not know why it was not in the approximately 30,000 emails produced to [the] State [Department] and, based on its content, would expect it to be considered work-related.” (Federal Bureau of Investigation, 9/2/2016)
From Clinton’s comments, it can be surmised the email deals with the disclosure of 250,000 State Department cables by WikiLeaks, which actually takes place two days later, on November 28, 2010.
Ironically, Clinton makes a public speech on November 29, 2010, that contradict her private reassurances to foreign diplomats that no one was endangered by the leaks. She says, “The United States strongly condemns the illegal disclosure of classified information. It puts people’s lives in danger, threatens our national security, and undermines our efforts to work with other countries to solve shared problems… So whatever are the motives in disseminating these documents, it is clear that releasing them poses real risks to real people, and often to the very people who have dedicated their own lives to protecting others.” (US Department of State, 11/29/2010)
WikiLeaks, working with several major media outlets, begins publicly releasing over 250,000 diplomatic cables between the State Department and US embassies around the world. The cables date from 1966 to February 2010. None of the cables are classified at a level higher than “confidential,” the lowest classification level.
Clinton responds with the public comment, “This disclosure is not just an attack on America’s foreign policy interests, it is an attack on the international community: the alliances and partnerships, the conversations and negotiations that safeguard global security and advance economic prosperity. […] It puts people’s lives in danger, threatens our national security, and undermines our efforts to work with other countries to solve shared problems.” (USA Today, 11/29/2010) (The New York Times, 11/28/2010)
Mark Penn, Clinton’s chief strategist for her 2008 presidential campaign, sends Clinton an email in which he recommends, “I think you need to order a full scale review and upgrading of the cyber security of the State Department immediately.” (US Department of State, 9/30/2015)
However, despite this being the largest breach of State Department classified information in history, Clinton doesn’t change her personal communication methods, and continues to use an unsecured BlackBerry and an unsecured private email server. It is unknown if the State Department changes its cybersecurity as a whole, and if so, how.
One day after WikiLeaks releases over 250,000 State Department cables, Clinton states, “I have directed that specific actions be taken at the State Department, in addition to new security safeguards at the Department of Defense and elsewhere to protect State Department information so that this kind of breach cannot and does not ever happen again.” (US Department of State, 11/29/2010)
However, in October 2013, Buzzfeed will report that “The State Department’s communications system is operating without basic technical security measures in place, despite warnings about its vulnerabilities…” The system, called SMART (the State Messaging and Archive Retrieval Toolset), is used to share department communications, including the exact same kind of cables leaked by WikiLeaks. Buzzfeed further reports that its anonymous sources “say the failures have left thousands of cables and messages, including highly sensitive and classified ones, vulnerable to espionage or leaks for the last four years.” (Buzzfeed, 10/2/2013)
Clinton’s computer technician Bryan Pagliano is working with staff from the State Department’s Information Resources Management (IRM) office to resolve issues affecting the ability of emails sent from Clinton’s private server to be received at department .gov email addresses. Pagliano shows some staffers the computer logs from the server. The issue is eventually resolved. On December 21, 2010, IRM staff send an email to Clinton’s top aides describing the issue and summarizing what was done to resolve it. This appears to be one of the few times Clinton’s server is discussed with other department employees. (US Department of State, 5/25/2016)
The National Archives and Records Administration (NARA) issues guidelines to the heads of all federal agencies, including Secretary of State Clinton, stating that all emails and email attachments relating to government business are considered records to be preserved under the Federal Records Act. (The Wall Street Journal, 9/30/2015)
Clinton aide Jake Sullivan emails Clinton and mentions a State Department diplomat who has “some interesting reports from the Pal [Palestinian] side, if you have a moment to talk secure.” The Washington Post will later refer to this as a rare instance where either Clinton or any of her aides shows concern about the communication of classified information. (The Washington Post, 9/1/2015) (US Department of State, 8/31/2015)
Two members of Clinton’s senior executive staff will later claim they discussed their concerns about Clinton’s use of a personal email address, each in a separate meeting with John Bentel, the director of the Office of the Executive Secretariat for Information Resource Management.
In one of those meetings, Bentel says that Clinton’s personal communication system has been reviewed and approved by the department’s legal staff and that the matter is not to be discussed any further. However, a later State Department inspector general investigation will find no evidence that any department lawyers ever make such a review.
The other staff member who raised concerns about the server is told by Bentel that the mission of his office is to support Clinton and, in the words of a May 2016 inspector general report, “instruct[s] the staff never to speak of the Secretary’s personal email system again.”
According to later released emails, Bryan Pagliano receives an IT [information technology] security briefing in late 2010 or early 2011. It has to do with cybersecurity risks facing the State Department. A letter by Charles Grassley (R) which summarizes the emails says this briefing is “in connection with his work on the Secretary’s non-government server.” Pagliano continues to run Clinton’s private email server after he is hired by the State Department in May 2009, and at least initially, his bosses and co-workers don’t know about his second job with Clinton’s server. It’s not clear who else learns about it and when. (Reuters, 3/24/2016) (US Department of State, 5/25/2016)