However, that official, Under Secretary of State for Management Patrick Kennedy, says that decision might be revisited if it is determined that the emails contained classified information. It will later be determined that some of Clinton’s emails contained “top secret” information, and all such information needs to be kept in a special, purpose-built room called a Secure Compartmented Information Facility (SCIF), which Kendall does not have. Even with permission from Kennedy, Kendall would still be in violation of federal law for having top secret information outside a SCIF. (Politico, 8/25/2015) (John Schindler, 8/26/2015)
Clinton’s campaign chair John Podesta emails Cheryl Mills, who is one of Clinton’s lawyers at the time, as well as being her former chief of staff. He writes, “On another matter….and not to sound like Lanny, but we are going to have to dump all those emails so better to do so sooner than later.”
Mills replies with a joke, “Think you just got your new nick name :).” (WikiLeaks, 11/1/2016)
This is in reference to the New York Times front-page story from earlier in the day, publicly revealing that Clinton exclusively used a private email account while secretary of state.
“Lanny” is a likely reference to Lanny Davis, who was a special counsel to President Bill Clinton, and is a longtime media surrogate for Bill and Hillary Clinton. Less than a week later, Davis will publicly advocate that Clinton should be transparent with her emails.
By saying “dump,” Podesta could mean dump them to the public, or he could mean get rid of them. Unfortunately, there are no more comments from him or Mills to help clarify his meaning.
These emails will be released by WikiLeaks in November 2016.
The article by Michael Schmidt is entitled, “Hillary Clinton Used Personal Email Account at State Dept., Possibly Breaking Rules.” It appears as the main front page headline on the printed version of the New York Times the next morning with a slightly different title.
This article also reveals that Clinton’s aides took no action to preserve emails sent or received from her as required by the Federal Records Act. It points out that she left the State Department in February 2013, but didn’t give the department her work-related emails until December 2014. It suggests she may have violated federal regulations by exclusively using a personal email account for public business while secretary of state.
The Times further reveals that existence of Clinton’s personal email account was discovered by the House Benghazi Committee when it sought correspondence between Clinton and her aides. (The New York Times, 3/2/2015)
It will later be frequently assumed that the article also reveals that her email account was hosted on a private server. However, that will be first revealed two days later in an Associated Press article.
Jason R. Baron, former director of litigation at the National Archives and Records Administration (NARA) comments on that day’s news report that Clinton used a private email account on a private server for all her email communications while secretary of state: “It is very difficult to conceive of a scenario – short of nuclear winter – where an agency would be justified in allowing its cabinet-level head officer to solely use a private email communications channel for the conduct of government business.”
Baron, who worked at NARA from 2000 to 2013, adds, “I can recall no instance in my time at the National Archives when a high-ranking official at an executive branch agency solely used a personal email account for the transaction of government business.” (The New York Times, 3/2/2015)
A May 2016 State Department inspector general’s report will claim that Kerry was “not involved in any of the discussions regarding Secretary Clinton’s emails and that he first became aware of her exclusive use of a personal email account when an aide informed him around the time the information became published,” on March 2, 2015. This is according to an interview Kerry had with the inspector general’s staff. (US Department of State, 5/25/2016)
However, in March 2016, the Washington Post will report that in the summer of 2014, “Kerry resolved to round up the Clinton emails and deliver them to Congress as quickly as possible,” suggesting that he was involved and did have earlier knowledge. (The Washington Post, 3/27/2016)
The four are Cheryl Mills, Huma Abedin, Jake Sullivan, and Philippe Reines. All four of them frequently used personal email accounts for work matters while Clinton was secretary of state, though they also had government email accounts. According to a 2016 department inspector general’s report, the four of them hand over “email from their personal accounts during the summer of 2015.” (US Department of State, 5/25/2016)
Merrill’s comment appears in the March 2, 2015 New York Times story revealing that Clinton used a private email account when she was secertary of state. He won’t say why she did this. (The New York Times, 3/2/2015)
However, on March 12, 2015, Douglas Cox, a professor who focuses on records preservation laws, says: “While Clinton may have technical arguments for why she complied with [the various] rules that have been discussed in the news, the argument that Clinton complied with the letter and spirit of the law is unsustainable.” (Politifact, 3/12/2015)
In May 2016, the State Department’s inspector general will conclude that department officials “did not—and would not—approve her exclusive reliance on a personal email account to conduct Department business.” Her daily use of a private email account for work matters is also determined to be in violation of department rules. (US Department of State, 5/25/2016)
On the morning of March 2, 2015, a front-page New York Times article reveals Clinton’s use of her own private email server. Platte River Networks (PRN) is managing the server.
Later in the day, PRN employee Bill Thornton writes in an internal company email, “I spent some time in their firewall just now locking everything down (pretty tight).” (The New York Post, 9/18/2016)
However, on March 4, 2015, an analysis of the server’s publicly visible settings will show it has a misconfigured encryption system. Further articles the next day will expose more security vulnerabilities.
PRN will make more changes to improve the server’s security around March 7, 2015.
Citizens for Responsibility and Ethics in Washington (CREW) had been pursuing the public release of all of Clinton’s emails. CREW has been one of the top political watchdog organizations, targeting unethical and corrupt behavior in both major political parties. But in August 2014, CREW was effectively taken over by David Brock, a close Clinton ally who runs the main Super PAC [political action committee] for her presidential campaign.
In December 2012, CREW filed the first Freedom of Information Act (FOIA) request seeking Clinton’s emails from when she was secretary of state, and that began a long legal battle over the issue.
However, after Clinton’s email scandal becomes public following a New York Times story on it on March 2, 2015, the new CREW leadership decides not to pursue the issue. Anne Weismann, CREW’s chief counsel who led the search for the emails, will later comment, “It was made quite clear to me that CREW and I would not be commenting publicly on the issue of Secretary Clinton using a personal email account to conduct agency business. The fact that we said nothing on that subject says volumes.” Weismann soon quits CREW as a result.
Others also quit. Louis Mayberg, a cofounder of CREW, quits in March 2015, saying, “I have no desire to serve on a board of an organization devoted to partisanship.” He also says that CREW’s lack of action regarding the email scandal is another key factor in his departure. (Bloomberg News, 4/11/2016)
On March 2, 2015, a New York Times article publicly reveals Clinton’s use of a personal email account and private server to conduct government business. The FBI’s Clinton email investigation will later identify an increased number of login attempts to her server and its associated domain controller just after this article comes out.
According to the FBI in September 2016, “Forensic analysis revealed none of the login attempts were successful. [The] FBI investigation also identified an increase in unauthorized login attempts into the Apple iCloud account likely associated with Clinton’s email address during this time period.” (Clinton’s email address, which had been publicly revealed in March 2013, was still used as the user name for the account.) “Investigation determined all potentially suspicious Apple iCloud login attempts were unsuccessful.”
Despite all this, Clinton does not simply turn the server off. Instead, Platte River Networks (PRN) employees, who are managing the server, make some security improvements around March 7, 2015.
PRN staff also discuss the possibility of conducting penetration testing against the server to highlight vulnerabilities, so they can be fixed. However, the penetration testing ultimately doesn’t happen. (Federal Bureau of Investigation, 9/2/2016)
Platte River Networks (PRN) is the company managing Clinton’s private server. Due to a wave of hacking attacks on the server following the public revelation of the server on March 2, 2015, PRN considers doing penetration testing. That means hiring someone to try to hack the server in order to expose its vulnerabilities so they can be fixed.
Cybersecurity expert Johannes Ullrich will later comment, “It’s a good idea, and it’s also commonly done.”
On March 2, 2015, the New York Times publishes a front-page story about Clinton’s emails practices and her use of a private email server.
In the days following the publication of the article, Cheryl Mills, who is one of Clinton’s lawyers as well as her former chief of staff, requests that Platte River Networks (PRN), the computer company managing Clinton’s server, conduct a complete inventory of all equipment related to the server.
In response to this request, an unnamed PRN employee travels to the Equinix data center in Secaucus, New Jersey, where the server is located, to conduct an onsite review of the equipment. At the same time, another unnamed PRN employee logs in to the server remotely to check on it.
This will result in some changes to the security settings of the server around March 7, 2015. Additionally, many emails (other than Clinton’s) are deleted from the server on March 8, 2015. (Federal Bureau of Investigation, 9/2/2016)
David DeCamillis, the vice president of sales for Platte River Networks (PRN), emails other PRN employees about the news reported in the New York Times the day before revealing Clinton’s exclusive use of a private email address hosted on her private server. He writes, “I’m sure the Republicans are giving each other high fives; especially Jeb Bush.”
PRN is the company that has been managing the server since June 2013. There will later be suggestions that PRN was chosen by Clinton or her employees to manage the server at least in part due to the company’s political preference for Democrats, and this email seems to fit with such a preference.
DeCamillis also wonders what emails the company might be asked to turn over. PRN employee Paul Combetta will send a reply detailing what work he’s done on Clinton’s server. (The New York Post, 9/18/2016)
At the time, Jeb Bush, the former Republican governor of Florida, is seen as the Republican frontrunner for the November 2016 presidential election, though he will ultimately fail to win the Republican nomination.
Responding to news reports that Clinton used only a private email and private server while secretary of state, Priebus attempts to tie them into previous reports scrutinizing the Clinton Foundation and its fundraising from foreign governments. “It makes you wonder: Did she use the private emails so she could conduct diplomacy and fundraising at the same time?” (Politico, 3/3/2015)
State Department spokesperson Marie Harf defends Clinton’s email arrangement, saying that she “was following what had been the practice of previous secretaries.” She claims “it was not prohibited at the time, [and] is not prohibited now.” She also says, “I was a little surprised—although maybe I shouldn’t have been—by some of the breathless reporting coming out last night.” (US Department of State, 3/3/2015)
Some of Harf’s comments are clearly untrue, as the department’s former chief legal adviser John Bellinger points out in an email to department officials later in the same day. (US Department of State, 5/31/2016) (The Daily Caller, 6/7/2016)
Not until a State Department inspector general’s report in May 2016 will it be revealed that Clinton’s email practices were clearly prohibited at the time and differed significantly from the practices of previous secretaries. (US Department of State, 5/25/2016)
John Bellinger, who had been the State Department’s Legal Adviser during the George W. Bush administration, emails the department’s deputy legal advisers Mary McLeod and Richard Visek of the State Department’s office of legal affairs after hearing department spokesperson Marie Harf defend Clinton’s email practices one day after the email scandal was first reported in the media.
Bellinger, who still serves as former secretary of state Condoleezza Rice’s personal legal counsel, writes, “Please make sure that [Harf] doesn’t keep saying that Secretary Rice did the same thing. As you know, that is not correct, and Secretary Rice has corrected the record.”
He adds, “I’m getting calls from people (press and former USG [US government] lawyers) asking whether State lawyers actually approved letting Secretary Clinton use a State [BlackBerry] for official business using a personal email account, and then to keep the emails.” He then repeatedly mentions “L,” which refers to the State Department’s Office of the Legal Adviser that he formerly headed. “[Harf] is implying that State approved this practice (and this suggests that L approved it, though she didn’t say so specifically). As someone who wants to defend L’s reputation, I would urge you to defend the credibility of L as good and careful administrative lawyers, and don’t let [her] give L a bad name. I can’t believe that L would have approved this, and you shouldn’t let [her] imply that you did.”
Visek responds to Bellinger in an email: “Thanks for the heads up. I’ll reach out to PA [The department’s Bureau of Public Affairs] and try to make sure they understand.” These emails will be made public in June 2016 due to a Freedom of Information Act (FOIA) request by the Daily Caller. (US Department of State, 5/31/2016) (The Daily Caller, 6/7/2016)
However, the department will not follow Bellinger’s advice and will not reveal to the public that Clinton’s email practices were never approved by the department’s lawyers. That will finally be revealed in a State Department inspector general’s report in May 2016. (US Department of State, 5/25/2016)
The committee already had requested that the State Department turn over all of Clinton’s emails relating to Benghazi or Libya. But on March 2, 2015, the New York Times reported a front-page story that revealed Clinton’s lawyers had deleted over 31,000 of Clinton’s emails without input from anyone else, deeming them “personal” in nature.
The committee gives a letter to Williams & Connolly, the law firm of Clinton’s personal lawyer David Kendall, requesting the preservation and production of all documents and media related to email@example.com, the email Clinton used while she was secretary of state. In addition, they ask the same for her firstname.lastname@example.org account. This account was only used by Clinton starting one month after she left the State Department, but at the time that isn’t clear. (Federal Bureau of Investigation, 9/2/2016)
One day later, the committee will issue two subpoenas to Clinton, but they have a more limited scope.
In Clinton’s July 2016 FBI interview, the FBI will summarize her as saying, “Concerning the Congressional preservation request on March 3, 2015 for email and other records, Clinton trusted her legal team would comply with the request.” (Federal Bureau of Investigation, 9/2/2016)
He says, “We tried. We told people in her office that it wasn’t a good idea. They were so uninterested that I doubt the secretary was ever informed.” He was a member of the department’s cybersecurity team. He says it was well known amongst the team that Clinton’s private account was at greater risk of being hacked or monitored, but their warnings were ignored. (Al Jazeera America, 3/3/2015)
Robert Gibbs, former White House press secretary for President Obama, calls Clinton’s exclusive use of a personal email account to conduct work “highly unusual.” He says this is especially so considering how frequently cabinet-level officials are told to preserve government correspondence. He says White House officials attend numerous briefings informing them about the need to preserve their email, “making sure it’s part of your official account.” (The Today Show, 3/3/2015)
Douglas Cox, a professor at the City University of New York School of Law who focuses on records preservation laws, says that while there was no specific law preventing Clinton from using a private email account, there have long been general rules on the books safeguarding “against the removal or loss of records. […] In a situation where she’s creating federal records outside the custody of the State Department and then keeping them there, that I think could violate the more general rules that have been there for long time. To me, it’s a bit mind-boggling.” (The Hill, 3/3/2015)
Cox’s comment appears to be made in direct response to Clinton spokesperson Nick Merrill’s claim the day before that Clinton’s email practices followed “both the letter and spirit of the rules.”
One week later, Cox adds, “While Clinton may have technical arguments for why she complied with each of these and the other rules that have been discussed in the news, the argument that Clinton complied with the letter and spirit of the law is unsustainable.” (Politifact, 3/12/2015)
An unnamed Clinton aide says about Clinton’s use of a private email account and server, “Nothing nefarious was at play. She had a BlackBerry, she used it prior to State, and like her predecessors she continued to use it when she got to State.” (Politico, 3/3/2015)
However, a week later, the Wall Street Journal will report that Condoleezza Rice, Clinton’s predecessor as secretary of state, had a government email account and no private email account for work-related matters. Rice only used the account occasionally, but she did use it. (Wall Street Journal, 3/10/2015) Furthermore, Rice did not use a BlackBerry or similar device. (Ars Technica, 3/17/2016)
Earlier secretaries of state did not use BlackBerrys and did not use private email accounts for government work. (ABC News, 3/4/2016)
On this day, US District Judge Gladys Kessler denies a petition to force the Obama administration to search the emails that White House science adviser John Holdren kept on a non-government server. A government lawyer argued that because the government didn’t possess the emails, it couldn’t be asked to produce them under Freedom of Information Act (FOIA) laws. Kessler agrees, saying, “That is precisely why agencies admonish their employees to use their official accounts for government business.” (Bloomberg News, 3/5/2015)
Such rulings in unrelated cases like this one suggest that Clinton could have kept all of her emails private permanently had it not been for the public scandal that occurred.
White House spokesperson Josh Earnest speaks on the recent revelation that Clinton used a private email account. “What I can tell you is that very specific guidance has been given to agencies all across the government, which is specifically that employees of the Obama administration should use their official email accounts when they’re conducting official government business. However, when there are situations where personal email accounts are used, it is important for those records to be preserved consistent with the Federal Records Act.” (The New York Times, 3/3/2015)
National Archives and Records Administration (NARA) spokesperson Laura Diachenko says that since 2009, federal regulations have stated that “agencies that allow employees to send and receive official electronic mail messages using a system not operated by the agency must ensure that federal records sent or received on such systems are preserved in the appropriate agency record-keeping system.” (The New York Times, 3/3/2015)
On March 3, 2015, David DeCamillis, the vice president of sales for Platte River Networks (PRN), wonders what emails the company might be asked to turn over in an email to other PRN employees. This is because of a New York Times article on March 2, 2015 revealing Clinton’s exclusive use of a private email address hosted on her private server, and PRN has been managing that server since June 2013.
PRN employee Paul Combetta replies to the email, although the date of the reply hasn’t been specified. “I’ve done quite a bit already in the last few months related to this. Her [Clinton’s] team had me do a bunch of exports and email filters and cleanup to provide a .pst [personal storage file] of all of HRC’s [Hillary Rodham Clinton’s] emails to/from any .gov addresses. … I billed probably close to 10 hours in on-call tickets with CSEC related to it :).”
CSEC is a likely reference to Clinton Executive Services Corp. (CESC), a Clinton family company paying for PRN’s services. Combetta will delete and then wipe all of Clinton’s emails later in March 2015. His mention of sending Clinton’s emails likely refers to when PRN sent those emails to two of Clinton’s lawyers in late July 2014. (The New York Post, 9/18/2016)
It is not clear if this is all of Combetta’s reply. But if it is, it is notable that he doesn’t mention that he deleted and then wiped all of Clinton’s emails off the laptops of two lawyers working for Clinton by this time, and allegedly was told to change the settings on Clinton’s server so her emails would be deleted over time as well.
On March 2, 2015, the New York Times revealed that Clinton exclusively used a private email acccount while she was secretary of state. However, that article made no mention of private servers. On this day, the Associated Press reveals that account was registered to a private server located at Clinton’s house in Chappaqua, New York. This was discovered by searching Internet records. For instance, someone named Eric Hoteham used Clinton’s Chappaqua physical address to register an Internet address for her email server since August 2010. (This may be a misspelling of Clinton aide Eric Hothem.)
The Associated Press reports, “Operating her own server would have afforded Clinton additional legal opportunities to block government or private subpoenas in criminal, administrative or civil cases because her lawyers could object in court before being forced to turn over any emails. And since the Secret Service was guarding Clinton’s home, an email server there would have been well protected from theft or a physical hacking.”
The article continues, “But homemade email servers are generally not as reliable, secure from hackers or protected from fires or floods as those in commercial data centers. Those professional facilities provide monitoring for viruses or hacking attempts, regulated temperatures, off-site backups, generators in case of power outages, fire-suppression systems, and redundant communications lines.”
The article mentions that it is unclear Clinton’s server is still physically located in Chappaqua. (The Associated Press, 3/4/2015) It will later be revealed that it was moved to a data center in New Jersey in June 2013.
The New York Times reports that a Clinton spokesperson has declined to comment on Clinton’s “use of clintonemail.com for matters related to the Clinton Foundation, which has received millions of dollars in donations from foreign governments.”
However, John Wonderlich, policy director of the Sunlight Foundation, a non-profit organization that advocates transparency in government, comments, “It seems her intent was to create a system where she could personally manage access to her communications” both relating to her secretary of state work and the Clinton Foundation. “Given all the power she had as secretary of state, a lot of that work would be jumbled together. Her presidential ambitions and the family foundation would be wrapped up technically in email.” (The New York Times, 3/4/2015)
Alex McGeorge, head of threat intelligence at Immunity Inc., a digital security firm, investigates what can be learned about Clinton’s still-operating server. He says, “There are tons of disadvantages of not having teams of government people to make sure that mail server isn’t compromised. It’s just inherently less secure.” He is encouraged to learn the server is using a commercial encryption product from Fortinet. However, he discovers it uses the factory default encryption “certificate,” instead of one purchased specifically for Clinton.
Bloomberg News reports: “Encryption certificates are like digital security badges, which websites use to signal to incoming browsers that they are legitimate. […] Those defaults would normally be replaced by a unique certificate purchased for a few hundred dollars. By not taking that step, the system was vulnerable to hacking.”
McGeorge comments, “It’s bewildering to me. We should have a much better standard of security for the secretary of state.” (Bloomberg News, 3/4/2015)
Clinton’s campaign chair John Podesta writes an email to Cheryl Mills, one of Clinton’s lawyers. The email is written two days after Clinton’s exclusive use of a private email address was publicly revealed, and one day after a House committee requests the preservation of all of Clinton’s emails from when she was secretary of state.
Podesta writes, “Think we should hold emails to and from potus? That’s the heart of his exec [executive] privilege. We could get them to ask for that. They may not care, but I seems like they will.” “Potus” stands for “president of the United States,” which in this case is Barack Obama.
The email will be released by WikiLeaks in October 2016. Mills’ reply, if any, is unknown. (WikiLeaks, 10/7/2016)
It will later be reported that there were only about 18 emails between Clinton and Obama during her secretary of state tenure.
In July 2013, Clinton’s private server was reconfigured to use a commercial email provider, MX Logic, which is owned by McAfee, Inc. (The Associated Press, 3/4/2015)
Cybersecurity expert Brian Reid analyzed public records about the server and found that Clinton’s emails were routed to McAfee for spam and virus filtering. He says, “The email traces all end at McAfee. If nothing else, they have and had the technical ability to read her email. This does not mean they did, only that they could have.” (McClatchy Newspapers, 3/4/2015)
The New York Times’ Editorial Board comments, “Hillary Rodham Clinton’s decision when she was secretary of state to use only her personal email account to conduct official business was a disturbing departure from the normal practice of relying primarily on departmental emails for official business.” The editorial concludes, “Some way needs to be found to ensure that the emails she retained [and then deleted] are truly private and don’t involve government business.” (The New York Times, 3/4/2015)
One is for all emails from Clinton’s personal account relating to Libya or the Benghazi terrorist attack. The committee had already received about 300 such emails from the State Department in February 2015. But on March 2, 2015, a New York Times article revealed that Clinton exclusively used a private email account hosted on her own private server, so the State Department may not have some of her emails.
Thus, the committee issues a subpoena directly to Clinton and her lawyers to see if more of her emails can be uncovered. The subpoena orders Clinton to produce emails from email@example.com. firstname.lastname@example.org, and any other email addresses she may have used while secretary of state, relating to the events surrounding the 2012 terrorist attack in Benghazi, Libya.
The other subpoena to Clinton is for documents it requested in November 2014 but still has not received from the State Department, relating to communications between Clinton and ten senior department officials. (House Benghazi Committee, 3/4/2015) (Federal Bureau of Investigation, 9/2/2016)
One day earlier, the committee asked Clinton for all of her emails. But this was only a request, not a subpoena.
Also on March 4, 2015, Clinton does not disclose the subpoenas, but tweets, “I want the public to see my email. I asked [the] State [Department] to release them. They said they will review them for release as soon as possible.” (The Washington Post, 3/10/2015) All of Clinton’s work emails will only be released after a judge orders the State Department to do so. (The Washington Post, 3/27/2016)
This comment is made by Tom Kellermann. He adds that leaving the State Department’s security protocols and systems would have been similar to leaving her bodyguards while in a dangerous place. The result is that she may have “undermined State Department security.” (The New York Times, 3/4/2015)
Chris Soghoian, the lead technologist for the American Civil Liberties Union (ACLU), comments on the security of Clinton’s private email server: “Although the American people didn’t know about this, it’s almost certain that foreign intelligence agencies did, just as the NSA knows which Indian and Spanish officials use Gmail and Yahoo accounts. […] She’s not the first official to use private email and not the last. But there are serious security issues associated with these kinds of services… When you build your house outside the security fence, you’re on your own, and that’s what seems to have happened here.”
Soghoian notes the most serious problem is that it would require a whole team of computer experts to keep Clinton’s server protected, and there’s no evidence a team like that ever existed. Even if Clinton had used a popular email service such as those by Google, Yahoo, or Microsoft, she would have benefitted from their security teams. But while the Secret Service would have protected against break-ins into Clinton’s house, they wouldn’t have been able to help with computer security. (Wired, 3/4/2015)
Additionally, the office only found out as part of the House Benghazi Committee’s investigation, which began in mid-2014. This is according to an unnamed person “familiar with the matter.”
According to the Associated Press, “The person said Clinton’s exclusive reliance on personal email as the nation’s top diplomat was inconsistent with the guidance given to [departments] that official business should be conducted on official email accounts.” Once it became clear she wasn’t following proper practices, the counsel’s office asked the State Department to ensure her work-related emails were properly archived. But this person does not specify when that happened exactly. (The Associated Press, 3/5/2015)
RNC [Republican National Committee] Chief Counsel John Phillippe writes in a letter, “I urge you to launch immediately an investigation into Secretary Clinton’s use of a personal email address and the Department of State’s policies regarding such use.” (McClatchy Newspapers, 3/5/2015)
Linick will initiate an investigation along those lines by the next month, if not sooner.
Politico reports, “State Department officials and Clinton aides have offered no response to questions in recent days about how her private email system was set up, what security measures it used, and whether anyone at the agency approved the arrangement. It’s unclear how such a system, run off an Internet domain apparently purchased by the Clinton family, could have won approval if the department’s policies were as the [State Department’s] inspector general’s report describes them.” (Politico, 3/3/2015)
According to State Department regulations in effect at the time, the use of a home computer was permitted, but only if the computer was officially certified as secure, and no evidence has emerged that Clinton’s server was given such a certification. Additionally, the department’s Foreign Affairs Manual (FAM) states, “Only Department-issued or approved systems are authorized to connect to Department enterprise networks.” (US Department of State)
An April 2016 article will indicate that many of the same questions still remain unanswered. (The Hill, 3/4/2016)
An aide to former Transportation Secretary Ray LaHood says that LaHood had a BlackBerry with both personal and government email accounts on it. This is news because LaHood held that job through President Obama’s first term, the same time Clinton was secretary of state, and Clinton recently claimed she only had one email address because she only wanted to carry one BlackBerry.
BuzzFeed will add that LaHood’s experience “was similar to that of other senior administration officials, officials and staff said. And it was also the way most people who worked in the administration from the early days of President Obama’s term understood things to work when it came to email…” (BuzzFeed, 3/5/2015)
Several days later, Emily Miller, a State Department official under Clinton, similarly comments, “When I worked at State, we had both unclassified State email and personal email on the same BlackBerry.” (Twitter, 3/10/2015)
Gawker reports that Clinton’s private email server is still active and shows signs of poor security. If one goes to the web address clintonemail.com, one gets a blank page. But if one goes to the subdomain sslvpn.clintonemail.com, a log-in page appears. That means anyone in the world who puts in the correct user name and password could log in.
Furthermore, the server has an invalid SSL certificate. That means the encryption is not confirmed by a trusted third party. Gawker notes, “The government typically uses military-grade certificates and encryption schemes for its internal communications that designed with spying from foreign intelligence agencies in mind,” and Clinton’s server clearly is not up to that standard.
It also opens the server to what is called a “man in the middle” hacker attack, which means someone could copy the security certificate being used and thus scoop up all the data without leaving a trace. The invalid certificate also leaves the server vulnerable to widespread Internet bugs that can let hackers copy the entire contents of a servers’ memory.
As a result, independent security expert Nic Cubrilovic concludes, “It is almost certain that at least some of the emails hosted at clintonemails.com were intercepted.” (Gawker, 3/5/2015)
Clinton still doesn’t shut the server down. However, about two days later, the security settings are changed.
Gawker reports that in addition to the security problems shown by the subdomain to Clinton’s private email server sslvpn.clintonemail.com, there is another subdomain that reveals even more security issues. If one goes to various web addresses of the server’s mail host mail.clintonemail.com, one is presented with a log-in for Microsoft Outlook webmail.
Gawker notes that the “mere existence” of this log-in “is troubling enough: there have been five separate security vulnerabilities identified with Outlook Web Access since clintonemail.com was registered in 2009.”
Furthermore, security expert Robert Hansen says having a public log-in page for a private server is “pretty much the worst thing you can do. […] Even if [Clinton] had a particularly strong password,” simply trying a huge number of passwords will “either work eventually – foreign militaries are very good at trying a lot – or it’ll fail and block her from accessing her own email.” He says that the server shows so many vulnerabilities that “any joe hacker” could break in with enough time and effort.
Independent security expert Nic Cubrilovic says, “With your own email hosting you’re almost certainly going to be vulnerable to Chinese government style spearphishing attacks – which government departments have enough trouble stopping – but the task would be near impossible for an IT [information technology] naive self-hosted setup.” (Gawker, 3/5/2015)
On March 2, 2015, the New York Times reported that Clinton exclusively used a private email address while she was secretary of state. Two days later, the Associated Press reported her account was hosted on a private server.
Two days after that, on March 6, 2015, Clinton campaign spokesperson Nick Merrill discusses the news in emails to Clinton’s campaign chair John Podesta, as well other Clinton aides, including Huma Abedin, Cheryl Mills, Jennifer Palmieri, Philippe Reines, and Robby Mook.
Merrill writes, “Goal would be to cauterize this just enough so it plays out over the weekend and dies in the short term.” He suggests having Clinton take part in an email-related joke on television with comedian Larry Wilmore, “getting the human side of HRC for the cameras…” Additionally, “we’d have a set-the-record-straight piece to this that closes off that avenue of attack as well. It might be crazy, but it might also be the one-two punch we need right now.” The email will later be released by WikiLeaks due to the hacking of Podesta’s email account.(WikiLeaks, 10/7/2016)
However, the story won’t die out, and will become a longstanding controversy instead. Clinton won’t publicly confirm or discuss her use of the email account and server until March 10, 2015. (The Associated Press, 10/11/2016)
However, it is unknown if they were ever used. A prominent hacker who has worked for US intelligence agencies used high-tech tools to search Internet data sources for any mention of email addresses using the clintonemail.com domain name of Clinton’s server. The results of the search were given to Fox News. Clinton has publicly claimed that she only used one email address while secretary of state: email@example.com.
But the hacker also found the following addresses had been created: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, Hillary@clintonemail.com, firstname.lastname@example.org, and email@example.com.
Fox News tried to contact two of Clinton’s spokespeople to find if the other addresses had ever been used by anyone, but got no reply. (Fox News, 3/6/2015)
Virginia Governor Terry McAuliffe is widely considered the best friend of Bill and Hillary Clinton, and was co-chair of one of Bill’s presidential campaigns and the chair of Hillary’s 2008 presidential campaign. In March 2016, McAuliffe says, “We’re best friends, I’ve been family friends with the Clinton’s for thirty years. It’s a great relationship, we vacationed together for years, we’re just very personal friends…” (The Valley’s Music Place, 3/31/2016)
On March 7, 2015, McAuliffe and other state Democratic Party leaders meet with Dr. Jill McCabe and persuade her to run for a state senator seat in Virginia. Dr. McCabe is a hospital physician who has never run for political office before. This has potentially larger political implications, because her husband is Andrew McCabe, an FBI official who runs the FBI’s Washington, DC, field office at the time.
FBI officials will later claim that after the March 7, 2015 meeting, Andrew McCabe seeks ethics advice from the FBI and follows it, avoiding involvement with public corruption cases in Virginia, and also avoiding any of his wife’s campaign activities or events.
Five days before Jill McCabe is asked to run, on March 2, 2015, the New York Times publicly reveals Clinton’s use of a private email address, and her use of a private email server is revealed two days later, starting a major and prolonged political controversy. Jill McCabe announces her candidacy on March 12, 2015.
On July 10, 2015, the FBI’s Clinton email investigation formally begins, although it may have informally begun earlier.
Andrew McCabe’s Washington, DC, field office provides personnel and resources to the investigation. At the end of July 2015, he is promoted to assistant deputy FBI director, the number three position in the FBI.
During the 2015 election season, McAuliffe’s political action committee (PAC) donates $467,500 to Jill McCabe’s campaign. Furthermore, the Virginia Democratic Party, ”over which Mr. McAuliffe exerts considerable control,” according to the Wall Street Journal, donates an additional $207,788 to her campaign. “That adds up to slightly more than $675,000 to her candidacy from entities either directly under Mr. McAuliffe’s control or strongly influenced by him.”
This represents more than a third of all the campaign funds McCabe raises in the election. She is the third-largest recipient of funds from McAuliffe’s PAC that year.
On November 3, 2015, Jill McCabe loses the election to incumbent Republican Dick Black. Once the campaign is over, “[Andrew] McCabe and FBI officials felt the potential conflict-of-interest issues ended,” according to the Journal.
In February 2016, Andrew McCabe is promoted to deputy FBI director, the second highest position in the FBI. In this role, he is part of the executive leadership team overseeing the Clinton email investigation, though FBI officials say any final decisions are made by FBI Director James Comey.
However, that is not the only potential conflict of interest. By February 2016, four FBI field offices are conducting investigations of the Clinton Foundation. McAuliffe was a Clinton Foundation board member until he resigned when he became the governor of Virginia in 2013. (The Wall Street Journal, 10/24/2016)
Also, at some point in 2015, if not earlier, the FBI begins conducting an investigation of McAuliffe. When the existence of this investigation is publicly leaked in May 2016, media reports suggest it may involve McAuliffe’s financial relationship with a Chinese businessperson who has donated millions to the foundation. It is also reported that investigators have looked at McAuliffe’s time as a board member of the Clinton Global Initiative (CGI), a yearly conference run by the Clinton Foundation. (CNN, 5/24/2016)
In the spring of 2016, Andrew McCabe agrees to recuse himself from the McAuliffe investigation, due to McAuliffe’s donations to Jill McCabe’s election campaign. However, he doesn’t recuse himself from the Clinton Foundation investigation or the Clinton email investigation, despite McAuliffe’s close ties to Bill and Hillary Clinton. (The Wall Street Journal, 10/24/2016)
In mid-July 2016, the FBI seeks to reorganize the Clinton Foundation investigation. McCabe decides the FBI’s New York office should take the lead, while the Washington office that he formerly headed should take the lead with the McAuliffe investigation. The Journal will later report, “Within the FBI, the decision was viewed with skepticism by some, who felt the probe would be stronger if the foundation and McAuliffe matters were combined.” However, the decision is implemented.
McCabe also is involved in an effort to shut down the foundation investigation in August 2016, but his role is unclear.
In October 2016, McCabe’s potential conflicts of interest will be revealed by two Wall Street Journal articles. (The Wall Street Journal, 10/30/2016) In early November 2016, the Journal will report that “some [in the FBI] have blamed [McCabe], claiming he sought to stop agents from pursuing the [Clinton Foundation] case this summer. His defenders deny that, and say it was the Justice Department that kept pushing back on the investigation.” (The Wall Street Journal, 11/2/2016)
Around that time, James Kallstrom, the former head of the FBI’s New York office, will say of McCabe, “The guy has no common sense. He should be demoted and taken out of the chain of command.” (The American Spectator, 11/1/2016)
In the days following a New York Times article revealing Clinton’s use of her private server, Cheryl Mills, who is one of Clinton’s lawyers as well as her former chief of staff, requests that Platte River Networks (PRN), the computer company managing Clinton’s server, conduct a complete inventory of all equipment related to the server. Two unnamed PRN employees do so.
This results in some changes to the server’s security settings around March 7, 2015. According to a September 2016 FBI report, these changes “include disabling the server’s public-facing VPN page and switching from SSL protocol to TLS to increase security.”
The FBI will explain: “TLS is a protocol that ensures privacy between communicating applications, such as web browsing, email, and instant-messaging, with their users on the Internet. TLS ensures that no third-party eavesdrops on the two-way conummication. TLS is the successor to SSL and is considered more secure.” (Federal Bureau of Investigation, 9/2/2016)
Obama says he found about it at “the same time everybody else learned it, through news reports.” This is a reference to the New York Times story that first broke the scandal on March 2, 2015. (CBS News, 3/7/2015) Obama presumably already knew she used a private email address due to the emails between him and Clinton. (The New York Times, 2/29/2016)
Scott Gration, was fired in 2012 from being the US ambassador to Kenya in part because he was caught using a private email account for government work. In the wake of the revelation that Clinton also used a private email account for work, Gration says that “it does appear like there was a different standard that was used in my case and that has been used in hers.”
Additionally, the one who actually fired Gration was Cheryl Mills, Clinton’s chief of staff. This irritates Gration as well, saying that “I would assume that [Mills] knew” of Clinton’s private email as well. (CNN, 3/8/2013)
It will later emerge that Mills also used a private email address for government work sometimes (firstname.lastname@example.org), including sending emails from that address to Clinton’s private email address. (Judicial Watch, 9/14/2015)
In a September 2016 report, the FBI will reveal that the “FBI forensically identified deletions from [Clinton’s] server on March 8, 2015 of .pst files not associated with Clinton’ s email account or domain, and other server data.”
A .pst or “Personal Storage Table” file is a file format used to store copies of emails and other items within Microsoft software.
This incident will only be mentioned in a footnote in an FBI report, with no mention of who made the deletions or why. It also is not clear how thorough the deletions are. Clinton’s deputy chief of staff Huma Abedin had a frequently used email account hosted on the server, but it is unknown if these deletions include her emails.
It seems probable an employee of Platte River Networks (PRN), the computer company managing Clinton’s server, made the deletions. Shortly after a news report made Clinton’s use of the server public knowledge on March 2, 2015, Cheryl Mills, who is one of Clinton’s lawyers as well as her former chief of staff, requested that PRN conduct a complete inventory of all equipment related to the server, and one unnamed PRN employee physically checked the server while another one remotely logged on to check it.
Lanny Davis was a special counsel to President Bill Clinton, and is a longtime media surrogate for Bill and Hillary Clinton. Speaking to journalist Chris Wallace on Fox News, he says regarding Clinton’s emails on her private server, “There can be a neutral party to review all these records. Nothing unlawful-”
Wallace asks, “You’d like to have a neutral party? … [D]o you think that’s a reasonable idea?”
Davis replies, “I think it is a reasonable idea if anybody has any doubts that there’s a delete on a hard drive-”
Wallace interrupts, “To have an independent party go inspect her private email?”
Davis responds, “I think there is a reasonable idea. If the State Department asks, she will say yes.” (Fox News, 3/8/2015)
Clinton campaign manager Robby Mook writes in an email to Clinton campaign chair John Podesta, “We gotta zap Lanny out of our universe. Can’t believe he committed her to a private review of her hard drive on TV.” (WikiLeaks, 11/1/2016)
Podesta’s reply, if any, is unknown. The Mook email will be released by WikiLeaks in November 2016.
Clinton will never agree to a neutral review of her server. Later in the month, an employee of the company managing her server will delete and wipe all the emails from her server.
Cheryl Mills, who is one of Clinton’s lawyers at the time, as well as being her former chief of staff, sends an email to some employees at Platte River Networks (PRN), the company that is managing Clinton’s private server. On March 3, 2015, the House Benghazi Committee sent a letter to Clinton’s lawyers, asking that they preserve all of Clinton’s emails. This is because of a New York Times report the day before that indicated Clinton probably had many emails from when she was secretary of state that the State Department did not. Mills’ email to PRN references this preservation request.
PRN employee Paul Combetta is one of the recipients of this email from Mills. In a February 18, 2016 FBI interview, he will claim that he didn’t recall seeing the preservation request mentioned in the email. But he will be interviewed by the FBI again, on May 3, 2016. At that time, he will indicate that he deleted and then wiped all of Clinton’s emails from her server in late March 2015, despite the fact that, according to an FBI report, “he was aware of the existence of the preservation request and the fact that it meant he should not disturb Clinton’s email data on [Clinton’s] server.”
It is not clear why he will do this. He will also state during his second interview, “he did not receive guidance from other PRN personnel, PRN’s legal counsel, or others regarding the meaning of the preservation request.” (Federal Bureau of Investigation, 9/2/2016)
- Page 1 of 2