Democrat Bill Clinton is the president of the US for eight years and his wife Hillary Clinton is the first lady.
Home video footage from a private fundraiser shows Senator Clinton talking about how she has deliberately avoided using email so she wouldn’t leave a paper trail. “As much as I’ve been investigated and all of that, you know, why would I? I don’t even want… Why would I ever want to do email? Can you imagine?”
The State Department decrees that “sensitive but unclassified” information should not be transmitted through personal email accounts. It also states, “It is the Department’s general policy that normal day-to-day operations be conducted on an authorized [government server], which has the proper level of security control to provide nonrepudiation, authentication, and encryption, to ensure confidentiality, integrity, and availability of the resident information.” (US Department of State, 1/12/2016) (The Washington Post, 3/10/2015)
The department’s regulations also require that “Departing officials must ensure that all record material that they possess is incorporated in the Department’s official files and that all file searches for which they have been tasked have been completed, such as those required to respond to FOIA [Freedom of Information Act], Congressional, or litigation-related document requests. Fines, imprisonment, or both may be imposed for the willful and unlawful removal or destruction of records as stated in the US Criminal Code (e.g., 18 U.S.C., section 2071).” (US Department of State, 8/17/2007)
A Congressional oversight committee investigates allegations that the White House fired US attorneys for political reasons. The committee asks Bush officials to turn over relevant emails, only to find that government work had been conducted on private email addresses. Millions of emails are deleted and permanently lost, preventing the committee from continuing their investigation. Bush officials use email accounts associated with a private gwb43.com server owned and controlled by the RNC [Republican National Committee], which is a private political entity not covered by government oversight laws. (The Washington Post, 3/27/2007) (Vox, 3/2/2015)
In 2015, shortly after Clinton’s use of a private email address will be revealed, Vox will comment, “That [Bush administration email] scandal unfolded well into the final year of Bush’s presidency, then overlapped with another email secrecy scandal, over official emails that got improperly logged and then deleted, which itself dragged well into Obama’s first year in office. There is simply no way that, when Clinton decided to use her personal email address as secretary of state, she was unaware of the national scandal that Bush officials had created by doing the same.”
Vox will also note, “Perhaps even more stunning is that the Obama White House, whose top officials were presumably exchanging frequent emails with Clinton, apparently did not insist she adopt an official email account.” (Vox, 3/2/2015)
While campaigning for president, Clinton says, “Our Constitution is being shredded. We know about the secret wiretaps. We know about secret military tribunals, the secret White House email accounts. […] It’s a stunning record of secrecy and corruption, of cronyism run amok.” (ABC News, 3/6/2015) (The Hill, 3/5/2015)
This is a reference to a scandal that became public earlier in the month, where it was found that White House adviser Karl Rove and other officials had used private email accounts and then deleted all their emails before investigators could get them. (Vox, 3/2/2015) (YouTube Video, 6/20/2007)
The National Archives and Records Administration (NARA) issues Bulletin 2008-05, which states that every government email system is supposed to “permit easy and timely retrieval,” and all work emails are supposed to be permanently preserved. Additionally, in the case of a cabinet secretary, permanent records are to be sent to the department’s Records Service Center “at the end of the Secretary’s tenure or sooner if necessary” for safekeeping. (The Washington Post, 3/27/2016)
Instead, an acting inspector with close ties to State Department leadership fills the role. An “inspector general” is an internal watchdog tasked with discovering mismanagement and corruption. The position goes vacant in January 2008. President Obama doesn’t nominate anyone to fill the position for more than four years, making it the longest time any department ever went without a permanent one.
Five months after Clinton leaves office, Obama nominates Steve Linick, who is confirmed as the new permanent inspector general three months later, on September 30, 2013.
In 2015, the Wall Street Journal will write, “The lack of a confirmed inspector general raises questions about oversight of the department under Mr. Obama and Mrs. Clinton. The department has been criticized for its failure to gather and archive the email records of Mrs. Clinton and other officials and for responses to public-record requests that lawmakers and advocacy groups say were insufficient… It isn’t clear whether Mrs. Clinton had any role in the lack of a nomination.”
The acting inspector general during Clinton’s term, Harold Geisel, is banned from taking the job permanently due to conflict of interest rules. Matthew Harris, a professor who researches inspectors general, will later comment, “It’s a convenient way to prevent oversight.” Acting inspectors general “don’t feel empowered; they don’t have the backing of their people. They’re in a position where they could be removed at any moment.”
Representative Ed Royce (R), chair of the House Foreign Affairs Committee, will later suggest, “A permanent IG [inspector general] would have objected to [Clinton’s] efforts to circumvent congressional oversight by keeping her emails off the books.”
The White House has yet to explain why it waited so long to nominate a replacement. (The Wall Street Journal, 3/24/2015)
An IP address associated with the clintonemail.com domain later used by Hillary Clinton is registered to “Eric Hoteham” on this date. The IP address for clintonemail.com, along with others registered in Hoteham’s name, is connected to Bill and Hillary Clinton’s home address in Chappaqua, New York. ABC News will later call Hoteham a “mystery man,” since no one with that name is known to exist.
He may or may not be the same as the similarly named Eric Hothem who worked for Bill Clinton when he was president, was an aide for Hillary Clinton in the early 2000s, and has worked for Citicorp and then JP Morgan since. That person has refused to comment on the matter. (ABC News, 3/5/2015) (ABC News, 3/6/2015)
According to the FBI, around 2007, Justin Cooper purchased an Apple OS X server. Cooper is a personal aide to former President Bill Clinton at the time. On February 1, 2008, the domain names clintonemail.com, wjcoffice.com, and presidentclinton.com were registered, but apparently the server that uses them won’t be operational until a few months later. The server is physically located in a house in Chappaqua, New York, where Bill and Hillary Clinton live.
The server consists of an Apple Power Macintosh G4 or G5 tower and an HP printer. According to Cooper, around June 2008, an Apple employee installs the server in the basement of the Chappaqua house. Cooper is the only person with administrative access to the server. However, the Clinton family and their house staff have physical access to it.
Hillary Clinton uses her att.blackberry.net email account as her primary email address until around mid-to-late January 2009 when she will switch to a newly created email@example.com account hosted on this server. (Federal Bureau of Investigation, 9/2/2016)
Obama will win the general election in November 2008 and make Clinton his secretary of state shortly thereafter. (ABC News, 6/7/2008)
At some unknown point after Clinton ends her presidential campaign on June 7, 2008, Bryan Pagliano is tasked as the lead specialist to take care of the new private email server in Bill and Hillary Clinton’s Chappaqua, New York, house. He will keep the job until mid-2013. Pagliano worked as the IT (information technology) director for Hillary Clinton’s 2008 presidential campaign.
He is paid by Clinton’s Senate leadership PAC (political action committee) through April 2009, then starts working for the State Department a month later. (The Washington Post, 8/4/2015)
Clinton wants to hire Sid Blumenthal as an official national security adviser in the State Department. Blumenthal had worked in President Bill Clinton’s White House in the 1990s, then had been a journalist, then joined Clinton’s presidential campaign as a senior adviser in 2007. However, Obama bans him from any government job.
According to a 2015 Politico article, “Obama aides were convinced that Blumenthal spread false personal and policy rumors about Obama during the battle between Clinton and Obama for the Democratic nomination.” When Clinton is asked in 2015 if the White House banned her from hiring Blumenthal, she won’t dispute it. (Politico, 10/22/2015) (Politico, 1/8/2016)
Blumenthal will soon get a full-time job at the Clinton Foundation with a $120,000 a year salary. For the duration of Clinton’s time as secretary of state, he will frequently email her intelligence information that he will later claim came from Tyler Drumheller, a CIA agent until 2005. (Politico, 5/28/2015)
Sid Blumenthal is paid about $120,000 a year as a full-time employee of the Clinton Foundation. He gets the job in early 2009 at the behest of former President Bill Clinton, who employed him in the White House in the 1990s. He keeps the job until March 2015, the same month that the Clinton email scandal first becomes news.
Blumenthal is a longtime friend of Bill and Hillary Clinton, and a journalist. He appears to have been a private citizen without a security clearance since the 1990s. Yet for the duration of Clinton’s time as secretary of state, and while he is being paid by the Clinton Foundation, he frequently emails her with intelligence information and advice. His foundation job doesn’t seem to have anything to do with any of the foundation’s charitable works.
According to Politico, “While Blumenthal’s foundation job focused on highlighting the legacy of [Bill] Clinton’s presidency, some officials at the charity questioned his value and grumbled that his hiring was a favor from the Clintons, according to people familiar with the foundation.”
In 2011, Blumenthal has a business relationship with two companies, Osprey Global Solutions and Constellations Group, trying to get government contracts to assist US-supported rebels in Libya that year.
After March 2015, Blumenthal will be a paid consultant to American Bridge and Media Matters, two groups supporting Clinton’s presidential campaign that are run by David Brock, an ally of both Clinton and Blumenthal. Politico will later comment, “Blumenthal’s concurrent work for the foundation, the Brock groups, and a pair of businesses seeking potentially lucrative contracts in Libya underscores the blurred lines between her State Department work and that of her family’s charitable and political enterprises.” (Politico, 5/28/2015)
Just prior to Hillary Clinton’s Senate confirmation hearing for secretary of state, Justin Cooper registers three email domains for Hillary Clinton at her Chappaqua, New York, address. One domain, clintonemail.com, will be used for all of Clinton’s emails for at least the next five years. (The Washington Post, 3/10/2015) (The New York Times, 8/8/2015)
Cooper is a long-time personal assistant to Bill Clinton. However, he has “no security clearance and no particular expertise in safeguarding computers, according to three people briefed on the server setup.” (The Washington Post, 8/4/2015)
He had been elected on November 6, 2008. He will win reelection in 2012.
Shortly Before January 21, 2009: In an email exchange shortly before Clinton becomes secretary of state, records officials within the Bureau of Administration wonder if there is an electronic method that could be used to capture her emails because they are “not comfortable” advising the new administration to print and file email records. (US Department of State, 5/25/2016)
She resigns as senator from New York at the same time. She was confirmed by the Senate earlier the same day.
She will serve for all of President Obama’s first term, until February 2013. (The Washington Post, 3/10/2015)
Her server was installed in her house in Chappaqua, New York, and it continues to reside there. Her IT [Information Technology] expert Bryan Pagliano has been in charge of running it since 2008 as well, and continues to do so.
Yet the Washington Post will later report, “Four computer-security specialists interviewed by the Post said that such a system could be made reasonably secure but that it would need constant monitoring by people trained to look for irregularities in the server’s logs.”
One of the specialists will comment, “For data of this sensitivity… we would need at a minimum a small team to do monitoring and hardening.” (The Washington Post, 3/27/2016)
The New York Times will later note, “There appears to have been no prohibition on the exclusive use of a private server; it does not appear to be an option anyone had thought about.” (The New York Times, 8/8/2015) But the State Department requires that computers be officially certified as secure, and no evidence has emerged that Clinton’s server was given such a certification.
Additionally, the department’s Foreign Affairs Manual (FAM) states, “Only department-issued or approved systems are authorized to connect to department enterprise networks.” (US Department of State)
One reason Clinton might want to use a private server is that the State Department computer systems at the time are widely considered inadequate and frustrating. One result of using a private server is that only a small fraction of emails used on the department’s systems will be permanently archived. (The New York Times, 8/8/2015)
According to a September 2015 letter from Julia Frifield, the department’s assistant secretary of state for legislative affairs, “Secretary Clinton did not use a classified email account at the State Department. An account was set up on ClassNet on her calendar, but it was not used.”
ClassNet involves State Department workstations designed to allow employees to view classified information. (The Daily Caller, 2/23/2016)
In 2015, Clinton’s website will address how she read classified information: “The Secretary’s office was located in a secure area. Classified information was viewed in hard copy by Clinton while in the office. While on travel, the State Department had rigorous protocols for her and traveling staff to receive and transmit information of all types.” (Hillaryclinton.com, 7/13/2015)
This is according to a September 2016 FBI report. The report indicates that Clinton and her immediate staff were repeatedly “notified of foreign travel risks and were warned that digital threats began immediately upon landing in a foreign country, since connection of a mobile device to a local network provides opportunities for foreign adversaries to intercept voice and email transmissions.”
Additionally, the State Department has a Mobile Communications Team responsible for establishing secure mobile voice and data communications for Clinton and her team wherever they travel. But even so, Clinton and her staff frequently use their private and unsecure mobile devices and private email accounts while overseas.
The number of Clinton emails sent or received outside the US will be redacted in the FBI report. Although it will mention that “hundreds” were classified at the “confidential” level, additional details are redacted. Nearly all mentions of “top secret” emails are redacted in the report, so it’s impossible to know if any of those are sent while Clinton is overseas.
The report will mention that some emails between Clinton and President Obama are sent while Clinton is overseas. However, the exact number will be redacted. None of these overseas emails between them will be deemed to contain classified information. According to the report, “Clinton told the FBI that she received no particular guidance as to how she should use President Obama’s email address…”
The details of the FBI’s report on Clinton’s July 2016 FBI interview will indicate that Clinton emailed Obama on July 1, 2012 from Russia. However, it is not clear if she sent the email from on the ground or on a plane. (Federal Bureau of Investigation, 9/2/2016)
In March 2015, after it becomes public knowledge that Clinton exclusively used a private email account for all her email usage, she will claim she did this for “convenience,” so she wouldn’t have to carry two personal devices at once.
However, the FBI will later determine that Clinton actually used in succession 11 email-capable BlackBerrys while secretary of state. She uses two more BlackBerrys with the same phone number after her tenure is over. The FBI will not be able to obtain any of the BlackBerrys to examine them.
The FBI will later identify five iPad devices associated with Clinton which might have been used by Clinton to send emails. The FBI will later obtain three of the iPads. They will only examine two, because one was a gift that Clinton gave away as soon as she purchased it.
Clinton aide Monica Hanley often buys replacement BlackBerrys for Clinton from AT&T stores. Justin Cooper, a Bill Clinton aide who helps run Clinton’s private server, usually sets up the new devices and then syncs them to the server so she can access her email inbox. According to an FBI interview with Clinton aide Huma Abedin, “it was not uncommon for Clinton to use a new BlackBerry for a few days and then immediately switch it out for an older version with which she was more familiar.” (Federal Bureau of Investigation, 9/2/2016)
During this time, Clinton and her aides exchange emails discussing “North Korea, Mexico, Afghanistan, military advisers, CIA operations and a briefing for Obama.” Some of the emails will later be redacted, including one written to Clinton about Afghanistan President Hamid Karzai.
In late March, top aide Jake Sullivan emails Clinton a draft of a confidential report she is to make to President Obama. “Attached is a draft of your Mexico trip report to [Obama],” the email states. (The Washington Post, 3/27/2016)
During these two months, Clinton travels to Belgium, Switzerland, Egypt, Israel, Palestine, Turkey, Mexico, Japan, Indonesia, South Korea, and China. Her emails would have almost no defense against eavesdropping by foreign intelligence and hackers during all those trips.
Furthermore, some intelligence agencies are known to attempt eavesdropping around this time. For instance, at a world leader summit in April 2009, British intelligence sets up fake Internet in the hope that government ministers and their staff will use them so their communications can be intercepted. (ComputerWorld, 3/11/2015)
A September 2016 FBI report will determine that “Clinton’s clintonemail.com email traffic was potentially vulnerable to compromise when she first began using her personal account in January 2009. It was not until late March 2009… that access to the server was afforded an added layer of security.” (Federal Bureau of Investigation, 9/2/2016)
There are 62,320 emails sent to or from her firstname.lastname@example.org address, which is an average of 296 a week, or nearly 1,300 a month. Clinton will later claim that roughly half of these (31,830) were private in nature and she will delete them before investigators can look at them.
The Washington Post will later explain, “Most of her emails were routine, including those sent to friends. Some involved the coordination of efforts to bring aid to Haiti by the State Department and her husband’s New York-based Clinton Foundation—notes that mixed government and family business, the emails show. Others involved classified matters. State Department and Intelligence Community officials have determined that 2,093 email chains contained classified information. Most of the classified emails have been labeled as ‘confidential,’ the lowest level of classification. Clinton herself authored 104 emails that contained classified material, a Post analysis later found.” (The Washington Post, 3/27/2016)
Twenty-two of her emails will later be determined to be classified “top secret” or even higher than top secret in some cases, due to the mention of highly secretive Secret Access Programs (SAP). (The New York Times, 1/29/2016)
She is said to be addicted to checking her email on her BlackBerry, but security officials refuse to let her take her BlackBerry into her office. Early in her tenure, security officials offer to install a secure computer with Internet access in her office to allow her to check email, but she doesn’t want it and never gets one.
In 2015, an unnamed senior NSA official will recall the conflict after retiring: “It was the usual Clinton prima donna stuff, the whole ‘rules are for other people’ act that I remembered from the ′90s. […] What did she not want put on a government system, where security people might see it? […] I wonder now, and I sure wish I’d asked about it back in 2009.”
Former NSA counterintelligence officer John Schindler will later comment, “Why Ms. Clinton would not simply check her personal email on an office computer, like every other government employee less senior than the president, seems a germane question, given what a major scandal email-gate turned out to be.” (The New York Observer, 3/18/2016)
That is an average of about one email every other day for Clinton’s four years as secretary of state. Blumenthal is a journalist, long-time Clinton confidant, and Clinton Foundation employee. But he is also a private citizen with no security clearance, so his emails are never vetted by US intelligence.
In 2015, The New York Times will report that Clinton “took Mr. Blumenthal’s advice seriously, forwarding his memos to senior diplomatic officials in Libya and Washington and at times asking them to respond. Mrs. Clinton continued to pass around his memos even after other senior diplomats concluded that Mr. Blumenthal’s assessments were often unreliable.” Furthermore, his “involvement was more wide-ranging and more complicated than previously known, embodying the blurry lines between business, politics, and philanthropy that have enriched and vexed the Clintons and their inner circle for years.”
Many of Blumenthal’s emails discuss Libya, which becomes a political hot spot due to a civil war in 2011. At the same time, he gets involved with business associates wanting to win contracts from what will become the new Libyan government. Clinton’s State Department would have to give permits for the contracts, but the business plans fall apart before Blumenthal and his partners can seek official approval.
Most of his intelligence appears to come from one of his partners, Tyler Drumheller, who was a CIA official until 2005. It’s not clear where Drumheller gets his information from. Various officials express skepticism about his emails, as they were sometimes based on false rumors. But Clinton continues to encourage Blumenthal with occasional email replies like “Useful insight” or “We should get this around ASAP.” The Times will note that “Blumenthal’s direct line to Mrs. Clinton circumvented the elaborate procedures established by the federal government to ensure that high-level officials are provided with vetted assessments of available intelligence.”
Former CIA official Paul Pillar will later comment that Blumenthal’s sourcing “is pretty sloppy, in a way that would never pass muster if it were the work of a reports officer at a US intelligence agency.” (The New York Times, 5/18/2015) (WikiLeaks, 1/16/2016)
According to a May 2016 State Department inspector general’s report, department employees often ask the department’s Information Resources Management (IRM) office for permission to use nondepartmental computer systems for work purposes, such as using outside video conferencing systems or file sharing software.
But these requests are typically denied. For instance, in 2012, a request is submitted to use an Internet-based teleconference service. But the IRM denies this request, citing regulations that normal day-to-day operations need to be conducted on authorized computer systems.
The IRM further notes that the department “expect[s] employees to use the tools provided by the department to protect sensitive information from unauthorized access or disclosure.”
However, Clinton is never warned not to use a personal email account and personal server for her day-to-day communications, despite some top department officials knowing that she does this. (US Department of State, 5/25/2016)
State Department officials regularly mark some information as “sensitive but unclassified” (SBU), and there are special rules to deal with this.
Foreign Affairs Manual (FAM) rules state that anyone regularly transmitting SBU information outside the department’s OpenNet computer network needs to request a solution from the department’s security officials. Clinton never does this, even though she frequently sends and receives emails marked SBU.
Furthermore, rules require special safeguards for transmitting SBU information on a mobile device. Clinton never does that either. (US Department of State, 5/25/2016)
All State Department employees are required to receive regular security training through a briefing at least once a year. It is not clear how or why Clinton will miss her briefing in the next three years. At the end of the briefing she does attend, she signs a document acknowledging her understanding of what she has been told. This is according to State Department documents that will be released to the Daily Caller in 2016 due to a Freedom of Information Act (FOIA) request.
State Department spokesperson Mark Toner will later tell reporters, “It’s my understanding that the secretary of state, everybody in this building, would receive that type of training and awareness. We all have to undergo through that. It’s considered mandatory.”
Former senior intelligence officer Colonel James M. Waurishuk will comment, “Who decided she would only get that one-time briefing? That almost sounds as if it’s a culture issue within her organization. I can’t imagine what went through her mind. There’s no excuse.” (The Daily Caller, 3/24/2016)
The very first paragraph of the “Classified Information Nondisclosure Agreement” she signs states, “As used in this Agreement, classified Information is marked or unmarked classified Information.”
According to Executive Order 12958, which is in effect at the time, since she is the secretary of state, she is given the authority to classify or declassify any State Department information she wants. However, as part of her nondisclosure agreement (NDA), she has the legal responsibility to identify and safeguard any classified information originating from other government agencies, whether that information is marked classified or not. (The Washington Post, 2/4/2016) (US Department of State, 11/5/2015)
This is one of two NDAs Clinton signs on this day.
Clinton emails former Secretary of State Colin Powell two days after she is sworn in as secretary of state, and asks about his use of a BlackBerry while he was secretary of state from January 2001 to January 2005. A full copy of the email will be released on September 7, 2016.
Clinton writes: “I hope to catch up soon [with] you, but I have one pressing question which only you can answer! What were the restrictions on your use of your BlackBerry? Did you use it in your personal office? I’ve been told that the DSS [Diplomatic Security] personnel knew you had one and used it but no one fesses up to knowing how you used it! President Obama has struck a blow for Berry addicts like us. I just have to figure out how to bring along the State Dept. Any and all advice is welcome.”
Powell replies to Clinton, “I didn’t have a BlackBerry. What I did do was have a personal computer that was hooked up to a private phone line (sounds ancient.) So I could communicate with a wide range of friends directly without it going through the State Department servers. I even used it to do business with some foreign leaders and some of the senior folks in the department on their personal email accounts. I did the same thing on the road in hotels.”
Powell also warns Clinton, “there is a real danger. If it is public that you have a BlackBerry and it is government and you are using it, government or not, to do business, it may beome an official record and subject to the law.” (US Senate, 9/7/2016)
Powell further writes, “Reading about the President’s BB [BlackBerry] rules this morning, it sounds like it won’t be as useful as it used to be.” Powell is referring to a New York Times article published the day before, regarding Obama winning the fight to use a BlackBerry during his presidency. (New York Times, 01/22/09)
Powell further advises Clinton, “Be very careful. I got around it all by not saying much and not using systems that captured the data.”
Clinton emails back the same day, “[I] want to thank you for all the advice about Berries, security, and life on the seventh floor [of State Department headquarters]! I hope we’ll have a chance to visit in person sometime soon.” (US Senate, 9/7/2016)
In a 2016 FBI interview, “Clinton [will indicate] to the FBI that she understood Powell’s comments to mean any work-related communications would be government records, and she stated Powell’s comments did not factor into her decision to use a personal email account.” (Federal Bureau of Investigation, 9/2/2016)
Clinton’s decision to use a private email account on a private server had already been made before this email exchange.
By this time, the National Security Agency (NSA) arranges for President Obama to use a secure, encrypted BlackBerry, allowing him to use it anywhere. Clinton and her top aides want Clinton to have one too.
On this day, Cheryl Mills, Clinton’s chief of staff, asks in a group email, “[H]ow can we get her one?”
Lewis Lukens, Clinton’s logistics chief, responds the same day that he could help set up “a stand-alone PC [personal computer] in the Secretary’s office, connected to the Internet (but not through our system) to enable her to check her emails from her desk.”
Under Secretary of State Patrick Kennedy replies that that is “a great idea.”
But apparently, Clinton insists on using her BlackBerry at all times and never a desktop computer, so no such computer is ever set up. (The Washington Post, 3/27/2016)
Clinton exchanges 19 emails with Army General David Petraeus, who is chief of the US Central Command at the time. The exchange will continue into February 2009.
In 2015, Clinton will claim that she didn’t start using her email account for government work until March 18, 2009. As a result, all the emails she will later hand over to the State Department will be from March 18 or later. These emails have not yet been made public. (The Washington Post, 3/27/2016)
In August 2015, in a sworn deposition to a federal court, Clinton will claim: “I, Hillary Rodham Clinton, declare under penalty of perjury that the following is true and correct: While I do not know what information may be ‘responsive’ for purposes of this law suit, I have directed that all my emails on clintonemail.com in my custody that were or potentially were federal records he provided to the Department of State, and on information and belief, this has been done.” (Judicial Watch, 8/10/2015)
The 19 emails between Clinton and Petraeus from January 2009 will be discovered by the Defense Department in September 2015, one month after Clinton’s sworn deposition. Presumably, they come from Petraeus’ email account. (Reuters, 9/26/2016)
Clinton’s office in State Department headquarters is a SCIF, which means a secure room, and she’s not allowed to bring her BlackBerry into it. Also, Clinton is unwilling to use a computer to check her emails. But around this time, security officials create a space where she can check her BlackBerry.
In 2016, a State Department official will explain, “There is an area dedicated to supporting the secretary outside but in the immediate vicinity of the secretary’s secure office. Secretary Clinton, as with anyone, could use such non-SCIF spaces to check personal devices.” Apparently, Clinton will use this arrangement for her entire four years as secretary of state. (Fox News, 3/16/2016)
Although the National Security Agency (NSA) has set up a secure, encrypted BlackBerry for President Obama, they are not interested in making one for Clinton.
On this day, Donald Reid, the State Department’s senior coordinator for security infrastructure, writes in an email, “The current state of the art is not too user friendly, has no infrastructure at State, and is very expensive.” He adds that “each time we asked the question ‘What was the solution for [President Obama]?’ we were politely told to shut up and color.”
On February 18, 2009, Reid had said in an email, “The issue here is one of personal comfort,” because Clinton and her top aides are “dedicated [BlackBerry] addicts.” (The Washington Post, 3/27/2016)
Donald Reid, the State Department’s senior coordinator for security infrastructure, is working to find a solution that would allow Clinton and her top aides to use BlackBerrys in secure rooms (known as SCIFs).
He explains the problem in a work email after having more meetings about it: “As I had been speculating, the issue here is one of personal comfort. [Clinton] does not use a computer, so our view of someone wedded to their email (why doesn’t she use her desktop when in the SCIF?) doesn’t fit this scenario… during the campaign she was urged to keep in contact with thousands via a BB [BlackBerry]… once she got the hang of it, she was hooked… now every day, she feels hamstrung because she has to lock her BB up… she does go out several times a day to an office they’ve crafted for her outside the SCIF and plays email catch-up. [Clinton’s chief of staff] Cheryl Mills and others who are dedicated BB addicts are frustrated because they too are not near their desktop very often during the working day… at this 2PM meeting Cheryl indicated she last checked her email at 8:30… they are used to having the BB on their hip and staying closely in touch with developments during the day.” (Ars Technica, 3/17/2016)
Joel Brenner, chief of counterintelligence at the Office of the Director of National Intelligence, gives a speech to government officials and urges them to consider what possible attacks could have occurred during a visit to the recent Beijing Olympics. “Your phone or BlackBerry could have been tagged, tracked, monitored and exploited between your disembarking the airplane and reaching the taxi stand at the airport. And when you emailed back home, some or all of the malware may have migrated to your home server. This is not hypothetical.”
Clinton had just returned from a trip to China and other Asian countries.
Although top State Department officials are aware of Brenner’s warning, she takes her BlackBerry on her future overseas trips despite it still not being inspected and secured by department officials. (The Washington Post, 3/27/2016)
Few State Department officials appear to know that Clinton has a private email server in her house.
However, news about her frequent BlackBerry use soon spreads among the Department’s security officials. They are concerned about “Mahogany Row,” the seventh floor offices of Clinton and her top aides.
A decade earlier, Russian spies placed a listening device in a chair on that floor. Since then, on multiple occasions, hackers had breached computers in the State Department and other federal agencies.
State Department security officials are particularly concerned that Clinton’s BlackBerry could be compromised, and they worry that she could be setting a “bad example” for others in the department. They craft a memo that discusses the risks, which will be sent out on March 6. (The Washington Post, 3/27/2016)
Justin Cooper, an aide to former President Bill Clinton, has been working with Bryan Pagliano, who worked as a computer technician on Hillary Clinton’s 2008 presidential campaign, to build a new private server located in the Clintons’ Chappaqua, New York, house. Some time in March 2009, Pagliano and Cooper met at the Chappaqua house to physically install the server and related equipment in a server rack in the basement.
Once the new server is up and running, Pagliano migrates the email data from the old server to the new one. Pagliano will later be interviewed by the FBI, and he will claim that after the migration, no email content should have remained on the old server. He will tell the FBI that he only transferred clintonemail.com email accounts for Clinton aide Huma Abedin and others (whose names will later be redacted), and he was unaware of and did not transfer an email account for Hillary Clinton.
However, Clinton emails using a clintonemail.com domain address start getting sent in January 2009, showing she must had had an account on the old server since that time. Cooper will also later be interviewed by the FBI, and he will say he believed Clinton had a clintonemail.com email account on the old server and Abedin did not. The FBI will be unable to obtain the old server to analyze it, so the dispute has not been fully resolved.
This new server will be used for the rest of Clinton’s term as secretary of state, then will be replaced in 2013. Later in March 2009, the old server is repurposed to serve as a personal computer for household staff at Clinton’s Chappaqua house. (Federal Bureau of Investigation, 9/2/2016)
The Washington Post will later report, “The server was nothing remarkable, the kind of system often used by small businesses, according to people familiar with its configuration at the end of her tenure. It consisted of two off-the-shelf server computers. Both were equipped with antivirus software. They were linked by cable to a local Internet service provider. A firewall was used as protection against hackers.” (The Washington Post, 3/27/2016)
According to the FBI, the new server initially consists of the following equipment: “a Dell PowerEdge 2900 server miming Microsoft Exchange for email hosting and management, a Dell PowerEdge 1950 server miming BlackBerry Enterprise Server (BES) for the management of BlackBerry devices, a Seagate external hard drive to store backups of the Dell PowerEdge 2900 server, a Dell switch, a Cisco firewall, and a power supply.” (Federal Bureau of Investigation, 9/2/2016)
In 2015, Hillary Clinton will say of her server, “It was sitting there in the basement. It was not any trouble at all.” (The Wall Street Journal, 9/27/2015)
On March 6, 2009, Assistant Secretary for Diplomatic Security Eric Boswell emails an internal State Department memo with the subject line “Use of BlackBerrys in Mahogany Row.” (“Mahogany Row” is where the seventh floor offices of Clinton and her top aides are.) The memo states, “Our review reaffirms our belief that the vulnerabilities and risks associated with the use of BlackBerrys in the Mahogany Row [redacted] considerably outweigh the convenience their use can add. … Any unclassified BlackBerry is highly vulnerable in any setting to remotely and covertly monitoring conversations, retrieving emails, and exploiting calendars.”
According to an email by another security official nine days later on March 15, Clinton tells Boswell that she read his memo and “gets it.” That email adds, “Her attention was drawn to the sentence that indicates (Diplomatic Security) have intelligence concerning this vulnerability during her recent trip to Asia.”
However, Clinton continues to use her BlackBerry and private server without any apparent changes. (The Washington Post, 3/27/2016)
The State Department’s telecommunications manager Purcell Lee sends an email that contains the agenda for “Secretary Residential Installation Hotwash.” A “hotwash” is an after-action discussion. An attached file lists the electronic equipment in Clinton’s Chappaqua, New York house. It mentions the recent installation of a phone and fax machine for classified communications. But most crucially, it also mentions the existence of Clinton’s private email server with the comment: “Unclassified Partner System: Server: Basement Telephone Closet.” None of the agenda items refer to the existence of the unauthorized server.
Lee’s email is sent to four other State Department officials: Kevin Wagganer, John Bentel, Andrew Scott, and Bruce Duncan. (US Department of State, 6/20/2016)
Bentel is the director of the department’s bureau of Information Resources Management (IRM). He will later deny having any knowledge of Clinton’s server and some will claim he participated in a cover-up, telling others that she had legal authority to use it when she did not. (Yahoo News, 5/27/2016)
In 2015, Clinton will name this as the date she begins using a private email server and her email account email@example.com for government business. Around this time, she also allegedly stops using an email address she used as a senator: firstname.lastname@example.org, also known as email@example.com (AT&T and Cingular are the same company).
The Wall Street Journal will later report, “Messages from the account she used as a senator [prior to this date] are lost and could not be retrieved, her office said.”
She is said to keep the AT&T account working through September 2009, but she always replies from her clintonemail.com address. (The Wall Street Journal, 9/30/2015) (Buzzfeed, 7/1/2015) However, emails from as early as January 28, 2009 using her new private email address will later be found. (The New York Times, 9/25/2015)
The FBI’s Clinton investigation will later conclude that the FBI “did not recover any information indicating that Clinton sent an email from her firstname.lastname@example.org email after March 18, 2009.” (Federal Bureau of Investigation, 9/2/2016)
This is according to a 2015 independent analysis by Venafi Inc., a cybersecurity firm that specializes in the encryption process. Not until this day does the server receive a “digital certificate” that encrypts and protects communication over the Internet through encryption.
The Washington Post will later report, “It is unknown whether the system had some other way to encrypt the email traffic at the time. Without encryption—a process that scrambles communication for anyone without the correct key—email, attachments and passwords are transmitted in plain text.”
A Venafi official will later comment, “That means that anyone could have accessed it. Anyone.” (The Washington Post, 3/27/2016)
Clinton began sending emails using the server by January 28, 2009, but will later claim she didn’t start using it until March 18, 2009—a two-month gap similar to the two-month gap the server apparently wasn’t properly protected. Apparently, she has not given investigators any of her emails from before March 18. (The New York Times, 9/25/2015)
A 2016 op-ed in the Washington Post will suggest that security concerns during Clinton’s February 2009 trip to Asia could have prompted the use of encryption on her server. (The Washington Post, 4/4/2016)
An FBI report released in September 2016 will confirm that encyption only began in March 2009. It states that “in March 2009, [Bill Clinton aide Justin] Cooper registered a Secure Sockets Layer (SSL) encryption certificate at [Bryan] Pagliano’s direction for added security when users accessed their email from various computers and devices.” (Federal Bureau of Investigation, 9/2/2016)
Abedin, Clinton’s deputy chief of staff, lists steps that include “increasing the number of hooches, and doubling up staff in lodging.” The email adds more details, for instance, “[W]e need to improve the security perimeter – acquiring property adjacent to our current facilities in Kabul, which is now difficult to secure.” In addition to mentioning information that could benefit attackers of the embassies, the email shows that Clinton was briefed on embassy security issues, despite her claim that she did not directly deal with such matters. (Politico, 10/30/2015)
The Washington Post will later report, “Officials in the IT division have told investigators they could not recall previously hiring a political appointee.” Pagliano had worked as the IT director for Clinton’s PAC [political action committee] and also for her presidential campaign, and was paid by the PAC until April 2009. He also provided computer services to the Clinton family. (The Washington Post, 3/27/2016)
Patrick Kennedy, the department’s under secretary for management, oversees the hiring of Pagliano. Pagliano’s new bosses Susan Swart, head of the department’s Bureau of Information Resource Management, and her deputy, Charlie Wisecarver exchange emails expressing confusion and surprise that Kennedy has given them a political employee to work in the IT division. (Reuters, 3/24/2016) His initial salary is $133,000 a year. As a Schedule C political hire, Pagliano is vetted by the State Department’s Office of White House Liaison, where Heather Samuelson holds a top position. Samuelson worked on Clinton’s 2008 presidential campaign, as did Pagliano, and in 2014 she will be one of three Clinton aides who decide which of Clinton’s 60,000 emails will be deleted. (The Daily Caller, 3/3/2016)
According to a later account by Clinton’s legal counsel, Clinton’s computer technician Bryan Pagliano performs “technology services for the Clinton family for which he [is] compensated” by check or wire transfer in varying amounts at various times between 2009 and 2013. Most importantly, he manages her private email server as an outside job, including doing so during his hours for the State Department. However, exactly how much he gets paid is unknown. Other details such as who he directly reports to, who directly pays him, and how many hours a week he works on the task also remain unknown. It appears that Justin Cooper, an assistant to Bill Clinton who does not work in government, sometimes helps manage the server as well. But Cooper’s role is even more unclear. (US Department of State, 5/25/2016)
In May 2009, begins working for the State Department while continuing to be paid by Clinton for managing her private server. However, he does not list his outside income in the required personal financial disclosures he files each year. This continues until his full time department job ends in February 2013, the same month Clinton’s tenure as secretary of state ends. In early 2015, a State Department official will say that the department has “found no evidence that he ever informed the department that he had outside income.” (The Washington Post, 9/5/2015) To lie on such a financial disclosure form is a felony punishable by up to five years in prison. (US Legal Code, 2/24/2012)
During the time Bryan Pagliano works as a political employee in the State Department’s IT [information technology] division starting in May 2009, he continues to secretly manage Clinton’s private email server in her house. The Washington Post will later report, “Three of Pagliano’s supervisors… told investigators they had no idea that Clinton used the basement server or that Pagliano was moonlighting on it.” (The Washington Post, 3/27/2016) However, Pagliano’s two direct supervisors (who apparently are Susan Swart and Charlie Wisecarver) will later tell department investigators that while they were aware Pagliano provided computer assistance to Clinton’s 2008 presidential campaign, they didn’t know he was supporting her server during working hours. They will question how he could do so given that he was supposed to be working full-time for the department. (US Department of State, 5/25/2016) An unnamed colleague in Pagliano’s division will later similarly say that Pagliano’s immediate supervisors didn’t know Clinton’s private server even existed until it was revealed in news reports in 2015. In March 2016, the Reuters will report that both Clinton and the State Department continue to decline “to say who, if anyone, in the government was aware of the email arrangement.” (Reuters, 3/24/2016)
An email is written by Shelby Smith-Wilson, an official in the State Department’s operations center. Parts of it will later be deemed “top secret,” then downgraded to “secret,” the medium classification level. The New York Times will later report, “Although that portion was entirely redacted, one government official familiar with the contents said it described a conference call among senior officials, including Mrs. Clinton, about the ballistic missile test that North Korea conducted that day in violation of United Nations Security Council resolutions.” Smith-Wilson’s initial email is addressed to “Dan,” possibly National Security Council official Dan Russel. It is titled “Summary of 1055 EDT DPRK Conference Call.” (“DPRK” stands for Democratic People’s Republic of [North] Korea.)
It is circulated amongst State Department officials, including Clinton aides Cheryl Mills, Huma Abedin, and Jake Sullivan. Abedin then forwards it to Clinton.
In 2015, the email will be included in a random sample of 40 Clinton emails reviewed by State Department Inspector General Steve Linick. He and Intelligence Community Inspector General Charles McCullough will deem parts of it “top secret.” The National Geospatial-Intelligence Agency will later concur, suggesting it contains intelligence from US spy satellites. But the State Department will disagree, and after months of dispute, in February 2016 the email will be downgraded to “secret,” with parts of it publicly released. Even then, this will be called a “provisional” decision, suggesting the dispute is on-going. (Politico, 2/29/2016) (US Department of State, 2/29/2016)
Clinton confidant Sid Blumenthal sends an email to Clinton and Clinton’s chief of staff Cheryl Mills that is almost entirely later redacted. The subject heading is redacted, and the entire text of the two-page email is redacted except for two words: “Confidential,” and “From.”
However, the spacing of redacted lines indicates the name after the word “From” is redacted due to a code indicating that person secretly works for the DIA (Defense Intelligence Agency), NRO (National Reconnaissance Office), or NGA (National Geospatial-Intelligence Agency). The rest of the text is redacted due to that same code and a code regarding the violation of personal privacy.
Mills then replies to Blumenthal and Clinton, “Is it true that [redacted] would be nominated for Amb [Ambassador]? First I’ve heard about it is this email.” Clinton, Mills, and Blumenthal then send more brief emails to each other relating to a possible ambassador nomination for this person. (US Department of State, 2/26/2016) (US Department of State, 2/29/2016) (US Department of State, 2/29/2016)