February 1, 2008: Clinton’s private email domain is set up under a false name.

Another view of the Clinton family home in Chappaqua, New York. (Credit: Susan Farley / Getty Images)

A view of the Clinton family home in Chappaqua, New York. (Credit: Susan Farley / Getty Images)

An IP address associated with the clintonemail.com domain later used by Hillary Clinton is registered to “Eric Hoteham” on this date. The IP address for clintonemail.com, along with others registered in Hoteham’s name, is connected to Bill and Hillary Clinton’s home address in Chappaqua, New York. ABC News will later call Hoteham a “mystery man,” since no one with that name is known to exist.

He may or may not be the same as the similarly named Eric Hothem who worked for Bill Clinton when he was president, was an aide for Hillary Clinton in the early 2000s, and has worked for Citicorp and then JP Morgan since. That person has refused to comment on the matter. (ABC News, 3/5/2015) (ABC News, 3/6/2015)

February 1, 2008: The Clinton Foundation’s email domain is linked to Clinton’s private server.

On the same day “Eric Hoteham” (who is probably a Clinton associate named Eric Hothem) registers clintonemail.com for the private server in the Chappaqua house where Bill and Hillary Clinton live, he registers two other domain names: wjcoffice.com and presidentclinton.com. “WJC” most likely stands for Bill Clinton’s full name “William Jefferson Clinton.” The FBI will later determine that this “was primarily a legacy domain that contained mostly forwarded email.” But presidentclinton.com will be used for email accounts of Clinton Foundation employees and other employees of President Clinton.

These other two domains are also based in Clinton’s house, on the same server that will become infamous for containing all of Hillary Clinton’s emails during her tenure as secretary of state. Apparently, the server won’t become operational until around June 2008.

Bil Clinton doesn’t maintain an email account on the server. His wife Hillary won’t start using an email account on the server until January 2009. (ABC News, 3/5/2015) (The New York Times, 3/4/2015) (Federal Bureau of Investigation, 9/2/2016)

January 13, 2009: A Clinton aide registers the email domain that Clinton will use for her private server while Secretary of State.

Justin Cooper (Credit: Pave.com)

Justin Cooper (Credit: Pave.com)

Just prior to Hillary Clinton’s Senate confirmation hearing for secretary of state, Justin Cooper registers three email domains for Hillary Clinton at her Chappaqua, New York, address. One domain, clintonemail.com, will be used for all of Clinton’s emails for at least the next five years. (The Washington Post, 3/10/2015) (The New York Times, 8/8/2015)

Cooper is a long-time personal assistant to Bill Clinton. However, he has “no security clearance and no particular expertise in safeguarding computers, according to three people briefed on the server setup.” (The Washington Post, 8/4/2015)

January 28, 2009: The first known email using Clinton’s private server is sent by Clinton, despite her claim she won’t use it for two more months.

General David Petraeus (Credit: Centcom)

General David Petraeus (Credit: Centcom)

Clinton exchanges 19 emails with Army General David Petraeus, who is chief of the US Central Command at the time. The exchange will continue into February 2009.

In 2015, Clinton will claim that she didn’t start using her email account for government work until March 18, 2009. As a result, all the emails she will later hand over to the State Department will be from March 18 or later. These emails have not yet been made public. (The Washington Post, 3/27/2016)

In August 2015, in a sworn deposition to a federal court, Clinton will claim: “I, Hillary Rodham Clinton, declare under penalty of perjury that the following is true and correct: While I do not know what information may be ‘responsive’ for purposes of this law suit, I have directed that all my emails on clintonemail.com in my custody that were or potentially were federal records he provided to the Department of State, and on information and belief, this has been done.” (Judicial Watch, 8/10/2015)

The 19 emails between Clinton and Petraeus from January 2009 will be discovered by the Defense Department in September 2015, one month after Clinton’s sworn deposition. Presumably, they come from Petraeus’ email account. (Reuters, 9/26/2016)

September 20, 2009: Clinton apparently stops receiving emails from a private email address she’d used as a senator.

Her previous email was: hr15@att.blackberry.net, also known as hr15@mycingular.blackberry.net (AT&T and Cingular are the same company). When she became secretary of state in early 2009, she created a new hdr22@clintonemail.com address on her private server and set up her emails from her old address to be forwarded to her new address. According to Clinton spokesperson Nick Merrill, she shuts down the old address around this time, with the last known email coming to that address on September 20, 2009. (Buzzfeed, 7/1/2015)

February 27, 2010: An emails shows that Cheryl Mills and Huma Abedin are aware of Clinton’s private server, and a Bill Clinton aide has an email account on it.

Clinton’s deputy chief of staff Huma Abedin sends an email to Justin Cooper, an aide to Bill Clinton. She forwards a message from Clinton’s chief of staff Cheryl Mills to Clinton that had bounced, and asks Cooper, “HRC [Clinton] email coming back—is server okay?”

He replies, “UR [You are] funny. We are on the same server.” His reply goes to Mills as well as Abedin, indicating that both of them are aware of the existence of Clinton’s private server.

Cooper’s email domain will be redacted when this email is released in 2016, but his comment indicates his email is on the clintonemail.com domain, the same as Clinton’s. (Abedin has an email account on that domain too, but she sends this email from her State Department state.gov account.) (US Department of State, 6/20/2016) 

Cooper is not a government employee and apparently has no security clearance, but other reports indicate he helps Bryan Pagliano manage Clinton’s server.

May 21, 2010—October 21, 2010: Computer records suggest Clinton’s private server could be located at the Clinton Foundation’s headquarters.

The result of an IP location look up of where Clinton's private server was in mid-2010 appears to indicate the middle of Manhattan, New York. (Credit: IP Finder / Google Maps)

The result of an IP location look up of where Clinton’s private server was in mid-2010 appears to indicate the middle of Manhattan, New York. (Credit: IP Finder / Google Maps)

According to publicly available computer records, the IP [Internet Protocol] address for the mail.presidentclinton.com server is 24.187.234.187 from at least 2009 to 2011. Records also show that mail.clintonemail.com server has the same exact IP address, 24.187.234.187, from at least May 21, 2010 to October 21, 2010. That means the two servers must have been in the same location for that overlapping time period.

Computer records can also indicate where the IP addresses are physically located, and that IP address at that time is somewhere in the middle of Manhattan, New York City. That makes sense for presidentclinton.com, since former President Bill Clinton’s offices are there, and the Clinton Foundation headquarters is also there. But that would suggest that Hillary Clinton’s clintonemail.com server used for all her secretary of state work is also based in Manhattan and not Chappaqua, New York, for at least part of 2010. (DNS History, 9/7/2015) (DNS History, 9/7/2015) (IP Tracker, 9/3/2015)

October 29, 2011: A Bill Clinton aide handles a problem with the Clinton private server.

Justin Cooper writes in an email to Clinton’s deputy chief of staff Huma Abedin, “Fyi [For your information] clintonemail.com is down due to an outage with our ISP. Our actual systems are up. If it looks to be long term ie past tomorrow I will reroute the mail. [You] or Oscar can tell HRC [Clinton].” (US Department of State, 6/20/2016)

This indicates that Cooper is helping Bryan Pagliano to manage Clinton’s private server (at the clintonemail.com domain) and has some technical ability if he can reroute the email. However, he is not a government employee and apparently has no security clearance. Instead, he is an aide to Bill Clinton and likely spends a lot of time at the Chappaqua, New York house where both Bill and the server are.

December 29, 2011: Two more Bill Clinton aides may have access to the Clinton private server, despite probably lacking the proper security clearances.

Bernadette Meehan (Credit: public domain)

Bernadette Meehan (Credit: public domain)

Bernadette Meehan, a special assistant to Clinton, sends an email to Clinton’s deputy chief of staff Huma Abedin and a few others. Apparently, Clinton is spending Christmas vacation at a resort in Punta Cana, Dominican Republic, as she does every year, and she is having trouble getting an Internet connection for her BlackBerry.

Abedin emails Justin Cooper, an aide to Bill Clinton, about this. She asks, “Are we having problem with clintonemail?”

Cooper says there are “No issues on our end.” But he apparently is not at the Chappaqua, New York, house were the server is, because he adds that he is CCing Oscar Flores and Jon Davidson “who are there to see if they are having trouble.” (US Department of State, 6/20/2016) (The Associated Press, 4/13/2015)

This is further evidence that Cooper, who is not a government employee and apparently has no security clearance, is helping to manage Clinton’s private server. Flores is Bill Clinton’s personal valet and is said to spend a lot of time with him at the Clinton’s Chappaqua, New York, house. (Politico, 9/24/2010) Davidson is Bill Clinton’s deputy chief of staff. (New York Magazine, 4/14/2015

This raises the possibility that two more people without proper authorization had access to all of Clinton’s emails on her server.

August and December 2012: An Internet-wide hacker attack makes Clinton’s private server even more vulnerable.

An anonymous hacker using a computer in Serbia scans hundreds of millions of Internet addresses for accessible openings, called “ports.” Clinton’s private server is scanned by this hacker in August 2012 and again in December. The hacker’s millions of results are then made widely available on-line. It is unknown if anyone looking at this data figures out if the server belongs to Bill and Hillary Clinton, although the name “clintonemail.com” is a clue. (The Associated Press, 10/13/2015)

February 13, 2013: Clinton’s deputy chief of staff Huma Abedin signs a pledge that she has given all of her work-related documents back to the State Department, but she didn’t.

Huma Abedin on her cell phone in Londonderry, New Hampshire, on January 3, 2016. (Credit: Rick Friedman / Corbis)

Huma Abedin on her cell phone in Londonderry, New Hampshire, on January 3, 2016. (Credit: Rick Friedman / Corbis)

All State Department officials are required to sign the “separation statement” when they leave the department, known as the OF-109 form. However, Abedin has a private email address (huma@clintonemail.com) on the same private server that Clinton does, and when she leaves the department in February 2013 she does not turn over any of her emails from it, including work-related emails.

Her emails will not be handed over until a couple of years later, after various lawsuits and investigations. In signing the form, Abedin acknowledges she could be subject to “criminal penalties” for lying on the document.

The Hill will later report, “It’s unclear whether Abedin would be subject to prosecution, given the unusual nature of Clinton’s private email setup.” (The Hill, 11/13/2015) (US Department of State, 9/11/2015)

March 14, 2013: Guccifer accesses the email account of Clinton confidant Sid Blumenthal.

This is one of four Clinton-Blumenthal emails that Guccifer makes public in full, all printed in pink and with a large "G" for "Guccifer" added. Because it was sent on February 16, 2013, two weeks after Clinton's term as secretary of state ended, it has not been released elsewhere. It describes intelligence that prominent Saudis helped fund the 2012 Benghazi terrorist attack.

This is one of four Clinton-Blumenthal emails that Guccifer makes public in full, all printed in pink and with a large “G” for “Guccifer” added. Because it was sent on February 16, 2013, two weeks after Clinton’s term as secretary of state ended, it has not been released elsewhere. It describes intelligence that prominent Saudis helped fund the 2012 Benghazi terrorist attack.

Guccifer, an unemployed Romanian whose real name is Marcel-Lehel Lazar, breaks into the AmericaOnline (AOL) email account of Blumenthal. Guccifer does not have typical hacking skills but instead attempts to guess passwords and answers security questions. In recent months, he broke into the accounts of famous people, or the friends and family of famous people, including those of former secretary of state Colin Powell and former US president George W. Bush.

He takes screenshots of the text of emails of Clinton and Blumenthal discussing sensitive foreign policy issues during her time as secretary of state. He also takes a screenshot of Blumenthal’s inbox showing a list of the latest emails sent from Clinton.

In the next few days, the screenshots are made public, and for the first time, Clinton’s private email address hdr22@clintonemail.com is revealed to the world. (USA Today, 3/22/2013) (The Smoking Gun, 3/3/2015)

Shortly After March 15, 2013: After her email address is exposed, Clinton changes to a new email address run from the same server.

Marcel-Lehel Lazar, a.k.a. "Guccifer" (Credit: Cristian Movila / The New York Times)

Marcel-Lehel Lazar, a.k.a. “Guccifer” (Credit: Cristian Movila / The New York Times)

Marcel-Lehel Lazar, the hacker nicknamed “Guccifer,” exposes Clinton’s private email address hdr22@clintonemail.com to the public on March 15, 2013. Clinton then changes her email address to hrod17@clintonemail.com, though it is unclear exactly how quickly she does this. In 2015, Clinton spokesperson Nick Merrill will only say that her new address is registered some time in March 2013.

But this new address shows that it is still being run from the same private server, which would be even more vulnerable now that its existence has been publicly exposed. (Hillaryclinton.com, 7/13/2015) (USA Today, 5/22/2015) (Buzzfeed, 7/1/2015

Clinton’s old mail account is still working on March 20, 2013, but her new account could have been made prior to that. (Gawker, 3/3/2015) 

Clinton will make some security changes, but apparently not until the end of May 2013, when she will hire a new company to manage her server. (McClatchy Newspapers, 10/6/2015)

March 20, 2013: Gawker publishes an article that reveals Clinton’s use of a private email address and notes it “could be a major security breach.”

The article notes that the hacker nicknamed Guccifer broke into the email account of Clinton confidant Sid Blumenthal. “[W]hy was Clinton apparently receiving emails at a non-governmental email account? The address Blumenthal was writing to was hosted at the domain ‘clintonemail.com’, which is privately registered via Network Solutions. It is most certainly not a governmental account. […] And there seems to be little reason to use a different account other than an attempt to shield her communications with Blumenthal from the prying eyes of FOIA [Freedom of Information Act] requesters.

Neither the State Department nor the White House would immediately comment on whether the White House knew that Blumenthal was digitally whispering in Clinton’s ear, or if the emails were preserved as the law requires. And if, as it appears, Blumenthal’s emails contained information that was classified, or ought to have been treated as such, it could be a major security breach for Clinton to have allowed it to be sent to her on an open account, rather than through networks the government has specifically established for the transmission of classified material.” (Gawker, 3/20/2013)

Late July 2014: State Department officials anticipate media interest in Clinton’s emails.

In May 2016, Cheryl Mills will say in a court deposition that around the end of July 2014, she was in contact with the State Department about turning over Clinton’s work-related emails from Clinton’s time as secretary of state. Mills will claim “there was a set of conversations around materials that were going to be provided to [the House Benghazi Committee], and questions that [department officials] had with respect to media inquiries that they anticipated. And then subsequent to that there was communication with respect to the department potentially needing all of her dot gov emails.”

Clinton never used her state.gov government email account, so presumably the conversation switched to turning over her private emails, which she eventually does months later. (Judicial Watch, 5/31/2016)

The predicted media interest will happen in March 2015 after it is revealed Clinton exclusively used a private email address hosted on a private server.

December 2014: Clinton’s emails are copied to a different server, but the FBI will never check if that server had any of her work-related emails.

Paul Combetta is the Platte River Networks (PRN) employee doing most of the active managing of Clinton’s private server. In a September 2015 FBI interview, he will claim that a person working for the Clinton family company Clinton Executive Service Corp. (CESC) whose name is later redacted contacts him around December 2014 and tells him that Clinton and her aide Huma Abedin are getting new email accounts on a different server not administered by PRN. Indeed, other sources indicate that in December 2014, Clinton and Abedin get new email accounts on a server with the hrcoffice.com domain name.

As part of this change, Combetta copies Clinton’s email from her hrod17@clintonemail.com email address to her new hrcoffice.com address. Clinton began using the hrod17@clintonemail.com address in late March 2013, shortly after her tenure as secretary of state ended. Combetta will claim that nobody told him “to transfer any archived email to the new server.” (Federal Bureau of Investigation, 9/23/2016)

However, Clinton’s earlier emails could have been transferred to her new email address around the time it was created in late March 2013, in which case they too would get copied to the hrcoffice.com server. But the FBI will never search this server to see if any of Clinton’s emails from her tenure as secretary of state can be recovered from it.

December 2014: Clinton finally stops using the clintonemail.com domain and server for her daily emails.

Since early 2009, Clinton and her aide Huma Abedin have had private email accounts on the clintonemail.com domain, which is hosted on Clinton’s private email server.

Chelsea Clinton and Huma Abedin chat while on the campaign trail in 2008. (Credit: Reuters)

Chelsea Clinton and Huma Abedin chat while on the campaign trail in 2008. Huma also appears to be holding two flip phones and a BlackBerry. (Credit: Reuters)

According to a September 2016 FBI report, the new domain hrcoffice.com is created in December 2014. In a later FBI interview, Abedin stated the clintonemail.com system was “going away,” and after the initiation of the new domain, she didn’t have access to her clintonemail.com account anymore. Presumably the same is true for Clinton (and the few others who had email accounts on the domain, such as Chelsea Clinton).

The FBI report will indicate the hrcoffice.com domain is hosted on different equipment, which presumably means a different server. But the clintonemail.com server will continue to run until October 2015, when it will be confiscated by the FBI.

As part of the transfer process, Platte River Networks employee Paul Combetta copies all of Clinton’s emails from her current account on the clintonemail.com server to her new acccount on the hrcoffice.com server.

In Clinton’s July 2016 FBI interview, the FBI will summarize Clinton as saying: “Clinton transitioned to an email address on the hrcoffice.com domain because she had a small number of personal staff, but no physical office or common email domain. To address these issues, she moved to a common email domain and physical office space. After this move, Clinton did not recall any further access to clintonemail.com.”

The switch comes about one month after the State Department formally asked Clinton for all of her work-related emails from her secretary of state tenure, when she used her clintonemail.com account. (Federal Bureau of Investigation, 9/2/2016)

December 2, 2014: The House Benghazi Committee asks Clinton for all Benghazi-related emails from her personal email address.

Gowdy shakes hands with Clinton after she testifies before the House Select Committee on Benghazi on October 22, 2015. (Credit: CNN)

Gowdy shakes hands with Clinton after she testifies before the House Select Committee on Benghazi on October 22, 2015. (Credit: CNN)

Representative Trey Gowdy (R) sends a letter to Clinton’s personal lawyer David Kendall on behalf of the House Benghazi Committee, which he chairs. In the letter, he cites over a dozen examples of emails from Clinton’s private clintonemail.com email address relating to the 2012 Benghazi terrorist attack that have been recently uncovered. He suggests there are probably many more relevant emails still to be discovered. He also notes evidence that Clinton’s former deputy chief of staff Huma Abedin has a clintonemail.com email address.

The letter concludes with a formal request for all emails relevant to the Benghazi attack from Clinton’s clintonemail.com address from January 1, 2011 to December 31, 2012, to be turned over by December 31, 2014. (US Department of State, 2/4/2016)

Clinton will give the State Department over 30,000 emails just three days later, but these will not yet be available to the House Benghazi Committee. The committee will not get the Benghazi-related emails until February 13, 2015, and they will be sent from the State Department, not from Clinton’s lawyer.

March 4, 2015: A non-profit watchdog suggests Clinton hid her emails because her government work and Clinton Foundation work was intertwined.

John Wonderlich (Credit: Personal Democracy Media)

John Wonderlich (Credit: Personal Democracy Media)

The New York Times reports that a Clinton spokesperson has declined to comment on Clinton’s “use of clintonemail.com for matters related to the Clinton Foundation, which has received millions of dollars in donations from foreign governments.”

However, John Wonderlich, policy director of the Sunlight Foundation, a non-profit organization that advocates transparency in government, comments, “It seems her intent was to create a system where she could personally manage access to her communications” both relating to her secretary of state work and the Clinton Foundation. “Given all the power she had as secretary of state, a lot of that work would be jumbled together. Her presidential ambitions and the family foundation would be wrapped up technically in email.” (The New York Times, 3/4/2015)

March 5, 2015: Clinton’s private server is active and shows obvious security vulnerabilities.

A screenshot of the sslvpn.clintonemail.com log-in on March 4, 2015. (Credit: Gawker)

A screenshot of the sslvpn.clintonemail.com log-in on March 4, 2015. (Credit: Gawker)

Gawker reports that Clinton’s private email server is still active and shows signs of poor security. If one goes to the web address clintonemail.com, one gets a blank page. But if one goes to the subdomain sslvpn.clintonemail.com, a log-in page appears. That means anyone in the world who puts in the correct user name and password could log in.

Furthermore, the server has an invalid SSL certificate. That means the encryption is not confirmed by a trusted third party. Gawker notes, “The government typically uses military-grade certificates and encryption schemes for its internal communications that designed with spying from foreign intelligence agencies in mind,” and Clinton’s server clearly is not up to that standard.

It also opens the server to what is called a “man in the middle” hacker attack, which means someone could copy the security certificate being used and thus scoop up all the data without leaving a trace. The invalid certificate also leaves the server vulnerable to widespread Internet bugs that can let hackers copy the entire contents of a servers’ memory.

As a result, independent security expert Nic Cubrilovic concludes, “It is almost certain that at least some of the emails hosted at clintonemails.com were intercepted.” (Gawker, 3/5/2015)

Clinton still doesn’t shut the server down. However, about two days later, the security settings are changed.

March 5, 2015: Clinton’s private server shows more obvious security vulnerabilities.

A screenshot of the mail.clintonemail.com Outlook log-in on March 4, 2015. (Credit: Gawker)

A screenshot of the mail.clintonemail.com Outlook log-in on March 4, 2015. (Credit: Gawker)

Gawker reports that in addition to the security problems shown by the subdomain to Clinton’s private email server sslvpn.clintonemail.com, there is another subdomain that reveals even more security issues. If one goes to various web addresses of the server’s mail host mail.clintonemail.com, one is presented with a log-in for Microsoft Outlook webmail.

Gawker notes that the “mere existence” of this log-in “is troubling enough: there have been five separate security vulnerabilities identified with Outlook Web Access since clintonemail.com was registered in 2009.”

Furthermore, security expert Robert Hansen says having a public log-in page for a private server is “pretty much the worst thing you can do. […] Even if [Clinton] had a particularly strong password,” simply trying a huge number of passwords will “either work eventually – foreign militaries are very good at trying a lot – or it’ll fail and block her from accessing her own email.” He says that the server shows so many vulnerabilities that “any joe hacker” could break in with enough time and effort.

Independent security expert Nic Cubrilovic says, “With your own email hosting you’re almost certainly going to be vulnerable to Chinese government style spearphishing attacks – which government departments have enough trouble stopping – but the task would be near impossible for an IT [information technology] naive self-hosted setup.” (Gawker, 3/5/2015)

March 6, 2015: A number of email accounts appear to have been made for Clinton to use on her private server.

However, it is unknown if they were ever used. A prominent hacker who has worked for US intelligence agencies used high-tech tools to search Internet data sources for any mention of email addresses using the clintonemail.com domain name of Clinton’s server. The results of the search were given to Fox News. Clinton has publicly claimed that she only used one email address while secretary of state: hdr22@clintonemail.com.

But the hacker also found the following addresses had been created: hdr@clintonemail.com, hdr18@clintonemail.com, hdr19@clintonemail.com, hdr20@clintonemail.com, hdr21@clintonemail.com, h.clinton@clintonemail.com, Hillary@clintonemail.com, contact@clintonemail.com, and mau_suit@clintonemail.com.

Fox News tried to contact two of Clinton’s spokespeople to find if the other addresses had ever been used by anyone, but got no reply. (Fox News, 3/6/2015)

March 17, 2015: A State Department manager says he didn’t realize Clinton was using a private email account.

Jack Lew (Credit: public domain)

Jack Lew (Credit: public domain)

Jack Lew was deputy secretary of state for management and resources from January 2009 to November 2010. He will be promoted to secretary of the treasury in 2013. Asked about if he noticed Clinton’s email address ended in clintonemail.com, showing that it was not a government account, he says, “I did email with her from time to time, and I don’t remember exactly how it showed up. […] I was aware that she was emailing with people. I didn’t pay a lot of attention to what email she was using.”

Lew had a key management and oversight role, but he doesn’t recall discussing with Clinton whether laws or rules prohibit the use of personal email for work matters. (Bloomberg News, 3/17/2015)

August 8, 2015: Clinton writes under oath that she has provided the State Department all of her work-related emails that were on her personal email account she used while secretary of state.

Her short statement includes this sentence: “I have directed that all my emails on clintonemail.com in my custody that were or potentially were federal records be provided to the Department of State, and on information and belief, this has been done.”

150808HillaryOath

A sample of the document Clinton signed on August 8, 2015. (Credit: Politico)

That statement is a result of a Freedom of Information Act (FOIA) lawsuit brought by Judicial Watch against the State Department. Additionally, Clinton mentions in her statement that her top aide Huma Abedin also had an email account on her clintonemail.com server that “was used at times for government business,” but another top aide, Cheryl Mills, did not. (The New York Times, 8/10/2015) (Politico, 8/8/2015)

One month later, some more of Clinton’s work emails from her time as secretary of state will be discovered by the Defense Department. (The New York Times, 9/25/2015)

August 14, 2015: Clinton’s top two aides also used private email accounts for government work.

State Department official John F. Hackett reveals to a federal judge that two of Clinton’s aides “used personal email accounts located on commercial servers at times for government business.” Clinton’s chief of staff Cheryl Mills had a Google Gmail account, and Clinton’s deputy chief of staff Huma Abedin had an account on the same clintonemail.com private server used by Clinton. (The Washington Times, 8/14/2015

Clinton has argued that 90% or more of her emails would have been archived by the State Department since she communicated mostly with other State Department employees. But in fact less than one percent of emails were archived by the department during her tenure there, and she emailed Mills and Abedin more than anyone else. (The Washington Post, 11/9/2015)

November 6, 2015: Clinton’s lawyer says that Clinton hasn’t found any more of her emails.

On October 2, 2015, the State Department the department sent a letter to Clinton’s personal lawyer David Kendall, making “an additional request for any records that former Secretary Clinton may have in her possession,” especially from her first two months as secretary of state. This is due to news reports in September that additional work-related emails between her and Army General David Petraeus from her first weeks as secretary of state were found. (McClatchy Newspapers, 12/31/2015)

On November 6, 2015, Kendall replies in a letter, “With regard to her tenure as secretary of state, former Secretary Clinton has provided the department on December 5, 2014, with all federal email records in her custody, regardless of their format or the domain on which they were stored or created, that may not otherwise be preserved, to our knowledge, in the department’s recordkeeping system. She does not have custody of emails sent or received during the first few weeks of her tenure as she was transitioning to a new address, and we have been unable to obtain these. In the event we do, we will immediately provide the Department with federal record emails in this collection.” (US Department of State, 5/25/2016)

Note this suggests the possibility that Clinton or her representatives may still possess some copies of her emails.

January 11, 2016: Emails from top Clinton aide Huma Abedin will be released in batches.

Huma Abedin using a cell phone on January 28, 2016. (Credit: The Associated Press)

Huma Abedin using a cell phone on January 28, 2016. (Credit: The Associated Press)

The State Department agrees to begin publicly releasing nearly all of Abedin’s emails to or from a private email account that she used while she was Clinton’s deputy chief of staff. The department has determined it has 29,000 pages of emails from Abedin, using an account from the same clintonemail.com server that Clinton used. (The number of emails in those pages is unclear.)

The department will process these in batches of 400 pages a month, with the processing starting on March 1, 2016. Most of the emails in each batch will released except for a few exceptions, such as forwards of news articles. The last batch is due to be released in April 2017.

This release is because of a Freedom of Information Act (FOIA) brought by Judicial Watch. Tom Fitton, the head of Judicial Watch, says, “Obviously, [Abedin] was as close an aide as you could have had to Mrs. Clinton. If Mrs. Clinton didn’t keep records she should have or destroyed or deleted them, maybe we can find them through Ms. Abedin. And Ms. Abedin’s activities are also controversial.” (Politico, 1/11/2016) (The Hill, 1/12/2016)

March 15, 2016: Republicans sue for more Clinton and Clinton Foundation emails.

The Republican National Committee files four new lawsuits stemming from Freedom of Information Act (FOIA) requests it had filed in 2015. The lawsuits include a demand for all emails between 14 State Department officials and private email domains associated with Clinton, former President Bill Clinton, and the Clinton Foundation. These new filings bring the total number of civil suits over access to Clinton’s records pending in federal court to at least 38. (The Associated Press, 3/17/2016)

April 5, 2016: Huma Abedin gives hints about her multiple email accounts that the FBI fails to properly follow up on.

Huma Abedin, Clinton’s deputy chief of staff, is interviewed by the FBI. During the interview, she discloses she had four email accounts while working at the State Department:

  • an official State Department email account.
  • an account on Clinton’s clintonemail.com private email server.
  • a personal Yahoo account.
  • another personal email account that she had previously used to support the political activities of her husband Anthony Weiner.
Huma Abedin stops for a moment to text a message. (Credit: Polaris)

Huma Abedin stops for a moment to text a message. (Credit: Polaris)

Abedin says she “routinely” forwarded State Department emails and documents to both her clintonemail.com account and her Yahoo account so she could more easily print them.

She is asked about one classified email sent to her State Department account from an aide to Richard Holbrooke, a special State Department envoy to Afghanistan and Pakistan. She had forwarded the email to her Yahoo account in order to print it, but tells the FBI she was “unaware of the classification of the document and stated that she did not make judgments on the classification of material she received. Instead, she relied on the sender to make that assessment and to properly make and transmit the document.”

In October 2016, it will be discovered that copies of at least some of Abedin’s emails wound up on the computer of her husband Weiner, leading FBI Director Comey to at least partially reopen the Clinton email investigation. Yahoo News will later suggest that Abedin’s FBI interview offered hints that “there might be relevant material on her husband’s personal devices. But agents do not appear to have followed up on the clues.” Furthermore, “there is no indication” for the FBI interview summary that the FBI “ever pressed her on what has now turned into an explosive issue in the final days of the 2016 campaign:”

Joseph DiGenova, who Yahoo News will describe as “a former US attorney and independent counsel who has been a strong critic of Comey and the FBI probe,” will call this evidence that the FBI investigation was “not thorough” and was “fatally flawed.” He will add, “The first thing [FBI agents] should have done was gotten a sworn affidavit about all her accounts and devices.” Then they should have immediately attempted to obtain the devices, including Weiner’s.

On June 28, 2016, Abedin will be deposed as part of a Freedom of Information Act (FOIA) lawsuit by Judicial Watch. Testifying under oath, she will give answers that differ from her FBI interview. When asked about her email accounts, she will claim she rarely used her personal Yahoo account, and when she did she only used it to forward State Department “press clips” so she could print them. (Yahoo News, 10/29/2016)

May 25, 2016: A Bill Clinton assistant with no security clearance and no special computer expertise helped manage Hillary Clinton’s private server.

Obama talks with Chief of Staff Jack Lew, former President Bill Clinton, Justin Cooper (standing in the doorway), David Axelrod, and Senior Advisor David Plouffe on board Air Force One on November 4, 2012. (Credit: Pete Souza / White House)

Obama talks with Chief of Staff Jack Lew, former President Bill Clinton, Justin Cooper (standing in the doorway), David Axelrod, and Senior Advisor David Plouffe on board Air Force One on November 4, 2012. (Credit: Pete Souza / White House)

It had been previously believed that Bryan Pagliano was the one who managed Clinton’s private server. But the State Department inspector general’s report released on this day reveals that there actually were “two individuals who provided technical support to Secretary Clinton.”

The report rarely names names, but the individual other than Pagliano is described as someone who “was at one time an advisor to former President [Bill] Clinton but was never a [State] Department employee, [and] registered the clintonemail.com domain name on January 13, 2009.” Previous media reports made clear the person who registered the domain on that day and was an aide to Bill Clinton is Justin Cooper. (US Department of State, 5/25/2016) (The Washington Post, 03/10/2015) 

In 2015, the Washington Post reported that Cooper had “no security clearance and no particular expertise in safeguarding computers, according to three people briefed on the server setup.” (The Washington Post, 8/4/2015) 

However, the inspector general’s report describes a January 2011 incident in which Cooper turned Clinton’s server off and on in response to a hacker attack, showing he had direct access to the server and thus all the classified information contained inside it. (US Department of State, 5/25/2016) 

In April 2016, the Washington Times alleged that Bill and Hillary Clinton “have paid [Cooper’s] legal fees associated with the FBI investigation, amounting to ‘hundreds of thousands of dollars.’” (The Washington Times, 4/27/2016)

May 26, 2016: A judge blocks the release of audio and video of six Clinton aide depositions, but not the transcripts.

US District Court Judge Emmet Sullivan grants a recent request from Clinton’s former chief of staff Cheryl Mills to keep audio and video recordings of her upcoming deposition from being made public, at least for now. Mills, who is due to be deposed one day later, argued that such recordings could be used for political purposes against Clinton in the presidential election.

Sullivan writes, “The public has a right to know details related to the creation, purpose and use of the clintonemail.com system. Thus, the transcripts of all depositions taken in this case will be publicly available. It is therefore unnecessary to also make the audiovisual recording of Ms. Mills’ deposition public.” On his own initiative, Sullivan blocks the release of all audio and video recordings of the five other former Clinton aides due to be deposed in the suit he is presiding over.

Politico reports, “Sullivan did not signal what his concern was about improper use of the videos, nor did he explain whether he agreed with Mills’ attorneys that the videos were more susceptible to misuse or distortion than the written transcripts that will be released.” Sullivan orders that the audio and video should be filed with the court, raising the possibility they could be released later. (Politico, 5/26/2016)

June 9, 2016: State Department lawyers argue they cannot identify which department employees conducted government business on Clinton’s private server.

In a court filing in a civil suit, they argue they cannot do this since the department has never been in possession of the server. It is known that Clinton and her deputy chief of staff had clintonemail.com email accounts on the server, but it is still unclear who else at the department may have. Apparently, Department officials have not tried to check if emails sent from Clinton’s former top aides had email addresses ending in clintonemail.com. (CNN, 6/9/2016)

June 21, 2016: A judge puts a Clinton email lawsuit on hold while waiting on other cases.

Harold Koh (Credit: Jay Premack)

Harold Koh (Credit: Jay Premack)

In a civil lawsuit, Judicial Watch is trying to find out why two State Department officials didn’t search Clinton’s private email address in response to a FOIA [Freedom of Information Act] request filed in December 2012. Judicial Watch claims the two officials—Legal Advisor Harold Koh and Under Secretary for Management Patrick Kennedy—knew of the FOIA request and knew of Clinton’s email address, since both of them emailed Clinton sometimes. (Koh joined the department in mid-2013, a few months after Clinton left, but the FOIA request was still in process.)

Judicial Watch wants to be granted discovery, which means they would be able to depose the officials to question them under oath. However, US District Court Judge Reggie Walton puts the decision on hold because there are two other similar suits going on, including one in which Kennedy is due to be deposed by Judicial Watch at the end of June 2016.

Furthermore, Walton also notes a federal appeals court is currently considering a lawsuit unrelated to Clinton that tests the government’s obligation to search a private email account maintained by a department head in response to a FOIA request. (Politico, 6/21/2016) (Politico, 6/17/2016)

July 5, 2016: FBI Director Comey announces he will not recommend Clinton’s indictment on any charge, but he calls her “extremely careless” in handling highly classified information.

FBI Director James Comey announces his recommendation for Clinton and her aides on July 5, 2016. (Credit: Cliff Owen / The Associated Press)

FBI Director James Comey announces his recommendation in a press conference on July 5, 2016. (Credit: Cliff Owen / The Associated Press)

FBI Director James Comey gives a public speech in front of a group of reporters. The timing is surprising, since this brings an end to the FBI’s investigation of Clinton’s email practices, and just a Sunday and the Fourth of July holiday separate this from the FBI’s interview of Clinton on July 2, 2016. Comey spends most of his speech criticizing Clinton, but ends it by saying he will not recommend that the Justice Department pursue any indictment of Clinton or her aides.

Comey’s fifteen-minute speech includes the following information, in order, with key phrases bolded to assist in understanding.

Comey begins by describing the FBI investigation:

  • The investigation started with a referral from Intelligence Community Inspector General Charles McCullough, and “focused on whether classified information was transmitted” on Clinton’s personal email server during her time as secretary of state. It specifically “looked at whether there is evidence classified information was improperly stored or transmitted on that personal system, in violation of a federal statute making it a felony to mishandle classified information either intentionally or in a grossly negligent way, or a second statute making it a misdemeanor to knowingly remove classified information from appropriate systems or storage facilities.” The FBI “also investigated to determine whether there is evidence of computer intrusion in connection with the personal email server by any foreign power, or other hostile actors.”
  • The FBI found that Clinton “used several different servers and administrators of those servers during her four years at the State Department, and used numerous mobile devices to view and send email on that personal domain. As new servers and equipment were employed, older servers were taken out of service, stored, and decommissioned in various ways…”
  • The FBI analyzed the over 30,000 work emails that Clinton did turn over to the State Department in December 2014, working with other US government departments to determine which emails contained truly classified information at the time they were sent, and which ones were justifiably classified later.
  • James Comey (Credit: Fox News)

    James Comey (Credit: Fox News)

    From the group of 30,068 emails Clinton returned to the State Department, “110 emails in 52 email chains have been determined by the owning agency to contain classified information at the time they were sent or received. Eight of those chains contained information that was ‘top secret’ at the time they were sent; 36 chains contained ‘secret’ information at the time; and eight contained ‘confidential’ information, which is the lowest level of classification. Separate from those, about 2,000 additional emails were ‘up-classified’ to make them ‘confidential’; the information in those had not been classified at the time the emails were sent.”

  • It had previously been reported that the FBI had recovered most or all of the 31,830 emails that Clinton had deleted, allegedly because they contained personal information only. However, Comey reveals that was not the case, and thousands of emails were not recovered. He gives an example of how when one of Clinton’s servers was decommissioned in 2013, the email was removed and broken up into millions of fragments.
  • The FBI “discovered several thousand work-related emails” that were not included in the 30,068 emails Clinton returned to the State Department, even though Clinton claimed under oath that she had returned all her work-related emails. The FBI found these after they “had been deleted over the years and we found traces of them on devices that supported or were connected to the private email domain.” Others were found in the archived government email accounts of other government employees whom Clinton frequently communicated with. Still others were found “from the laborious review of the millions of email fragments” of the server decommissioned in 2013.
  • Out of these additional work emails, three were classified at the time they were sent or received – none at the ‘top secret’ level, one at the ‘secret’ level, and two at the ‘confidential’ level. None were found to have been deemed classified later.
  • Furthermore, Comey claims “we found no evidence that any of the additional work-related emails were intentionally deleted in an effort to conceal them. Our assessment is that, like many email users, Secretary Clinton periodically deleted emails or emails were purged from the system when devices were changed. Because she was not using a government account—or even a commercial account like Gmail—there was no archiving at all of her emails, so it is not surprising that we discovered emails that were not on Secretary Clinton’s system in 2014, when she produced the 30,000 emails to the State Department.”
  • 160705DeletingAttorneys

    The three Clinton attorneys who deleted emails are David Kendall (left), Cheryl Mills (center), and Heather Samuelson (right). (Credit: public domain)

    However, he also admits that “It could also be that some of the additional work-related emails we recovered were among those deleted as ‘personal’ by Secretary Clinton’s lawyers when they reviewed and sorted her emails for production in 2014.” He claims that the three lawyers who sorted the emails for Clinton in late 2014 (David Kendall, Cheryl Mills, and Heather Samuelson) “did not individually read the content of all of her emails…” Instead, they used keyword searches to determine which emails were work related, and it is “highly likely their search terms missed some work-related emails” that were later found by the FBI elsewhere.

  • Comey states it is “likely” that some emails may have disappeared forever. because Clinton’s three lawyers “deleted all emails they did not return to State, and the lawyers cleaned their devices in such a way as to preclude complete forensic recovery.” But he says that after interviews and technical examination, “we believe our investigation has been sufficient to give us reasonable confidence there was no intentional misconduct in connection with that sorting effort.”

Comey then begins stating his findings:

  • “Although we did not find clear evidence that Secretary Clinton or her colleagues intended to violate laws governing the handling of classified information, there is evidence that they were extremely careless in their handling of very sensitive, highly classified information.”
  • As an example, he points out that “seven email chains concern matters that were classified at the ‘Top Secret/Special Access Program’ [TP/SAP] level when they were sent and received. These chains involved Secretary Clinton both sending emails about those matters and receiving emails from others about the same matters. There is evidence to support a conclusion that any reasonable person in Secretary Clinton’s position, or in the position of those government employees with whom she was corresponding about these matters, should have known that an unclassified system was no place for that conversation.”
  • He adds that it was a similar situation with emails classified at the “secret” level when they were sent, although he doesn’t specify how many.
  • He comments, “None of these emails should have been on any kind of unclassified system, but their presence is especially concerning because all of these emails were housed on unclassified personal servers not even supported by full-time security staff, like those found at departments and agencies of the US government—or even with a commercial service like Gmail.”
  • He notes that “only a very small number of the emails containing classified information bore markings indicating the presence of classified information. But even if information is not marked ‘classified’ in an email, participants who know or should know that the subject matter is classified are still obligated to protect it.”
  • He then criticizes the State Department as a whole. The FBI found evidence that “the security culture” of the State Department “was generally lacking in the kind of care for classified information found elsewhere in the government.” This was especially true regarding the use of unclassified email systems.
  • Then he addresses whether “hostile actors” were able to gain access to Clinton’s emails. Although no direct evidence of any successful hacking was found, he points out that “given the nature of the system and of the actors potentially involved, we assess that we would be unlikely to see such direct evidence. We do assess that hostile actors gained access to the private commercial email accounts of people with whom Secretary Clinton was in regular contact from her personal account. We also assess that Secretary Clinton’s use of a personal email domain was both known by a large number of people and readily apparent. She also used her personal email extensively while outside the United States, including sending and receiving work-related emails in the territory of sophisticated adversaries. Given that combination of factors, we assess it is possible that hostile actors gained access to Secretary Clinton’s personal email account.”

After laying out the evidence of what the FBI found, Comey moves to the FBI’s recommendation to the Justice Department. He admits that it is highly unusual to publicly reveal the FBI’s recommendation, but “in this case, given the importance of the matter, I think unusual transparency is in order.”

James Comey (Credit: NPR)

James Comey (Credit: NPR)

Then he comes to these conclusions:

  • “Although there is evidence of potential violations of the statutes regarding the handling of classified information, our judgment is that no reasonable prosecutor would bring such a case. Prosecutors necessarily weigh a number of factors before bringing charges. There are obvious considerations, like the strength of the evidence, especially regarding intent. Responsible decisions also consider the context of a person’s actions, and how similar situations have been handled in the past.”
  • To justify this decision, he claims he examined other cases involving the mishandling or removal of classified information, and “we cannot find a case that would support bringing criminal charges on these facts. All the cases prosecuted involved some combination of clearly intentional and willful mishandling of classified information; or vast quantities of materials exposed in such a way as to support an inference of intentional misconduct; or indications of disloyalty to the United States; or efforts to obstruct justice. We do not see those things here.”
  • He then says, “To be clear, this is not to suggest that in similar circumstances, a person who engaged in this activity would face no consequences. To the contrary, those individuals are often subject to security or administrative sanctions. But that is not what we are deciding now. As a result, although the Department of Justice makes final decisions on matters like this, we are expressing to Justice our view that no charges are appropriate in this case.”
  • He concludes by saying the FBI’s investigation was done competently, honestly, and independently, and without any kind of outside influence.

He doesn’t address the possibility of recommending the indictment of any of Clinton’s aides or other figures like Sid Blumenthal or Justin Cooper. He also doesn’t make any mention of the Clinton Foundation, though there have been media reports the FBI has been investigating it as well. After finishing his speech, he leaves without taking any questions from the media. (Federal Bureau of Investigation, 7/5/2016)