In May 2009, begins working for the State Department while continuing to be paid by Clinton for managing her private server. However, he does not list his outside income in the required personal financial disclosures he files each year. This continues until his full time department job ends in February 2013, the same month Clinton’s tenure as secretary of state ends. In early 2015, a State Department official will say that the department has “found no evidence that he ever informed the department that he had outside income.” (The Washington Post, 9/5/2015) To lie on such a financial disclosure form is a felony punishable by up to five years in prison. (US Legal Code, 2/24/2012)
During the time Bryan Pagliano works as a political employee in the State Department’s IT [information technology] division starting in May 2009, he continues to secretly manage Clinton’s private email server in her house. The Washington Post will later report, “Three of Pagliano’s supervisors… told investigators they had no idea that Clinton used the basement server or that Pagliano was moonlighting on it.” (The Washington Post, 3/27/2016) However, Pagliano’s two direct supervisors (who apparently are Susan Swart and Charlie Wisecarver) will later tell department investigators that while they were aware Pagliano provided computer assistance to Clinton’s 2008 presidential campaign, they didn’t know he was supporting her server during working hours. They will question how he could do so given that he was supposed to be working full-time for the department. (US Department of State, 5/25/2016) An unnamed colleague in Pagliano’s division will later similarly say that Pagliano’s immediate supervisors didn’t know Clinton’s private server even existed until it was revealed in news reports in 2015. In March 2016, the Reuters will report that both Clinton and the State Department continue to decline “to say who, if anyone, in the government was aware of the email arrangement.” (Reuters, 3/24/2016)
In August 2016, the New York Times will publish an article based on a claim by former Salon reporter Joe Conason about an incident that occurred at a dinner party in June 2009, during Clinton’s tenure as secretary of state. Conason will have recently interviewed Hillary Clinton for a book he is writing about Bill Clinton, and he may have heard about the incident through her.
The party is hosted by former Secretary of State Madeleine Albright, and several other former secretary of states are also in attendance: Colin Powell, Henry Kissinger, Condoleezza Rice, and William Christopher.
Conason will claim that, “Albright asked all of the former secretaries to offer one salient bit of counsel to the nation’s next top diplomat [Clinton]. Powell told her to use her own email, as he had done, except for classified communications, which he had sent and received via a State Department computer. Saying that his use of personal email had been transformative for the department, he thus confirmed a decision she had made months earlier — to keep her personal account and use it for most messages.” (New York Times, 08/18/16)
Clinton will also tell a similar story in her July 2016 FBI interview. NBC News journalist Andrea Mitchell will report, “Clinton told the FBI that former Secretary of State Colin Powell recommended on two occasions that she use a private email account for unclassified communication.”
Drawing from Conason’s original report, Mitchell will write, “Powell made the suggestions at a small dinner party shortly after Clinton took over at the State Department in 2009 and in an email exchange around the same time.” Two sources later confirm to NBC News that Clinton gave that account to investigators during her FBI interview. (NBC News, 08/19/2016)
In a January 2009 email, Powell warned her that should that become “public,” her emails would become “official record[s] and subject to the law.” “Be very careful. I got around it all by not saying much and not using systems that captured the data.”
Clinton said that Powell’s comments did not factor into her decision to use a personal email address. (Federal Bureau of Investigations (09/02/16)
However, Powell will later claim he doesn’t recall Albright even asking that question, but he does remember an email exchange with Clinton on January 23, 2009. Conason appears to be confusing the email with the dinner party.
Colin Powell’s emails will be hacked and released to the public September 13, 2016. The email leak will include an exchange between Powell and Rice on August 28, 2016. Powell will write, “I was [with] Maddy [Madeline Albright] the other evening and she doesn’t remember an email conversation or even asking us a question recently.”
Rice will write back, ” Yes — I’m sure it never came up.”
Thus, the alleged Albright question at her party, and Powell’s reply, may never have happened at all. Though Clinton will say it did, Albright, Rice, and Powell will say it did not.
Palau is a single island with a population of only 20,000. The lobbyist, Jeffrey Farrow, had worked on Clinton’s 2008 presidential campaign. But it’s not known how he got her new email address, which she started using after becoming secretary of state in January 2009.
Farrow begins emailing Clinton in June 2009, at a time when the US is deciding how much financial aid to give Palau, and while Palau becomes the first country to accept prisoners from the US military prison in Guantanamo, Cuba. Farrow talks about how Palau is going to take 17 Guantanamo prisoners and then suggests that US aid to the country is “far too low.” Clinton forwards the emails to her aide Jake Sullivan and asks him to “do some recon outreach and advise what, if anything, we should do.”
In an October 30, 2009 email, Farrow again asks for more US aid to Palau. Clinton forwards that email to Sullivan and other aides with the note, “As I have said repeatedly, I do not want to see Palau shortchanged.” In September 2010, the US announces a large multi-year aid package to Palau worth over $250 million. (Politico, 7/1/2015)
In a September 2010 email, Farrow praises Clinton and Sullivan for helping to get the aid package done, and jokingly promises Clinton a medal and a free vacation in Palau. (US Department of State, 9/30/2015) Farrow also forwards a thank you letter from Palau President Johnson Toribiong in April 2011, belying Clinton’s claim that she only ever had email contact with one foreign official, from Britain. (US Department of State, 10/30/2015) (US Department of State, 10/30/2015)
After Clinton’s chief of staff Cheryl Mills emails Clinton that White House official David Axelrod wants her email address so he can send her something, Clinton writes to Mills, “Can you send to him or do you want me to? Does he know I can’t look at it all day so he needs to contact me thru you or Huma [Abedin] or Lauren [Jiloty] during work hours.” (US Department of State, 6/30/2015)
In early 2009, Clinton turned down an offer to have a personal computer installed in her office so she could check her emails on it. In 2015, she will claim she only used a BlackBerry to check emails for “convenience.”
Clinton confidant and private citizen Sid Blumenthal sends Clinton an email with the subject heading, “My role, Germany, Iran, etc.” He writes: “I spoke with Doug Band yesterday, discussed things with him, and we will go from there. It would be helpful if you and I speak soon to define parameters of what projects I should pursue. We should discuss your speech to the Council, among other things.”
Band is a close personal aide to Hillary’s husband Bill Clinton, and also works at the Clinton Foundation. Blumenthal then writes about other matters relating to Germany and Iran. Clinton speaks at the Council on Foreign Relations (CFR) two weeks later. (US Department of State, 12/31/2015) (US Department of State, 6/30/2015)
In May 2015, Clinton will downplay the link between herself and Blumenthal when she was secretary of state, saying, “He sent me unsolicited emails which I passed on in some instances.” Blumenthal is paid a $120,000 yearly salary by the Clinton Foundation despite not doing any charity work there, but Clinton will deny that is compensation for his emailed intelligence reports. (Real Clear Politics, 5/20/2015)
An email is written by Shelby Smith-Wilson, an official in the State Department’s operations center. Parts of it will later be deemed “top secret,” then downgraded to “secret,” the medium classification level. The New York Times will later report, “Although that portion was entirely redacted, one government official familiar with the contents said it described a conference call among senior officials, including Mrs. Clinton, about the ballistic missile test that North Korea conducted that day in violation of United Nations Security Council resolutions.” Smith-Wilson’s initial email is addressed to “Dan,” possibly National Security Council official Dan Russel. It is titled “Summary of 1055 EDT DPRK Conference Call.” (“DPRK” stands for Democratic People’s Republic of [North] Korea.)
It is circulated amongst State Department officials, including Clinton aides Cheryl Mills, Huma Abedin, and Jake Sullivan. Abedin then forwards it to Clinton.
In 2015, the email will be included in a random sample of 40 Clinton emails reviewed by State Department Inspector General Steve Linick. He and Intelligence Community Inspector General Charles McCullough will deem parts of it “top secret.” The National Geospatial-Intelligence Agency will later concur, suggesting it contains intelligence from US spy satellites. But the State Department will disagree, and after months of dispute, in February 2016 the email will be downgraded to “secret,” with parts of it publicly released. Even then, this will be called a “provisional” decision, suggesting the dispute is on-going. (Politico, 2/29/2016) (US Department of State, 2/29/2016)
It is announced that the National Security Agency (NSA) will monitor the email traffic of 12 US government departments, including the State Department, in order to combat hacking. In a monitoring program called Einstein 3, telecommunication companies route data going to and from government networks through the NSA, which examine the traffic for any activity suggestive of an attack. (Wired Magazine, 7/8/2009)
In 2015, Wired Magazine will note that because Clinton used a private email server, her “email [didn’t] have the benefit of any of that expensive government security.” (Wired, 3/4/2015)
This is part of an email from her to her chief of staff Cheryl Mills. The context is hard to discern because much of the correspondence around it is redacted. However, it has something to do with a speech she will give about a food security initiative. (Politico, 2/29/2016)
Clinton confidant Sid Blumenthal sends an email to Clinton and Clinton’s chief of staff Cheryl Mills that is almost entirely later redacted. The subject heading is redacted, and the entire text of the two-page email is redacted except for two words: “Confidential,” and “From.”
However, the spacing of redacted lines indicates the name after the word “From” is redacted due to a code indicating that person secretly works for the DIA (Defense Intelligence Agency), NRO (National Reconnaissance Office), or NGA (National Geospatial-Intelligence Agency). The rest of the text is redacted due to that same code and a code regarding the violation of personal privacy.
Mills then replies to Blumenthal and Clinton, “Is it true that [redacted] would be nominated for Amb [Ambassador]? First I’ve heard about it is this email.” Clinton, Mills, and Blumenthal then send more brief emails to each other relating to a possible ambassador nomination for this person. (US Department of State, 2/26/2016) (US Department of State, 2/29/2016) (US Department of State, 2/29/2016)
Her previous email was: email@example.com, also known as firstname.lastname@example.org (AT&T and Cingular are the same company). When she became secretary of state in early 2009, she created a new email@example.com address on her private server and set up her emails from her old address to be forwarded to her new address. According to Clinton spokesperson Nick Merrill, she shuts down the old address around this time, with the last known email coming to that address on September 20, 2009. (Buzzfeed, 7/1/2015)
In June 2016, the Associated Press will finally gain access to some planning schedules from when Clinton was secretary of state. A comparison of these planning schedules with Clinton’s official calendar from that time will show that at least 60 meetings with Clinton’s donors and other outside interests were omitted. The Associated Press will give one specific example of a meeting on this day that is omitted from the calendar, even though the names of attendees to other meetings on the same day are not. Clinton meets with 13 major business leaders for a private breakfast discussion at the New York Stock Exchange:
- David M. Cote, CEO of Honeywell International Inc.;
- Fabrizio Freda, CEO of the Estee Companies Inc.;
- Lewis Frankfort, chair of Coach Inc.;
- Robert Kelly, CEO of the New York Bank of Mellon;
- Ellen Kullman, CEO of DuPont;
- Harold McGraw III, chair of McGraw Hill Companies;
- Duncan Niederauer, CEO of the New York Stock Exchange;
- Indra Nooyi, CEO of PepsiCo;
- Howard Schultz, CEO of Starbucks Corp;
- Steven Schwarzman, chair of the Blackstone Group;
- James Taiclet, chair of the American Tower Corp.;
- James Tisch, president of Loews Corp.; and
- John D. Wren, CEO of Omnicom Group.
All the companies represented except Coach Inc. lobby the US government in 2009. Four companies—Blackstone, Honeywell, Omnicom, and DuPont—lobby the State Department that year. All the companies except for American Tower and New York Bank of Mellon donate to the Clinton Foundation, and two attendees—Schwarzman and Frankfort—personally donate to the foundation. Four of the companies—PepsiCo, the Blackstone Group, DuPont, and Honeywell International Inc.—also donate to what the Associated Press calls “Clinton’s pet diplomatic project of that period,” the US pavilion at the 2010 Shanghai Expo. (The Associated Press, 6/24/2016)
Clinton’s deputy chief of staff Huma Abedin forwards an email to Clinton. The original email, written by State Department official Daniel B. Smith, is deemed by Smith “SENSITIVE BUT UNCLASSIFIED.” Smith writes a summary of a senior staff meeting that discussed embassy security. It starts, “Eric Boswell, representing Pat, reviewed two embassy security issues -“ Then the rest of a large block of text is later redacted. (US Department of State, 7/31/2015)
John Schindler, a former NSA counterterrorism official, will later write, “Embassy security information is something that is always considered classified, given the all-too-common attacks that befall American embassies and diplomats worldwide.” (John Schindler, 8/26/2015) Boswell, the head of the department’s Diplomatic Security Bureau, will be fired in 2012 for security lapses relating to the 2012 terrorist attack on the US consulate in Benghazi, Libya. (The Washington Post, 12/19/2012)
The US Code of federal regulations on handling electronic records is updated: “Agencies that allow employees to send and receive official electronic mail messages using a system not operated by the agency must ensure that Federal records sent or received on such systems are preserved in the appropriate agency recordkeeping system.” (The Washington Post, 3/10/2015)
In 2015, Jason Baron, former director of litigation at the National Archives and Records Administration (NARA), will comment that the rules get stricter in 2013. But even prior to that, “the use of a private [email] account was to be rare and occasional, and not to be the norm.” Using a private account “without using an official account is inconsistent with the Federal Records Act.” He adds, “To solely use a personal e-mail for four years [as Clinton did] is something that is highly unusual.” (Bloomberg News, 3/3/2015)
Clinton writes an email to former senator George J. Mitchell (D), who is the US Special Envoy for Middle East Peace at the time. The subject heading is “Phone call report.” The opening word “George-” will later be unredacted while the rest of about seven or eight lines of text written by Clinton will be redacted, due to containing “foreign government information” and “foreign relations or foreign activities of the United States, including confidential sources.”
The Washington Post will cite the email as a clear example where Clinton wrote and sent sensitive classified information instead of just receiving it, since it’s one of the first of its kind to be publicly released. (The Washington Post, 9/1/2015) (US Department of State, 10/30/2015)
Clinton writes an email to her deputy chief of staff Huma Abedin telling her to set up a conference call that will use Clinton’s home phone over the weekend. The call will be between Clinton, two assistant secretaries of state, and a US ambassador. Clinton writes, “As soon as I’m off call now. Tell ops to set it up now.” (US Department of State, 6/30/2015)
The Washington Times will later report on this email, “The coordination of secure communications on an insecure break with protocol would give foreign intelligence agencies an opportunity to learn about a call early, then target and intercept the call, US officials told the Times.” Clinton will do this on other occasions, including setting up a call the next day with Karl Eikenberry, US ambassador to Afghanistan. (The Washington Times, 9/1/2015)
On October 17, 2009, Clinton sends an email to her chief of staff Cheryl Mills and Jon Davidson, Bill Clinton’s deputy chief of staff. The subject heading is “Haiti,” and the full text is: “I’ve heard that both the PM [prime minister] and the finance minister will resign next week. I’m copying Jon so he can tell Bill.” (US Department of State, 6/30/2015)
The next day, Mills forwards a message from Kenneth Merten, the State Department’s special coordinator for Haiti, to Clinton and Davidson. The subject heading is “PML,” but most of the several lines of text will later be redacted except for the comment, “I’ll have more (most likely) tomorrow.” The redaction codes will indicate the message contains “foreign government information” and “foreign relations or foreign activities of the US, including confidential sources.” (US Department of State, 7/31/2015)
Haiti’s prime minister, Michèle Pierre-Louis, will be voted out of office on November 11, 2009. Davidson is not a government employee at the time and it is unknown if he has a security clearance.
Clinton’s chief of staff Cheryl Mills sends Clinton an email that mainly contains a document with the title “Talking Points for US Ambassador to India and the US Ambassador to Pakistan.” Mills also includes the comment, “You are getting separate points coming high side through [Clinton aide] Jake [Sullivan].” The “high side” is the nickname for sending information through a classified system.
However, the talking points sent by Mills will later be entirely redacted. Six different classification codes will be used to justify redacting all the text, including information that could “interfere with [law] enforcement proceedings,” “disclose confidential sources,” and “disclose investigation techniques.” There is no apparent email reply from Clinton. (US Department of State, 2/29/2016)
Blumenthal is a friend of Clinton’s and a Clinton Foundation employee, but he is a private citizen with no security clearance. Blumenthal asks Clinton in an email, “How did it go in Berlin? Looked terrific. What does Merkel think of the Blair option? Sid.” (“Merkel” presumably is a reference to Angela Merkel, the chancellor of Germany, and the “Blair option” is an Israel-Palestine peace proposal put forward by former British Prime Minister Tony Blair.) Two hours later, Clinton replies, “Berlin was terrific. Lots of good exchanges [with] leaders.” Then the next four and a half lines of Clinton’s reply are completely redacted in the version that will be made public in 2015. (US Department of State, 6/30/2015)
A 2009 executive order issued two months later states that US officials who negligently disclose classified information to unauthorized individuals are subject to any and all federal sanctions provided for by law. (White House, 12/29/2009)
Clinton confidant Sid Blumenthal sends Clinton an email with the subject heading “Re: Afghanistan strategy” that he marks “Confidential.”
The bulk of the email contains two documents written by others for Clinton. Blumenthal comments, “One is a memo from [redacted] who served in the counter-insurgency program in Vietnam with John Paul Vann.” The name of this person will later be redacted, and the redaction code indicates this person secretly works for the DIA (Defense Intelligence Agency), NRO (National Reconnaissance Office), or NGA (National Geospatial-Intelligence Agency).
The rest of the email is not redacted except when this person’s name is mentioned. (US Department of State, 12/31/2015)
Clinton responds the next day with the comment, “Thx [Thanks] so much for sending.” (US Department of State, 12/31/2015)
Clinton’s deputy chief of staff Huma Abedin forwards Clinton an email from Matthew Gould, who is an aide to David Miliband, Britain’s secretary of state. Abedin writes the comment, “Another note from Miliband that he doesn’t want to send through the system.” (It is not clear what is meant by “the system.”) Gould’s note says to Abedin, ‘I’m emailing you from my home account, as we’re just back from Kabul [Afghanistan]. David [Miliband] has downloaded to me and very much wants the Secretary (only) to see this note. He would like to talk it over with her as soon as convenient…” This is followed by four and a half pages’ worth of text that will later be completely redacted. (US Department of State, 7/21/2015)
J. William Leonard, a former director of the US government’s Information Security Oversight Office, will later note the mention that Miliband wanted the information to only be read by Clinton clearly indicated it was meant to be classified. He says, “I cannot think of a clearer sign of an expectation that this was to be treated in confidence.” The Washington Post will later note that Gould wrote his email from “my home account,” which meant that wasn’t secure either. Miliband and Gould have not commented on the email. (The Washington Post, 8/27/2015)
A 2015 Reuters story that specifically discusses only this email and no other will say, “A spokesperson for one of the foreign governments whose information appears in Clinton’s emails said, on condition of anonymity to protect diplomatic relations, that the information was shared confidentially in 2009 with Clinton and her senior staff. If so, it appears this information should have been classified at the time and not handled on a private unsecured email network, according to government regulations.” (Reuters, 8/21/2015)
Clinton emails her chief of staff Cheryl Mills, asking to borrow a book entitled, Send: Why People Email So Badly and How to Do It Better, by David Shipley and Will Schwalbe. Clinton doesn’t say why she wants to read the book, but ABC News will later note that “it includes some advice that is particularly interesting in light of the controversy over… her decision to delete tens of thousands of emails she deemed to be purely personal.” Chapter six is entitled, “The Email That Can Land You In Jail,” and it includes a section entitled, “How to Delete Something So It Stays Deleted.” It describes how to wipe emails by using a program to repeatedly write new data over the old data. (ABC News, 8/12/2015)
President Obama issues “Executive Order 13526: Classified National Security Information,” which updates a previous 1995 directive. The order clearly defines what the different levels of government classification are: “top secret,” “secret,” and “confidential.” It also states that: “The unauthorized disclosure of foreign government information is presumed to cause damage to the national security.” It further lists what information should be considered classified, and that list includes “foreign government information” and ‘foreign relations or foreign activities of the United States, including confidential sources.” (White House, 12/29/2009)
In 2010, Clinton’s first full year as secretary of state, an internal study finds that in one week, more than 9,200 emails are sent from the State Department’s Executive Secretariat servers to 16 web-based email domains, including gmail.com, hotmail.com, and att.net. These could include both work-related and personal emails. (US Department of State, 5/25/2016)
It will remain publicly unknown until the video is leaked to Fox News in October 2016.
In the video, Clinton says that employees have a “special duty” to recognize the importance of cybersecurity. “The real key to cybersecurity rests with you. Complying with department computing policies and being alert to potential threats will help protect all of us.”
According to a later account by Fox News, “Clinton goes on in the video to underscore the important work the State Department Bureau of Diplomatic Security and IT department were doing to guard against cyber-attacks. She warns hackers try to ‘exploit’ vulnerabilities and penetrate department systems. She then urges staffers to log onto the internal cybersecurity awareness website or subscribe to their ‘cybersecurity awareness newsletter.’”
Representative Jason Chaffetz (R), chair of the House Oversight and Government Reform Committee, will later find the video ironic, given Clinton’s own security issues with her private email server. He will say, “Hillary Clinton needs only to look into the mirror to find the biggest cybersecurity risk.”
Clinton spokesperson Brian Fallon will say, “This is not new. It has been widely reported that during Clinton’s tenure the State Department issued these kinds of warnings about possible cybersecurity to employees. These warnings were more than appropriate given that it was subsequently confirmed that State’s email was hacked.” (Fox News, 10/22/2016)
Bill Johnson, the State Department’s political adviser to the special operations section of the US Pacific Command (PACOM), will later claim that he is present in Honolulu, Hawaii, while Clinton comes to visit. During her trip, news breaks of a large earthquake in Haiti, which takes place on January 12, 2010.
Clinton goes to a security communications facility in the basement of PACOM headquarters to help organize a humanitarian response to the earthquake. She wants to communicate with her top staff back at State Department headquarters in Washington, DC, but she and her aides are not allowed to bring their cell phones into PACOM headquarters because they are using unsecured, personal devices. They ask Johnson for an exception to the rules, but he refuses, citing alarms and lockdowns that would be automatically triggered if anyone brought an unauthorized signal-emitting unit into the building.
So instead, according to Johnson, “She had her aides go out, retrieve their phones, and call [State Department headquarters] from outside,” using open, unsecure lines. “It was really an eye-opener to watch them stand outside using nonsecure comms [communications] and then bring messages to the secretary so she could then conduct a secure [call] with the military” and the State Department. (Newsweek, 5/25/2016)
It is not known if it is a borrowed phone or her phone. (Getty Images) (Getty Images) In 2015, after her use of only one private email address will become public, she will claim that this was because she only had one phone. She will mention that she bought an iPad in 2010, but the first iPad model will not be released until April 2010 and she will not buy one until July 2010. (The Associated Press, 3/11/2015) (The Washington Post, 3/31/2015) (US Department of State, 8/31/2015)
She emails her chief of staff Cheryl Mills and USAID Administrator Rajiv Shah and tells them, “I sent you emails [redacted] before removing their email info so pls [please] do not forward to anyone and delete after reading.” The reason for the instruction is unclear, as the email she is referring to is later redacted. (Politico, 2/29/2016) (US Department of State, 8/31/2015)
Clinton emails her aide Jake Sullivan that she wants to read a statement regarding Jose Miguel Insulza, secretary general of the Organization of American States (OAS). Sullivan emails back that he can’t send it to her immediately because the State Department has put it on the classified network. Clinton quickly replies, “It’s a public statement! Just email it.” However, Sullivan responds, “Trust me, I share your exasperation, But until ops [operations] converts it to the unclassified email system, there is no physical way for me to email it. I can’t even access it.” (The Washington Post, 3/27/2016)
Clinton’s deputy chief of staff Huma Abedin sends an email to Justin Cooper, an aide to Bill Clinton. She forwards a message from Clinton’s chief of staff Cheryl Mills to Clinton that had bounced, and asks Cooper, “HRC [Clinton] email coming back—is server okay?”
He replies, “UR [You are] funny. We are on the same server.” His reply goes to Mills as well as Abedin, indicating that both of them are aware of the existence of Clinton’s private server.
Cooper’s email domain will be redacted when this email is released in 2016, but his comment indicates his email is on the clintonemail.com domain, the same as Clinton’s. (Abedin has an email account on that domain too, but she sends this email from her State Department state.gov account.) (US Department of State, 6/20/2016)
Cooper is not a government employee and apparently has no security clearance, but other reports indicate he helps Bryan Pagliano manage Clinton’s server.
Huma Abedin, Clinton’s deputy chief of staff, writes Clinton that after another aide named Judith wrote Clinton an email, “It bounced back. She called the email help desk at state (I guess assuming u had state email) and told them that. They had no idea it was YOU, just some random address so they emailed.” (US Department of State, 8/31/2015)
The permanent position of State Department inspector general has been vacant since 2008, before Obama became president. An inspector general serves as a department’s internal watchdog. Some time in March 2010, Clinton’s chief of staff Cheryl Mills emails Clinton about a possible nominee for the position. Mills writes, “Let me know if you DON’T want to proceed.”
Clinton writes back, “Are you ok [with] him?”
Then Mills writes, “Yes – he’ll be good.”
It is not known who they are talking about since the name will later be redacted, but Obama will not nominate anyone for the position until mid-2013, after Clinton’s term as secretary of state is over.
The Wall Street Journal will later comment, “The exchange raises questions about the independence of the inspector general’s office. Government inspectors general have broad latitude within government agencies to investigate cases of waste, fraud, mismanagement, and abuse.” (The Wall Street Journal, 2/20/2016)
In an email to State Department IT [Information Technology] staffer Bryan Pagliano, Mills writes, “Somewhere [between] my house and the plane to NYC yesterday my personal BB got misplaced; no one is answering it though I have called.” Mills uses both a personal and a government-issued BlackBerry, and it is her personal BlackBerry that gets lost. However, details in released emails show that Mills sometimes sent and received work-related emails from her personal BlackBerry, including emails that were retroactively classified. It is unclear if Mills ever finds her BlackBerry after losing it. (The Daily Caller, 1/26/2016) (US Department of State, 1/15/2016)
A New York Observer article will later comment that Mills “was using her personal BlackBerry for work, including the transmission of classified email. That alone is a crime. Then, in a move worthy of a dark comedy, [she] proceeded to lose that BlackBerry. This would be a career-ender, at best, for any normal US government employee. [But she] suffered no penalties of any kind for this astonishing security lapse.” (The New York Observer, 1/28/2016)
An email from Bryan Pagliano to Cheryl Mills, Clinton’s chief of staff, on this day that will later be made public shows that Pagliano sometimes uses the email address firstname.lastname@example.org for work matters. Pagliano is a State Department employee at the time, but he also is managing Clinton’s private email server. In the email, he tells Mills, “Sent a reply from my [redacted] address, but delivery tends to be delayed going to state.gov addresses.” This shows he uses a government email address for work as well. (US Department of State, 1/15/2016)
The hillaryclinton.com domain was used for people working for Clinton’s 2008 presidential campaign, as Pagliano did. Apparently that domain was kept operational long after the campaign ended.
Clinton confidant Sid Blumenthal sends Clinton an email with the subject heading: “Kyrgyzstan Update.” He also marks it “Confidential.” It starts with [redacted] “my friend with deep contacts in Kyrgyzstan and who testified this week on the latest developments there before the House Oversight Committee, has sent me a memo containing important new information and including some recommendations.”
Three pages of analysis from this friend about recent developments in Kyrgyzstan follow, and virtually all of it will be later unredacted. However, there is a section with the title “Criminal Investigation Targeting” [redacted]. That section is later redacted due to four classification codes, including “foreign relations or foreign activities of the US including confidential sources,” and information that could “disclose investigative techniques.” Due to this section, the email will later be classified at the “secret” level, the level below “top secret.”
Clinton sends three emails in response. One is to Blumenthal, thanking him and his friend. Another is to an aide to print the email. A third email goes to Assistant Secretary of State for South and Central Asian Affairs Bob Blake and two others, asking for their assessment.
All of these emails are later deemed “secret” as well, since they contain Blumenthal’s original email. (US Department of State, 2/29/2016) (US Department of State, 2/29/2016) (US Department of State, 2/29/2016)
The Freedom of Information Act (FOIA) request is apparently for Clinton’s schedules, not her emails. In March 2015, it will be reported the request still had not be fulfilled, causing the Associated Press to finally sue to force the issue. (The New York Times, 3/3/2015) (The Associated Press, 3/11/2015)
Clinton confidante Sid Blumenthal email Clinton his latest intelligence report, this one regarding high-level intrigues inside the British government. Like many of his emails, it is marked “CONFIDENTIAL,” the lowest official classification level. Clinton comments, “I shared your emails w Bill who thought they were ‘brilliant’! Keep ’em coming when you can.” “Bill” is a likely reference to Hillary’s husband Bill Clinton. (US Department of State, 8/31/2015)
In May 2015, Clinton will dramatically downplay her enthusiasm for Blumenthal’s emails, merely saying, “He sent me unsolicited emails which I passed on in some instances.” (Real Clear Politics, 5/20/2015)
According to publicly available computer records, the IP [Internet Protocol] address for the mail.presidentclinton.com server is 188.8.131.52 from at least 2009 to 2011. Records also show that mail.clintonemail.com server has the same exact IP address, 184.108.40.206, from at least May 21, 2010 to October 21, 2010. That means the two servers must have been in the same location for that overlapping time period.
Computer records can also indicate where the IP addresses are physically located, and that IP address at that time is somewhere in the middle of Manhattan, New York City. That makes sense for presidentclinton.com, since former President Bill Clinton’s offices are there, and the Clinton Foundation headquarters is also there. But that would suggest that Hillary Clinton’s clintonemail.com server used for all her secretary of state work is also based in Manhattan and not Chappaqua, New York, for at least part of 2010. (DNS History, 9/7/2015) (DNS History, 9/7/2015) (IP Tracker, 9/3/2015)
According to a September 2016 FBI report, Justin Cooper, a Bill Clinton aide who is helping to manage Clinton’s private server, contacts a Secret Service agent at some point during Clinton’s tenure as secretary of state. It is not clear when this happens, but apparently it is not long after the server begins to be frequently targeted by brute force hacking attacks around the middle of 2010.
Cooper will be asked about this in a September 2016 Congressional hearing shortly after the FBI report is published. He will say, “when we first experienced some of the repeated failed login attempts, I reported them to the Secret Service. … There was an instance where we shared some logs with [them]. … The Secret Service looked at logs from the server and made some recommendations to [server manager Bryan] Pagliano about the possible origins of those failed logins and some techniques he might use to mitigate that problem.” (The Secret Service agent will give advice on improving the server’s security that will not be followed.)
However, when Cooper is asked by Representative Blake Farenthold (R), “Did you turn over the logs and notifications that you received to the FBI, the emails of brute force attacks?” Cooper will say the FBI was not contacted.
Additionally, when Representative Jody Hice (R) will ask if Cooper consulted with any other “department or agency in the government,” Cooper will say, “No. No consultations of that type.” He will also specifically mention the State Department wasn’t consulted. (US Congress, 9/13/2016)
It’s possible that Pagliano contacted others, but the FBI will interview both Cooper and Pagliano in its investigation and then will mention only the contact with the Secret Service in its final report.
The number of hacking attacks steadily grows through the rest of Clinton’s time in office. (Federal Bureau of Investigation, 9/2/2016)
Bryan Pagliano, the manager of Clinton’s private server while she is secretary of state, will be interviewed by the FBI in December 2015. According to an FBI report, he will claim that the server suffered no known security breaches. However, “he was aware there were many failed login attempts, which he referred to as brute force attacks. He added that the failed attempts increased over the life of the [server], and he set up the server’s logs to alert [Justin] Cooper when they occurred. Pagliano knew the attempts were potential attackers because the credentials attempting to log in did not match legitimate users on the system. Pagliano could not recall if a high volume of failed login attempts emanated from any specific country.”
The FBI report will explain, “A brute force attack is a trial-and-error method used to obtain information, such as a password… In a brute force attack, passwords may be attempted manually or automated software can be used to generate a large number of consecutive guesses as to the targeted information.” (Federal Bureau of Investigation, 9/2/2016)
Cooper, a Bill Clinton aide who helped Pagliano manage the server, will be asked about brute force attacks in a September 2016 Congressional hearing. He will respond, “I can’t say with any specificity how many had happened. They happened with some limited frequency over the period of, I’d say the last two and a half years, while she was in office. But we had developed systems to tamper these down.”
Representative Blake Farenthold (R) will ask Cooper that if the brute force attacker managed to enter the correct user name and password, “you wouldn’t have been notified, would you? You would have thought it was Mrs. Clinton or some legitimate user actually getting in?”
After further questioning, Cooper will admit that he only looked at failed attempts and didn’t check for related successful log-ins. (US Congress, 9/13/2016)
After Bryan Pagliano sets up Clinton’s new private server in January 2009, he sets up Internet Protocol (IP) filtering on the firewall, once a firewall is established in late March 2009. Pagliano will later tell the FBI that he tried to review the firewall log files once a month.
At some point, Justin Cooper, a Bill Clinton aide who is helping Pagliano manage the server, puts Pagliano in contact with a US Secret Service agent. The timing of this is not clear. However, in a September 2016 Congresssional hearing, Cooper will say it happened after Clinton’s server started to get frequent “brute force” hacking attacks, and that begins around the middle of 2010.
This agent recommends that Pagliano should also perform outbound filtering of email traffic. According to a September 2016 FBI report, “Pagliano further considered, but ultimately did not implement, a Virtual Private Network (VPN) or two-factor authentication to better secure administrative access to the server system by him and Cooper.”
The FBI report will explain: “‘VPN’ is a private network that runs on top of a larger network to provide access to shared network resources, which may or may not include the physical hard drives of individual computers… VPN offers an additional layer of security by encrypting the data traveling to the private network before sending it over the Internet. Data is then decrypted when it reaches the private network. … ‘Two-factor authentication’ is a method of confirming a user’s claimed identity by utilizing a combination of two different components…” (Federal Bureau of Investigation, 9/2/2016) (US Congress, 9/13/2016)
Carlos Pascual, a State Department official based in Mexico City, writes an email meant to be passed to Clinton discussing US government assistance to Mexico after Hurricane Alex. The subject heading and more text in the email will later be redacted with a code indicating the mention of a name of a secret Defense Department official. The message is forwarded to email, but there’s no apparent reply from her. (US Department of State, 2/29/2016)
Deputy National Security Advisor Ben Rhodes sends an email to over a dozen US officials. One name and email address will later be redacted because they are of a secret CIA official. The content and even the subject heading of the email are later completely redacted. Clinton aide Jake Sullivan receives the email and forwards it to Clinton. (US Department of State, 2/13/2016)
A US official whose name is later classified sends an email to at least two dozen other US officials. Most of their names will later be classified as well. At least one redacted recipient’s name is that of a secret CIA official. The email concerns a recent WikiLeaks release of classified documents and includes an attachment that has a statement by senior Defense Department officials and relevant talking points. Clinton aide Jake Sullivan forwards the email to Clinton. (US Department of State, 2/26/2016)
Clinton and Philippe Reines have an email chain about Clinton’s new iPad. Reines is Clinton’s press secretary and a senior advisor. It is a Saturday and apparently Clinton is at her home in Washington, DC, and trying to get her new iPad to work. She cannot connect to the Internet with it, so she asks Reines, “I don’t know if I have wi-fi. How do I find out?” (Wi-Fi technology allows one to connect to the Internet using a wireless local area network.)
Reines responds, “Let me talk to Justin & Huma to check out the situation, and if there is wi-fi I’m happy to swing by and set it up.” “Justin” is a likely reference to Clinton aide Justin Cooper, who registered Clinton’s private server in her Chappaqua, New York, house, and “Huma” is a likely reference to Clinton’s deputy chief of staff Huma Abedin. (US Department of State, 11/30/2015)
It is not known what happens, but it appears Reines is prepared to enable Clinton to regularly use her iPad at her home using a typical Wi-Fi network, without any extra security measures. Clinton begins using her iPad for her emails the next day, while continuing to use her BlackBerry. (US Department of State, 8/31/2015)
An email exchange shows her iPad has recently arrived, and she is excited to learn how to use it. An account on her official website in 2015 will say, “When the iPad came out in 2010, she was as curious as others and found it great for shopping, browsing, and reading articles when she traveled. She also had access to her email account on her iPad and sometimes used it for that too.” (Hillaryclinton.com, 7/13/2015) (US Department of State, 8/31/2015)
Clinton aide Jake Sullivan forwards Clinton an email chain that has been discussing the recent releases of classified US government information by WikiLeaks and Julian Assange. Over 30 US officials are included in the email chain; the name and email address of one of them will later be redacted because that person is a secret CIA official. (US Department of State, 2/13/2016)
Clinton writes an email to former senator George J. Mitchell (D), who is the US Special Envoy for Middle East Peace at the time. The subject heading is “Here’s my personal email,” and the entire message is “Pls [Please] use this for reply–HRC [Hillary Rodham Clinton].” (US Department of State, 9/30/2015)
Mitchell replies, “I talked with Frattini again and went over the point again. He said he understands and agrees.” The rest of his email is later redacted because it contains “foreign government information.” “Frattini” is a likely reference to Italian Foreign Minister Franco Frattini.
Clinton replies, “I told Papandreou the same.” “Papandreou” is a likely reference to Greek Prime Minister George Papandreou. (US Department of State, 9/30/2015)
Mitchell then discusses communicating with “Moratinos,” a likely reference to Spanish foreign minister Miguel Angel Moratinos.
Clinton replies by mentioning a plan to call “Ashton,” a likely reference to the European Union foreign policy chief Catherine Ashton, and “Bibi,” the nickname of Israeli Prime Minister Benjamin Netanyahu. (US Department of State, 9/30/2015)
It is not clear why Clinton invites Mitchell to discuss such high-level diplomatic communications via her unsecure personal email address. In 2015, J. William Leonard, former director of the US Information Security Oversight Office, will make the general comment, “If a foreign minister just told the secretary of state something in confidence, by US rules that is classified at the moment it’s in US channels and US possession. […] It’s born classified.” (Reuters, 8/21/2015)
Huma Abedin, Clinton’s deputy chief of staff, writes to Clinton in an email, “OK I will [redacted] just FedEx secure cell phone from [Washington] DC. Anthony leaving office to bring me to airport now so hopefully will make it just in time.”
Four hours later, Clinton responds, “Maybe one of Anthony’s trusted staff could deliver secure phone?”
“Anthony” is a reference to Anthony Weiner, who is both Abedin’s husband and a member of Congress at the time. He will resign one year later, due to a sex scandal.
The Associated Press will later comment, “The emails show the degree of trust Clinton had for Weiner before he was hit by scandal.”
It is unclear where Clinton is on this day. State Department schedules list no public events for her between July 27, 2010 and August 2, 2010. But the Associated Press will also note, “The use of secure cell phones is commonplace among State Department staff when traveling to countries with advanced cyber-espionage capacities, such as China or Russia.”
These emails will be released in November 2016. They were not part of the 30,000 work-related emails Clinton turned over in December 2014, even though they are clearly work-related. It will be one of thousands of emails deleted by Clinton that were later recovered by the FBI.
After the release, State Department spokesperson Mark Toner will say it is unclear how the phone might have been delivered, or if it was at all. He will suggest that, in theory, sending a secure phone through FedEx could have been appropriate if the necessary safeguards were taken. “In 2010, secure cell phones were available to State Department employees, and they could be configured in such a way as to render them suitable for transport. When configured in this manner, the device would be inoperable until paired with additional components.” (The Associated Press, 11/3/2016)
Matt Lussenhop, a press officer at the US embassy in Kabul, Afghanistan, sends an email to over a dozen other US officials. The email is sent to Clinton aide Jake Sullivan, who emails it to Clinton. Lussenhop’s email concerns an article that New York Times reporter Dexter Filkins is about to get published. Filkins contacted the embassy in Kabul to get quotes for his story, which alleges that Muhammed Zia Salehi, an aide to Afghan President Hamid Karzai, is on the payroll of the CIA. The email is two paragraphs long, but the first paragraph will later be completely redacted and deemed classified at the “secret” level, the level below “top secret.” (US Department of State, 2/29/2016)
The article will be published in the Times two days later, on August 25, 2010. (The New York Times, 8/25/2010)
In Clinton’s July 2016 FBI interview, she will be asked about this email. According to the FBI, “Clinton stated she did not remember the email specifically. [She] stated she was not concerned the displayed email contained classified information [redacted] but stated she had no reason to doubt the judgment of the people working for her on the ‘front lines.'” (Federal Bureau of Investigation, 9/2/2016)
Salehi was arrested by Afghan police in July 2010, one month before the Times article about him, due to a US government wiretap on him as part of an anti-corruption case. But he was released the next day on the orders of Karzai. In 2013, Foreign Policy will confirm that not only was Salehi working for the CIA, but he actually was an intermediary who was giving secret CIA cash payments to Karzai. (Foreign Policy, 5/4/2013)
Given that this is one of a small number of emails Clinton will be asked about in her FBI interview, as well its classification at the “secret” level, it stands to reason that Lussenhop confirmed Salehi’s CIA connection.