November 29, 2010: Clinton pledges improved communication security after the WikiLeaks leak, but the department remains highly vulnerable.

WikiLeaks Logo (Credit: WikiLeaks)

WikiLeaks Logo (Credit: WikiLeaks)

One day after WikiLeaks releases over 250,000 State Department cables, Clinton states, “I have directed that specific actions be taken at the State Department, in addition to new security safeguards at the Department of Defense and elsewhere to protect State Department information so that this kind of breach cannot and does not ever happen again.” (US Department of State, 11/29/2010

However, in October 2013, Buzzfeed will report that “The State Department’s communications system is operating without basic technical security measures in place, despite warnings about its vulnerabilities…” The system, called SMART (the State Messaging and Archive Retrieval Toolset), is used to share department communications, including the exact same kind of cables leaked by WikiLeaks. Buzzfeed further reports that its anonymous sources “say the failures have left thousands of cables and messages, including highly sensitive and classified ones, vulnerable to espionage or leaks for the last four years.” (Buzzfeed, 10/2/2013)

October 2, 2013: Three years after WikiLeaks leaked 250,000 State Department cables, the department’s communication system “is operating without basic technical security measures in place, despite warnings about its vulnerabilities…”

The SAIG Logo (Credit: public domain)

The SAIG Logo (Credit: public domain)

This is according to a BuzzFeed article. The system is known as SMART (the State Messaging and Archive Retrieval Toolset), and is used to share internal department documents, including the diplomatic cables made public by WikiLeaks. SMART is a two-tiered system, for both classified and unclassified information. SMART was launched in 2009, and the department has paid hundreds of millions of dollars to contractors for it, mostly to the company SAIC.

Unnamed sources “say the failures have left thousands of cables and messages, including highly sensitive and classified ones, vulnerable to espionage or leaks…” 

A former deputy program manager from one such contractor complains, “There is this attitude that security didn’t even come into the picture…I’m talking IT [information technology] security basics, standard fundamental things that a first-year admin would find.”

In 2012 and 2013, internal investigations revealed grave, unresolved security issues. “According to documents reviewed by BuzzFeed, several employees raised concerns starting from the beginning of the SMART rollout. They were told to not pursue the issue. Some were told, with stern overtones, that it wasn’t within their job descriptions to do so.” (Buzzfeed, 10/2/2013)

March 3, 2015: The State Department falsely asserts Clinton’s email practices were not prohibited.

Marie Harf (Credit: public domain)

Marie Harf (Credit: public domain)

State Department spokesperson Marie Harf defends Clinton’s email arrangement, saying that she “was following what had been the practice of previous secretaries.” She claims “it was not prohibited at the time, [and] is not prohibited now.” She also says, “I was a little surprised—although maybe I shouldn’t have been—by some of the breathless reporting coming out last night.” (US Department of State, 3/3/2015) 

Some of Harf’s comments are clearly untrue, as the department’s former chief legal adviser John Bellinger points out in an email to department officials later in the same day. (US Department of State, 5/31/2016) (The Daily Caller, 6/7/2016) 

Not until a State Department inspector general’s report in May 2016 will it be revealed that Clinton’s email practices were clearly prohibited at the time and differed significantly from the practices of previous secretaries. (US Department of State, 5/25/2016)

March 3, 2015: The State Department’s former chief legal adviser wants the department to clarify that Clinton never had legal approval for her email practices, but the department keeps this secret.

John Bellinger (Credit: public domain)

John Bellinger (Credit: public domain)

John Bellinger, who had been the State Department’s Legal Adviser during the George W. Bush administration, emails the department’s deputy legal advisers Mary McLeod and Richard Visek of the State Department’s office of legal affairs after hearing department spokesperson Marie Harf defend Clinton’s email practices one day after the email scandal was first reported in the media.

Bellinger, who still serves as former secretary of state Condoleezza Rice’s personal legal counsel, writes, “Please make sure that [Harf] doesn’t keep saying that Secretary Rice did the same thing. As you know, that is not correct, and Secretary Rice has corrected the record.”

He adds, “I’m getting calls from people (press and former USG [US government] lawyers) asking whether State lawyers actually approved letting Secretary Clinton use a State [BlackBerry] for official business using a personal email account, and then to keep the emails.” He then repeatedly mentions “L,” which refers to the State Department’s Office of the Legal Adviser that he formerly headed. “[Harf] is implying that State approved this practice (and this suggests that L approved it, though she didn’t say so specifically). As someone who wants to defend L’s reputation, I would urge you to defend the credibility of L as good and careful administrative lawyers, and don’t let [her] give L a bad name. I can’t believe that L would have approved this, and you shouldn’t let [her] imply that you did.”

Visek responds to Bellinger in an email: “Thanks for the heads up. I’ll reach out to PA [The department’s Bureau of Public Affairs] and try to make sure they understand.” These emails will be made public in June 2016 due to a Freedom of Information Act (FOIA) request by the Daily Caller. (US Department of State, 5/31/2016) (The Daily Caller, 6/7/2016) 

However, the department will not follow Bellinger’s advice and will not reveal to the public that Clinton’s email practices were never approved by the department’s lawyers. That will finally be revealed in a State Department inspector general’s report in May 2016. (US Department of State, 5/25/2016)

December 22, 2015: Pagliano is secretly interviewed as part of an immunity deal with the FBI’s Clinton investigation.

Clinton’s former computer technician Bryan Pagliano makes a “derivative use” immunity deal with the Justice Department by this time, though it’s not clear exactly when this happens. Then he gives testimony to the FBI and the Justice Department as part of the FBI’s Clinton investigation. Apparently he speaks to investigators at least twice, though it is not known when the second interview takes place. “Derivative use” immunity wouldn’t prevent investigators from prosecuting Pagliano, but limits them from using any evidence derived from his testimony against him.

The media will first report on the immunity deal in March 2016, and more details will be made public in a court filing in June 2016. (LawNewz, 6/7/2016) (Federal Bureau of Investigation, 9/2/2016)

 

June 7, 2016: Pagliano is revealed to have received a limited immunity that leaves him open to prosecution.

Clinton’s former computer technician Bryan Pagliano files a copy of his immunity deal with the Department of Justice as part of a civil suit presided over by US District Judge Emmet Sullivan. Pagliano asks that the deal remain secret, and Sullivan will agree to that several days later. However, in making the filing, Pagliano’s lawyers mention that he was granted “derivative use” immunity in December 2015.

LawNewz explains this form of immunity “does not prevent the government from prosecuting Pagliano, but just limits them from using any evidence derived from Pagliano’s testimony against him.” His lawyers are arguing that what he might say in a deposition in this court case could be used against him in the FBI’s Clinton investigation, despite the immunity deal. (LawNewz, 6/7/2016)

June 10, 2016: Justice Department lawyers want the details of Pagliano’s immunity deal to remain a secret.

Bryan Pagliano was Clinton’s computer technician, and he made an immunity deal with the Justice Department in late 2015.

Several days earlier his lawyers revealed to federal judge Emmet Sullivan that it was a limited “derivative use” immunity deal. But they argue that releasing more details of “Mr. Pagliano’s agreements with the United States could prematurely reveal the scope and focus of the pending investigation.” Furthermore, “The FBI cannot publicly disclose the specific focus, scope, or potential targets of any such investigation without adversely affecting the investigation.” (Politico, 6/10/2016)

 Several days later, Sullivan will agree to keep the details a secret.

June 14, 2016: A federal judge refers to the FBI’s Clinton investigation as a “criminal investigation.”

US District Court Judge Emmet Sullivan is presiding over a case in which former Clinton aide Bryan Pagliano is fighting giving a deposition. Sullivan comments, “The privacy interests at stake are high because the government’s criminal investigation through which Mr. Pagliano received limited immunity is ongoing and confidential.” As part of the case, Sullivan is privy to information from the FBI that has not been made public.

Politico points out that this is the first “explicit confirmation that the investigation—which Clinton has repeatedly referred to as a ‘security review’—is actually a criminal probe.” (Politico, 6/14/2016)

June 14, 2016: Pagliano’s immunity deal will remain secret and he will be privately videotaped.

US District Court Judge Emmet Sullivan is presiding over a civil suit in which he wants Clinton’s former computer technician Bryan Pagliano to be deposed under oath and answer questions from Judicial Watch about Clinton’s email server. Pagliano has said he will plead the Fifth Amendment due to receiving an immunity deal with the FBI’s Clinton investigation.

Sullivan orders the immunity deal to be submitted to the court, but declares that details of the deal will not be made public, stating, “In the Court’s opinion, the need for public access to Mr. Pagliano’s agreement with the government is minimal.”

Pagliano also petitioned not to be videotaped, but Sullivan denies this request. Sullivan previously ruled such a video recording would remain under seal and not publicly released, and that will still be the case. Pagliano had been scheduled to be deposed on June 6, 2016. Sullivan orders him and Judicial Watch to arrange a new date for it before the end of June. (Politico, 6/14/2016) (The Washington Post, 6/14/2016)

June 14, 2016: Hackers allegedly linked to the Russian government broke into the DNC’s files.

Democratic National Committee headquarters in Washington, DC. (Credit: public domain)

Democratic National Committee headquarters in Washington, DC. (Credit: public domain)

The Washington Post reports that the emails, text messages, and other computer files of The DNC [Democratic National Committee] were accessed by two groups allegedly linked to Russia. Opposition research on Republican presidential candidate Donald Trump was stolen.

One group known as Cozy Bear broke into the DNC’s network a year ago and maintained access without getting caught. The other group known as Fancy Bear, apparently working independently, did so much more recently. These same hackers also probed the networks of both the Trump and Clinton campaigns, as well as some Republican political action committees, but it is unknown if those attacks succeeded.

The first hacking group typically uses “spear phishing” to gain access. This is when an email appears to come from a someone the recipient knows but actually is meant to trick that person into activating embedded malicious code by clicking on an attachment or link. (Wired, 6/14/2016) (The Washington Post, 6/14/2016

Forbes comments that the “Holy Grail of Russian intelligence is uncovering compromising material that can be used to embarrass, manipulate, or blackmail foreign political leaders.” Furthermore, “If the DNC’s cyber secrets are open to Russian intelligence hackers, the odds are overwhelming that they have Clinton’s private emails as well, especially given that Clinton’s private server was a target of the highest value.” This means Clinton could be blackmailed or otherwise manipulated by Russia as well. Forbes also notes how both cases involved spear phishing. (Forbes, 6/14/2016) 

Clinton was targeted by spear phishing at least three times, twice in May 2011, and once in July 2011. It is unknown if any of those attacks succeeded. (US Department of State, 10/30/2015) (US Department of State, 3/5/2015) (US Department of State, 5/25/2016)