2005 and 2007: The State Department issues computer usage regulations that Clinton will later violate.

In 2005, new State Department regulations state that normal day-to-day activities should be conducted on an authorized computer system, known as an automated information system (AIS). Examples of an AIS include a server and a mobile device.

In 2007, new regulations specify that nondepartmental AISs containing department information must be registered with the department and maintain certain minimum security standards.

In 2016, an internal department investigation will determine that Clinton never registered her private server or mobile devices and thus never had them checked to see if they maintained the required security standards. (US Department of State, 5/25/2016)

January 21, 2009—February 1, 2013: Clinton’s mobile devices and private server are never approved by her department’s security officials.

The Diplomatic Security Service Logo (Credit: public domain)

The Diplomatic Security Service Logo (Credit: public domain)

According to a May 2016 State Department inspector general’s report, the department’s Diplomatic Security (DS) and Information Resources Management (IRM) security officials claim that Clinton never demonstrates to them that her private server or BlackBerry or iPad meets the minimum security requirements specified by the Federal Information Security Management Act and the Foreign Affairs Manual (FAM). (US Department of State, 5/25/2016)

January 21, 2009—February 1, 2013: Four of Clinton’s top aides frequently use personal email accounts for work matters and then fail to properly archive them.

After Clinton’s email scandal becomes public in March 2015, The State Department will request all work-related emails from four of Clinton’s top aides: Cheryl Mills, Huma Abedin, Jake Sullivan, and Philippe Reines. The emails will be turned over between June and August 2015.

Top left: Cheryl Mills, Top Right: Huma Abedin, Lower left: Jake Sullivan, Lower right: Philippe Reines

Top left: Cheryl Mills, Top Right: Huma Abedin, Lower left: Jake Sullivan, Lower right: Philippe Reines

A department analysis will determine that all four aides frequently used personal email accounts for work matters, although they had government email accounts and sometimes used those as well. The combined work-related personal emails from the four of them will total nearly 72,000 printed pages. One of the four sends and receives 9,585 work emails using a personal account while Clinton is secretary of state, though it isn’t clear which one. That person averages nine work emails from that account per work day.

In May 2016, the department’s inspector general will conclude that, just like Clinton, “these [four aides] failed to comply with department policies… because none of these emails were preserved in department recordkeeping systems prior to [being handed over] in 2015.” (US Department of State, 5/25/2016)

June 2011—August 2012: A US ambassador is warned not to use private email for daily work matters, but Clinton’s identical behavior does not result in any warnings.

Scott Gration (Credit: New Republic)

Scott Gration (Credit: New Republic)

In June 2011, shortly after Scott Gration becomes the new US ambassador to Kenya, the State Department’s Bureau of Diplomatic Security (DS) learns that he has sent out a revised policy allowing himself and other personnel in his embassy to use private email addresses for the daily communication of official government business.

Gration’s new policy happens to take place the same month the department sends out a cable warning all embassies to “avoid conducting official department business from your personal email accounts” due to a surge in hacking attacks of the personal emails of government employees. DS warns Gration they will be sending an experienced computer security officer to Kenya to reestablish proper communications procedures. DS officials also email him that this visit will be “especially timely in the wake of recent headlines concerning a significant hacking effort directed against the private, web-based email accounts of dozens of senior [government] officials…”

However, Gration continues to use his private email for work matters. Then, on July 20, 2011, a DS cable quotes from the department’s Foreign Affairs Manual (FAM): “it is the department’s general policy that normal day-to-day operations be conducted on an authorized [system].” The cable then warns, “Given the threats that have emerged since 2005, especially in regard to phishing and spoofing of certain web-based email accounts, we cannot allow the proliferation of this practice beyond maintaining contact during emergencies,” and there is nothing in his situation that would warrant an exception.

But Gration ignores these warnings and continues to use his personal email account.

The department then initiates disciplinary proceedings against him for this and several other infractions, but he resigns in August 2012, just weeks before any disciplinary measures are due to be imposed.

However, even though Clinton uses only a private email account for all her emailed work matters, she is not warned or disciplined like Gration. Furthermore, Clinton doesn’t change her email habits after the measures taken against Gration’s email habits are reported internally and in the press.  (US Department of State, 5/25/2016) (US Department of State, 3/5/2015) (The New Republic, 6/20/2012)

Around February 1, 2013: Clinton fails to turn over her work emails as she leaves office, despite a legal requirement to do so.

When Clinton ends her tenure as secretary of state, she is required by law to turn over all of her work-related documents to the State Department, including emails, but she fails to do so.

Clinton says farewell as secretary of state on February 1, 2013. (Credit: Polaris)

Clinton says farewell as secretary of state on February 1, 2013. (Credit: Polaris)

A May 2016 State Department inspector general’s report will conclude, “Secretary Clinton should have preserved any federal records she created and received on her personal account… At a minimum, [she] should have surrendered all emails dealing with department business before leaving government service and, because she did not do so, she did not comply with the department’s policies that were implemented in accordance with the Federal Records Act.”

The report will note that at least she turned over 30,000 emails in December 2014, 21 months later. However, the report will also conclude that the emails she gave then are “incomplete,” because many of her work-related emails have since been discovered through other means, such as being found in other email inboxes. For instance, although her tenure began on January 21, 2009, and she started using her email account by January 28, no emails received prior to March 17, 2009, were turned over, nor were any emails sent prior to April 12, 2009. (US Department of State, 5/25/2016)

Early June 2013: State Department officials discover Clinton’s personal email address and then fail in their legal obligation to share her emails with others.

Heather Higginbottom (Credit: public domain)

Heather Higginbottom (Credit: public domain)

State Department staff reviewing material to possibly give to Congressional committees examining the September 2012 Benghazi terrorist attack discover emails sent by former Clinton aide Jake Sullivan to a personal email address belonging to Clinton.

In ensuing weeks, senior department officials discuss if the Federal Records Act (FRA) requires the department to turn over emails from such personal accounts. In fact, the act does require emails to be turned over if they are work-related. However, an internal investigation will later determine that the department does not notify the National Archives and Records Administration (NARA) of a potential loss of records at any point in time. Furthermore, none of Clinton’s emails are given to any Congressional committee in 2013, nor are they provided in response to any Freedom of Information Act (FOIA) requests that year.

According to department official Heather Higginbottom, Secretary of State John Kerry is not a part of these discussions or decisions. (US Department of State, 5/25/2016) 

Around this debate period, on August 7, 2013, department officials find 17 FOIA requests relating to Clinton in their records, with some of them specifically requesting Clinton emails. But none of the requesters are told about any of Clinton’s emails  apparently due to the result of this debate.

Clinton’s personal email address will be rediscovered in May 2014 after a document request from the new House Benghazi Committee.

May 22, 2016: Trump says he’s going to “bigly” emphasize Clinton’s email scandal if he faces her in the general election.

Presumptive Republican nominee Donald Trump indicates he’s planning to emphasize Clinton’s email scandal if Clinton wins the Democratic nomination battle against Senator Bernie Sanders. Trump says that Sanders “didn’t pick up on the emails, which I think was a big mistake. I’m going to pick up bigly. Because frankly she shouldn’t even be allowed to run for president.” (Politico, 5/25/2016)

May 25, 2016: Clinton’s campaign trusts the FBI’s Clinton investigation.

Brad Woodhouse (Credit: CNN)

Brad Woodhouse (Credit: CNN)

Brad Woodhouse, of the pro-Clinton group Correct the Record, says, “Let the FBI finish its investigation. Let the FBI do its job. We trust that process. We’d like to see that process through.”

Correct the Record calls itself “a strategic research and rapid response team designed to defend Hillary Clinton from baseless attacks.” It was founded by David Brock, who also runs Clinton’s main super PAC. (Politico, 5/25/2016) (Correct the Record, 5/7/2016)

May 25, 2016: The State Department’s top two security officials say they would never have approved Clinton’s exclusive use of a personal email account.

Left: Gregory Starr Right: Steven C. Taylor (Credit: public domain)

Left: Gregory Starr Right: Steven C. Taylor (Credit: public domain)

A new State Department inspector general report determines that department rules required Clinton to get official approval to conduct official business using a personal email account on her private server, but she did not do so. 

In the words of the report, Steven C. Taylor, current head of Information Resources Management (IRM) and Gregory Starr, current head of Diplomatic Security (DS), jointly claim that Clinton “had an obligation to discuss using her personal email account to conduct official business with their offices, who in turn would have attempted to provide her with approved and secured means that met her business needs. However, according to these officials, DS and IRM did not—and would not—approve her exclusive reliance on a personal email account to conduct department business, because of the restrictions in the FAM [Foreign Affairs Manual] and the security risks in doing so.” (US Department of State, 5/25/2016)

May 25, 2016: Clinton didn’t consult with anybody about exclusively using a personal email address or private server for work matters.

Cheryl Mills speaks to reporters in Washington, DC, on September 3, 2015. (Credit: Fox News)

Cheryl Mills speaks to reporters in Washington, DC, on September 3, 2015. (Credit: Fox News)

When former Clinton chief of staff Cheryl Mills testified to the House Benghazi Committee in a private session on September 3, 2015, her comments remained secret.

However, on this day, a State Department inspector general’s report makes one portion of her testimony public. Mills was asked by the committee, “Was anyone consulted about Secretary Clinton exclusively using a personal email address for her work?”

Mills replied, “I don’t recall that. If it did happen, I wasn’t part of that process. But I don’t believe there was a consultation around it, or at least there’s not one that I’m aware of…”

Mills then was asked if Clinton consulted with “private counsel,” or “the general counsel for the State Department,” or “anybody from the National Archives [and Records Administation (NARA)],” or “anyone from the White House.”

Mills replied she wasn’t aware of any consultation from any of those people either.

The inspector general’s report also included comments from many other senior department officials about this, and “These officials all stated that they were not asked to approve or otherwise review the use of Secretary Clinton’s server and that they had no knowledge of approval or review by other Department staff. These officials also stated that they were unaware of the scope or extent of Secretary Clinton’s use of a personal email account, though many of them sent emails to [her] on this account.” (US Department of State, 5/25/2016)

May 25, 2016: A Bill Clinton assistant with no security clearance and no special computer expertise helped manage Hillary Clinton’s private server.

Obama talks with Chief of Staff Jack Lew, former President Bill Clinton, Justin Cooper (standing in the doorway), David Axelrod, and Senior Advisor David Plouffe on board Air Force One on November 4, 2012. (Credit: Pete Souza / White House)

Obama talks with Chief of Staff Jack Lew, former President Bill Clinton, Justin Cooper (standing in the doorway), David Axelrod, and Senior Advisor David Plouffe on board Air Force One on November 4, 2012. (Credit: Pete Souza / White House)

It had been previously believed that Bryan Pagliano was the one who managed Clinton’s private server. But the State Department inspector general’s report released on this day reveals that there actually were “two individuals who provided technical support to Secretary Clinton.”

The report rarely names names, but the individual other than Pagliano is described as someone who “was at one time an advisor to former President [Bill] Clinton but was never a [State] Department employee, [and] registered the clintonemail.com domain name on January 13, 2009.” Previous media reports made clear the person who registered the domain on that day and was an aide to Bill Clinton is Justin Cooper. (US Department of State, 5/25/2016) (The Washington Post, 03/10/2015) 

In 2015, the Washington Post reported that Cooper had “no security clearance and no particular expertise in safeguarding computers, according to three people briefed on the server setup.” (The Washington Post, 8/4/2015) 

However, the inspector general’s report describes a January 2011 incident in which Cooper turned Clinton’s server off and on in response to a hacker attack, showing he had direct access to the server and thus all the classified information contained inside it. (US Department of State, 5/25/2016) 

In April 2016, the Washington Times alleged that Bill and Hillary Clinton “have paid [Cooper’s] legal fees associated with the FBI investigation, amounting to ‘hundreds of thousands of dollars.’” (The Washington Times, 4/27/2016)