March 2015: A State Department official gives Clinton’s lawyer David Kendall written permission to retain copies of the emails Clinton turned over in December 2014.

The walls, floor, ceiling, and door of a SCIF room are made out of solid metal before an outer facade that looks like a normal room is added. (Credit: scifsolutions.com)

The walls, floor, ceiling, and door of a SCIF room are made out of solid metal before an outer facade that looks like a normal room is added. (Credit: scifsolutions.com)

However, that official, Under Secretary of State for Management Patrick Kennedy, says that decision might be revisited if it is determined that the emails contained classified information. It will later be determined that some of Clinton’s emails contained “top secret” information, and all such information needs to be kept in a special, purpose-built room called a Secure Compartmented Information Facility (SCIF), which Kendall does not have. Even with permission from Kennedy, Kendall would still be in violation of federal law for having top secret information outside a SCIF. (Politico, 8/25/2015) (John Schindler, 8/26/2015)

March 2, 2015: Clinton’s campaign chair privately says “we are going to have to dump all” of Clinton’s emails.

Lanny Davis and Hillary Clinton (Credit: public domain)

Lanny Davis and Hillary Clinton (Credit: public domain)

Clinton’s campaign chair John Podesta emails Cheryl Mills, who is one of Clinton’s lawyers at the time, as well as being her former chief of staff. He writes, “On another matter….and not to sound like Lanny, but we are going to have to dump all those emails so better to do so sooner than later.”

Mills replies with a joke, “Think you just got your new nick name :).” (WikiLeaks, 11/1/2016)

This is in reference to the New York Times front-page story from earlier in the day, publicly revealing that Clinton exclusively used a private email account while secretary of state.

“Lanny” is a likely reference to Lanny Davis, who was a special counsel to President Bill Clinton, and is a longtime media surrogate for Bill and Hillary Clinton. Less than a week later, Davis will publicly advocate that Clinton should be transparent with her emails.

By saying “dump,” Podesta could mean dump them to the public, or he could mean get rid of them. Unfortunately, there are no more comments from him or Mills to help clarify his meaning.

These emails will be released by WikiLeaks in November 2016.

March 2, 2015: Clinton spokesperson Nick Merrill incorrectly claims that Clinton’s email practices followed “both the letter and spirit of the rules.”

Nick Merrill (Credit: Skidmore College)

Nick Merrill (Credit: Skidmore College)

Merrill’s comment appears in the March 2, 2015 New York Times story revealing that Clinton used a private email account when she was secertary of state. He won’t say why she did this. (The New York Times, 3/2/2015)

However, on March 12, 2015, Douglas Cox, a professor who focuses on records preservation laws, says: “While Clinton may have technical arguments for why she complied with [the various] rules that have been discussed in the news, the argument that Clinton complied with the letter and spirit of the law is unsustainable.” (Politifact, 3/12/2015)

In May 2016, the State Department’s inspector general will conclude that department officials “did not—and would not—approve her exclusive reliance on a personal email account to conduct Department business.” Her daily use of a private email account for work matters is also determined to be in violation of department rules. (US Department of State, 5/25/2016)

March 2, 2015: The company managing Clinton’s server tightens security on the server after its existence is exposed.

On the morning of March 2, 2015, a front-page New York Times article reveals Clinton’s use of her own private email server. Platte River Networks (PRN) is managing the server.

Bill Thornton (Credit: public domain)

Bill Thornton (Credit: public domain)

Later in the day, PRN employee Bill Thornton writes in an internal company email, “I spent some time in their firewall just now locking everything down (pretty tight).” (The New York Post, 9/18/2016)

However, on March 4, 2015, an analysis of the server’s publicly visible settings will show it has a misconfigured encryption system. Further articles the next day will expose more security vulnerabilities.

PRN will make more changes to improve the server’s security around March 7, 2015.

Shortly After March 2, 2015: A surge of hacking attempts follows the revelation of Clinton’s use of a private email server in the media.

On March 2, 2015, a New York Times article publicly reveals Clinton’s use of a personal email account and private server to conduct government business. The FBI’s Clinton email investigation will later identify an increased number of login attempts to her server and its associated domain controller just after this article comes out.

According to the FBI in September 2016, “Forensic analysis revealed none of the login attempts were successful. [The] FBI investigation also identified an increase in unauthorized login attempts into the Apple iCloud account likely associated with Clinton’s email address during this time period.” (Clinton’s email address, which had been publicly revealed in March 2013, was still used as the user name for the account.) “Investigation determined all potentially suspicious Apple iCloud login attempts were unsuccessful.”

Despite all this, Clinton does not simply turn the server off. Instead, Platte River Networks (PRN) employees, who are managing the server, make some security improvements around March 7, 2015.

PRN staff also discuss the possibility of conducting penetration testing against the server to highlight vulnerabilities, so they can be fixed. However, the penetration testing ultimately doesn’t happen. (Federal Bureau of Investigation, 9/2/2016)

Shortly After March 2, 2015: The company managing Clinton’s private server fails to fully test its security vulnerabilities.

Johannes Ullrich (Credit: LinkedIn)

Johannes Ullrich (Credit: LinkedIn)

Platte River Networks (PRN) is the company managing Clinton’s private server. Due to a wave of hacking attacks on the server following the public revelation of the server on March 2, 2015, PRN considers doing penetration testing. That  means hiring someone to try to hack the server in order to expose its vulnerabilities so they can be fixed.

Cybersecurity expert Johannes Ullrich will later comment, “It’s a good idea, and it’s also commonly done.”

However, the penetration testing never happens. It isn’t clear why. (The New York Post, 9/18/2016) (Federal Bureau of Investigation, 9/2/2016)

Shortly After March 2, 2015: Cheryl Mills has a computer company check on the condition of Clinton’s private server after the media makes Clinton’s use of the server front-page news.

On March 2, 2015, the New York Times publishes a front-page story about Clinton’s emails practices and her use of a private email server.

The Equinix data center in Secaucus, NY. (Credit: public domain)

In the days following the publication of the article, Cheryl Mills, who is one of Clinton’s lawyers as well as her former chief of staff, requests that Platte River Networks (PRN), the computer company managing Clinton’s server, conduct a complete inventory of all equipment related to the server.

In response to this request, an unnamed PRN employee travels to the Equinix data center in Secaucus, New Jersey, where the server is located, to conduct an onsite review of the equipment. At the same time, another unnamed PRN employee logs in to the server remotely to check on it.

This will result in some changes to the security settings of the server  around March 7, 2015. Additionally, many emails (other than Clinton’s) are deleted from the server on March 8, 2015. (Federal Bureau of Investigation, 9/2/2016)

March 3, 2015: The head of the company managing Clinton’s private server makes a curious political comment; he also wonders what Clinton emails might have to turn over.

David DeCamillis (Credit: Twitter)

David DeCamillis (Credit: Twitter)

David DeCamillis, the vice president of sales for Platte River Networks (PRN), emails other PRN employees about the news reported in the New York Times the day before revealing Clinton’s exclusive use of a private email address hosted on her private server. He writes, “I’m sure the Republicans are giving each other high fives; especially Jeb Bush.”

PRN is the company that has been managing the server since June 2013. There will later be suggestions that PRN was chosen by Clinton or her employees to manage the server at least in part due to the company’s political preference for Democrats, and this email seems to fit with such a preference.

DeCamillis also wonders what emails the company might be asked to turn over. PRN employee Paul  Combetta will send a reply detailing what work he’s done on Clinton’s server. (The New York Post, 9/18/2016)

At the time, Jeb Bush, the former Republican governor of Florida, is seen as the Republican frontrunner for the November 2016 presidential election, though he will ultimately fail to win the Republican nomination.

March 3, 2015: Republican National Committee (RNC) chair Reince Priebus suggests Clinton could have mixed diplomacy and private fundraising in her emails.

Reince Priebus (Credit: Win McNamee / Getty Images)

Reince Priebus (Credit: Win McNamee / Getty Images)

Responding to news reports that Clinton used only a private email and private server while secretary of state, Priebus attempts to tie them into previous reports scrutinizing the Clinton Foundation and its fundraising from foreign governments. “It makes you wonder: Did she use the private emails so she could conduct diplomacy and fundraising at the same time?” (Politico, 3/3/2015)

March 3, 2015: The State Department falsely asserts Clinton’s email practices were not prohibited.

Marie Harf (Credit: public domain)

Marie Harf (Credit: public domain)

State Department spokesperson Marie Harf defends Clinton’s email arrangement, saying that she “was following what had been the practice of previous secretaries.” She claims “it was not prohibited at the time, [and] is not prohibited now.” She also says, “I was a little surprised—although maybe I shouldn’t have been—by some of the breathless reporting coming out last night.” (US Department of State, 3/3/2015) 

Some of Harf’s comments are clearly untrue, as the department’s former chief legal adviser John Bellinger points out in an email to department officials later in the same day. (US Department of State, 5/31/2016) (The Daily Caller, 6/7/2016) 

Not until a State Department inspector general’s report in May 2016 will it be revealed that Clinton’s email practices were clearly prohibited at the time and differed significantly from the practices of previous secretaries. (US Department of State, 5/25/2016)

March 3, 2015: The State Department’s former chief legal adviser wants the department to clarify that Clinton never had legal approval for her email practices, but the department keeps this secret.

John Bellinger (Credit: public domain)

John Bellinger (Credit: public domain)

John Bellinger, who had been the State Department’s Legal Adviser during the George W. Bush administration, emails the department’s deputy legal advisers Mary McLeod and Richard Visek of the State Department’s office of legal affairs after hearing department spokesperson Marie Harf defend Clinton’s email practices one day after the email scandal was first reported in the media.

Bellinger, who still serves as former secretary of state Condoleezza Rice’s personal legal counsel, writes, “Please make sure that [Harf] doesn’t keep saying that Secretary Rice did the same thing. As you know, that is not correct, and Secretary Rice has corrected the record.”

He adds, “I’m getting calls from people (press and former USG [US government] lawyers) asking whether State lawyers actually approved letting Secretary Clinton use a State [BlackBerry] for official business using a personal email account, and then to keep the emails.” He then repeatedly mentions “L,” which refers to the State Department’s Office of the Legal Adviser that he formerly headed. “[Harf] is implying that State approved this practice (and this suggests that L approved it, though she didn’t say so specifically). As someone who wants to defend L’s reputation, I would urge you to defend the credibility of L as good and careful administrative lawyers, and don’t let [her] give L a bad name. I can’t believe that L would have approved this, and you shouldn’t let [her] imply that you did.”

Visek responds to Bellinger in an email: “Thanks for the heads up. I’ll reach out to PA [The department’s Bureau of Public Affairs] and try to make sure they understand.” These emails will be made public in June 2016 due to a Freedom of Information Act (FOIA) request by the Daily Caller. (US Department of State, 5/31/2016) (The Daily Caller, 6/7/2016) 

However, the department will not follow Bellinger’s advice and will not reveal to the public that Clinton’s email practices were never approved by the department’s lawyers. That will finally be revealed in a State Department inspector general’s report in May 2016. (US Department of State, 5/25/2016)

March 3, 2015: An unnamed State Department technology expert complains that he and others tried to warn that Clinton’s use of a private email account was a security risk.

He says, “We tried. We told people in her office that it wasn’t a good idea. They were so uninterested that I doubt the secretary was ever informed.” He was a member of the department’s cybersecurity team. He says it was well known amongst the team that Clinton’s private account was at greater risk of being hacked or monitored, but their warnings were ignored. (Al Jazeera America, 3/3/2015)

March 3, 2015 or Shortly Thereafter: The employee who will later delete all of Clinton’s emails is asked about what Clinton emails might be turned over.

On March 3, 2015, David DeCamillis, the vice president of sales for Platte River Networks (PRN), wonders what emails the company might be asked to turn over in an email to other PRN employees. This is because of a New York Times article on March 2, 2015 revealing Clinton’s exclusive use of a private email address hosted on her private server, and PRN has been managing that server since June 2013.

Paul Combetta (Credit: CSpan)

Paul Combetta (Credit: CSpan)

PRN employee Paul Combetta replies to the email, although the date of the reply hasn’t been specified. “I’ve done quite a bit already in the last few months related to this. Her [Clinton’s] team had me do a bunch of exports and email filters and cleanup to provide a .pst [personal storage file] of all of HRC’s [Hillary Rodham Clinton’s] emails to/from any .gov addresses. … I billed probably close to 10 hours in on-call tickets with CSEC related to it :).”

CSEC is a likely reference to Clinton Executive Services Corp. (CESC), a Clinton family company paying for PRN’s services. Combetta will delete and then wipe all of Clinton’s emails later in March 2015. His mention of sending Clinton’s emails likely refers to when PRN sent those emails to two of Clinton’s lawyers in late July 2014. (The New York Post, 9/18/2016)

It is not clear if this is all of Combetta’s reply. But if it is, it is notable that he doesn’t mention that he deleted and then wiped all of Clinton’s emails off the laptops of two lawyers working for Clinton by this time, and allegedly was told to change the settings on Clinton’s server so her emails would be deleted over time as well.

March 4, 2015: It is reported for the first time that Clinton’s private email address was hosted on a private server.

On March 2, 2015, the New York Times revealed that Clinton exclusively used a private email acccount while she was secretary of state. However, that article made no mention of private servers. On this day, the Associated Press reveals that account was registered to a private server located at Clinton’s house in Chappaqua, New York. This was discovered by searching Internet records. For instance, someone named Eric Hoteham used Clinton’s Chappaqua physical address to register an Internet address for her email server since August 2010. (This may be a misspelling of Clinton aide Eric Hothem.)

The Associated Press reports, “Operating her own server would have afforded Clinton additional legal opportunities to block government or private subpoenas in criminal, administrative or civil cases because her lawyers could object in court before being forced to turn over any emails. And since the Secret Service was guarding Clinton’s home, an email server there would have been well protected from theft or a physical hacking.”

The article continues, “But homemade email servers are generally not as reliable, secure from hackers or protected from fires or floods as those in commercial data centers. Those professional facilities provide monitoring for viruses or hacking attempts, regulated temperatures, off-site backups, generators in case of power outages, fire-suppression systems, and redundant communications lines.”

The article mentions that it is unclear Clinton’s server is still physically located in Chappaqua.  (The Associated Press, 3/4/2015) It will later be revealed that it was moved to a data center in New Jersey in June 2013.

 

March 4, 2015: A non-profit watchdog suggests Clinton hid her emails because her government work and Clinton Foundation work was intertwined.

John Wonderlich (Credit: Personal Democracy Media)

John Wonderlich (Credit: Personal Democracy Media)

The New York Times reports that a Clinton spokesperson has declined to comment on Clinton’s “use of clintonemail.com for matters related to the Clinton Foundation, which has received millions of dollars in donations from foreign governments.”

However, John Wonderlich, policy director of the Sunlight Foundation, a non-profit organization that advocates transparency in government, comments, “It seems her intent was to create a system where she could personally manage access to her communications” both relating to her secretary of state work and the Clinton Foundation. “Given all the power she had as secretary of state, a lot of that work would be jumbled together. Her presidential ambitions and the family foundation would be wrapped up technically in email.” (The New York Times, 3/4/2015)

March 4, 2015: Clinton’s private server used a misconfigured encryption system.

Alex McGeorge (Credit: CNBC)

Alex McGeorge (Credit: CNBC)

Alex McGeorge, head of threat intelligence at Immunity Inc., a digital security firm, investigates what can be learned about Clinton’s still-operating server. He says, “There are tons of disadvantages of not having teams of government people to make sure that mail server isn’t compromised. It’s just inherently less secure.” He is encouraged to learn the server is using a commercial encryption product from Fortinet. However, he discovers it uses the factory default encryption “certificate,” instead of one purchased specifically for Clinton.

Bloomberg News reports: “Encryption certificates are like digital security badges, which websites use to signal to incoming browsers that they are legitimate. […] Those defaults would normally be replaced by a unique certificate purchased for a few hundred dollars. By not taking that step, the system was vulnerable to hacking.”

McGeorge comments, “It’s bewildering to me. We should have a much better standard of security for the secretary of state.” (Bloomberg News, 3/4/2015)

March 4, 2015: Clinton’s emails could have been read by the company that filtered them for spam.

McAfee Logo (Credit: McAfee)

McAfee Logo (Credit: McAfee)

In July 2013, Clinton’s private server was reconfigured to use a commercial email provider, MX Logic, which is owned by McAfee, Inc. (The Associated Press, 3/4/2015) 

Cybersecurity expert Brian Reid analyzed public records about the server and found that Clinton’s emails were routed to McAfee for spam and virus filtering. He says, “The email traces all end at McAfee. If nothing else, they have and had the technical ability to read her email. This does not mean they did, only that they could have.” (McClatchy Newspapers, 3/4/2015)

March 4, 2015: A cybersecurity expert says that Clinton’s privately managed email communications “obviously would have been targeted when she stepped outside of the secure State Department networks.”

Tom Kellerman (Credit: Cyber Risk Summit 2015)

Tom Kellerman (Credit: Cyber Risk Summit 2015)

This comment is made by Tom Kellermann. He adds that leaving the State Department’s security protocols and systems would have been similar to leaving her bodyguards while in a dangerous place. The result is that she may have “undermined State Department security.” (The New York Times, 3/4/2015)

March 5, 2015: Questions surround Clinton’s possible use of instant messages on her unsecure BlackBerry.

BlackBerrys from Clinton’s time as secretary of state can be used for instant messages as well as emails. Bloomberg reports that Clinton’s “top aides frequently used instant text messages to talk with each other, a form of communication that isn’t captured or archived by the State Department. It is not clear whether Clinton herself used her BlackBerry’s instant message service, as her aides did.” (Bloomberg News, 3/5/2015)

March 5, 2015: Key questions about Clinton’s email scandal go unanswered.

Politico reports, “State Department officials and Clinton aides have offered no response to questions in recent days about how her private email system was set up, what security measures it used, and whether anyone at the agency approved the arrangement. It’s unclear how such a system, run off an Internet domain apparently purchased by the Clinton family, could have won approval if the department’s policies were as the [State Department’s] inspector general’s report describes them.” (Politico, 3/3/2015

According to State Department regulations in effect at the time, the use of a home computer was permitted, but only if the computer was officially certified as secure, and no evidence has emerged that Clinton’s server was given such a certification. Additionally, the department’s Foreign Affairs Manual (FAM) states, “Only Department-issued or approved systems are authorized to connect to Department enterprise networks.” (US Department of State) 

An April 2016 article will indicate that many of the same questions still remain unanswered. (The Hill, 3/4/2016)

March 5, 2015: Clinton’s private server is active and shows obvious security vulnerabilities.

A screenshot of the sslvpn.clintonemail.com log-in on March 4, 2015. (Credit: Gawker)

A screenshot of the sslvpn.clintonemail.com log-in on March 4, 2015. (Credit: Gawker)

Gawker reports that Clinton’s private email server is still active and shows signs of poor security. If one goes to the web address clintonemail.com, one gets a blank page. But if one goes to the subdomain sslvpn.clintonemail.com, a log-in page appears. That means anyone in the world who puts in the correct user name and password could log in.

Furthermore, the server has an invalid SSL certificate. That means the encryption is not confirmed by a trusted third party. Gawker notes, “The government typically uses military-grade certificates and encryption schemes for its internal communications that designed with spying from foreign intelligence agencies in mind,” and Clinton’s server clearly is not up to that standard.

It also opens the server to what is called a “man in the middle” hacker attack, which means someone could copy the security certificate being used and thus scoop up all the data without leaving a trace. The invalid certificate also leaves the server vulnerable to widespread Internet bugs that can let hackers copy the entire contents of a servers’ memory.

As a result, independent security expert Nic Cubrilovic concludes, “It is almost certain that at least some of the emails hosted at clintonemails.com were intercepted.” (Gawker, 3/5/2015)

Clinton still doesn’t shut the server down. However, about two days later, the security settings are changed.

March 5, 2015: Clinton’s private server shows more obvious security vulnerabilities.

A screenshot of the mail.clintonemail.com Outlook log-in on March 4, 2015. (Credit: Gawker)

A screenshot of the mail.clintonemail.com Outlook log-in on March 4, 2015. (Credit: Gawker)

Gawker reports that in addition to the security problems shown by the subdomain to Clinton’s private email server sslvpn.clintonemail.com, there is another subdomain that reveals even more security issues. If one goes to various web addresses of the server’s mail host mail.clintonemail.com, one is presented with a log-in for Microsoft Outlook webmail.

Gawker notes that the “mere existence” of this log-in “is troubling enough: there have been five separate security vulnerabilities identified with Outlook Web Access since clintonemail.com was registered in 2009.”

Furthermore, security expert Robert Hansen says having a public log-in page for a private server is “pretty much the worst thing you can do. […] Even if [Clinton] had a particularly strong password,” simply trying a huge number of passwords will “either work eventually – foreign militaries are very good at trying a lot – or it’ll fail and block her from accessing her own email.” He says that the server shows so many vulnerabilities that “any joe hacker” could break in with enough time and effort.

Independent security expert Nic Cubrilovic says, “With your own email hosting you’re almost certainly going to be vulnerable to Chinese government style spearphishing attacks – which government departments have enough trouble stopping – but the task would be near impossible for an IT [information technology] naive self-hosted setup.” (Gawker, 3/5/2015)

March 7, 2015—Mid-July 2016: Donations to a state senate election lead to potential conflicts of interests in three FBI investigations for a high-ranking FBI official.

The Clintons stand behind Terry McAuliffe during his inauguration as the Commonwealth of Virginia’s 72nd governor. (Credit: Patrick Semansky / The Associated Press)

Virginia Governor Terry McAuliffe is widely considered the best friend of Bill and Hillary Clinton, and was co-chair of one of Bill’s presidential campaigns and the chair of Hillary’s 2008 presidential campaign. In March 2016, McAuliffe says, “We’re best friends, I’ve been family friends with the Clinton’s for thirty years. It’s a great relationship, we vacationed together for years, we’re just very personal friends…” (The Valley’s Music Place, 3/31/2016)

On March 7, 2015, McAuliffe and other state Democratic Party leaders meet with Dr. Jill McCabe and persuade her to run for a state senator seat in Virginia. Dr. McCabe is a hospital physician who has never run for political office before. This has potentially larger political implications, because her husband is Andrew McCabe, an FBI official who runs the FBI’s Washington, DC, field office at the time.

Dr. Jill McCabe (Credit: Twitter)

Dr. Jill McCabe (Credit: Twitter)

FBI officials will later claim that after the March 7, 2015 meeting, Andrew McCabe seeks ethics advice from the FBI and follows it, avoiding involvement with public corruption cases in Virginia, and also avoiding any of his wife’s campaign activities or events.

Five days before Jill McCabe is asked to run, on March 2, 2015, the New York Times publicly reveals Clinton’s use of a private email address, and her use of a private email server is revealed two days later, starting a major and prolonged political controversy. Jill McCabe announces her candidacy on March 12, 2015.

On July 10, 2015, the FBI’s Clinton email investigation formally begins, although it may have informally begun earlier.

Andrew McCabe and Jill McCabe pose at a campaign event in 2015. (Credit: Sharyl Attkisson)

Andrew McCabe and Jill McCabe pose at a campaign event in 2015. (Credit: Sharyl Attkisson)

Andrew McCabe’s Washington, DC, field office provides personnel and resources to the investigation. At the end of July 2015, he is promoted to assistant deputy FBI director, the number three position in the FBI.

During the 2015 election season, McAuliffe’s political action committee (PAC) donates $467,500 to Jill McCabe’s campaign. Furthermore, the Virginia Democratic Party, ”over which Mr. McAuliffe exerts considerable control,” according to the Wall Street Journal, donates an additional $207,788 to her campaign. “That adds up to slightly more than $675,000 to her candidacy from entities either directly under Mr. McAuliffe’s control or strongly influenced by him.”

This represents more than a third of all the campaign funds McCabe raises in the election. She is the third-largest recipient of funds from McAuliffe’s PAC that year.

Virginia State Senator Dick Black (Credit: Twitter)

Virginia State Senator Dick Black (Credit: Twitter)

On November 3, 2015, Jill McCabe loses the election to incumbent Republican Dick Black. Once the campaign is over, “[Andrew] McCabe and FBI officials felt the potential conflict-of-interest issues ended,” according to the Journal.

In February 2016, Andrew McCabe is promoted to deputy FBI director, the second highest position in the FBI. In this role, he is part of the executive leadership team overseeing the Clinton email investigation, though FBI officials say any final decisions are made by FBI Director James Comey.

However, that is not the only potential conflict of interest. By February 2016, four FBI field offices are conducting investigations of the Clinton Foundation. McAuliffe was a Clinton Foundation board member until he resigned when he became the governor of Virginia in 2013. (The Wall Street Journal, 10/24/2016)

Also, at some point in 2015, if not earlier, the FBI begins conducting an investigation of McAuliffe. When the existence of this investigation is publicly leaked in May 2016, media reports suggest it may involve McAuliffe’s financial relationship with a Chinese businessperson who has donated millions to the foundation. It is also reported that investigators have looked at McAuliffe’s time as a board member of the Clinton Global Initiative (CGI), a yearly conference run by the Clinton Foundation.  (CNN, 5/24/2016)

Andrew McCabe (Credit: Getty Images)

Andrew McCabe (Credit: Getty Images)

In the spring of 2016, Andrew McCabe agrees to recuse himself from the McAuliffe investigation, due to McAuliffe’s donations to Jill McCabe’s election campaign. However, he doesn’t recuse himself from the Clinton Foundation investigation or the Clinton email investigation, despite McAuliffe’s close ties to Bill and Hillary Clinton. (The Wall Street Journal, 10/24/2016)

In mid-July 2016, the FBI seeks to reorganize the Clinton Foundation investigation. McCabe decides the FBI’s New York office should take the lead, while the Washington office that he formerly headed should take the lead with the McAuliffe investigation. The Journal will later report, “Within the FBI, the decision was viewed with skepticism by some, who felt the probe would be stronger if the foundation and McAuliffe matters were combined.” However, the decision is implemented.

McCabe also is involved in an effort to shut down the foundation investigation in August 2016, but his role is unclear.

In October 2016, McCabe’s potential conflicts of interest will be revealed by two Wall Street Journal articles. (The Wall Street Journal, 10/30/2016) In early November 2016, the Journal will report that “some [in the FBI] have blamed [McCabe], claiming he sought to stop agents from pursuing the [Clinton Foundation] case this summer. His defenders deny that, and say it was the Justice Department that kept pushing back on the investigation.” (The Wall Street Journal, 11/2/2016)

Around that time, James Kallstrom, the former head of the FBI’s New York office, will say of McCabe, “The guy has no common sense. He should be demoted and taken out of the chain of command.” (The American Spectator, 11/1/2016)

Around March 7, 2015: Changes are made to the security settings of Clinton’s private server after its existence was revealed in the media.

In the days following a New York Times article revealing Clinton’s use of her private server, Cheryl Mills, who is one of Clinton’s lawyers as well as her former chief of staff, requests that Platte River Networks (PRN), the computer company managing Clinton’s server, conduct a complete inventory of all equipment related to the server. Two unnamed PRN employees do so.

This results in some changes to the server’s security settings around March 7, 2015. According to a September 2016 FBI report, these changes “include disabling the server’s public-facing VPN page and switching from SSL protocol to TLS to increase security.”

The FBI will explain: “TLS is a protocol that ensures privacy between communicating applications, such as web browsing, email, and instant-messaging, with their users on the Internet. TLS ensures that no third-party eavesdrops on the two-way conummication. TLS is the successor to SSL and is considered more secure.” (Federal Bureau of Investigation, 9/2/2016)

March 7, 2015: President Obama says that he only learned Clinton used a private email server for all her official State Department business after reading it in the news.

President Barack Obama (Credit: ABC News)

President Barack Obama (Credit: ABC News)

Obama says he found about it at “the same time everybody else learned it, through news reports.” This is a reference to the New York Times story that first broke the scandal on March 2, 2015. (CBS News, 3/7/2015) Obama presumably already knew she used a private email address due to the emails between him and Clinton. (The New York Times, 2/29/2016)

March 8, 2015: Someone deletes email accounts other than Clinton’s from Clinton’s private server.

In a September 2016 report, the FBI will reveal that the “FBI forensically identified deletions from [Clinton’s] server on March 8, 2015 of .pst files not associated with Clinton’ s email account or domain, and other server data.”

A .pst or “Personal Storage Table” file is a file format used to store copies of emails and other items within Microsoft software.

This incident will only be mentioned in a footnote in an FBI report, with no mention of who made the deletions or why. It also is not clear how thorough the deletions are. Clinton’s deputy chief of staff Huma Abedin had a frequently used email account hosted on the server, but it is unknown if these deletions include her emails.

Platte River Network's new, larger office, which they moved into in mid-2015. (Credit: Stuart Sipkin / Demotis / Corbis))

Platte River Network’s new, 12,000 sq. foot office, which they moved into in mid-2015. (Credit: Stuart Sipkin / Demotis / Corbis))

It seems probable an employee of Platte River Networks (PRN), the computer company managing Clinton’s server, made the deletions. Shortly after a news report made Clinton’s use of the server public knowledge on March 2, 2015, Cheryl Mills, who is one of Clinton’s lawyers as well as her former chief of staff, requested that PRN conduct a complete inventory of all equipment related to the server, and one unnamed PRN employee physically checked the server while another one remotely logged on to check it.

The FBI report will also mention that around March 7, 2015, PRN makes various changes to the server’s security settings. (Federal Bureau of Investigation, 9/2/2016)

March 8, 2015: A Clinton surrogate suggests a neutral party could review Clinton’s private server; this secretly upsets Clinton’s campaign manager.

Lanny Davis (Credit: Leigh Vogel / The Associated Press)

Lanny Davis (Credit: Leigh Vogel / The Associated Press)

Lanny Davis was a special counsel to President Bill Clinton, and is a longtime media surrogate for Bill and Hillary Clinton. Speaking to journalist Chris Wallace on Fox News, he says regarding Clinton’s emails on her private server, “There can be a neutral party to review all these records. Nothing unlawful-”

Wallace asks, “You’d like to have a neutral party? … [D]o you think that’s a reasonable idea?”

Davis replies, “I think it is a reasonable idea if anybody has any doubts that there’s a delete on a hard drive-”

Wallace interrupts, “To have an independent party go inspect her private email?”

Davis responds, “I think there is a reasonable idea. If the State Department asks, she will say yes.” (Fox News, 3/8/2015)

Clinton campaign manager Robby Mook writes in an email to Clinton campaign chair John Podesta, “We gotta zap Lanny out of our universe.  Can’t believe he committed her to a private review of her hard drive on TV.” (WikiLeaks, 11/1/2016)

Podesta’s reply, if any, is unknown. The Mook email will be released by WikiLeaks in November 2016.

Clinton will never agree to a neutral review of her server. Later in the month, an employee of the company managing her server will delete and wipe all the emails from her server.

March 9, 2015: An email from Cheryl Mills warns a Platte River Networks employee that Clinton’s emails should be preserved, but he will delete them all later in the month anyway.

Cheryl Mills, who is one of Clinton’s lawyers at the time, as well as being her former chief of staff, sends an email to some employees at Platte River Networks (PRN), the company that is managing Clinton’s private server. On March 3, 2015, the House Benghazi Committee sent a letter to Clinton’s lawyers, asking that they preserve all of Clinton’s emails. This is because of a New York Times report the day before that indicated Clinton probably had many emails from when she was secretary of state that the State Department did not. Mills’ email to PRN references this preservation request.

150303PlatteRiverNewOfficePRFB

In March 2015, PRN is preparing to move from a small downtown loft in Denver, to a more spacious 12,000 sq. foot office space. (Credit: Platte River Networks / Facebook)

PRN employee Paul Combetta is one of the recipients of this email from Mills. In a February 18, 2016 FBI interview, he will claim that he didn’t recall seeing the preservation request mentioned in the email. But he will be interviewed by the FBI again, on May 3, 2016. At that time, he will indicate that he deleted and then wiped all of Clinton’s emails from her server in late March 2015, despite the fact that, according to an FBI report, “he was aware of the existence of the preservation request and the fact that it meant he should not disturb Clinton’s email data on [Clinton’s] server.”

It is not clear why he will do this. He will also state during his second interview, “he did not receive guidance from other PRN personnel, PRN’s legal counsel, or others regarding the meaning of the preservation request.” (Federal Bureau of Investigation, 9/2/2016)