January 2013—May 31, 2013: Clinton uses an agent to find new management for her private server.

Tania Neild (Credit: public domain)

Tania Neild (Credit: public domain)

Tania Neild runs a company called InfoGrate that connects very wealthy people with companies who oversee their personal technologies, such as emails, and her company is based only about twenty miles from Clinton’s New York house. (Politico, 11/10/2015) (The Washington Post, 9/5/2015) 

An FBI report will later state that “due to user limitations and reliability concerns regarding the [existing] server, staff for [Hillary] Clinton and President [Bill] Clinton discussed future email server options, and a search was initiated to find a vendor to manage a Clinton email server. Additionally, [Clinton’s computer technician Bryan] Pagliano’s expressed desire to seek new employment contributed to the decision to move to a new server.”

Clinton will also be interviewed, and she will recall “that the transition to [a new company] was initiated by President Clinton’s aides seeking a higher level of service than could be provided by the [existing] server.”

Around January 2, 2013, Neild is introduced to Clinton’s chief of staff Cheryl Mills through an unnamed mutual business associate. Neild will later tell the FBI that she worked with Mills and Pagliano to produce a proposal to solicit responses from multiple companies. (Federal Bureau of Investigation, 9/2/2016)

January 2013, Platte River Networks, a small company based in Colorado, is told by Neild they are in he running for a new contract. In mid-February, they find out they are a finalist for the contract, and that they might be working for Clinton. They will be hired by Clinton to manage her private server on May 31, 2013. (Politico, 11/10/2015) (The Washington Post, 9/5/2015) 

01-2013AlexMcGeorgeNewsmax

Alex McGeorge (Credit: Newsmax)

Pagliano will later tell the FBI who made the final decision to pick Platte River. But this person’s name will be redacted, and only identified as someone working for President Clinton. (Federal Bureau of Investigation, 9/2/2016)

In retrospect, the choice of Platte River will seem to be an odd one. Cybersecurity expert Alex McGeorge will later comment, “My big issue here is do you want a small firm with little/no government experience or contracting (according to what’s being reported) and no stated security expertise to be in charge of the email system for our secretary of state? That is fundamentally ridiculous.” (Business Insider, 8/17/2015)

January 5, 2013: Someone accesses the email account of one of Bill Clinton’s staffers on the private server used to host Hillary Clinton’s emails.

130101TorLogopublic

The Tor Logo (Credit: public domain)

This is according to a FBI report that will be released in September 2016. It is known the staffer whose account gets breached is female, but her name will be redacted. The unnamed hacker uses the anonymity software Tor to browse through this staffer’s messages and attachments on the server.

The FBI will call this the only confirmed “successful compromise of an email account on the server.” But the FBI will not be able to determine who the hacker is or how the hacker obtained the staffer’s username and password to access her account. (Federal Bureau of Investigation, 9/2/2016)

Wired will later comment, “The compromise of a Bill Clinton staffer—who almost certainly had no access to any of then-Secretary Clinton’s classified material—doesn’t make the security of those classified documents any clearer. But it will no doubt be seized on by the Clintons’ political opponents to raise more questions about their server’s security.”

Dave Aitel (Credit: Immunity)

Dave Aitel (Credit: Immunity)

Clinton’s computer technician Bryan Pagliano is in charge of monitoring the server’s access logs at the time.

But Dave Aitel, a former NSA security analyst and founder of the cypersecurity company Immunity, will later comment that the breach shows a lack of attention to the logs. “They weren’t auditing and restricting IP addresses accessing the server. That’s annoying and difficult when your user is the secretary of state and traveling all around the world… But if she’s in Russia and I see a login from Afghanistan, I’d say that’s not right, and I’d take some intrusion detection action. That’s not the level this team was at.” (Wired, 9/2/2016)

When Pagliano is interviewed by the FBI in December 2015, he will claim that he knew of no instance when the server was successfully breached, suggesting he didn’t know about this incident. (Federal Bureau of Investigation, 9/2/2016)

And when Justin Cooper, a Bill Clinton aide who helped Pagliano manage the server, will be asked about the incident in September 2016, he will say he knew nothing about it until he read about it in the FBI report released earlier that month. (US Congress, 9/13/2016)

January 17, 2013: Blumenthal is sent clearly marked classified information by a business partner.

A screenshot of Blumenthal's email account showing the January 17, 2013 email from Cody Shearer. (Credit: public domain)

A screenshot of Blumenthal’s email account showing the January 17, 2013 email from Cody Shearer. (Credit: public domain)

Clinton associate Cody Shearer sends Clinton confidant Sid Blumenthal a clearly classified document in an email. The subject heading for the email is: “Sid – This is Classified.” There is no text, but a document is attached called “Washington,_DC_Itinerary_for_D.doc.” In 2011 at least, Shearer and Blumenthal were business partners.

This email will only come to light because the hacker nicknamed Guccifer will post a screenshot of it after breaking into Blumenthal’s email account in March 2013.

It is not known if Shearer sent Blumenthal other classified information or if Blumenthal forwarded any such information to Clinton. (Gawker, 3/31/2015) Blumenthal has no security clearance to receive classified information at the time.

Around February 1, 2013: Clinton later claims she wasn’t given any instructions on how to preserve her emails when she left office.

In a July 2016 FBI interview, “Clinton [will state] that she received no instructions or direction regarding the preservation or production of records from [the] State [Department] during the transition out of her role as secretary of state in early 2013. Furthermore, Clinton believed her work-related emails were captured by her practice of sending emails to State employees’ official State email accounts.”

A May 2016 State Department inspector general report will conclude this wasn’t a proper method, and Clinton should have printed and filed her emails when she left office. (Federal Bureau of Investigation, 9/2/2016)

February 2013: Clinton’s computer technician Bryan Pagliano concludes his full-time employment at the State Department.

Gartner Headquarters in Stamford, Connecticut. (Credit: public domain)

Gartner Headquarters in Stamford, Connecticut. (Credit: public domain)

Like many other Clinton aides, Pagliano leaves the department the same month Clinton ends her term as secretary of state. Pagliano was secretly being paid for managing Clinton’s private server since May 2009. He remains a State Department contractor doing work on “mobile and remote computing functions.” (The Washington Post, 9/5/2015) 

Pagliano also starts working for Gartner, a global IT [information technology] company, though it’s unclear how much he works for Gartner and how much for the State Department.

He will lose his State Department contractor status some time after September 2015, when he pleads the Fifth Amendment before a Congressional committee. (The Daily Caller, 3/3/2016)

February 1, 2013: Clinton’s four year tenure as secretary of state ends.

Clinton exiting an airplane in her last week as secretary of state. (Credit: The New Yorker)

Clinton exiting an airplane in her last week as secretary of state. (Credit: The New Yorker)

(The Washington Post, 3/10/2015) Clinton is succeeded by Senator John Kerry (D). Kerry apparently uses a government email account for all work matters, and all his emails are automatically preserved by the State Department for posterity. (The New York Times, 3/2/2015) 

Most of her top aides leave the State Department around the same time, such as Cheryl Mills, Huma Abedin, Jake Sullivan, and Philippe Reines, while Patrick Kennedy remains. (The New York Times, 8/13/2013)

Around February 1, 2013: Clinton fails to turn over her work emails as she leaves office, despite a legal requirement to do so.

When Clinton ends her tenure as secretary of state, she is required by law to turn over all of her work-related documents to the State Department, including emails, but she fails to do so.

Clinton says farewell as secretary of state on February 1, 2013. (Credit: Polaris)

Clinton says farewell as secretary of state on February 1, 2013. (Credit: Polaris)

A May 2016 State Department inspector general’s report will conclude, “Secretary Clinton should have preserved any federal records she created and received on her personal account… At a minimum, [she] should have surrendered all emails dealing with department business before leaving government service and, because she did not do so, she did not comply with the department’s policies that were implemented in accordance with the Federal Records Act.”

The report will note that at least she turned over 30,000 emails in December 2014, 21 months later. However, the report will also conclude that the emails she gave then are “incomplete,” because many of her work-related emails have since been discovered through other means, such as being found in other email inboxes. For instance, although her tenure began on January 21, 2009, and she started using her email account by January 28, no emails received prior to March 17, 2009, were turned over, nor were any emails sent prior to April 12, 2009. (US Department of State, 5/25/2016)

Around February 1, 2013: Clinton should be debriefed as she leaves office, but it’s unclear if this happens.

State Department officials will later say that Clinton is required to go through a “read-off” debriefing around the time she ends her term as secretary of state on February 1, 2013. In the debriefing, security officials would remind her of her duty to return all classified documents, including ones where the classification status is uncertain. This would include her emails stored on her private server.

Former Diplomatic Security Service official Raymond Fournier will later say, “Once she resigned as secretary, she needed to return classified documents and other government-owned documents, which in this case would have included the server.” The debriefing would include her signing a nondisclosure agreement, but so far no such document has emerged. It also is unknown if the required debriefing took place, and if it did, why she didn’t turn her emails over at that time. Fournier will comment, “She’s in big, big trouble.” (The New York Post, 8/23/2015)

In a July 2016 FBI interview, Clinton will claim she wasn’t given any instrutio on preserving her emails when she left office, which would suggest she never had an exit interview.

Shortly After February 1, 2013: Clinton apparently leaves the State Department without signing a required form stating that she returned all her work-related documents.

All State Department officials are required to sign a form when they leave office stating that they returned all their work-related documents back to the government. Although Clinton becomes a private citizen after ending her term as secretary of state on February 1, 2013, there is no evidence she signs such a form. Those who sign the OF-109 form acknowledge they could be subject to “criminal penalties” for not turning over the documents.

In March 2015, Jen Psaki, a State Department spokesperson, will say, “We have reviewed Secretary Clinton’s official personnel file and administrative files and do not have any record of her signing the [form]. […] I think we’re fairly certain she did not.” Psaki also notes that Clinton’s predecessors as secretary of state also don’t seem to have signed the form.

A State Department manual declares that “a separation statement will be completed whenever an employee is terminating employment,” but Psaki says there is no penalty for not signing the form. (Politico, 3/17/2015)

Shortly After February 1, 2013: Clinton’s chief of staff Cheryl Mills leaves blank a required form stating that she has returned all of her work-related documents.

Cheryl Mills (Credit: Vimeo)

Cheryl Mills (Credit: Vimeo)

All State Department officials are required to sign the “separation statement,” known as the OF-109 form. Those who sign the OF-109 form acknowledge they could be subject to “criminal penalties” for not turning over the documents.

In 2015, the Daily Caller will sue the State Department for several OF-109 forms. They will be given a form with Mills’ name on it, but with the date and signature spaces left blank. Mills used a private Yahoo email account for at least some of her government work.

A State Department official will neither explain the discrepancy nor confirm that Mills did not sign the agreement.

Clinton apparently never turns in her form. Huma Abedin, Clinton’s deputy chief of staff, does sign her form in February 2013, but she doesn’t turn over her private, work-related emails. (The Daily Caller, 11/13/2015) (The Hill, 11/13/2015) (US Department of State, 9/11/2015)

February 2013—June 2013: At least one manager of Clinton’s server does very little during a transition phase, despite the Guccifer hack threat.

At the end of Clinton’s tenure of secretary of state in February 2013, her private server is still being managed by Bryan Pagliano and Justin Cooper, with Pagliano doing most of the technical work and Cooper doing most of the customer service work. The management of the server will be taken over by the Platte River Networks (PRN) computer company in June 2013. It seems possible that the server is not as actively managed in the months in between.

Justin Cooper testifies to the House Oversight and Government Affairs Committee. (Credit: Alex Wong / Getty Images)

Justin Cooper testifies to the House Oversight and Government Affairs Committee on September 13, 2016. (Credit: Alex Wong / Getty Images)

In September 2016, Cooper will be questioned by a Congressional committee. Representative Jason Chaffetz (R) will ask him, “[Y]ou stepped back from the day-to-day activities with the Clintons about the time of the transition, is that correct? As she left office?”

He will reply, ‘Yes.”

When asked about his knowledge of what happened to server security after the hacker known as Guccifer broke into the email account of a Clinton confidant and publicly exposed Clinton’s email address on the server in March 2013, Cooper will reply, “At that point in time I was transitioning out of any role or responsibility with the server as various teams were selecting Platte River Networks to take over the email services and I don’t know that I had any sort of direct response.”

Additionally, when Cooper will be asked about his contact with PRN, he will say, “My interaction was handing over user names and passwords and that was the totality of the interaction I’ve had. I’ve never had interaction with them.” (US Congress, 9/13/2016)

It is not known if Pagliano similarly cuts down his involvement with managing the server during this time, since he has refused to publicly comment about his experiences. The FBI has mentioned nothing about the management of Pagliano or Cooper during this time period. (Federal Bureau of Investigation, 9/2/2016)

February 13, 2013: Clinton’s deputy chief of staff Huma Abedin signs a pledge that she has given all of her work-related documents back to the State Department, but she didn’t.

Huma Abedin on her cell phone in Londonderry, New Hampshire, on January 3, 2016. (Credit: Rick Friedman / Corbis)

Huma Abedin on her cell phone in Londonderry, New Hampshire, on January 3, 2016. (Credit: Rick Friedman / Corbis)

All State Department officials are required to sign the “separation statement” when they leave the department, known as the OF-109 form. However, Abedin has a private email address (huma@clintonemail.com) on the same private server that Clinton does, and when she leaves the department in February 2013 she does not turn over any of her emails from it, including work-related emails.

Her emails will not be handed over until a couple of years later, after various lawsuits and investigations. In signing the form, Abedin acknowledges she could be subject to “criminal penalties” for lying on the document.

The Hill will later report, “It’s unclear whether Abedin would be subject to prosecution, given the unusual nature of Clinton’s private email setup.” (The Hill, 11/13/2015) (US Department of State, 9/11/2015)

Spring 2013: A back-up of all of Clinton’s emails are put onto a laptop and then forgotten about.

Monica Hanley (Credit: Bolton-St. Johns)

Monica Hanley (Credit: Bolton-St. Johns)

In the spring of 2013, Clinton aide Monica Hanley works with Bill Clinton aide Justin Cooper to create an archive of Clinton’s emails. Clinton aide Huma Abedin will later tell the FBI that the archive was created as a reference for the future production of a book. Whereas Hanley will later tell the FBI that the archive was created as a security precaution after Clinton confidant Sid Blumenthal had his email account broken into on March 14, 2013, publicly exposing Clinton’s email address.

Cooper gives Hanley an Apple MacBook laptop from the Clinton Foundation and helps her through the process of remotely transferring Clinton’s emails from Clinton’s server to the laptop and a thumb drive. These two copies of the Clinton emails are intended to be stored in Clinton’s houses in Chappaqua, New York, and Whitehaven, Washington, DC. However, Hanley will tell the FBI that this doesn’t happen because she forgets to give the laptop and the thumb drive to Clinton’s staff.

Nearly a full year will pass before Hanley finds the laptop again. She will send it though the mail, only to apparently have it get permanently lost somehow. It is unclear what happens to the thumb drive, but it will not be seen again either. (Federal Bureau of Investigation, 9/2/2016)

March 2013 or After: Cheryl Mills is re-hired to be one of Clinton’s personal lawyers.

Before Clinton was secretary of state, Mills was one of Clinton’s lawyers for several years. For the four years Clinton was secretary of state, from January 2009 to February 2013, Mills was Clinton’s chief of staff as well as her counselor. However, in a May 2016 court deposition, she will clarify that “the counselor role at the State Department is not a lawyer role. The counselor role at the State Department is actually a policy role.” During the deposition, Mills’ lawyer Beth Wilkinson also clarifies that Mills “wasn’t acting as a lawyer at the State Department.”

However, after Clinton’s tenure ends in February 2013, Mills is hired again as one of Clinton’s personal lawyers. (Clinton’s main personal lawyer for decades has been David Kendall.) In her deposition, Mills will fail to remember when she is hired again, except to say it was “post February of 2013.”

She will be working as one of Clinton’s lawyers in late 2014 when she, Kendall, and another lawyer will sort through Clinton’s emails and delete 31,830 of them. (Judicial Watch, 5/31/2016)

March 14, 2013: Guccifer accesses the email account of Clinton confidant Sid Blumenthal.

This is one of four Clinton-Blumenthal emails that Guccifer makes public in full, all printed in pink and with a large "G" for "Guccifer" added. Because it was sent on February 16, 2013, two weeks after Clinton's term as secretary of state ended, it has not been released elsewhere. It describes intelligence that prominent Saudis helped fund the 2012 Benghazi terrorist attack.

This is one of four Clinton-Blumenthal emails that Guccifer makes public in full, all printed in pink and with a large “G” for “Guccifer” added. Because it was sent on February 16, 2013, two weeks after Clinton’s term as secretary of state ended, it has not been released elsewhere. It describes intelligence that prominent Saudis helped fund the 2012 Benghazi terrorist attack.

Guccifer, an unemployed Romanian whose real name is Marcel-Lehel Lazar, breaks into the AmericaOnline (AOL) email account of Blumenthal. Guccifer does not have typical hacking skills but instead attempts to guess passwords and answers security questions. In recent months, he broke into the accounts of famous people, or the friends and family of famous people, including those of former secretary of state Colin Powell and former US president George W. Bush.

He takes screenshots of the text of emails of Clinton and Blumenthal discussing sensitive foreign policy issues during her time as secretary of state. He also takes a screenshot of Blumenthal’s inbox showing a list of the latest emails sent from Clinton.

In the next few days, the screenshots are made public, and for the first time, Clinton’s private email address hdr22@clintonemail.com is revealed to the world. (USA Today, 3/22/2013) (The Smoking Gun, 3/3/2015)

March 15, 2013—March 21, 2013: Clinton’s private server is repeatedly scanned from Russia shortly after Guccifer’s hack revealed her server domain.

On March 14, 2013, the Romanian hacker known as Guccifer broke into the email account of Clinton confidant Sid Blumenthal and learned Clinton’s private email address and thus her clintonemail.com server domain.

A September 2016 FBI report will reveal that “An examination of log files [of Clinton’s server] from March 2013 indicated that IP addresses from Russia and Ukraine attempted to scan the server on March 15, 2013, the day after the Blumenthal compromise, and on March 19 and March 21, 2013. However, none of these attempts were successful, and it could not be determined whether this activity was attributable to [Guccifer].” (Federal Bureau of Investigation, 9/2/2016)

Shortly after March 15, 2013: Cheryl Mills expresses concerns to Bryan Pagliano about the security of Clinton’s private email server after the Guccifer hack.

On March 14, 2013, the Romanian hacker nicknamed Guccifer broke into the email account of Clinton confidant Sid Blumenthal and made Clinton’s private email address public. Cheryl Mills was Clinton’s chief of staff until January 2013, when both she and Clinton left the State Department. But Mills continues to assist Clinton, and in August 2016 she will mention in written answers to a Freedom of Information Act (FOIA) lawsuit that she was concerned at this time how the Guccifer hack could impact the running of Clinton’s private email server.

She says she discussed the issue with Bryan Pagliano, Clinton’s computer technician “in or around March 2013, when the email account of Sidney Blumenthal was compromised by a hacker known as Guccifer. As I recall, these discussions involved whether this event might affect Secretary Clinton’s email.”

Clinton changed her email address several days after the Guccifer hack was discovered. However, the server continued to operate and her new email address was also hosted on the same server. It is still unknown whether Pagliano or anyone else took any other security steps in response to the hack. (Politico, 8/10/2016)

March 20, 2013: Gawker publishes an article that reveals Clinton’s use of a private email address and notes it “could be a major security breach.”

The article notes that the hacker nicknamed Guccifer broke into the email account of Clinton confidant Sid Blumenthal. “[W]hy was Clinton apparently receiving emails at a non-governmental email account? The address Blumenthal was writing to was hosted at the domain ‘clintonemail.com’, which is privately registered via Network Solutions. It is most certainly not a governmental account. […] And there seems to be little reason to use a different account other than an attempt to shield her communications with Blumenthal from the prying eyes of FOIA [Freedom of Information Act] requesters.

Neither the State Department nor the White House would immediately comment on whether the White House knew that Blumenthal was digitally whispering in Clinton’s ear, or if the emails were preserved as the law requires. And if, as it appears, Blumenthal’s emails contained information that was classified, or ought to have been treated as such, it could be a major security breach for Clinton to have allowed it to be sent to her on an open account, rather than through networks the government has specifically established for the transmission of classified material.” (Gawker, 3/20/2013)

Late March 2013 or After: Emails between Clinton and Blumenthal are requested, but the State Department will fail to turn them over.

Gawker files a Freedom of Information Act (FOIA) request seeking all emails between Clinton and her confidant Sid Blumenthal. Due to the revelation of Clinton’s exact email address by the hacker nicknamed Guccifer in March 2013, the request specifies that address along with Blumenthal’s AOL [America Online] address.

However, even though some emails between Clinton and Blumenthal had been made public by Guccifer, the State Department eventually tells Gawker it could find no records responsive to the request. The exact timing of the request and the reply is not clear. (The New York Times, 3/3/2015) (Gawker, 3/3/2015)

May 3, 2013: In a public speech, Under Secretary of State for Political Affairs Wendy Sherman says Clinton conducts diplomacy on her unsecure BlackBerry.

Wendy Sherman giving a speech on May 3, 2013. (Credit: public domain)

Wendy Sherman giving a speech on May 3, 2013. (Credit: public domain)

Sherman says that technology “has changed the way diplomacy is done. […] Things appear on your BlackBerrys that would never be on an unclassified system, but you’re out traveling, you’re trying to negotiate something, you want to communicate with people – it’s the fastest way to do it.” She recalls the 2011 United Nations General Assembly, during which Clinton and European diplomat Catherine Ashton negotiated. “They sat there as they were having the meeting with their BlackBerrys transferring language back and forth between them and between their aides to multitask in quite a new fashion.”

The Hill will later note that Sherman’s comments “suggest that diplomats across the [State Department] routinely declined to use special protections for classified information to prioritize convenience.” (The Hill, 1/26/2016) 

Former NSA counterintelligence officer John Schindler will later make the general observation, “The State Department has a longstanding reputation for being less than serious about security, and its communications have often wound up in foreign hands. It’s something of a tradition at [State Department headquarters], to the chagrin of the Intelligence Community…” (The New York Observer, 1/28/2016)

May 10, 2013: The State Department responds to a FOIA request that there is no evidence of a Clinton email address when there clearly is.

On December 6, 2012, the non-profit group Citizens for Responsibility and Ethics in Washington (CREW) filed a Freedom of Information Act (FOIA) request, asking for records that show the number of Clinton’s email accounts.

Anne Weismann (Credit: public domain)

Anne Weismann (Credit: public domain)

On this day, State Department official Sheryl Walter sends a response letter to CREW’s chief counsel Anne Weismann that states “no records responsive to your request were located.” No details or reasons are given. (US Department of State, 8/29/2016)

In fact, Clinton’s chief of staff Cheryl Mills was informed about this FOIA request while Clinton was still secretary of state, and she knew Clinton’s private email address was responsive to the request, but she took no action and merely had another official monitor the progress of the request. Clinton may have been sent an email about it as well.

Also, in the months since the FOIA request was made, Clinton’s exact email address was revealed to the media, due to the Guccifer hack of a Clinton associate in March 2013. But the department’s “no response” reply would mean she used no email address for work.

Steve Linick, the State Department’s inspector general, will conclude in a 2016 report that the State Department gave an “inaccurate and incomplete” response about Clinton’s email use in this case and in other similar cases. (The Washington Post, 3/27/2016) (The Washington Post, 1/6/2016)

May 21, 2013—February 12, 2014: Clinton’s emails are not searched in response to a relevant FOIA request.

On May 21, 2013, Judicial Watch files a Freedom of Information Act (FOIA) request relating to Clinton aide Huma Abedin and the six-month time period starting in 2012 when she held three outside jobs in addition to being Clinton’s deputy chief of staff. Part of the request is for communications about this matter from Clinton and Abedin.

State Department official Jonathon Wasser is asked to search for relevant records on October 1, 2013. He searches several department databases in November 2013, but does not check for emails from Abedin’s government email account or her private account, or Clinton’s private account. As a result, the official response given to Judicial Watch on February 12, 2014, contains only eight documents, and none of them are emails. Thus, Clinton’s exclusive use of a private email account will remain a secret.

It will later be revealed that department officials at the time generally did not search for emails even when a FOIA request asked for that type of communication.

In 2015, after Clinton’s email scandal becomes public, the department will finally search for and find emails from both Clinton and Abedin responsive to the FOIA request. (Politico, 6/9/2016(Judicial Watch, 6/8/2016)

May 31, 2013: Clinton hires the Colorado-based Platte River Networks to maintain her email server.

The Denver, Colorado, apartment building where Platte River was based until mid-2015. (Credit: Matthew Jones / The Daily Mail)

The Denver, Colorado, apartment building where Platte River was based until mid-2015. (Credit: Matthew Jones / The Daily Mail)

Platte River Networks (PRN) will begin managing the server in early June, with the management of Clinton’s aides Bryan Pagliano and Justin Cooper being phased out as a result. But the Service Level Agreement won’t be signed until July 18, 2013.

The original server is disconnected and shipped from Clinton’s house in Chappaqua, New York, to a data center in New Jersey. (Federal Bureau of Investigation, 9/2/2016) (The Associated Press, 10/7/2015) (McClatchy Newspapers, 10/6/2015)

This takes place three months after the hacker nicknamed Guccifer made public Clinton’s exact email address. However, the process of choosing the company began in January 2013, prior to the Guccifer hack, suggesting the change was at least partially due to Clinton’s time as secretary of state coming to an end in February 2013 instead. (The Washington Post, 9/5/2015)

Platte River will soon relocate Clinton’s server to New Jersey, then replace it with a new server, while keeping the old server running.

May 31, 2013—June 2013: A device is bought to make back-ups of Clinton’s private server, but a Clinton company makes clear it doesn’t want any back-up data stored remotely.

130531austinmcchorderiktraufmannhearstctmedia1

Datto Cloud engineer Charles Lundblad (left) chats with CEO and founder of Datto, Austin McChord, at the firm’s Norwalk, CT headquarters. (Credit: Erik Traufmann / Hearst Connecticut Media)

On May 31, 2013, Platte River Networks (PRN) takes over management of Clinton’s private server. On the same day, PRN buys a Datto SIRIS S2000 data storage device, which is made by Datto, Inc. Over the next month, this is attached to Clinton’s server to provide periodic back-up copies of the data on the server. PRN sends a bill for the device to Clinton Executive Service Corp. (CESC), which is a Clinton family company.

CESC employees work with PRN employees on how the Datto device is configured. Datto offers a local back-up and a remote back-up using the Internet “cloud.” CESC asks for a local back-up and specifically requests that no data be stored in the Internet cloud at any time.

However, due to an apparent misunderstanding, back-up copies of the server will be periodically made both locally and in the cloud. This will only be discovered by PRN as a whole in August 2015. (US Congress, 9/12/2016)

However, despite internal PRN emails from August 2015 indicating many PRN employees didn’t know about the Datto cloud back-up until that time, the FBI will later find evidence that an unknown PRN employee deleted data from the cloud back-up in March 2015, meaning that at least one PRN employee had to have known about the cloud back-up by that time.

Early June 2013—Early July 2013: Clinton’s server is relocated and then replaced by a new server, but the old server keeps running.

After Platte River Networks (PRN) is selected to manage Clinton’s private email server on May 31, 2013, the company decides to immediately relocate the server and then also replace it with a better one.

130601PlatteRiverFoundersPlatteRiverNetworks

The founders of Platte River Network: Brent Allshouse (left) and Treve Suavo (right). (Credit: Platte River Networks)

PRN assigns two employees to manage the new server (which will be the third server used by Clinton). The FBI will later redact the names of these two employees, but it is known that one of them works remotely from his home in some unnamed town and will handle the day-to-day administration of the server, and the other one works at PRN’s headquarters in Denver, Colorado, and handles all hardware installation and any required physical maintenance of the server. Media reports will later name the two employees as Paul Combetta, who works from Rhode Island, and Bill Thornton.

The employee at PRN’s headquarters (who logically would be Thorton) works with Clinton’s computer technician Bryan Pagliano to help with the transition. Around June 4, 2013, this person is granted administrator access to the server, as well as any accompanying services.

130601EquinixLogo

Equinix Logo (Credit: public domain)

On June 23, 2013, this person travels to Clinton’s house in Chappaqua, New York, shuts down the server, and transports it to a data center in Secaucus, New Jersey, run by Equinix, Inc. This older server will stay at the Equinix facility until it is given to the FBI on October 3, 2015.

The PRN headquarters employee (still likely to be Thornton) turns the old server back on in the Equinix data center so users can continue to access their email accounts. Then he spends a few days there setting up a new server. When he leaves, all the physical equipment for the new server is successfully installed except for an intrusion detection device, which Equinix installs later, once it gets shipped.

Meanwhile, the PRN employee who works remotely (Combetta) does his remote work to get the new server online. Around June 30, 2013, this employee begins to transfer all the email accounts from the old server to the new one. After several days, all email accounts hosted on the presidentclinton.com, wjcoffice.com, and clintonemail.com domains are transferred. However, PRN keeps the old server online at the Equinix data center along with the new server to ensure email continues to be delivered. But the old server no longer hosts email services for the Clintons.

According to an FBI report made public in September 2016, “The new Clinton email server hosted email for [Hillary] Clinton, President Clinton, [redacted], and their respective staffs.”

130601DellPowerEdgeR620

The Dell PowerEdge R620 (Credit: public domain)

This same FBI report will explain that the new server consists of the following equipment: “a Dell PowerEdge R620 server hosting four virtual machines, including four separate virtual machines for Microsoft Exchange email hosting, a BES for the management of BlackBerry devices, a domain controller to authenticate password requests, and an administrative server to manage the other three virtual machines, a Datto SfRlS 2000 to store onsite and remote backups of the server system, a CloudJacket device for intrusion prevention, two Dell switches, and two Fortinet Fortigate 80C firewalls.” (Federal Bureau of Investigation, 9/2/2016)

The FBI report will not make entirely clear what happens to the data on the old server. But a September 2015 Washington Post article will assert that after PRN moved all the data onto a new server, everything on the original server was deleted until it is “blank.” However, it was not wiped, which means having the old files overwritten several times with new data until they can never be recovered. (The Washington Post, 9/12/2015)

Early June 2013: State Department officials discover Clinton’s personal email address and then fail in their legal obligation to share her emails with others.

Heather Higginbottom (Credit: public domain)

Heather Higginbottom (Credit: public domain)

State Department staff reviewing material to possibly give to Congressional committees examining the September 2012 Benghazi terrorist attack discover emails sent by former Clinton aide Jake Sullivan to a personal email address belonging to Clinton.

In ensuing weeks, senior department officials discuss if the Federal Records Act (FRA) requires the department to turn over emails from such personal accounts. In fact, the act does require emails to be turned over if they are work-related. However, an internal investigation will later determine that the department does not notify the National Archives and Records Administration (NARA) of a potential loss of records at any point in time. Furthermore, none of Clinton’s emails are given to any Congressional committee in 2013, nor are they provided in response to any Freedom of Information Act (FOIA) requests that year.

According to department official Heather Higginbottom, Secretary of State John Kerry is not a part of these discussions or decisions. (US Department of State, 5/25/2016) 

Around this debate period, on August 7, 2013, department officials find 17 FOIA requests relating to Clinton in their records, with some of them specifically requesting Clinton emails. But none of the requesters are told about any of Clinton’s emails  apparently due to the result of this debate.

Clinton’s personal email address will be rediscovered in May 2014 after a document request from the new House Benghazi Committee.

June 6, 2013: Chinese government hacker attacks on US government targets have steadily increased since 2008.

Shawn Henry (Credit: public domain)

Shawn Henry (Credit: public domain)

In the summer of 2008, the presidential campaigns of Barack Obama and John McCain had their computers successfully breached by hackers apparently working for the Chinese government. According to NBC News, “US officials say that Chinese intrusions have escalated in the years since, involving repeated attacks on US government agencies, political campaigns, corporations, law firms, and defense contractors—including the theft of national security secrets and hundreds of billions of dollars in intellectual property.”

Shawn Henry headed up the FBI’s investigation of the 2008 attacks and now is president of the computer security company CrowdStrike. He says there’s “little doubt” the Chinese government has an aggressive electronic espionage program targeting the US government and the commercial sector. “There’s been successful exfiltration of data from government agencies (by the Chinese) up and down Pennsylvania Avenue.” (NBC News, 6/6/2013)

June 21, 2013: President Obama nominates James Comey to be the next director of the FBI; Comey starts a ten-year term.

James Comey is sworn in as FBI director by Attorney General Eric Holder on September 4, 2013. (Credit: FBI Archives)

James Comey is sworn in as FBI director by Attorney General Eric Holder on September 4, 2013. (Credit: FBI Archives)

While announcing the nomination, Obama comments, “To know Jim Comey is also to know his fierce independence and his deep integrity. […] [H]e doesn’t care about politics, he only cares about getting the job done. At key moments, when it’s mattered most, he [stood] up for what he believed was right. He was prepared to give up a job he loved rather than be part of something he felt was fundamentally wrong.”

Comey had been the deputy attorney general during the Bush administration. Obama’s comment about giving up a job is reference to a 2004 incident where Comey (and others) threatened to resign unless President Bush canceled a surveillance program before its legal authorization expired. Bush gave in and canceled the program. (The White House, 6/21/2013) 

Comey is approved by the Senate later in June and starts his ten-year term as FBI director on September 4, 2013. (Federal Bureau of Investigation, 9/4/2013) Comey will later be in charge of the FBI when it investigates Clinton’s email scandal.

June 24, 2013—August 2015: Another company stores the contents of Clinton’s email server on a cloud storage system; this could help the FBI recover deleted emails.

The Datto, Inc. office in Rochester, New York. (Credit: The New York Times)

The Datto, Inc. office in Rochester, New York. (Credit: The New York Times)

Shortly after taking over management of Clinton’s private email server, Platte River Networks (PRN) buys a device called the Datto SIRIS S2000 from another company called Datto, Inc. that frequently makes copies of all the server’s contents. They use this device on a copy of Clinton’s server, which has been moved to a data storage facility in New Jersey. Then, apparently without PRN asking or paying for it, or even being aware of it, Datto stores those copies of the server’s contents on a “cloud” storage system elsewhere. (McClatchy Newspapers, 10/6/2015)

A September 2016 FBI report will explain, “At the Clintons’ request, PRN only intended that the backup device store local copies of the backups. However, in August 2015, Datto informed PRN that, due to a technical oversight, [Clinton’s] server was also backing up the server to Datto’s secure cloud storage. After this notification, PRN instructed Datto to discontinue the secure cloud backups.”

The FBI report will also reveal that the first Datto back-up takes place on June 24, 2013. But a new server is still being set-up and data being transferred from the old server, so the June 29, 2013 back-up will later prove most useful to FBI investigators. the FBI will say the back-ups will stop on December 23, 2013, but it isn’t explained why. (Federal Bureau of Investigation, 9/2/2016)

In 2015, an unnamed source familiar with Datto’s account will say that PRN was billed for “private cloud” storage, and since PRN didn’t have a cloud storage node of its own, the data bounced to Datto’s cloud. This source says that even though nobody seemed to realize it, Datto was “managing the off-site storage throughout.”

When asked if the FBI might recover Clinton’s deleted emails from Datto’s storage, the source will say, “People don’t use Datto’s service for getting rid of data.” Apparently, the FBI will ask for and get the contents of Datto’s storage in September 2015. (McClatchy Newspapers, 10/6/2015)

Senator Ron Johnson (R), who will write a letter to Datto in late 2015 seeking more information, will say that “questions still remain as to whether Datto actually transferred the data from its off-site data center to the on-site server, what data was backed up, and whether Datto wiped the data after it was transferred.” It is also unknown if Datto employees have security clearances allowing them to view classified information. (CNN, 10/8/2015) 

A Datto official will later say that investigators may be able to recover Clinton’s deleted emails if the data was on the server at the time Datto’s service was first used in 2013. (The Washington Post, 10/7/2015)

The FBI will later confirm that Datto back-ups to the cloud will occur, but it isn’t clear if the FBI recovered any emails from this that they didn’t find through other means. It also isn’t clear if the June 29, 2013 back-up that the FBI finds useful is from the Datto SIRIS S2000, the cloud, or both. (Federal Bureau of Investigation, 9/2/2016)

Also, despite internal PRN emails from August 2015 indicating many PRN employees didn’t know about the Datto cloud back-up until that time, by November 2015, the FBI will find evidence that an unknown PRN employee deleted data from the cloud back-up in March 2015.

June 29, 2013: Some of Clinton’s emails are later recovered due to a back-up of computer files made on this date.

130629DattoSIRISS2000Datto

The Datto SIRIS S2000 (Credit: Datto, Inc.)

In June 2013, Platte River Networks (PRN) takes over management of Clinton’s server. Late in the month, they replace the server with a new one and then transfer the data to it. They subcontract with the company Datto, Inc. and purchase a device called the Datto SIRIS S2000 to make periodic back-ups of all the data on the new server. The first such back-up takes place on June 24, 2013.

But data is still being transferred from the old server to the new one. The June 29, 2013 back-up will later prove to be the most important one for FBI investigators, as it apparently is the first one after the data transfer is completed. From that point onwards, emails from Clinton’s four years as secretary of state are likely to only get lost from the server, not added.

The FBI will later report that all of Clinton’s emails at the start of Clinton’s tenure as secretary of state, from January 23, 2009 to March 17, 2009 were missing from the over 30,000 emails Clinton handed over. But the FBI’s Clinton investigation recovered some these emails because they were “captured through a Datto backup on June 29, 2013. However, the emails obtained are likely only a subset of the emails sent or received by Clinton during this time period.”

Clinton’s first server was replaced around March 18, 2009 by the same server that PRN then decided to replace in June 2013. But presumably some of the emails on the first server were transferred to the second server, from instance by being in email inboxes, and then were transferred again by PRN to the newest (and third) server.

One thing that isn’t clear is how many of the emails from after March 18, 2009 were recovered by the FBI. It also isn’t clear if the FBI recovered emails from a Datto device attached to the new server, or if it was from a copy of the data that Datto kept in the “cloud,” over the Internet. (Federal Bureau of Investigation, 9/2/2016)

Late June 2013—October 2013: During this time, it appears that Clinton’s private server is wide open to hacking attempts.

On May 31, 2013, maintenance of the server was taken over by a small Colorado-based company called Platte River Networks (PRN), and the server is sent to a data center in New Jersey. PRN then pays to use threat monitoring software called CloudJacket SMB made by a company named SECNAP. SECNAP claims the software can foil “even the most determined hackers.”

Around June 30, 2013, PRN transfers all the email accounts from the old server to the new one. However, the new software doesn’t begin working until October 2013, apparently leaving the server vulnerable. It is known that the server is repeatedly attacked by hackers in the months from October 2013 on, but it is unknown if any attacks occur when the software is not yet installed. (The Associated Press, 10/7/2015) 

An FBI report will later obliquely confirm this by mentioning that when the new server is set up in June 2013, all the hardware is built up at the time, except for an “intrusion detection device” which has to be added later after it gets shipped to the server location. (Federal Bureau of Investigation, 9/2/2016)

Justin Harvey (Credit: Third Certainty)

Justin Harvey (Credit: Third Certainty)

Justin Harvey, chief security officer of a cybersecurity company, will later comment that Clinton “essentially circumvented millions of dollars’ worth of cybersecurity investment that the federal government puts within the State Department. […] She wouldn’t have had the infrastructure to detect or respond to cyber attacks from a nation-state. Those attacks are incredibly sophisticated, and very hard to detect and contain. And if you have a private server, it’s very likely that you would be compromised.” (The Associated Press, 10/7/2015) 

In March 2013, a Romanian hacker nicknamed Guccifer discovered Clinton’s private email address and the exact address was published in the media, which would have left the server especially vulnerable in the months after.

Around July 2013: Clinton’s emails still are not encrypted.

According to an unnamed Platte River Networks (PRN) employee, Clinton’s server has encryption protection to combat hackers, but the individual emails have not been protected with encryption. With PRN taking over management of the server in June 2013, this employee will later tell the FBI that “the Clintons originally requested that email on [Clinton’s] server be encrypted such that no one but the users could read the content. However, PRN ultimately did not configure the email settings this way, to allow system administrators to troubleshoot problems occurring within user accounts.” (Federal Bureau of Investigation, 9/2/2016)

July 2013: Clinton’s private server is reconfigured to use a commercial email provider.

The MX Logic logo (Credit: MX Logic)

The MX Logic logo (Credit: MX Logic)

The Colorado-based provider, MX Logic, is owned by McAfee Inc., a top Internet security company. This comes one month after Clinton hired the Colorado-based Platte River Networks to maintain her email server, and four months after a hacker named Guccifer publicly exposed Clinton’s private email address for the first time. (The Associated Press, 3/4/2015) 

Computer security expert Matt Devost will later comment: “The timing makes sense. When she left office and was no longer worried as much about control over her emails, she moved to a system that was easier to administer.” (Bloomberg News, 3/4/2015)

August 7, 2013: State Department officials find 17 FOIA requests relating to Clinton’s emails at the time the department found her email address, but none of the requesters are told about the emails.

Sheryl Walter (Credit: Facebook)

Sheryl Walter (Credit: Facebook)

In December 2012, the non-profit group Citizens for Responsibility and Ethics in Washington (CREW) filed a Freedom of Information Act (FOIA) request, asking for records that show the number of Clinton’s email accounts. (US Department of State, 7/29/2016) But in May 2013, State Department official Sheryl Walter sent a response letter to CREW that stated “no records responsive to your request were located.” US Department of State, 8/29/2016)

In early June 2013, some State Department officials looking over material to possibly give to a Congressional investigation discovered Clinton’s private email address. Then, in the ensuing weeks, senior department officials debated if they were required to turn over such information. In fact, regulations state they are required to do so, but they ultimately fail to share the address with anyone anyway. (US Department of State, 5/25/2016)

During this apparent debate period, on August 7, 2013, employees of the department’s FOIA response team search for FOIA requests related to Clinton’s emails.

Geoff Hermesman (Credit: LinkedIn)

Geoff Hermesman (Credit: LinkedIn)

Margaret Grafeld mentions in an email to John Hackett, Sheryl Walter, Karen Finnegan, Geoff Hermesman, and two other department officials, “John, you mentioned yesterday requests for Secretary Clinton’s emails; may I get copies, pls [please] and thx [thanks].”

Sheryl Walter replies to the group, “Goeff, can you get a copy of all requests related to this request? Karen, I don’t think we have any litigation on this topic, do we? Did we respond to the CREW request yet?” (Walter actually was the one who wrote CREW in May 2013 that no emails had been found.)

Geoff Hermesman then replies to Sheryl Walter and the group, “Sheryl, A search of the F2 database identified 17 FOIA cases that contain Clinton in the subject line and can be further construed as requests for correspondence between the Secretary and other individuals and/or organizations. Of these, four specifically mention emails or email accounts.” He also mentions that two of those four cases are open and the other two are closed.

Gene Smilansky (Credit: New York Times)

Gene Smilansky (Credit: New York Times)

Walter then emails just Karen Finnegan and Gene Smilansky, “What about the CREW request? Is that still outstanding?”

Finnegan explains in subsequent emails to Walter and Smilansky that CREW was sent a response, and then provides the exact quote of the CREW request.

Smilansky, who is a department lawyer and legal counsel, then asks Walter and Finnegan to discuss it with him over the phone, so that is the end of the email trail. (US Department of State, 8/29/2016)

There is no evidence any of the 17 FOIA requesters are told about Clinton emails that are responsive to their cases, presumably due to the above-mentioned higher-level department debate. Only in the later half of 2014 will the department change this policy, after a new Congressional committee search for documents.

September 30, 2013: The State Department finally gets a new permanent inspector general.

Steve Linick is sworn in as inspector general by Secretary of State John Kerry on October 29, 2003. (Credit: US Department of State)

Steve Linick is sworn in as inspector general by Secretary of State John Kerry on October 29, 2003. (Credit: US Department of State)

Steve Linick becomes the new inspector general of the department. From 2008 until this time, including the entire duration when Clinton was secretary of state, the department had only a temporary acting inspector general. The inspector general is the department’s chief watchdog and is responsible for detecting and investigating waste, fraud, abuse, and mismanagement. (US Department of State, 9/30/2013) (The Wall Street Journal, 3/24/2015)

October 2013: Clinton’s server gets anti-hacking protection after going several months without any.

The CloudJacket Logo (Credit: public domain)

The CloudJacket Logo (Credit: public domain)

From late June 2013 until October 2013, Platte River Networks (PRN) is managing the server, apparently without any anti-hacking software. In October 2013, the software they have been waiting for arrives and is installed. This is an intrusion detection and prevention system called CloudJacket from SECNAP Network Security.

According to a later FBI report, it “had pre-configured settings that blocked or blacklisted certain email traffic identified as potentially harmful and provided real-time monitoring, alerting, and incident response services. SECNAP personnel would receive notifications when certain activity on the network triggered an alert. These notifications were reviewed by SECNAP personnel and, at times, additional follow-up was conducted with PRN in order to ascertain whether specific activity on the network was normal or anomalous. Occasionally, SECNAP would send email notifications to [an unnamed PRN employee], prompting him to block certain IP addresses. [This employee] described these notifications as normal and did not recall any serious security incident or intrusion attempt.”

Additionally, “PRN also implemented two firewalls for additional protection of the network. [This PRN employee] stated that he put two firewalls in place for redundancy in case one went down.”

The FBI report will also conclude, “Forensic analysis of alert email records automatically generated by CloudJacket revealed multiple instances of potential malicious actors attempting to exploit vulnerabilities on the PRN Server. FBI determined none of the activity, however, was successful against the server.” (Federal Bureau of Investigation, 9/2/2016)

 

October 2013—February 2014: Clinton’s private email server is the subject of repeated attempted cyber attacks, originating from China, South Korea, and Germany.

The attempts are foiled due to threat monitoring software installed in October 2013. However, from June to October 2013, her server is not protected by this software, and there is no way of knowing if there are successful attacks during that time.

A 2014 email from an employee of SECNAP, the company that makes the threat monitoring software, describes four attacks. But investigators will later find evidence of a fifth attack from around this time. Three are linked to China, one to South Korea, and one to Germany. It is not known if foreign governments are involved or how sophisticated the attacks are.

Clinton had ended her term as secretary of state in February 2013, but more than 60,000 of her emails remained on her server. (The Associated Press, 10/7/2015) 

In March 2013, a Romanian hacker nicknamed Guccifer discovered Clinton’s private email address and the exact address was published in the media.

October 2, 2013: Three years after WikiLeaks leaked 250,000 State Department cables, the department’s communication system “is operating without basic technical security measures in place, despite warnings about its vulnerabilities…”

The SAIG Logo (Credit: public domain)

The SAIG Logo (Credit: public domain)

This is according to a BuzzFeed article. The system is known as SMART (the State Messaging and Archive Retrieval Toolset), and is used to share internal department documents, including the diplomatic cables made public by WikiLeaks. SMART is a two-tiered system, for both classified and unclassified information. SMART was launched in 2009, and the department has paid hundreds of millions of dollars to contractors for it, mostly to the company SAIC.

Unnamed sources “say the failures have left thousands of cables and messages, including highly sensitive and classified ones, vulnerable to espionage or leaks…” 

A former deputy program manager from one such contractor complains, “There is this attitude that security didn’t even come into the picture…I’m talking IT [information technology] security basics, standard fundamental things that a first-year admin would find.”

In 2012 and 2013, internal investigations revealed grave, unresolved security issues. “According to documents reviewed by BuzzFeed, several employees raised concerns starting from the beginning of the SMART rollout. They were told to not pursue the issue. Some were told, with stern overtones, that it wasn’t within their job descriptions to do so.” (Buzzfeed, 10/2/2013)

October 29, 2013: In a private speech, Clinton says she had to leave her phone and computer in a special box when traveling to China and Russia, but there is evidence she sent at least one email from Russia.

Clinton is greeted by Vice-Governor of St. Petersburg Oleg Markov as US Ambassador to Russia Michael McFaul looks on in St. Petersburg, Russia, on June 28, 2012.

Clinton is greeted by Vice-Governor of St. Petersburg Oleg Markov, as US Ambassador to Russia Michael McFaul looks on in St. Petersburg, Russia, on June 28, 2012. (Credit: public domain)

Clinton gives a private paid speech for Goldman Sachs, a financial services company. In it, she says, “[A]nybody who has ever traveled in other countries, some of which shall remain nameless, except for Russia and China, you know that you can’t bring your phones and your computers. And if you do, good luck. I mean, we would not only take the batteries out, we would leave the batteries and the devices on the plane in special boxes. Now, we didn’t do that because we thought it would be fun to tell somebody about. We did it because we knew that we were all targets and that we would be totally vulnerable.”

She will make similar comments in a private paid speech on August 28, 2014: “[E]very time I went to countries like China or Russia, I mean, we couldn’t take our computers, we couldn’t take our personal devices, we couldn’t take anything off the plane because they’re so good, they would penetrate them in a minute, less, a nanosecond. So we would take the batteries out, we’d leave them on the plane.”

The comments from both speeches will be flagged as potentially politically embarrassing by Tony Carrk, Clinton’s research director. Although the comments are made in private, Carrk’s January 2016 email mentioning the quotes will be made public by WikiLeaks in October 2016. (WikiLeaks, 10/7/2016)

Based on information from 2016 FBI interviews of Clinton and her aide Huma Abedin, it appears Clinton used her BlackBerry while still secretary of state to send an email to President Obama from St. Petersburg, Russia on June 28, 2012.

October 29, 2013: In a private speech, Clinton says that her department officials “were not even allowed to use mobile devices because of security issues.”

Clinton gives a private paid speech for Goldman Sachs, a financial services company. In it, she says, “[W]hen I got to the State Department, we were so far behind in technology, it was embarrassing. And, you know, people were not even allowed to use mobile devices because of security issues and cost issues, and we really had to try to push into the last part of the Twentieth Century in order to get people functioning in 2009 and ’10.

The comments will be flagged as potentially politically embarrassing by Tony Carrk, Clinton’s research director, due to Clinton’s daily use of a BlackBerry mobile device during the same time period. Although the comment is made in private, Carrk’s January 2016 email mentioning the quote will be made public by WikiLeaks in October 2016. (WikiLeaks, 10/7/2016)

October 29, 2013: In a private speech, Clinton asks why the computers of a fugitive whistleblower were not exploited by foreign countries “when my cell phone was going to be exploited.”

Clinton was keynote speaker at Goldman Sachs annual dinner that was hosted at the Clinton Global Initiative on September 23, 2013. (Credit: public domain)

Clinton was keynote speaker at Goldman Sachs annual dinner that was hosted at the Clinton Global Initiative on September 23, 2014. (Credit: public domain)

Clinton gives a private paid speech for Goldman Sachs, a financial services company. In it, she says, “[W]hat I think is true, despite [NSA fugitive whistleblower Edward] Snowden’s denials, is that if he actually showed up in Hong Kong [China] with computers and then showed up in Mexico with computers. Why are those computers not exploited when my cell phone was going to be exploited?” (Snowden was on the run from the US government and eventually settled in Russia earlier in 2013.)

The comments will be flagged as potentially politically embarrassing by Tony Carrk, Clinton’s research director, due to later revelations of Clinton’s poor security of her BlackBerry while Secretary of State. FBI Director James Comey will later call her “extremely careless.” Although the comment is made in private, Carrk’s January 2016 email mentioning the quote will be made public by WikiLeaks in October 2016. (WikiLeaks, 10/7/2016)