March 2009—June 2011: An external hard drive backs up the data on Clinton’s private server, but it is unclear what happens to it or its replacement.

The Seagate Expansion External Hardrive (Credit: Seagate)

The Seagate Expansion External Hard Drive (Credit: Seagate)

When Clinton’s first server is upgraded with a new server in March 2009, a Seagate external hard drive is attached to the server to store back-up copies of all of its data.

Bryan Pagliano, who manages the server at the time, will later tell the FBI that daily changes are backed up onto the hard drive every day, and a complete back-up is made once a week. As space on the hard drive runs out, backups are deleted on a “first in, first out” basis.

This continues until June 2011. That month, Pagliano travels from Washington, DC, where he works in the State Department, and goes to where the server is, in Chappaqua, New York. Pagliano replaces the Seagate external hard drive with a Cisco Network Attached Storage (NAS) device, also to store backups of the server.

The Cisco FS 5500 and 5700 Series Integrated NAS. (Credit: Cisco)

The Cisco FS 5500 and 5700 Series Integrated NAS. (Credit: Cisco)

It is unclear what becomes of either back-up device or the data they contained. The FBI’s September 2016 final report on the Clinton email investigation will only mention: “The FBI was unable to forensically determine how frequently the NAS captured backups of the Pagliano Server.” But the report will also complain about the “FBI’s inability to recover all server equipment,” and there will be no mention of any data recovered from either back-up device. (Federal Bureau of Investigation, 9/2/2016)

Also in September 2016, Justin Cooper, who helped Pagliano manage the server, will be asked about these hard drives at a Congressional hearing. He will say he only heard about them from reading the FBI final report. (He claims he handled customer service while Pagliano handled the technical aspects.)

He will also be asked if FBI agents ever came to the Clinton’s Chappaqua house to seize any equipment. Cooper worked as an aide to Bill Clinton in the house, but he will say he is unaware of the FBI ever coming to the house. (US Congress, 9/13/2016)

March 2009: Clinton’s personal email server is replaced; she will use the new one for the rest of her term as secretary of state.

Justin Cooper, an aide to former President Bill Clinton, has been working with Bryan Pagliano, who worked as a computer technician on Hillary Clinton’s 2008 presidential campaign, to build a new private server located in the Clintons’ Chappaqua, New York, house. Some time in March 2009, Pagliano and Cooper met at the Chappaqua house to physically install the server and related equipment in a server rack in the basement.

Once the new server is up and running, Pagliano migrates the email data from the old server to the new one. Pagliano will later be interviewed by the FBI, and he will claim that after the migration, no email content should have remained on the old server. He will tell the FBI that he only transferred clintonemail.com email accounts for Clinton aide Huma Abedin and others (whose names will later be redacted), and he was unaware of and did not transfer an email account for Hillary Clinton.

However, Clinton emails using a clintonemail.com domain address start getting sent in January 2009, showing she must had had an account on the old server since that time. Cooper will also later be interviewed by the FBI, and he will say he believed Clinton had a clintonemail.com email account on the old server and Abedin did not. The FBI will be unable to obtain the old server to analyze it, so the dispute has not been fully resolved.

130601DellPowerEdge2900public

The Dell Power Edge 2900 (Credit: public domain)

This new server will be used for the rest of Clinton’s term as secretary of state, then will be replaced in 2013. Later in March 2009, the old server is repurposed to serve as a personal computer for household staff at Clinton’s Chappaqua house. (Federal Bureau of Investigation, 9/2/2016)

The Washington Post will later report, “The server was nothing remarkable, the kind of system often used by small businesses, according to people familiar with its configuration at the end of her tenure. It consisted of two off-the-shelf server computers. Both were equipped with antivirus software. They were linked by cable to a local Internet service provider. A firewall was used as protection against hackers.” (The Washington Post, 3/27/2016)

According to the FBI, the new server initially consists of the following equipment: “a Dell PowerEdge 2900 server miming Microsoft Exchange for email hosting and management, a Dell PowerEdge 1950 server miming BlackBerry Enterprise Server (BES) for the management of BlackBerry devices, a Seagate external hard drive to store backups of the Dell PowerEdge 2900 server, a Dell switch, a Cisco firewall, and a power supply.” (Federal Bureau of Investigation, 9/2/2016)

In 2015, Hillary Clinton will say of her server, “It was sitting there in the basement. It was not any trouble at all.” (The Wall Street Journal, 9/27/2015)

March 2009—May 31, 2013: Bryan Pagliano and Justin Cooper jointly manage Clinton’s private server.

160301PaglianoCooperMontage

Bryan Pagliano (left), Justin Cooper (right) (Credit: public domain)

In March 2009, Clinton’s private email server is replaced by a larger one built by her computer technician Pagliano. Cooper had been the only person with administrative access for the previous server, but now both him and Pagliano have administrative accounts on the new one.

Pagliano handles all software upgrades and general maintenance. He works at the State Department in Washington, DC, and there is only evidence of him going to Chappaqua, New York, to directy work on the server three times: in March 2009, to install the server; in June 2011, to upgrade the equipment; and in January 2012, to fix a hardware issue.

By contrast, in a later FBI interview, Cooper will describe his role as “the customer service face.” He can add users or reset passwords on the email server. He also works at the Chappaqua house as an aide to former President Bill Clinton, so it is much easier for him to physically interact with the server there.

Cooper and Pagliano both handle the selection and purchase of server-related items.

In a later FBI interview, Hillary Clinton will state “she had no knowledge of the hardware, software, or security protocols used to construct and operate the servers. When she experienced technical issues with her email account she contacted Cooper for assistance in resolving those issues.”

The roles of Cooper and Pagliano will be phased out in mid-2013, with the Platte River Networks company winning a contact to manage Clinton’s server on May 31, 2013.

Around Spring 2009: Pagliano is warned that classified information could be sent to Clinton’s private server, but there is no sign he takes action or passes this warning on.

When Clinton’s computer technician Bryan Pagliano is interviewed by the FBI in December 2015, he will recall a conversation with a person whose name is redacted that takes place at the beginning of Clinton’s tenure as secretary of state. According to the FBI, this person “advised he would not be surprised if classified information was being transmitted to Clinton’s personal server.”

Pagliano joins the State Department in May 2009, and he also is the main person to manage problems with the server. But there is no mention of him taking any action about this warning or passing it on to anyone else. The unnamed person also gives Pagliano advice on how to improve the server security that goes unheeded as well. (Federal Bureau of Investigation, 9/2/2016)

Around Spring 2009: Clinton’s computer technician is advised to make a key improvement to the security of Clinton’s private server, but the improvement is never made.

When Bryan Pagliano, the manager of Clinton’s private server while she Clinton’s is secretary of state, will be interviewed by the FBI in December 2015, he will recall a conversation that takes place around the beginning of Clinton’s tenure. This person, whose name is later redacted, recommends that email transiting from a state.gov account to Clinton’s private server should be sent through a Transport Layer Security (TLS) “tunnel.” Most of Clinton’s email traffic is with State Department officials using state.gov accounts.

A diagram of the Transport Layer Security (TLS) (Credit: public domain)

A diagram described as Networking 101: Transport Layer Security (TLS) (Credit: public domain)

A September 2016 FBI report will explain: “TLS is a protocol that ensures privacy between communicating applications, such as web browsing, email, and instant messaging, with their users on the Internet. TLS ensures that no third-party eavesdrops on the two-way communication. TLS is the successor to SSL and is considered more secure.”

Pagliano is the main person to manage problems with the server, but he will tell the FBI that the transition to TLS never occurred. It is not clear why. The FBI will be unable to forensically determine if TLS was ever implemented on the server.

The same unnamed person who gives Pagliano this advice also tells him at the same time that he would not be surprised if classified information was being transmitted to Clinton’s personal server.  (Federal Bureau of Investigation, 9/2/2016)

March 2009—2014: The Clintons and the Clinton Foundation benefit after Hillary Clinton helps Swiss bank UBS.

Clinton appears with Swiss Foreign Minister Micheline Calmy-Rey, (left), at the State Department on July 31, 2009, announcing a settlement in a legal case involving UBS. (Credit: J. Scott Applewhite / The Associated Press)

Clinton appears with Swiss Foreign Minister Micheline Calmy-Rey, (left), at the State Department on July 31, 2009, announcing a settlement in a legal case involving UBS. (Credit: J. Scott Applewhite / The Associated Press)

In 2007, a whistleblower gave information about thousands of US citizens who were putting money in Swiss mega-bank UBS to avoid paying US taxes. The IRS [Internal Revenue Service] sues UBS to learn the identities of US citizens with secret bank accounts. UBS faces either complying and violating strict Swiss banking secrecy laws, or refusing and facing criminal charges in a US court.

The US government decides to treat this as a political matter with the Swiss government instead of just a legal problem with the bank. In March 2009, Clinton meets with Swiss officials and brings up a number of unrelated issues where the US wants help from Switzerland, such as using Swiss neutrality to help release a US citizen imprisoned in Iran. The Swiss help with these other issues, and appear to get concessions in the UBS case in return.

On July 31, 2009, Clinton announces a legal settlement: the US government dismisses the IRS lawsuit, and UBS turns over data on only 4,450 accounts instead of the 52,000 accounts worth $18 billion wanted by the IRS.

Some US politicians criticize the deal. For instance, Senator Carl Levin (D), says, “It is disappointing that the US government went along.” A senior IRS official will later complain that many US citizens escaped scrutiny due to the deal.

Former president Bill Clinton and UBS Wealth Management Chief Executive, Bob McCann, took the stage at a Clinton Global Initiative event in 2011. (Credit: Brian Kersey /UPI/ Landov)

Former president Bill Clinton and UBS Wealth Management Chief Executive, Bob McCann, took the stage at a Clinton Global Initiative event in 2011. (Credit: Brian Kersey /UPI/ Landov)

UBS then helps the Clintons in various ways:

  • Total UBS donations to the Clinton Foundation grow from less than $60,000 through 2008 to about $600,000 by the end of 2014.
  • Starting in early 2010, UBS works with the foundation to launch entrepreneurship and inner-city loan programs, and lends the programs $32 million. In 2012, the foundation will tout these programs as one of their major accomplishments.
  • UBS gives the foundation $100,000 for a charity golf tournament.
  • In 2011, UBS pays Bill Clinton $350,000 for discussing the economy at a UBS event.
  • Also in 2011, UBS pays Bill Clinton $1.5 million to take part in eleven question and answer sessions with a UBS official, making UBS his largest corporate source of speech income.

In 2015, the Wall Street Journal will comment, “there is no evidence of any link between Mrs. Clinton’s involvement in the case and the bank’s donations to [the foundation], or its hiring of Mr. Clinton. But her involvement with UBS is a prime example of how the Clintons’ private and political activities overlap.”

Lawrence Lessig, a Harvard law professor and Democrat, will say of the Clintons, “They’ve engaged in behavior to make people wonder: What was this about? Was there something other than deciding the merits of these cases?” (The Wall Street Journal, 7/30/2015)

The Atlantic magazine will comment, “If you’re Bill Clinton and your wife has recently intervened in her capacity as a cabinet secretary to help a giant corporation avert a significant threat to its bottom-line, the very least you could do, if only to avoid the appearance of impropriety, is to avoid negotiating seven-figure paydays with that same corporation. [The fact he didn’t do that] is particularly jaw-dropping because ultra-wealthy Bill Clinton has virtually unlimited opportunities to give lucrative speeches to any number of audiences not directly implicated by decisions that his wife made as secretary of state.” (The Atlantic, 7/31/2015)

March 6, 2009—March 15, 2009: Clinton says she “gets it” about BlackBerry security concerns, but she keeps on using her BlackBerry.

Eric Boswell (Credit: public domain)

Eric Boswell (Credit: public domain)

On March 6, 2009, Assistant Secretary for Diplomatic Security Eric Boswell emails an internal State Department memo with the subject line “Use of BlackBerrys in Mahogany Row.” (“Mahogany Row” is where the seventh floor offices of Clinton and her top aides are.) The memo states, “Our review reaffirms our belief that the vulnerabilities and risks associated with the use of BlackBerrys in the Mahogany Row [redacted] considerably outweigh the convenience their use can add. … Any unclassified BlackBerry is highly vulnerable in any setting to remotely and covertly monitoring conversations, retrieving emails, and exploiting calendars.”

According to an email by another security official nine days later on March 15, Clinton tells Boswell that she read his memo and “gets it.” That email adds, “Her attention was drawn to the sentence that indicates (Diplomatic Security) have intelligence concerning this vulnerability during her recent trip to Asia.”

However, Clinton continues to use her BlackBerry and private server without any apparent changes. (The Washington Post, 3/27/2016)

March 29, 2009: For the first two months Clinton uses her private server for all her emails, it operates without the standard encryption generally used to protect Internet communication.

Clinton meets Chinese State Councillor Dai Bingguo in the Diaoyutai State Guesthouse in Beijing, China, on February 21, 2009. (Credit: Greg Baker / Getty Images)

Clinton meets Chinese State Councillor Dai Bingguo in the Diaoyutai State Guesthouse in Beijing, China, on February 21, 2009. (Credit: Greg Baker / Getty Images)

This is according to a 2015 independent analysis by Venafi Inc., a cybersecurity firm that specializes in the encryption process. Not until this day does the server receive a “digital certificate” that encrypts and protects communication over the Internet through encryption.

The Washington Post will later report, “It is unknown whether the system had some other way to encrypt the email traffic at the time. Without encryption—a process that scrambles communication for anyone without the correct key—email, attachments and passwords are transmitted in plain text.”

A Venafi official will later comment, “That means that anyone could have accessed it. Anyone.” (The Washington Post, 3/27/2016)

Clinton began sending emails using the server by January 28, 2009, but will later claim she didn’t start using it until March 18, 2009—a two-month gap similar to the two-month gap the server apparently wasn’t properly protected. Apparently, she has not given investigators any of her emails from before March 18. (The New York Times, 9/25/2015)

A 2016 op-ed in the Washington Post will suggest that security concerns during Clinton’s February 2009 trip to Asia could have prompted the use of encryption on her server. (The Washington Post, 4/4/2016)

An FBI report released in September 2016 will confirm that encyption only began in March 2009. It states that “in March 2009, [Bill Clinton aide Justin] Cooper registered a Secure Sockets Layer (SSL) encryption certificate at [Bryan] Pagliano’s direction for added security when users accessed their email from various computers and devices.” (Federal Bureau of Investigation, 9/2/2016)

March 29, 2009: The encryption certificate used on Clinton’s private server starting on this day has an unusually long duration.

It is valid for four years and then will be renewed with a five year certificate in 2013. Kevin Bocek, vice president of security company Venafi, will later say, “Most security professionals wouldn’t recommend that. Google uses three-month certificates.” The certificate used a standard strength 2,048-byte encryption key. However, it doesn’t use “perfect forward secrecy.” That means that if the key is broken, multiple emails can be accessed. (ComputerWorld, 3/11/2015)

A 2016 FBI report will confirm this, mentioning that the certificate is valid until September 13, 2013, at which time a new certificate is obtained which is valid until September 13, 2018. (Federal Bureau of Investigation, 9/2/2016)