August 2008: State Department rules prohibit the way some sensitive information will later be used on Clinton’s private server.

According to the State Department’s Foreign Affairs Manual (FAM), department employees are allowed to send most Sensitive But Unclassified (SBU) information unencrypted over the Internet only when necessary.

In August 2008, the FAM is amended to further toughen the rules on sending SBU information on non-department-owned systems at non-departmental facilities – such as Clinton’s later use of a private email server. Employees have to:

  • ensure that SBU information is encrypted
  • destroy SBU information on their personally owned and managed computers and removable media when the files are no longer required
  • implement encryption certified by the National Institute of Science and Technology (NIST)

The FBI will later determine that SBU information was frequently and knowingly sent to and from Clinton’s private server, but none of these steps were taken. (Federal Bureau of Investigation, 9/2/2016)

Around Mid-2010 to January 2013: “Brute force” hacking attempts on Clinton’s private server begin and steadily increase, but it is unknown if any are successful.

Blake Farenthold (Credit: Bill Clark / Congressional Quarterly Roll Call)

Blake Farenthold (Credit: Bill Clark / Congressional Quarterly)

Bryan Pagliano, the manager of Clinton’s private server while she is secretary of state, will be interviewed by the FBI in December 2015. According to an FBI report, he will claim that the server suffered no known security breaches. However, “he was aware there were many failed login attempts, which he referred to as brute force attacks. He added that the failed attempts increased over the life of the [server], and he set up the server’s logs to alert [Justin] Cooper when they occurred. Pagliano knew the attempts were potential attackers because the credentials attempting to log in did not match legitimate users on the system. Pagliano could not recall if a high volume of failed login attempts emanated from any specific country.”

The FBI report will explain, “A brute force attack is a trial-and-error method used to obtain information, such as a password… In a brute force attack, passwords may be attempted manually or automated software can be used to generate a large number of consecutive guesses as to the targeted information.” (Federal Bureau of Investigation, 9/2/2016)

Cooper, a Bill Clinton aide who helped Pagliano manage the server, will be asked about brute force attacks in a September 2016 Congressional hearing. He will respond, “I can’t say with any specificity how many had happened. They happened with some limited frequency over the period of, I’d say the last two and a half years, while she was in office. But we had developed systems to tamper these down.”

Representative Blake Farenthold (R) will ask Cooper that if the brute force attacker managed to enter the correct user name and password, “you wouldn’t have been notified, would you? You would have thought it was Mrs. Clinton or some legitimate user actually getting in?”

After further questioning, Cooper will admit that he only looked at failed attempts and didn’t check for related successful log-ins. (US Congress, 9/13/2016)

December 2, 2014: The House Benghazi Committee asks Clinton for all Benghazi-related emails from her personal email address.

Gowdy shakes hands with Clinton after she testifies before the House Select Committee on Benghazi on October 22, 2015. (Credit: CNN)

Gowdy shakes hands with Clinton after she testifies before the House Select Committee on Benghazi on October 22, 2015. (Credit: CNN)

Representative Trey Gowdy (R) sends a letter to Clinton’s personal lawyer David Kendall on behalf of the House Benghazi Committee, which he chairs. In the letter, he cites over a dozen examples of emails from Clinton’s private clintonemail.com email address relating to the 2012 Benghazi terrorist attack that have been recently uncovered. He suggests there are probably many more relevant emails still to be discovered. He also notes evidence that Clinton’s former deputy chief of staff Huma Abedin has a clintonemail.com email address.

The letter concludes with a formal request for all emails relevant to the Benghazi attack from Clinton’s clintonemail.com address from January 1, 2011 to December 31, 2012, to be turned over by December 31, 2014. (US Department of State, 2/4/2016)

Clinton will give the State Department over 30,000 emails just three days later, but these will not yet be available to the House Benghazi Committee. The committee will not get the Benghazi-related emails until February 13, 2015, and they will be sent from the State Department, not from Clinton’s lawyer.

Shortly After March 2, 2015: A surge of hacking attempts follows the revelation of Clinton’s use of a private email server in the media.

On March 2, 2015, a New York Times article publicly reveals Clinton’s use of a personal email account and private server to conduct government business. The FBI’s Clinton email investigation will later identify an increased number of login attempts to her server and its associated domain controller just after this article comes out.

According to the FBI in September 2016, “Forensic analysis revealed none of the login attempts were successful. [The] FBI investigation also identified an increase in unauthorized login attempts into the Apple iCloud account likely associated with Clinton’s email address during this time period.” (Clinton’s email address, which had been publicly revealed in March 2013, was still used as the user name for the account.) “Investigation determined all potentially suspicious Apple iCloud login attempts were unsuccessful.”

Despite all this, Clinton does not simply turn the server off. Instead, Platte River Networks (PRN) employees, who are managing the server, make some security improvements around March 7, 2015.

PRN staff also discuss the possibility of conducting penetration testing against the server to highlight vulnerabilities, so they can be fixed. However, the penetration testing ultimately doesn’t happen. (Federal Bureau of Investigation, 9/2/2016)

August 2015—Spring 2016: Justin Cooper is interviewed by the FBI three times.

Justin Cooper testifies to the House Oversight and Government Affairs Committee on September 13, 2016. (Credit: CSpan)

Justin Cooper testifies to the House Oversight Committee on September 13, 2016. (Credit: CSpan)

Justin Cooper is a former Bill Clinton aide who helped Bryan Pagliano manage Clinton’s private server while Clinton was secretary of state.

In September 2016 Congressional testimony, Cooper will reveal that he was interviewed by the FBI three times as part of the FBI’s Clinton email investigation. The first time is in August 2015, the second time is in the fall of 2015, and the third time is in the spring of 2016. He will say he was never offered an immunity deal. (US Congress, 9/13/2016)

Cooper appears to have been the first key play in the Clinton email controversy to have been interviewed by the FBI.

September 2, 2016: The FBI was unable to confirm hackers broke into Clinton’s system, but it cites an inability to gather enough evidence to do so.

The FBI Clinton email investigation’s final report, released on this day, states, “FBI investigation and forensic analysis did not find evidence confirming that Clinton’s email server systems were compromised by cyber means.” (Elsewhere in the report, it is mentioned that one email account on the server appears to have been broken into by hackers.)

A generic sample of what an attempted hack would look like in the log data. (Credit: public domain)

But the report goes on to state, “The FBI’s inability to recover all server equipment and the lack of complete server log data for the relevant time period limited the FBI’s forensic analysis of the server systems. As a result, FBI cyber analysis relied, in large part, on witness statements, email correspondence, and related forensic content found on other devices to understand the setup, maintenance, administration, and security of the server systems.”

Elsewhere in the report, it is noted that the FBI was unable to recover any of 13 the BlackBerry mobile devices Clinton used while or shortly after her tenure as secretary of state, a laptop containing a back-up of her emails was lost, the server most recently containing her emails was wiped with BleachBit software, the server used for her first two months in office was also lost, hard drive back-ups made were also lost, and so on.  (Federal Bureau of Investigation, 9/2/2016)

At the conclusion of the FBI’s investigation on July 5, 2016, FBI Director James Comey said there was no “direct evidence” Clinton’s email account had been successfully hacked. But the next day, the New York Times reported, “both private experts and federal investigators immediately understood his meaning: It very likely had been breached, but the intruders were far too skilled to leave evidence of their work.”

September 2, 2016: The FBI provides statistics on the number of Clinton’s classified emails, but those numbers diverge wildly from the State Department’s numbers.

The FBI Clinton email investigation’s final report, released on this day, details how many of Clinton’s emails were deemed classified, and when, and at what level. This data is according to FBI and Intelligence Community (IC) classification reviews, which is different from a State Department review mentioned below:

  • 81 email chains containing approximately 193 individual emails were classified at the “confidential,” “secret,” and “top secret” levels at the time the emails were drafted on unclassified systems and sent to or from Clinton’s personal server.
  • Of the 81 email chains classified at the time they were sent, 68 remain classified.
  • Twelve of these email chains, classified at the “confidential” or “secret” levels, were not included in the over 30,000 emails turned over by Clinton in December 2014. Apparently, no “top secret” emails were in this category.
  • Thirty-six of the 81 email chains were classified at the “confidential” level.
  • Thirty-seven of the chains were at the “secret” level.
  • Eight of the chains were at the “top secret” level.
  • Out of the eight “top secret” chains, seven chains contained information associated with a Special Access Program (SAP), and three email chains contained Sensitive Compartmented Information (SCI). One “top secret”/SCI email was later downgraded to a current classification of “secret.”
  • Thirty-six of the 81 classified email chains were determined to be Not-Releasable to Foreign Governments (NOFORN) and 2 were considered releasable only to Five Allied partners (FVEY) – the US, Britain, Canada, Australia, and New Zealand.
  • Sixteen of the email chains, classified at the time the emails were sent, were downgraded in current classification by Intelligence Community (IC) agencies.
  • By contrast, the State Department’s FOIA process identified 2,028 emails currently at the “confidential” level and 65 currently at the “secret” level, for a total of 2093 emails.

The FBI report further notes: “Of these emails, FBI investigation identified approximately 100 emails that overlapped with the 193 emails (80 email chains) determined through the FBI classification review to be classified at the time sent. All except one of the remaining 2,093 emails were determined by the State FOIA process to be ‘confidential’, with one email determined to be ‘secret’ at the time of the FOIA review. State did not provide a determination as to whether the 2,093 emails were classified at the time they were sent.”

It is unclear why the FBI and IC numbers are so different from the State Department numbers when it comes to “confidential” level emails. The FBI and IC identified 36 of the 81 email chains were classified at the “confidential” level, while the State Department identified 2,028 emails at the “confidential” level. And while one cannot compare email chains to emails, all 81 classified emails chains only contained 193 individual emails, so the 36 “confidential” chains must contain fewer emails than that.

Furthermore, the FBI found an additional 17,000 emails to the over 30,000 work-related emails Clinton gave to the State Department, and it appears these largely haven’t been analyzed. It hasn’t even been reported how many of them are work-related. (Federal Bureau of Investigation, 9/2/2016)

September 6, 2016: Representative Chaffetz asks a federal prosecutor to determine if Clinton and/or members of her staff played a role in deleting her emails from her private server.

Channing Phillips (Credit: public domain)

Channing Phillips (Credit: public domain)

The request comes in the form of a letter from Representative Jason Chaffetz (R), chair of the House Oversight and Government Reform Committee, to Channing Phillips, the US attorney for the District of Columbia. It asks the Justice Department to “investigate and determine whether Secretary Clinton or her employees and contractors violated statutes that prohibit destruction of records, obstruction of congressional inquiries, and concealment or cover up of evidence material to a congressional investigation.”

Although the FBI ended its Clinton email investigation in July 2016 without recommending an indictment of Clinton or anyone else, newly revealed evidence indicates Platte River Networks (PRN) employee Paul Combetta deleted and wiped all of Clinton’s emails in March 2015. He had communications with Clinton’s lawyers just days before and after the deletions, but the FBI was unable to determine what was said in those communications, possibly due to an assertion of attorney-client privilege. (Salon, 9/6/2016)

September 6, 2016: Representative Chaffetz warns the person who managed Clinton’s server could face charges, and he also is puzzled by an assertion of attorney-client privilege.

Paul Combetta (Credit: CSpan)

Paul Combetta (Credit: CSpan)

Representative Jason Chaffetz (R), chair of the House Oversight and Government Reform Committee, writes a letter to Platte River Networks (PRN), the computer company that managed Clinton’s private server since June 2013. Chaffetz warns that one PRN employee, Paul Combetta, could face federal charges for deleting and wiping Clinton’s emails from her server in March 2015. That’s because the House Benghazi Committee had issued a formal order to preserve such records earlier in the month, and Combetta confessed in a later FBI interview that he knew about the order before he made the deletions.

In the letter, Chaffetz says a recent FBI report about the deletions “raises questions to whether [Combetta] violated federal statutes that prohibit destruction of evidence and obstruction of a Congressional investigation.”

Additionally, Combetta took part in conference calls with Clinton’s lawyers just days before and after the deletions, but the FBI was unable to determine what was said in those communications, possibly due to an assertion of attorney-client privilege. In the letter, Chaffetz wants an explanation from PRN how Combetta could refuse to talk to the FBI about the conference calls if the only lawyers involved were Clinton’s. (Salon, 9/6/2016)

September 9, 2016: A Congressperson serves the FBI a subpoena for all the unredacted interviews from the FBI’s Clinton investigation.

Jason Herring (Credit: CSpan)

Jason Herring (Credit: CSpan)

FBI acting legislative affairs officer Jason Herring testifies before the House Oversight and Government Reform Committee.

He is asked by Representative Jason Chaffetz (R), chair of the committee, to promise to hand over all of the FBI interview summaries, known as 302s, in unredacted form.

Herring says he can’t do that, and suggests that Chaffetz should file a Freedom of Information Act (FOIA) request, just like any private citizen can.

Committee member Representative Trey Gowdy (R) later complains, “Since when did Congress have to go through FOIA to obtain 302s?”

Chaffetz serves the FBI a subpoena during a House Oversight and Government Affairs Committee hearing on September 9, 2016. (Credit: ABC News)

Chaffetz serves the FBI a subpoena during a House Oversight and Government Affairs Committee hearing on September 9, 2016. (Credit: ABC News)

Chaffetz replies to Henning, “You don’t get to decide what I get to see. I get to see it all.” Then he brings out a subpoena. He sends it to the witness table where Henning is sitting, and says, “I’ve signed this subpoena. We want all the 302s… and you are hereby served.”

In fact, Chaffetz’s committee has some of the 302s already, but all “personally identifiable information” has been redacted from them. The committee wants to know more about the role of Paul Combetta in deleting and the wiping all of Clinton’s emails from her personal server, but since Combetta is a Platte River Networks (PRN) employee and not a government employee, much information about what he did has been redacted.

Representative Carolyn Maloney (Credit: Andrew Burton / Getty Images)

Representative Carolyn Maloney (Credit: Andrew Burton / Getty Images)

Representative Carolyn Maloney (D), a member of the committee, claims the obstacle to Chaffetz seeing the redactions actually is the House Intelligence Committee, not the FBI. Chaffetz has asked House Intelligence chair Representative Devin Nunes (R) for access to the unredacted versions, but no vote on that request has been taken or scheduled yet.

However, Senator Charles Grassley (R), chair of the Senate Judiciary Committee, also complains about how the FBI is not letting his committee see unredacted documents from the investigation. “The FBI is trying to have it both ways. At the same time it talks about unprecedented transparency, it’s placing unprecedented hurdles in the way of Congressional oversight of unclassified law enforcement matters. It turned over documents, but with strings attached. … The Senate should not allow its controls on classified material to be manipulated to hide embarrassing material from public scrutiny, even when that material is unclassified.” (Politico, 9/12/2016)

Two other Congressional committees formally asked the Justice Department on September 9, 2016 for the full FBI interviews of Combetta and other PRN employees. (US Congress, 9/9/2016)

September 13, 2016: Two former managers of Clinton’s private server plead the Fifth before a Congressional hearing; one other fails to appear at all.

The House Oversight and Government Reform Committee holds a public hearing related to the management of Clinton’s private server. Four people associated with the management of Clinton’s private server had been served by Congressional subpoenas on September 8, 2016 to force them to testimony:

Paul Combetta (left) Bill Thornton (center) Justin Cooper (right) (Credit: CSpan)

Paul Combetta (left) Bill Thornton (center) Justin Cooper (right) (Credit: CSpan)

  • Bryan Pagliano, a former State Department employee who managed Clinton’s server while she was secretary of state. He defies the subpoena by failing to appear at all.
  • Justin Cooper, a former Bill Clinton aide who helped Pagliano manage the server. He does answer questions for nearly two hours at the hearing.
  • Paul Combetta, a Platte River Networks (PRN) employee, which managed the server from June 2013 until at least late 2015. He deleted and then wiped all of Clinton’s emails from her server. He fails to answer any questions and pleads the Fifth instead.
  • Bill Thornton, another PRN employee who managed the server with Combetta. He also to answer any questions and pleads the Fifth instead.

Pagliano’s lawyers have complained the hearing is politically biased and he will continue to refuse to participate. He has also failed to cooperate with another Congressional committee in 2015, a State Department inspector general’s investigation, and a deposition in a Freedom of Information Act (FOIA) lawsuit.

Representative Jason Chaffetz (R) says of Pagliano’s refusal to appear: “He made the decision not to be here and there are consequences for that. … We’ll look at the full range of options. If anybody is under any illusion I’m going to let go of this and let it sail off into the sunset they are very ill-advised.” However, he doesn’t specify what the penalties might be. (The Associated Press, 9/13/2016) (US Congress, 9/13/2016)

Austin McChord, the CEO of Datto, Inc., was also scheduled to appear, but there is no mention of him. Presumably, he is rescheduled for another hearing.

September 14, 2016: The US intelligence community has declined to conduct a required damage assessment caused by the classified information on Clinton’s private email server.

Joel Melstad, spokesperson for the of the Office of the Director of National Intelligence (ODNI), says, “ODNI is not leading an [intelligence community]-wide damage assessment and is not aware of any individual IC element conducting such formal assessments.”

Most of the above “top secret” emails sent or received on Clinton’s server related to the US drone program in Pakistan. According to the Washington Free Beacon, Director of National Intelligence James Clapper “agreed with security officials who argued against the need to carry out the damage assessment. Intelligence officials argued in internal discussions that since many details of the drone missile program targeting terrorists were disclosed in earlier leaks unrelated to Clinton’s use of a personal email server, gauging the damage done by her conduct would be difficult, and possibly unnecessary.”

However, “Other officials said Clapper’s decision appeared based on political considerations and was an effort to avoid embroiling American intelligence agencies in charges they were attempting to influence the outcome of Clinton’s bid for the White House.”

Representative Mike Pompeo (Credit: Politico)

Representative Mike Pompeo (Credit: Politico)

A June 2014 counterintelligence directive, ICD-732, states that “damage assessments shall be conducted when there is an actual or suspected unauthorized disclosure or compromise of classified national intelligence that may cause damage to US national security.”

Representative Mike Pompeo (R) says, “FBI Director [James] Comey has made clear that there was highly classified and sensitive information on Secretary Clinton’s personal server. It is imperative that [a damage assessment] be conducted to determine what harm to American national security may have occurred and, just as importantly, to prevent the massive mishandling of sensitive materials from ever happening again.”

Angelo Codevilla (Credit: public domain)

Angelo Codevilla (Credit: public domain)

Angelo Codevilla, a former US intelligence officer, says, “Common sense, the intelligence community’s standard practice, as well as a 2014 directive, require assessing the damage done by any such compromise.” She also asserts that Comey’s “vague and evasive” comments regarding Clinton’s handling of classified information confirm that a significant number of secrets were compromised.

Michelle VanCleave (Credit: public domain)

Michelle Van Cleave (Credit: public domain)

Michelle Van Cleave, a former national counterintelligence executive, similarly asserts, “Whenever there is a significant compromise of national security information, as the FBI’s report confirms happened here, it is essential to conduct an assessment of the damage in order to protect plans, programs, or lives that may be at risk.” There have been reports that Clinton’s emails revealed the names of some undercover CIA officers as well.

Kenneth deGraffenreid (Credit: The Institute of World Politics)

Kenneth deGraffenreid (Credit: The Institute of World Politics)

Kenneth deGraffenreid, a former deputy national counterintelligence executive, says, “Intelligence agencies hate conducting damage assessments that could show people that somebody did something wrong, or improper, or did it poorly. They never want that known. It’s a bureaucracy that does one thing: protects itself.”

He says Congress should force the intelligence community to conduct the damage assessment, since it will find no political advantage in doing it voluntarily.

However, the Free Beacon reports, “Congressional sources said the House and Senate intelligence oversight committee are reluctant to require the damage assessment since it would codify in writing the false claim that no damage was caused to the drone program by the compromise of secrets by Clinton and her aides.” (The Washington Free Beacon, 9/14/2016)