Shortly After January 5, 2015: It can be deduced that the 31,830 emails that Clinton chose to delete may actually be deleted around this time.

David Kendall (Credit: The National Law Journal)

David Kendall (Credit: The National Law Journal)

Clinton’s personal lawyer David Kendall later claims that after Clinton turned over the 30,490 emails she deemed work-related, which took place on December 5, 2014, the settings on her private server were changed so that any email not sent within 60 days would be automatically deleted. But some news reports say the setting was for 30 days instead. If this is true, the deletions must take place after January 5, 2015, or February 5, 2015, depending on which setting is actually in place.

On March 4, 2015, the House Benghazi Committee issues a subpoena ordering Clinton to turn over any material related to Libya and/or Benghazi, which followed a more limited request in November 2014.

Trey Gowdy (R), head of the committee, will complain later in March 2015, “Not only was the secretary the sole arbiter of what was a public record, she also summarily decided to delete all emails from her server, ensuring no one could check behind her analysis in the public interest. […] The fact that she apparently deleted some emails after Congress initially requested documents raises serious concerns.”

Clinton’s staff has argued that all the emails relating to Libya and/or Benghazi have been turned over already. (The New York Times, 3/27/2015) (House Benghazi Committee, 3/19/2015) (McClatchy Newspapers, 10/6/2015)

A September 2016 FBI will reveal that the deletion of Clinton’s emails from her private server won’t actually take place until late March 2015. And while the employee is supposed to change the email retention policy so some of her emails will be deleted 60 days later, he actually will delete all of her emails and then use a computer program to wipe them so they won’t be recovered later. Why this happens is still unclear. (Federal Bureau of Investigation, 9/2/2016)

January 25, 2015: A lawsuit filed this day will result in the release of all of Clinton’s work emails.

Judge Rudolph Contreras (Credit: The National Law Journal)

Judge Rudolph Contreras (Credit: The National Law Journal)

Jason Leopold of Vice News files a lawsuit seeking all of Clinton’s emails during her time as secretary of state. (Politico, 3/28/2015) Leopold first requested the emails in a November 2014 Freedom of Information Act (FOIA) request. (Vice News, 2/29/2016

As a result of this lawsuit, in May 2015, US District Judge Rudolph Contreras will order rolling production and release of the work-related emails in the State Department’s possession in monthly batches. (Vice News, 5/19/2015)

March 2, 2015: The company managing Clinton’s server tightens security on the server after its existence is exposed.

On the morning of March 2, 2015, a front-page New York Times article reveals Clinton’s use of her own private email server. Platte River Networks (PRN) is managing the server.

Bill Thornton (Credit: public domain)

Bill Thornton (Credit: public domain)

Later in the day, PRN employee Bill Thornton writes in an internal company email, “I spent some time in their firewall just now locking everything down (pretty tight).” (The New York Post, 9/18/2016)

However, on March 4, 2015, an analysis of the server’s publicly visible settings will show it has a misconfigured encryption system. Further articles the next day will expose more security vulnerabilities.

PRN will make more changes to improve the server’s security around March 7, 2015.

Shortly After March 2, 2015: A surge of hacking attempts follows the revelation of Clinton’s use of a private email server in the media.

On March 2, 2015, a New York Times article publicly reveals Clinton’s use of a personal email account and private server to conduct government business. The FBI’s Clinton email investigation will later identify an increased number of login attempts to her server and its associated domain controller just after this article comes out.

According to the FBI in September 2016, “Forensic analysis revealed none of the login attempts were successful. [The] FBI investigation also identified an increase in unauthorized login attempts into the Apple iCloud account likely associated with Clinton’s email address during this time period.” (Clinton’s email address, which had been publicly revealed in March 2013, was still used as the user name for the account.) “Investigation determined all potentially suspicious Apple iCloud login attempts were unsuccessful.”

Despite all this, Clinton does not simply turn the server off. Instead, Platte River Networks (PRN) employees, who are managing the server, make some security improvements around March 7, 2015.

PRN staff also discuss the possibility of conducting penetration testing against the server to highlight vulnerabilities, so they can be fixed. However, the penetration testing ultimately doesn’t happen. (Federal Bureau of Investigation, 9/2/2016)

Shortly After March 2, 2015: The company managing Clinton’s private server fails to fully test its security vulnerabilities.

Johannes Ullrich (Credit: LinkedIn)

Johannes Ullrich (Credit: LinkedIn)

Platte River Networks (PRN) is the company managing Clinton’s private server. Due to a wave of hacking attacks on the server following the public revelation of the server on March 2, 2015, PRN considers doing penetration testing. That  means hiring someone to try to hack the server in order to expose its vulnerabilities so they can be fixed.

Cybersecurity expert Johannes Ullrich will later comment, “It’s a good idea, and it’s also commonly done.”

However, the penetration testing never happens. It isn’t clear why. (The New York Post, 9/18/2016) (Federal Bureau of Investigation, 9/2/2016)

March 3, 2015: An unnamed State Department technology expert complains that he and others tried to warn that Clinton’s use of a private email account was a security risk.

He says, “We tried. We told people in her office that it wasn’t a good idea. They were so uninterested that I doubt the secretary was ever informed.” He was a member of the department’s cybersecurity team. He says it was well known amongst the team that Clinton’s private account was at greater risk of being hacked or monitored, but their warnings were ignored. (Al Jazeera America, 3/3/2015)

March 3, 2015 or Shortly Thereafter: The employee who will later delete all of Clinton’s emails is asked about what Clinton emails might be turned over.

On March 3, 2015, David DeCamillis, the vice president of sales for Platte River Networks (PRN), wonders what emails the company might be asked to turn over in an email to other PRN employees. This is because of a New York Times article on March 2, 2015 revealing Clinton’s exclusive use of a private email address hosted on her private server, and PRN has been managing that server since June 2013.

Paul Combetta (Credit: CSpan)

Paul Combetta (Credit: CSpan)

PRN employee Paul Combetta replies to the email, although the date of the reply hasn’t been specified. “I’ve done quite a bit already in the last few months related to this. Her [Clinton’s] team had me do a bunch of exports and email filters and cleanup to provide a .pst [personal storage file] of all of HRC’s [Hillary Rodham Clinton’s] emails to/from any .gov addresses. … I billed probably close to 10 hours in on-call tickets with CSEC related to it :).”

CSEC is a likely reference to Clinton Executive Services Corp. (CESC), a Clinton family company paying for PRN’s services. Combetta will delete and then wipe all of Clinton’s emails later in March 2015. His mention of sending Clinton’s emails likely refers to when PRN sent those emails to two of Clinton’s lawyers in late July 2014. (The New York Post, 9/18/2016)

It is not clear if this is all of Combetta’s reply. But if it is, it is notable that he doesn’t mention that he deleted and then wiped all of Clinton’s emails off the laptops of two lawyers working for Clinton by this time, and allegedly was told to change the settings on Clinton’s server so her emails would be deleted over time as well.

March 4, 2015: It is reported for the first time that Clinton’s private email address was hosted on a private server.

On March 2, 2015, the New York Times revealed that Clinton exclusively used a private email acccount while she was secretary of state. However, that article made no mention of private servers. On this day, the Associated Press reveals that account was registered to a private server located at Clinton’s house in Chappaqua, New York. This was discovered by searching Internet records. For instance, someone named Eric Hoteham used Clinton’s Chappaqua physical address to register an Internet address for her email server since August 2010. (This may be a misspelling of Clinton aide Eric Hothem.)

The Associated Press reports, “Operating her own server would have afforded Clinton additional legal opportunities to block government or private subpoenas in criminal, administrative or civil cases because her lawyers could object in court before being forced to turn over any emails. And since the Secret Service was guarding Clinton’s home, an email server there would have been well protected from theft or a physical hacking.”

The article continues, “But homemade email servers are generally not as reliable, secure from hackers or protected from fires or floods as those in commercial data centers. Those professional facilities provide monitoring for viruses or hacking attempts, regulated temperatures, off-site backups, generators in case of power outages, fire-suppression systems, and redundant communications lines.”

The article mentions that it is unclear Clinton’s server is still physically located in Chappaqua.  (The Associated Press, 3/4/2015) It will later be revealed that it was moved to a data center in New Jersey in June 2013.

 

March 4, 2015: Clinton’s private server used a misconfigured encryption system.

Alex McGeorge (Credit: CNBC)

Alex McGeorge (Credit: CNBC)

Alex McGeorge, head of threat intelligence at Immunity Inc., a digital security firm, investigates what can be learned about Clinton’s still-operating server. He says, “There are tons of disadvantages of not having teams of government people to make sure that mail server isn’t compromised. It’s just inherently less secure.” He is encouraged to learn the server is using a commercial encryption product from Fortinet. However, he discovers it uses the factory default encryption “certificate,” instead of one purchased specifically for Clinton.

Bloomberg News reports: “Encryption certificates are like digital security badges, which websites use to signal to incoming browsers that they are legitimate. […] Those defaults would normally be replaced by a unique certificate purchased for a few hundred dollars. By not taking that step, the system was vulnerable to hacking.”

McGeorge comments, “It’s bewildering to me. We should have a much better standard of security for the secretary of state.” (Bloomberg News, 3/4/2015)

March 4, 2015: Clinton’s emails could have been read by the company that filtered them for spam.

McAfee Logo (Credit: McAfee)

McAfee Logo (Credit: McAfee)

In July 2013, Clinton’s private server was reconfigured to use a commercial email provider, MX Logic, which is owned by McAfee, Inc. (The Associated Press, 3/4/2015) 

Cybersecurity expert Brian Reid analyzed public records about the server and found that Clinton’s emails were routed to McAfee for spam and virus filtering. He says, “The email traces all end at McAfee. If nothing else, they have and had the technical ability to read her email. This does not mean they did, only that they could have.” (McClatchy Newspapers, 3/4/2015)

March 5, 2015: Questions surround Clinton’s possible use of instant messages on her unsecure BlackBerry.

BlackBerrys from Clinton’s time as secretary of state can be used for instant messages as well as emails. Bloomberg reports that Clinton’s “top aides frequently used instant text messages to talk with each other, a form of communication that isn’t captured or archived by the State Department. It is not clear whether Clinton herself used her BlackBerry’s instant message service, as her aides did.” (Bloomberg News, 3/5/2015)

March 5, 2015: Key questions about Clinton’s email scandal go unanswered.

Politico reports, “State Department officials and Clinton aides have offered no response to questions in recent days about how her private email system was set up, what security measures it used, and whether anyone at the agency approved the arrangement. It’s unclear how such a system, run off an Internet domain apparently purchased by the Clinton family, could have won approval if the department’s policies were as the [State Department’s] inspector general’s report describes them.” (Politico, 3/3/2015

According to State Department regulations in effect at the time, the use of a home computer was permitted, but only if the computer was officially certified as secure, and no evidence has emerged that Clinton’s server was given such a certification. Additionally, the department’s Foreign Affairs Manual (FAM) states, “Only Department-issued or approved systems are authorized to connect to Department enterprise networks.” (US Department of State) 

An April 2016 article will indicate that many of the same questions still remain unanswered. (The Hill, 3/4/2016)

March 5, 2015: Clinton’s private server is active and shows obvious security vulnerabilities.

A screenshot of the sslvpn.clintonemail.com log-in on March 4, 2015. (Credit: Gawker)

A screenshot of the sslvpn.clintonemail.com log-in on March 4, 2015. (Credit: Gawker)

Gawker reports that Clinton’s private email server is still active and shows signs of poor security. If one goes to the web address clintonemail.com, one gets a blank page. But if one goes to the subdomain sslvpn.clintonemail.com, a log-in page appears. That means anyone in the world who puts in the correct user name and password could log in.

Furthermore, the server has an invalid SSL certificate. That means the encryption is not confirmed by a trusted third party. Gawker notes, “The government typically uses military-grade certificates and encryption schemes for its internal communications that designed with spying from foreign intelligence agencies in mind,” and Clinton’s server clearly is not up to that standard.

It also opens the server to what is called a “man in the middle” hacker attack, which means someone could copy the security certificate being used and thus scoop up all the data without leaving a trace. The invalid certificate also leaves the server vulnerable to widespread Internet bugs that can let hackers copy the entire contents of a servers’ memory.

As a result, independent security expert Nic Cubrilovic concludes, “It is almost certain that at least some of the emails hosted at clintonemails.com were intercepted.” (Gawker, 3/5/2015)

Clinton still doesn’t shut the server down. However, about two days later, the security settings are changed.

March 5, 2015: Clinton’s private server shows more obvious security vulnerabilities.

A screenshot of the mail.clintonemail.com Outlook log-in on March 4, 2015. (Credit: Gawker)

A screenshot of the mail.clintonemail.com Outlook log-in on March 4, 2015. (Credit: Gawker)

Gawker reports that in addition to the security problems shown by the subdomain to Clinton’s private email server sslvpn.clintonemail.com, there is another subdomain that reveals even more security issues. If one goes to various web addresses of the server’s mail host mail.clintonemail.com, one is presented with a log-in for Microsoft Outlook webmail.

Gawker notes that the “mere existence” of this log-in “is troubling enough: there have been five separate security vulnerabilities identified with Outlook Web Access since clintonemail.com was registered in 2009.”

Furthermore, security expert Robert Hansen says having a public log-in page for a private server is “pretty much the worst thing you can do. […] Even if [Clinton] had a particularly strong password,” simply trying a huge number of passwords will “either work eventually – foreign militaries are very good at trying a lot – or it’ll fail and block her from accessing her own email.” He says that the server shows so many vulnerabilities that “any joe hacker” could break in with enough time and effort.

Independent security expert Nic Cubrilovic says, “With your own email hosting you’re almost certainly going to be vulnerable to Chinese government style spearphishing attacks – which government departments have enough trouble stopping – but the task would be near impossible for an IT [information technology] naive self-hosted setup.” (Gawker, 3/5/2015)

March 7, 2015—Mid-July 2016: Donations to a state senate election lead to potential conflicts of interests in three FBI investigations for a high-ranking FBI official.

The Clintons stand behind Terry McAuliffe during his inauguration as the Commonwealth of Virginia’s 72nd governor. (Credit: Patrick Semansky / The Associated Press)

Virginia Governor Terry McAuliffe is widely considered the best friend of Bill and Hillary Clinton, and was co-chair of one of Bill’s presidential campaigns and the chair of Hillary’s 2008 presidential campaign. In March 2016, McAuliffe says, “We’re best friends, I’ve been family friends with the Clinton’s for thirty years. It’s a great relationship, we vacationed together for years, we’re just very personal friends…” (The Valley’s Music Place, 3/31/2016)

On March 7, 2015, McAuliffe and other state Democratic Party leaders meet with Dr. Jill McCabe and persuade her to run for a state senator seat in Virginia. Dr. McCabe is a hospital physician who has never run for political office before. This has potentially larger political implications, because her husband is Andrew McCabe, an FBI official who runs the FBI’s Washington, DC, field office at the time.

Dr. Jill McCabe (Credit: Twitter)

Dr. Jill McCabe (Credit: Twitter)

FBI officials will later claim that after the March 7, 2015 meeting, Andrew McCabe seeks ethics advice from the FBI and follows it, avoiding involvement with public corruption cases in Virginia, and also avoiding any of his wife’s campaign activities or events.

Five days before Jill McCabe is asked to run, on March 2, 2015, the New York Times publicly reveals Clinton’s use of a private email address, and her use of a private email server is revealed two days later, starting a major and prolonged political controversy. Jill McCabe announces her candidacy on March 12, 2015.

On July 10, 2015, the FBI’s Clinton email investigation formally begins, although it may have informally begun earlier.

Andrew McCabe and Jill McCabe pose at a campaign event in 2015. (Credit: Sharyl Attkisson)

Andrew McCabe and Jill McCabe pose at a campaign event in 2015. (Credit: Sharyl Attkisson)

Andrew McCabe’s Washington, DC, field office provides personnel and resources to the investigation. At the end of July 2015, he is promoted to assistant deputy FBI director, the number three position in the FBI.

During the 2015 election season, McAuliffe’s political action committee (PAC) donates $467,500 to Jill McCabe’s campaign. Furthermore, the Virginia Democratic Party, ”over which Mr. McAuliffe exerts considerable control,” according to the Wall Street Journal, donates an additional $207,788 to her campaign. “That adds up to slightly more than $675,000 to her candidacy from entities either directly under Mr. McAuliffe’s control or strongly influenced by him.”

This represents more than a third of all the campaign funds McCabe raises in the election. She is the third-largest recipient of funds from McAuliffe’s PAC that year.

Virginia State Senator Dick Black (Credit: Twitter)

Virginia State Senator Dick Black (Credit: Twitter)

On November 3, 2015, Jill McCabe loses the election to incumbent Republican Dick Black. Once the campaign is over, “[Andrew] McCabe and FBI officials felt the potential conflict-of-interest issues ended,” according to the Journal.

In February 2016, Andrew McCabe is promoted to deputy FBI director, the second highest position in the FBI. In this role, he is part of the executive leadership team overseeing the Clinton email investigation, though FBI officials say any final decisions are made by FBI Director James Comey.

However, that is not the only potential conflict of interest. By February 2016, four FBI field offices are conducting investigations of the Clinton Foundation. McAuliffe was a Clinton Foundation board member until he resigned when he became the governor of Virginia in 2013. (The Wall Street Journal, 10/24/2016)

Also, at some point in 2015, if not earlier, the FBI begins conducting an investigation of McAuliffe. When the existence of this investigation is publicly leaked in May 2016, media reports suggest it may involve McAuliffe’s financial relationship with a Chinese businessperson who has donated millions to the foundation. It is also reported that investigators have looked at McAuliffe’s time as a board member of the Clinton Global Initiative (CGI), a yearly conference run by the Clinton Foundation.  (CNN, 5/24/2016)

Andrew McCabe (Credit: Getty Images)

Andrew McCabe (Credit: Getty Images)

In the spring of 2016, Andrew McCabe agrees to recuse himself from the McAuliffe investigation, due to McAuliffe’s donations to Jill McCabe’s election campaign. However, he doesn’t recuse himself from the Clinton Foundation investigation or the Clinton email investigation, despite McAuliffe’s close ties to Bill and Hillary Clinton. (The Wall Street Journal, 10/24/2016)

In mid-July 2016, the FBI seeks to reorganize the Clinton Foundation investigation. McCabe decides the FBI’s New York office should take the lead, while the Washington office that he formerly headed should take the lead with the McAuliffe investigation. The Journal will later report, “Within the FBI, the decision was viewed with skepticism by some, who felt the probe would be stronger if the foundation and McAuliffe matters were combined.” However, the decision is implemented.

McCabe also is involved in an effort to shut down the foundation investigation in August 2016, but his role is unclear.

In October 2016, McCabe’s potential conflicts of interest will be revealed by two Wall Street Journal articles. (The Wall Street Journal, 10/30/2016) In early November 2016, the Journal will report that “some [in the FBI] have blamed [McCabe], claiming he sought to stop agents from pursuing the [Clinton Foundation] case this summer. His defenders deny that, and say it was the Justice Department that kept pushing back on the investigation.” (The Wall Street Journal, 11/2/2016)

Around that time, James Kallstrom, the former head of the FBI’s New York office, will say of McCabe, “The guy has no common sense. He should be demoted and taken out of the chain of command.” (The American Spectator, 11/1/2016)

Around March 7, 2015: Changes are made to the security settings of Clinton’s private server after its existence was revealed in the media.

In the days following a New York Times article revealing Clinton’s use of her private server, Cheryl Mills, who is one of Clinton’s lawyers as well as her former chief of staff, requests that Platte River Networks (PRN), the computer company managing Clinton’s server, conduct a complete inventory of all equipment related to the server. Two unnamed PRN employees do so.

This results in some changes to the server’s security settings around March 7, 2015. According to a September 2016 FBI report, these changes “include disabling the server’s public-facing VPN page and switching from SSL protocol to TLS to increase security.”

The FBI will explain: “TLS is a protocol that ensures privacy between communicating applications, such as web browsing, email, and instant-messaging, with their users on the Internet. TLS ensures that no third-party eavesdrops on the two-way conummication. TLS is the successor to SSL and is considered more secure.” (Federal Bureau of Investigation, 9/2/2016)

March 7, 2015: President Obama says that he only learned Clinton used a private email server for all her official State Department business after reading it in the news.

President Barack Obama (Credit: ABC News)

President Barack Obama (Credit: ABC News)

Obama says he found about it at “the same time everybody else learned it, through news reports.” This is a reference to the New York Times story that first broke the scandal on March 2, 2015. (CBS News, 3/7/2015) Obama presumably already knew she used a private email address due to the emails between him and Clinton. (The New York Times, 2/29/2016)

March 8, 2015: Someone deletes email accounts other than Clinton’s from Clinton’s private server.

In a September 2016 report, the FBI will reveal that the “FBI forensically identified deletions from [Clinton’s] server on March 8, 2015 of .pst files not associated with Clinton’ s email account or domain, and other server data.”

A .pst or “Personal Storage Table” file is a file format used to store copies of emails and other items within Microsoft software.

This incident will only be mentioned in a footnote in an FBI report, with no mention of who made the deletions or why. It also is not clear how thorough the deletions are. Clinton’s deputy chief of staff Huma Abedin had a frequently used email account hosted on the server, but it is unknown if these deletions include her emails.

Platte River Network's new, larger office, which they moved into in mid-2015. (Credit: Stuart Sipkin / Demotis / Corbis))

Platte River Network’s new, 12,000 sq. foot office, which they moved into in mid-2015. (Credit: Stuart Sipkin / Demotis / Corbis))

It seems probable an employee of Platte River Networks (PRN), the computer company managing Clinton’s server, made the deletions. Shortly after a news report made Clinton’s use of the server public knowledge on March 2, 2015, Cheryl Mills, who is one of Clinton’s lawyers as well as her former chief of staff, requested that PRN conduct a complete inventory of all equipment related to the server, and one unnamed PRN employee physically checked the server while another one remotely logged on to check it.

The FBI report will also mention that around March 7, 2015, PRN makes various changes to the server’s security settings. (Federal Bureau of Investigation, 9/2/2016)

March 9, 2015: An email from Cheryl Mills warns a Platte River Networks employee that Clinton’s emails should be preserved, but he will delete them all later in the month anyway.

Cheryl Mills, who is one of Clinton’s lawyers at the time, as well as being her former chief of staff, sends an email to some employees at Platte River Networks (PRN), the company that is managing Clinton’s private server. On March 3, 2015, the House Benghazi Committee sent a letter to Clinton’s lawyers, asking that they preserve all of Clinton’s emails. This is because of a New York Times report the day before that indicated Clinton probably had many emails from when she was secretary of state that the State Department did not. Mills’ email to PRN references this preservation request.

150303PlatteRiverNewOfficePRFB

In March 2015, PRN is preparing to move from a small downtown loft in Denver, to a more spacious 12,000 sq. foot office space. (Credit: Platte River Networks / Facebook)

PRN employee Paul Combetta is one of the recipients of this email from Mills. In a February 18, 2016 FBI interview, he will claim that he didn’t recall seeing the preservation request mentioned in the email. But he will be interviewed by the FBI again, on May 3, 2016. At that time, he will indicate that he deleted and then wiped all of Clinton’s emails from her server in late March 2015, despite the fact that, according to an FBI report, “he was aware of the existence of the preservation request and the fact that it meant he should not disturb Clinton’s email data on [Clinton’s] server.”

It is not clear why he will do this. He will also state during his second interview, “he did not receive guidance from other PRN personnel, PRN’s legal counsel, or others regarding the meaning of the preservation request.” (Federal Bureau of Investigation, 9/2/2016)

Shortly After March 10, 2015 or Later: An employee of the company managing Clinton’s server comments that company employees are seeking to “cover our asses” due to news that Clinton’s emails were deleted.

In September 2016, a New York Post article will reveal details of a number of emails between Platte River Networks (PRN) employees, the company managing Clinton’s private server since June 2013.

In it, the Post will mention that PRN employees “frantically sought to ‘cover our asses’ when news broke that [Clinton’s] communications were deleted.” Unfortunately, the article won’t mention which PRN employee wrote the “cover our asses” quote or when that email was sent. (The New York Post, 9/18/2016)

However, the revelation that over 30,000 of Clinton’s emails were deleted occcurs in public comments by Clinton on March 10, 2015, so it seems probable the email is from shortly after that date, although this is not certain. The timing could be important, because the emails won’t actually be deleted from Clinton’s private server by PRN employee Paul Combetta until around March 31, 2015, three weeks after Clinton’s public claim that they were deleted.

March 11, 2015: A State Department inspector general report is released which refutes Clinton’s assertion made one day before.

Tom Blanton (Credit: NSA Archives / George Washington University)

Tom Blanton (Credit: NSA Archives / George Washington University)

On March 10, 2015, Clinton claimed that her decision to use a private email account “for convenience” didn’t interfere with the State Department’s ability to retrieve those emails later. But a March 11, 2015 inspector general report highlights how poorly the department has permanently archived emails. 

For instance, in 2011, only 61,156 department emails out of a billion were formally archived, a rate of far less than one percent. In 2013, the number—41,749—was even lower.

The report suggests that most employees “who did not use record emails as intended [said] they were usually unaware of what types of information should be saved as record emails. The department does not give employees adequate training to distinguish between information that should be preserved as records and information that may be discarded.” Furthermore, “Many interviewees expressed a fear that if participants in a debate knew that their opinions would be permanently recorded or accessible in searches, they would not express their opinions in an uninhibited manner.” (Politico, 3/11/2015)

Tom Blanton, director of the government’s National Security Archive, comments, “Just because [Clinton] sent to people at ‘state.gov’ addresses, it’s not at all a guarantee that it’s been preserved.” Additionally, “When an official leaves office, and most of her direct aides in fact have left the State Department, within 90 days the IT [information technology] folks at State wipe out their accounts unless there’s a special intervention.” (National Public Radio, 3/11/2015)

March 14, 2015: The State Department tips off the Clinton campaign that a New York Times reporter is asking about Clinton’s emails.

Michael Schmidt (Credit: public domain)

Michael Schmidt (Credit: public domain)

Clinton campaign spokesperson Nick Merrill writes in an email to Clinton aides Jennifer Palmieri and Robby Mook: “[The] State [Department] just called to tell me that [New York Times reporter Michael] Schmidt seems to have what appear to be summaries of some of the exchanges in the 300 emails the [House Benghazi] committee has. He shared 2 anecdotes with State, one was an exchange that [Clinton] had with Jake [Sullivan] about some of the media stories following the attacks, the other an exchange that [Clinton] had with [Clinton aide Cheryl Mills] and [Clinton aide] Huma [Abedin] on non-state.gov accounts, but that was later forwarded to a state.gov account. Again, it appears that he does not have the email but that someone, likely from the committee, is slipping him cherry-picked characterizations of the exchanges. I haven’t heard directly from Schmidt yet but will circle back when I do.”

Top Clinton aides Jennifer Palmieri (left), Huma Abedin (center), and Robby Mook attend a campaign rally with Clinton in 2016. (Credit: Brian Snyder / Reuters)

Top Clinton aides Jennifer Palmieri (left), Huma Abedin (center), and Robby Mook attend a campaign rally with Clinton in 2016. (Credit: Brian Snyder / Reuters)

Clinton communications director Jennifer Palmieri replies, “This is no bueno [no good]. This is some kind of bullshit. Adding [Clinton campaign chair] John [Podesta] to this chain. If [Representative Trey] Gowdy is doing selective leaks, we are in very different kind of warfare.” (WikiLeaks, 10/29/2016)

Schmidt broke a March 2, 2015 story that Clinton used a private email account as secretary of state. The State Department gave about 300 emails to the House Benghazi Committee, chaired by Gowdy (R).

Presumably, Palmieri is upset that someone is leaking emails to a reporter, not that the State Department is sharing this information about the leak with the Clinton campaign. The department will later claim it never worked to help Clinton with her email controversy, despite emails such as this one.

The email will be made public by WikiLeaks in October 2016.

March 18, 2015: The DIA’s former chief technology officer says: “I have no doubt in my mind that [Clinton’s server] was penetrated by multiple foreign powers.”

Bob Gourley (Credit: public domain)

Bob Gourley (Credit: public domain)

He adds, “To assume otherwise is to put blinders on.” This is according to Bob Gourley, who was the chief technology officer at the DIA [Defense Intelligence Agency] from 2005 to 2008 and is the founder of Cognitio, a cybersecurity consulting firm. (Bloomberg News, 3/18/2015)

March 18, 2015: Clinton’s private server was not protected against hackers who might impersonate her identity.

A security evaluation of Clinton's server. (Credit: Bloomberg View)

A security evaluation of Clinton’s server. (Credit: Bloomberg View)

Bloomberg News reports, “According to publicly available information, whoever administrated [Clinton’s private server] didn’t enable what’s called a Sender Policy Framework, or SPF, a simple setting that would prevent hackers sending emails that appear to be from clintonemail.com. SPF is a basic and highly recommended security precaution for people who set up their own servers.”

Bob Gourley, who was the chief technology officer at the DIA [Defense Intelligence Agency] and is the founder of his own cybersecurity consulting firm, says: “If [an SPF] was not in use, [hackers] could send an email that looks like it comes from her to, say, the ambassador of France that says, ‘leave the back door open to the residence a package is coming.’ Or a malicious person could send an email to a foreign dignitary meant to cause an international incident or confuse US foreign policy.” This also would have made it easy for hackers to launch “spear phishing” attacks from Clinton’s account. Other government officials could have thought they were getting a real email from Clinton and then be tricked into having their own accounts breached.

Clinton’s spokesperson claims there is no evidence her account was ever successfully exploited in this manner. But Bloomberg News points out, “The problem with such confidence is that if hackers exploited the SPF vulnerability, Clinton’s office would likely never have known her domain name…was being used surreptitiously.” (Bloomberg News, 3/18/2015)

March 20, 2015: The House Benghazi Committee formally requests that Clinton turn over her private email server.

In a letter to Clinton’s lawyer David Kendall, the committee says Clinton should give her server to the State Department’s inspector general or to a neutral party in order to determine which of her emails were work-related and which ones were personal. (The New York Times, 3/20/2015) Several day later, Kendall replies that turning over the server would be pointless since no emails remain on it. (The New York Times, 3/31/2015)

Clinton will keep her server until a copy is given to the FBI in August 2015. It will later be reported that the FBI recovers most if not all of the deleted emails on the server.

March 25, 2015: A conference call precedes the permanent deletion of Clinton’s “personal” emails.

Platte River Networks (PRN), the computer company managing Clinton’s server, holds a conference call with some members of former President Bill Clinton’s staff. This is according to a later FBI report, but the FBI has not revealed who exactly takes part in the conference call or what is discussed.

The four “President Clinton” aides who had access to the private server were from left to right, Justin Cooper, Doug Band, Jon Davidson, and Oscar Flores. (Credit for all photos: public domain)

PRN employee Paul Combetta will later say that in the days just after this call, between March 25 and 31, 2015, he suddenly remembers that he did not make changes to the email retention policy to Clinton’s email account, as one of Clinton’s lawyers (and her former chief of staff) Cheryl Mills requested him to do back in December 2014. He will then proceed to do so, resulting in the permanent deletion of all of Clinton’s emails that had been deemed personal.

PRN only has two employees involved in managing Clinton’s server, so it seems highly likely Combetta takes part in the conference call. (Federal Bureau of Investigation, 9/2/2016)

Between March 25 and 31, 2015: A Platte River Networks employee allegedly deletes all of Clinton’s emails and then wipes them to prevent their recovery, despite apparently having no clear order to do so.

Platte River Networks (PRN) is managing Clinton’s private server, and two PRN employees are occasionally working on it. Around December 2014, PRN employee Paul Combetta was told by one of Clinton’s lawyers (and her former chief of staff) Cheryl Mills to delete all copies of Clinton’s emails off Mills’ computer and the computer of another lawyer working for Clinton, Heather Samuelson. He did so. But he says he was also told by Mills to change the email retention policy on Clinton’s clintonemail.com email account so that Clinton’s unwanted “personal” emails would be deleted after 60 days, and he forgot to do that.

Combetta will be interviewed by the FBI on February 18, 2016. At that time, he will say that after a conference call between PRN and the staff of former President Bill Clinton on March 25, 2015, roughly between March 25 and 31, 2015, he will realize he forgot to make the change, but then will tell the FBI that he didn’t do anything about it.

However, Combetta will be interviewed by the FBI again on May 3, 2016, and his answers will change. This time, he will say he had what told the FBI was “an ‘oh shit’ moment.” Then, sometime between March 25 and 31, 2015, he deleted the Clinton archive mailbox from Clinton’s server. Furthermore, he used BleachBit to delete the exported .pst files he had created on the server system containing Clinton’s emails.

150326PlatteMontage

There are six employees leading PRN in 2015. From left to right they are Brent Allshouse, David DeCamillis, Treve Suavo, Sam Hickler, Craig Papke, and Dave Robinson (not pictured). (Credit: Linked In and Platte River Networks)

An FBI report will explain, “BleachBit is open source software that allows users to ‘shred’ files,” as well as other functions. “BleachBit’s ‘shred files’ function claims to securely erase files by overwriting data to make the data unrecoverable.”

Additionally, the FBI investigation will later find “evidence of these deletions and determined the Datto backups of the [Clinton’s] server were also manually deleted during this timeframe.” However, the FBI will not mention if they figured out who deleted the Datto back-ups, whether it is Combetta or someone else.

150326BleachBitSystemCleaner1.8

BleachBit System Cleaner 1.8 (Credit: BleachBit)

Note that Combetta was only asked by Mills to change the deletion policy on Clinton’s account, which would have deleted only her “personal” emails 60 days later. He actually immediately deleted all of her emails, including her work-related ones, and then used a program to make their later recovery impossible. It is not clear if anyone told him to do this, and if so who, or if he did it on his own.

Furthermore, Combetta took these actions even though Mills sent him (and others at PRN) an email on March 9, 2015, which mentioned how the House Benghazi Committee had requested to Clinton’s lawyers that all of Clinton’s emails should be preserved. In his first FBI interview, he will deny being aware of this. But in his second FBI interview, according to the FBI, at the time he made the deletions, “he was aware of the existence of the preservation request and the fact that it meant he should not disturb Clinton’s email data on [Clinton’s] server.” (Federal Bureau of Investigation, 9/2/2016)

March 27, 2015: Blumenthal sent Clinton intelligence apparently based on NSA wiretapping of top European leaders.

Angela Merkel (Credit: The Associated Press)

Angela Merkel (Credit: The Associated Press)

Gawker reveals that Sid Blumenthal’s emails to Clinton appear to contain information from highly classified NSA intercepts of German Prime Minister Angela Merkel. It is not stated when, but one of Blumenthal’s emails details conversations between Merkel and her finance minister Wolfgang Schäuble about French President Francois Hollande (who was elected in 2012). Blumenthal marked the email with a warning: “THIS INFORMATION COMES FROM AN EXTREMELY SENSITIVE SOURCE.” (Gawker, 3/27/2015) 

In 2013, whistleblower Edward Snowden revealed that the NSA had tapped Merkel’s phone for many years. In July 2015, it will be revealed that the phones of Germany’s ministers were tapped by the NSA as well. (The Guardian, 7/1/2015) It is not clear how Blumenthal gets such intelligence, since he is a private citizen with no security clearance at the time.

March 27, 2015: It is unclear if Clinton still has copies of her deleted emails.

Clinton speaks during a news conference in New York, March 10, 2015. (Credit: Mike Segar / Reuters)

Clinton speaks during a news conference in New York, March 10, 2015. (Credit: Mike Segar / Reuters)

The New York Times reports that while it is known Clinton deleted over 31,000 emails from her server due to alleged personal content, it is unknown if she still retains copies of them elsewhere. “At a news conference this month, Mrs. Clinton appeared to provide two answers about whether she still had copies of her emails. First, she said that she ‘chose not to keep’ her private personal emails after her lawyers had examined the account and determined on their own which ones were personal and which were State Department records. But later, she said that the [contents of the] server… ‘will remain private.’” (The New York Times, 3/27/2015)

Around Late March 2015: An Internet cloud back-up of Clinton’s server is deleted at this time, despite the company managing the server seemingly not knowing the cloud copy exists.

On November 19, 2015, an unnamed Datto executive will be interviewed by the FBI. Datto had provided back-up service and equipment to Platte Rivers Networks (PRN) when PRN was managing Clinton’s private server from June 2013 onwards. It will later be reported that in early August 2015, PRN employees discovered that in addition to a Datto back-up device attached to Clinton’s server, Datto had been also backing up Clinton’s server to the Internet “cloud.” Some internal PRN emails from early August 2015 show some employees acting surprised after being told about this.

A graphic of Datto's cloud structure. (Credit: Datto, Inc.)

A graphic of Datto’s cloud structure. (Credit: Datto, Inc.)

However, according to a later FBI summary of the Datto executive’s interview, he said that PRN must have known about the cloud back-up all along. “As evidence, [he] stated the partner portal, that PRN had log-in credentials to, had a feature displaying backed-up data an options to ‘delete cloud’ or ‘delete local.’ [He] stated PN would have seen their back-ups under ‘delete cloud.'”

More crucially, during the interview, the FBI will show him a Datto document “indicating email records were manually deleted from the Datto secure cloud back-ups of the [Clinton] server in March 2015.” He then will tell the FBI that it couldn’t have been a Datto employee who made the deletions, because there would have been a work ticket created showing that. Furthermore, IP addresses associated with the deletions indicate that someone from PRN must have done it, although PRN had a shared account so it can’t be proven who exactly made the deletions. (Federal Bureau of Investigation, 10/17/2016)

A Datto letter sent to the FBI in October 2015 will indicate that Datto technical experts reviewed administrative files and discovered through the device’s Internet interface that a series of deletions took place on the device on March 31, 2015, between 11:27 a.m. and 12:41 a.m. Furthermore, a much greater amount of data had been “deleted automatically based on the local device’s then-configured pruning parameters.” (US Congress, 9/12/2016) It is unclear if this refers to data deleted from the local Datto device or the Internet cloud back-up.

Although it is unknown who made these deletions, in a May 2016 FBI interview, PRN employee Paul Combetta will confess to deleting all of Clinton’s emails on her server as well as the Datto back-up device in precisely this time period, between March 25, 2015 and March 31, 2015.

March 31, 2015: A Platte River Networks employee talks to two of Clinton’s lawyers shortly after deleting and wiping all of Clinton’s emails from her server.

Platte River Networks (PRN) is a computer company managing Clinton’s private server. PRN employee Paul Combetta will later admit to the FBI that he deleted all of Clinton’s emails from her server and then used the computer program BleachBit to permanently eliminate the emails. This is despite the fact that he claims he had only been told by one of Clinton’s lawyers (and her former chief of staff) Cheryl Mills back in December 2014 to change the email retention policy on Clinton’s account.

On March 25, 2015, there was a conference call between PRN employees and members of former President Bill Clinton’s personal staff. On March 31, 2015, there is another conference call. Combetta will later say he made the deletions at some point between the two calls.

Details about the second call are murky because the FBI only discovered it took place due to discovering a PRN work ticket about it. The ticket mentions PRN employees talking to Clinton’s personal lawyer David Kendall as well as her lawyer Mills. But when Combetta was asked about it, according to the FBI, “PRN’s attorney advised [him] not to comment on the conversation with Kendall, based upon the assertion of the attorney-client privilege.”

In 2016, Mills will be interviewed by the FBI. She will state that she was unaware that Combetta made such deletions and modifications in March 2015. This presumably would mean they were not discussed in the second conference call, or any time after that. Clinton will also be interviewed in 2016, and she will also claim she was unaware of the March 2015 email deletions. (Federal Bureau of Investigation, 9/2/2016)

April 12, 2015: Hillary Clinton launches her second presidential campaign.

Clinton launches her 2016 presidential campaign with a YouTube video on April 12, 2015. (Credit: CNN)

Clinton launches her 2016 presidential campaign with a YouTube video on April 12, 2015. (Credit: CNN)

She narrowly lost the Democratic nomination to Barack Obama in 2008. Due to her long and prominent political career, she immediately establishes herself as the frontrunner in the race for the Democratic nomination. (The New York Times, 4/13/2015) 

She resigns from the board of directors of the Clinton Foundation on the same day to avoid conflict of interest issues. (Politico, 4/12/2015)

April 15, 2015: A computer expert privately advises the Clinton campaign to hire a company to investigate if Clinton’s private server was hacked.

Barbara Simons (Credit: public domain)

Barbara Simons (Credit: public domain)

Barbara Simons, a renowned computer expert, writes Clinton campaign chair John Podesta in an email, “I am following up on our very brief discussion, held as you were leaving the DA meeting, about Hillary Clinton’s emails.  I’ve included a summary of the issues and a precautionary step that I think should be taken.”

Simons attaches a short document to the email, which is entitled, “Hillary Clinton’s emails and what to do about them.” In it, she writes, “I believe that this is a more serious situation than perhaps Secretary Clinton and her aides realize. … There is a very real risk that the system was broken into, possibly by Republican operatives (or China or some other country or organization).  If this has happened and if there is anything that might appear problematic in those emails, whether or not it actually is, the relevant emails might be released to the press shortly before the election.  Even if the system was not broken into, there is the threat that opponents might release forged emails that are difficult to impossible to distinguish from real ones.”

Jeremy Epstein a program manager with I2O, took his official photo on March 8, 2016 at DARPA in Arlington, Va. (Photo By: Sun L. Vega)

Jeremy Epstein (Credit: Sun L. Vega)

As a result, she and a prominent computer security expert Jeremy Epstein suggest that the Clinton campaign hire a cybersecurity company called Mandiant. They are said to be competent and discrete in dealing with major corporate hacks. They will try to determine if Clinton’s private server was hacked. However, Simons notes that “if nothing serious is uncovered by a forensics examination, that does not prove that nothing happened.  Regrettably, the absence of proof of a break-in is not proof of the absence of a break-in.” (WikiLeaks, 10/23/2016)

Whatever reply Podesta gives is unknown. It is also unknown if Mandiant or any other company is ever hired. However, the FBI’s Clinton email investigation final report will make no mention of any evidence of such a forensic examination.

Early May 2015—Early July 2015: Patrick Kennedy and other State Department officials allegedly attempt to change or remove the classification codes of some Clinton emails to make their release less politically damaging for Clinton.

An unnamed State Department official who worked in the Office of Information Programs and Services (IPS) will be interviewed by the FBI on August 17, 2015. She will claim there was a deliberate effort to change some Clinton emails bearing the “B(1)” code, which classifies information due to “national security,” to the “B(5)” code, which classifies information mostly due to “interagency or intra-agency communications.”

This person “believed there was interference with the formal [Freedom of Information Act] FOIA review process. Specifically, [the State Department’s] Near East Affairs Bureau upgraded several of Clinton’s emails to a classified level with a B(1) release exemption. [Redacted] along with [redacted] attorney, Office of Legal Counsel called State’s Near East Affairs Bureau and told them they could use a B(5) exemption on an upgraded email to protect it instead of the B(1) exemption.”

Under Secretary of State Patrick Kennedy (Credit: Brendan Hoffman / Getty Images)

Under Secretary of State Patrick Kennedy (Credit: Brendan Hoffman / Getty Images)

The interviewee reported in early May 2015 that Under Secretary for Management Patrick Kennedy “held a closed-door meeting with [redacted]  and [redacted] [Justice Department’s] Office of Information Programs where Kennedy pointedly asked [redacted] to change the FBI’s classification determination regarding one of Clinton’s emails, which the FBI considered classified. The email was related to FBI counter-terrorism operations.” (Federal Bureau of Investigation, 9/23/2016)

In October 2016, Fox News will report, “This appears to be one of two emails that kick-started the FBI [Clinton email investigation] in the summer of 2015.” (Fox News, 10/6/2016) The email in question was sent on November 18, 2012 by department official Bill Roebuck and forwarded to Clinton by her aide Jake Sullivan. If Kennedy tried to change the classified code on this email he must have failed, because when the email is published on May 22, 2015, it is classified at the “secret” level (the medium level below “top secret”) due to a section using the B(1) code. (US Department of State, 5/22/2015)

However, classification codes may be changed on other emails. On August 26, 2015, Fox News will report that “Kennedy, who was deeply involved in the Benghazi controversy, is running interference on the classified email controversy on Capitol Hill. Two sources confirmed that Kennedy went to Capitol Hill in early July [2015] and argued [the November 18, 2012] email from Clinton aide Jake Sullivan [plus one other email] did not contain classified material. … One participant found it odd Kennedy insisted on having the discussion in a secure facility for classified information, known as a SCIF,” although Kennedy claimed the two emails were unclassified. (Fox News, 8/26/2015)

Then, on September 1, 2015, Fox News will report that “At least four classified Hillary Clinton emails had their markings changed to a category that shields the content from Congress and the public… in what State Department whistleblowers believed to be an effort to hide the true extent of classified information on the former secretary of state’s server. The changes, which came to light after the first tranche of 296 Benghazi emails was released in May [2015], was confirmed by two sources — one congressional, the other intelligence. The four emails originally were marked classified after a review by career officials at the State Department. But after a second review by the department’s legal office, the designation was switched to ‘B5’…”

Kate Duval (Credit: LinkedIn)

Kate Duval (Credit: LinkedIn)

One of the lawyers in the office where the changes are made is Kate Duval, who once worked for Williams & Connolly, the same law firm as Clinton’s personal lawyer David Kendall.  Duval also served as an attorney and advisor in the Obama Administration on oversight issues and high-profile investigations, most recently at the Department of State and, before that, as Counselor to the Commissioner of the Internal Revenue Service. There are internal department complaints that Duval, and a second lawyer also linked to Kendall, “gave at the very least the appearance of a conflict of interest during the email review. A State Department spokesman did not dispute the basic facts of the incident, confirming to Fox News the disagreement over the four classified emails as well as the internal complaints. But the spokesman said the concerns were unfounded.” (Fox News, 9/1/2015)

Kennedy will also be interviewed by the FBI on December 21, 2015. Redactions will make the interview summary difficult to follow, but apparently he will be asked about these accusations. He will say that while the official who accused him “says it like it is” and has “no fear of telling truth to power,” he “categorically rejected” the allegations of classified code tampering. (Federal Bureau of Investigation, 9/23/2016)

May 15, 2015: Former Deputy CIA Director Michael Morrell says he believes some foreign intelligence agencies possess the contents of Clinton’s private email server.

Deputy CIA Director Michael Morrell (Credit: Time)

Deputy CIA Director Michael Morrell (Credit: Time)

He says, “I think that foreign intelligence services, the good ones, have everything on any unclassified network that the government uses.” (Politico, 5/15/2015) Morrell was acting CIA director twice under President Obama before retiring in 2013.