February 1, 2008: Clinton’s private email domain is set up under a false name.

Another view of the Clinton family home in Chappaqua, New York. (Credit: Susan Farley / Getty Images)

A view of the Clinton family home in Chappaqua, New York. (Credit: Susan Farley / Getty Images)

An IP address associated with the clintonemail.com domain later used by Hillary Clinton is registered to “Eric Hoteham” on this date. The IP address for clintonemail.com, along with others registered in Hoteham’s name, is connected to Bill and Hillary Clinton’s home address in Chappaqua, New York. ABC News will later call Hoteham a “mystery man,” since no one with that name is known to exist.

He may or may not be the same as the similarly named Eric Hothem who worked for Bill Clinton when he was president, was an aide for Hillary Clinton in the early 2000s, and has worked for Citicorp and then JP Morgan since. That person has refused to comment on the matter. (ABC News, 3/5/2015) (ABC News, 3/6/2015)

May 21, 2010—October 21, 2010: Computer records suggest Clinton’s private server could be located at the Clinton Foundation’s headquarters.

The result of an IP location look up of where Clinton's private server was in mid-2010 appears to indicate the middle of Manhattan, New York. (Credit: IP Finder / Google Maps)

The result of an IP location look up of where Clinton’s private server was in mid-2010 appears to indicate the middle of Manhattan, New York. (Credit: IP Finder / Google Maps)

According to publicly available computer records, the IP [Internet Protocol] address for the mail.presidentclinton.com server is 24.187.234.187 from at least 2009 to 2011. Records also show that mail.clintonemail.com server has the same exact IP address, 24.187.234.187, from at least May 21, 2010 to October 21, 2010. That means the two servers must have been in the same location for that overlapping time period.

Computer records can also indicate where the IP addresses are physically located, and that IP address at that time is somewhere in the middle of Manhattan, New York City. That makes sense for presidentclinton.com, since former President Bill Clinton’s offices are there, and the Clinton Foundation headquarters is also there. But that would suggest that Hillary Clinton’s clintonemail.com server used for all her secretary of state work is also based in Manhattan and not Chappaqua, New York, for at least part of 2010. (DNS History, 9/7/2015) (DNS History, 9/7/2015) (IP Tracker, 9/3/2015)

August and December 2012: An Internet-wide hacker attack makes Clinton’s private server even more vulnerable.

An anonymous hacker using a computer in Serbia scans hundreds of millions of Internet addresses for accessible openings, called “ports.” Clinton’s private server is scanned by this hacker in August 2012 and again in December. The hacker’s millions of results are then made widely available on-line. It is unknown if anyone looking at this data figures out if the server belongs to Bill and Hillary Clinton, although the name “clintonemail.com” is a clue. (The Associated Press, 10/13/2015)

February 13, 2013: Clinton’s deputy chief of staff Huma Abedin signs a pledge that she has given all of her work-related documents back to the State Department, but she didn’t.

Huma Abedin on her cell phone in Londonderry, New Hampshire, on January 3, 2016. (Credit: Rick Friedman / Corbis)

Huma Abedin on her cell phone in Londonderry, New Hampshire, on January 3, 2016. (Credit: Rick Friedman / Corbis)

All State Department officials are required to sign the “separation statement” when they leave the department, known as the OF-109 form. However, Abedin has a private email address (huma@clintonemail.com) on the same private server that Clinton does, and when she leaves the department in February 2013 she does not turn over any of her emails from it, including work-related emails.

Her emails will not be handed over until a couple of years later, after various lawsuits and investigations. In signing the form, Abedin acknowledges she could be subject to “criminal penalties” for lying on the document.

The Hill will later report, “It’s unclear whether Abedin would be subject to prosecution, given the unusual nature of Clinton’s private email setup.” (The Hill, 11/13/2015) (US Department of State, 9/11/2015)

March 14, 2013: Guccifer accesses the email account of Clinton confidant Sid Blumenthal.

This is one of four Clinton-Blumenthal emails that Guccifer makes public in full, all printed in pink and with a large "G" for "Guccifer" added. Because it was sent on February 16, 2013, two weeks after Clinton's term as secretary of state ended, it has not been released elsewhere. It describes intelligence that prominent Saudis helped fund the 2012 Benghazi terrorist attack.

This is one of four Clinton-Blumenthal emails that Guccifer makes public in full, all printed in pink and with a large “G” for “Guccifer” added. Because it was sent on February 16, 2013, two weeks after Clinton’s term as secretary of state ended, it has not been released elsewhere. It describes intelligence that prominent Saudis helped fund the 2012 Benghazi terrorist attack.

Guccifer, an unemployed Romanian whose real name is Marcel-Lehel Lazar, breaks into the AmericaOnline (AOL) email account of Blumenthal. Guccifer does not have typical hacking skills but instead attempts to guess passwords and answers security questions. In recent months, he broke into the accounts of famous people, or the friends and family of famous people, including those of former secretary of state Colin Powell and former US president George W. Bush.

He takes screenshots of the text of emails of Clinton and Blumenthal discussing sensitive foreign policy issues during her time as secretary of state. He also takes a screenshot of Blumenthal’s inbox showing a list of the latest emails sent from Clinton.

In the next few days, the screenshots are made public, and for the first time, Clinton’s private email address hdr22@clintonemail.com is revealed to the world. (USA Today, 3/22/2013) (The Smoking Gun, 3/3/2015)

March 20, 2013: Gawker publishes an article that reveals Clinton’s use of a private email address and notes it “could be a major security breach.”

The article notes that the hacker nicknamed Guccifer broke into the email account of Clinton confidant Sid Blumenthal. “[W]hy was Clinton apparently receiving emails at a non-governmental email account? The address Blumenthal was writing to was hosted at the domain ‘clintonemail.com’, which is privately registered via Network Solutions. It is most certainly not a governmental account. […] And there seems to be little reason to use a different account other than an attempt to shield her communications with Blumenthal from the prying eyes of FOIA [Freedom of Information Act] requesters.

Neither the State Department nor the White House would immediately comment on whether the White House knew that Blumenthal was digitally whispering in Clinton’s ear, or if the emails were preserved as the law requires. And if, as it appears, Blumenthal’s emails contained information that was classified, or ought to have been treated as such, it could be a major security breach for Clinton to have allowed it to be sent to her on an open account, rather than through networks the government has specifically established for the transmission of classified material.” (Gawker, 3/20/2013)

Late July 2014: State Department officials anticipate media interest in Clinton’s emails.

In May 2016, Cheryl Mills will say in a court deposition that around the end of July 2014, she was in contact with the State Department about turning over Clinton’s work-related emails from Clinton’s time as secretary of state. Mills will claim “there was a set of conversations around materials that were going to be provided to [the House Benghazi Committee], and questions that [department officials] had with respect to media inquiries that they anticipated. And then subsequent to that there was communication with respect to the department potentially needing all of her dot gov emails.”

Clinton never used her state.gov government email account, so presumably the conversation switched to turning over her private emails, which she eventually does months later. (Judicial Watch, 5/31/2016)

The predicted media interest will happen in March 2015 after it is revealed Clinton exclusively used a private email address hosted on a private server.

December 2014: Clinton’s emails are copied to a different server, but the FBI will never check if that server had any of her work-related emails.

Paul Combetta is the Platte River Networks (PRN) employee doing most of the active managing of Clinton’s private server. In a September 2015 FBI interview, he will claim that a person working for the Clinton family company Clinton Executive Service Corp. (CESC) whose name is later redacted contacts him around December 2014 and tells him that Clinton and her aide Huma Abedin are getting new email accounts on a different server not administered by PRN. Indeed, other sources indicate that in December 2014, Clinton and Abedin get new email accounts on a server with the hrcoffice.com domain name.

As part of this change, Combetta copies Clinton’s email from her hrod17@clintonemail.com email address to her new hrcoffice.com address. Clinton began using the hrod17@clintonemail.com address in late March 2013, shortly after her tenure as secretary of state ended. Combetta will claim that nobody told him “to transfer any archived email to the new server.” (Federal Bureau of Investigation, 9/23/2016)

However, Clinton’s earlier emails could have been transferred to her new email address around the time it was created in late March 2013, in which case they too would get copied to the hrcoffice.com server. But the FBI will never search this server to see if any of Clinton’s emails from her tenure as secretary of state can be recovered from it.

December 2014: Clinton finally stops using the clintonemail.com domain and server for her daily emails.

Since early 2009, Clinton and her aide Huma Abedin have had private email accounts on the clintonemail.com domain, which is hosted on Clinton’s private email server.

Chelsea Clinton and Huma Abedin chat while on the campaign trail in 2008. (Credit: Reuters)

Chelsea Clinton and Huma Abedin chat while on the campaign trail in 2008. Huma also appears to be holding two flip phones and a BlackBerry. (Credit: Reuters)

According to a September 2016 FBI report, the new domain hrcoffice.com is created in December 2014. In a later FBI interview, Abedin stated the clintonemail.com system was “going away,” and after the initiation of the new domain, she didn’t have access to her clintonemail.com account anymore. Presumably the same is true for Clinton (and the few others who had email accounts on the domain, such as Chelsea Clinton).

The FBI report will indicate the hrcoffice.com domain is hosted on different equipment, which presumably means a different server. But the clintonemail.com server will continue to run until October 2015, when it will be confiscated by the FBI.

As part of the transfer process, Platte River Networks employee Paul Combetta copies all of Clinton’s emails from her current account on the clintonemail.com server to her new acccount on the hrcoffice.com server.

In Clinton’s July 2016 FBI interview, the FBI will summarize Clinton as saying: “Clinton transitioned to an email address on the hrcoffice.com domain because she had a small number of personal staff, but no physical office or common email domain. To address these issues, she moved to a common email domain and physical office space. After this move, Clinton did not recall any further access to clintonemail.com.”

The switch comes about one month after the State Department formally asked Clinton for all of her work-related emails from her secretary of state tenure, when she used her clintonemail.com account. (Federal Bureau of Investigation, 9/2/2016)

December 2, 2014: The House Benghazi Committee asks Clinton for all Benghazi-related emails from her personal email address.

Gowdy shakes hands with Clinton after she testifies before the House Select Committee on Benghazi on October 22, 2015. (Credit: CNN)

Gowdy shakes hands with Clinton after she testifies before the House Select Committee on Benghazi on October 22, 2015. (Credit: CNN)

Representative Trey Gowdy (R) sends a letter to Clinton’s personal lawyer David Kendall on behalf of the House Benghazi Committee, which he chairs. In the letter, he cites over a dozen examples of emails from Clinton’s private clintonemail.com email address relating to the 2012 Benghazi terrorist attack that have been recently uncovered. He suggests there are probably many more relevant emails still to be discovered. He also notes evidence that Clinton’s former deputy chief of staff Huma Abedin has a clintonemail.com email address.

The letter concludes with a formal request for all emails relevant to the Benghazi attack from Clinton’s clintonemail.com address from January 1, 2011 to December 31, 2012, to be turned over by December 31, 2014. (US Department of State, 2/4/2016)

Clinton will give the State Department over 30,000 emails just three days later, but these will not yet be available to the House Benghazi Committee. The committee will not get the Benghazi-related emails until February 13, 2015, and they will be sent from the State Department, not from Clinton’s lawyer.

March 4, 2015: A non-profit watchdog suggests Clinton hid her emails because her government work and Clinton Foundation work was intertwined.

John Wonderlich (Credit: Personal Democracy Media)

John Wonderlich (Credit: Personal Democracy Media)

The New York Times reports that a Clinton spokesperson has declined to comment on Clinton’s “use of clintonemail.com for matters related to the Clinton Foundation, which has received millions of dollars in donations from foreign governments.”

However, John Wonderlich, policy director of the Sunlight Foundation, a non-profit organization that advocates transparency in government, comments, “It seems her intent was to create a system where she could personally manage access to her communications” both relating to her secretary of state work and the Clinton Foundation. “Given all the power she had as secretary of state, a lot of that work would be jumbled together. Her presidential ambitions and the family foundation would be wrapped up technically in email.” (The New York Times, 3/4/2015)

March 5, 2015: Clinton’s private server is active and shows obvious security vulnerabilities.

A screenshot of the sslvpn.clintonemail.com log-in on March 4, 2015. (Credit: Gawker)

A screenshot of the sslvpn.clintonemail.com log-in on March 4, 2015. (Credit: Gawker)

Gawker reports that Clinton’s private email server is still active and shows signs of poor security. If one goes to the web address clintonemail.com, one gets a blank page. But if one goes to the subdomain sslvpn.clintonemail.com, a log-in page appears. That means anyone in the world who puts in the correct user name and password could log in.

Furthermore, the server has an invalid SSL certificate. That means the encryption is not confirmed by a trusted third party. Gawker notes, “The government typically uses military-grade certificates and encryption schemes for its internal communications that designed with spying from foreign intelligence agencies in mind,” and Clinton’s server clearly is not up to that standard.

It also opens the server to what is called a “man in the middle” hacker attack, which means someone could copy the security certificate being used and thus scoop up all the data without leaving a trace. The invalid certificate also leaves the server vulnerable to widespread Internet bugs that can let hackers copy the entire contents of a servers’ memory.

As a result, independent security expert Nic Cubrilovic concludes, “It is almost certain that at least some of the emails hosted at clintonemails.com were intercepted.” (Gawker, 3/5/2015)

Clinton still doesn’t shut the server down. However, about two days later, the security settings are changed.

March 5, 2015: Clinton’s private server shows more obvious security vulnerabilities.

A screenshot of the mail.clintonemail.com Outlook log-in on March 4, 2015. (Credit: Gawker)

A screenshot of the mail.clintonemail.com Outlook log-in on March 4, 2015. (Credit: Gawker)

Gawker reports that in addition to the security problems shown by the subdomain to Clinton’s private email server sslvpn.clintonemail.com, there is another subdomain that reveals even more security issues. If one goes to various web addresses of the server’s mail host mail.clintonemail.com, one is presented with a log-in for Microsoft Outlook webmail.

Gawker notes that the “mere existence” of this log-in “is troubling enough: there have been five separate security vulnerabilities identified with Outlook Web Access since clintonemail.com was registered in 2009.”

Furthermore, security expert Robert Hansen says having a public log-in page for a private server is “pretty much the worst thing you can do. […] Even if [Clinton] had a particularly strong password,” simply trying a huge number of passwords will “either work eventually – foreign militaries are very good at trying a lot – or it’ll fail and block her from accessing her own email.” He says that the server shows so many vulnerabilities that “any joe hacker” could break in with enough time and effort.

Independent security expert Nic Cubrilovic says, “With your own email hosting you’re almost certainly going to be vulnerable to Chinese government style spearphishing attacks – which government departments have enough trouble stopping – but the task would be near impossible for an IT [information technology] naive self-hosted setup.” (Gawker, 3/5/2015)

August 8, 2015: Clinton writes under oath that she has provided the State Department all of her work-related emails that were on her personal email account she used while secretary of state.

Her short statement includes this sentence: “I have directed that all my emails on clintonemail.com in my custody that were or potentially were federal records be provided to the Department of State, and on information and belief, this has been done.”

150808HillaryOath

A sample of the document Clinton signed on August 8, 2015. (Credit: Politico)

That statement is a result of a Freedom of Information Act (FOIA) lawsuit brought by Judicial Watch against the State Department. Additionally, Clinton mentions in her statement that her top aide Huma Abedin also had an email account on her clintonemail.com server that “was used at times for government business,” but another top aide, Cheryl Mills, did not. (The New York Times, 8/10/2015) (Politico, 8/8/2015)

One month later, some more of Clinton’s work emails from her time as secretary of state will be discovered by the Defense Department. (The New York Times, 9/25/2015)

May 25, 2016: A Bill Clinton assistant with no security clearance and no special computer expertise helped manage Hillary Clinton’s private server.

Obama talks with Chief of Staff Jack Lew, former President Bill Clinton, Justin Cooper (standing in the doorway), David Axelrod, and Senior Advisor David Plouffe on board Air Force One on November 4, 2012. (Credit: Pete Souza / White House)

Obama talks with Chief of Staff Jack Lew, former President Bill Clinton, Justin Cooper (standing in the doorway), David Axelrod, and Senior Advisor David Plouffe on board Air Force One on November 4, 2012. (Credit: Pete Souza / White House)

It had been previously believed that Bryan Pagliano was the one who managed Clinton’s private server. But the State Department inspector general’s report released on this day reveals that there actually were “two individuals who provided technical support to Secretary Clinton.”

The report rarely names names, but the individual other than Pagliano is described as someone who “was at one time an advisor to former President [Bill] Clinton but was never a [State] Department employee, [and] registered the clintonemail.com domain name on January 13, 2009.” Previous media reports made clear the person who registered the domain on that day and was an aide to Bill Clinton is Justin Cooper. (US Department of State, 5/25/2016) (The Washington Post, 03/10/2015) 

In 2015, the Washington Post reported that Cooper had “no security clearance and no particular expertise in safeguarding computers, according to three people briefed on the server setup.” (The Washington Post, 8/4/2015) 

However, the inspector general’s report describes a January 2011 incident in which Cooper turned Clinton’s server off and on in response to a hacker attack, showing he had direct access to the server and thus all the classified information contained inside it. (US Department of State, 5/25/2016) 

In April 2016, the Washington Times alleged that Bill and Hillary Clinton “have paid [Cooper’s] legal fees associated with the FBI investigation, amounting to ‘hundreds of thousands of dollars.’” (The Washington Times, 4/27/2016)

May 26, 2016: A judge blocks the release of audio and video of six Clinton aide depositions, but not the transcripts.

US District Court Judge Emmet Sullivan grants a recent request from Clinton’s former chief of staff Cheryl Mills to keep audio and video recordings of her upcoming deposition from being made public, at least for now. Mills, who is due to be deposed one day later, argued that such recordings could be used for political purposes against Clinton in the presidential election.

Sullivan writes, “The public has a right to know details related to the creation, purpose and use of the clintonemail.com system. Thus, the transcripts of all depositions taken in this case will be publicly available. It is therefore unnecessary to also make the audiovisual recording of Ms. Mills’ deposition public.” On his own initiative, Sullivan blocks the release of all audio and video recordings of the five other former Clinton aides due to be deposed in the suit he is presiding over.

Politico reports, “Sullivan did not signal what his concern was about improper use of the videos, nor did he explain whether he agreed with Mills’ attorneys that the videos were more susceptible to misuse or distortion than the written transcripts that will be released.” Sullivan orders that the audio and video should be filed with the court, raising the possibility they could be released later. (Politico, 5/26/2016)

June 9, 2016: State Department lawyers argue they cannot identify which department employees conducted government business on Clinton’s private server.

In a court filing in a civil suit, they argue they cannot do this since the department has never been in possession of the server. It is known that Clinton and her deputy chief of staff had clintonemail.com email accounts on the server, but it is still unclear who else at the department may have. Apparently, Department officials have not tried to check if emails sent from Clinton’s former top aides had email addresses ending in clintonemail.com. (CNN, 6/9/2016)

June 21, 2016: A judge puts a Clinton email lawsuit on hold while waiting on other cases.

Harold Koh (Credit: Jay Premack)

Harold Koh (Credit: Jay Premack)

In a civil lawsuit, Judicial Watch is trying to find out why two State Department officials didn’t search Clinton’s private email address in response to a FOIA [Freedom of Information Act] request filed in December 2012. Judicial Watch claims the two officials—Legal Advisor Harold Koh and Under Secretary for Management Patrick Kennedy—knew of the FOIA request and knew of Clinton’s email address, since both of them emailed Clinton sometimes. (Koh joined the department in mid-2013, a few months after Clinton left, but the FOIA request was still in process.)

Judicial Watch wants to be granted discovery, which means they would be able to depose the officials to question them under oath. However, US District Court Judge Reggie Walton puts the decision on hold because there are two other similar suits going on, including one in which Kennedy is due to be deposed by Judicial Watch at the end of June 2016.

Furthermore, Walton also notes a federal appeals court is currently considering a lawsuit unrelated to Clinton that tests the government’s obligation to search a private email account maintained by a department head in response to a FOIA request. (Politico, 6/21/2016) (Politico, 6/17/2016)

July 5, 2016: FBI Director Comey announces he will not recommend Clinton’s indictment on any charge, but he calls her “extremely careless” in handling highly classified information.

FBI Director James Comey announces his recommendation for Clinton and her aides on July 5, 2016. (Credit: Cliff Owen / The Associated Press)

FBI Director James Comey announces his recommendation in a press conference on July 5, 2016. (Credit: Cliff Owen / The Associated Press)

FBI Director James Comey gives a public speech in front of a group of reporters. The timing is surprising, since this brings an end to the FBI’s investigation of Clinton’s email practices, and just a Sunday and the Fourth of July holiday separate this from the FBI’s interview of Clinton on July 2, 2016. Comey spends most of his speech criticizing Clinton, but ends it by saying he will not recommend that the Justice Department pursue any indictment of Clinton or her aides.

Comey’s fifteen-minute speech includes the following information, in order, with key phrases bolded to assist in understanding.

Comey begins by describing the FBI investigation:

  • The investigation started with a referral from Intelligence Community Inspector General Charles McCullough, and “focused on whether classified information was transmitted” on Clinton’s personal email server during her time as secretary of state. It specifically “looked at whether there is evidence classified information was improperly stored or transmitted on that personal system, in violation of a federal statute making it a felony to mishandle classified information either intentionally or in a grossly negligent way, or a second statute making it a misdemeanor to knowingly remove classified information from appropriate systems or storage facilities.” The FBI “also investigated to determine whether there is evidence of computer intrusion in connection with the personal email server by any foreign power, or other hostile actors.”
  • The FBI found that Clinton “used several different servers and administrators of those servers during her four years at the State Department, and used numerous mobile devices to view and send email on that personal domain. As new servers and equipment were employed, older servers were taken out of service, stored, and decommissioned in various ways…”
  • The FBI analyzed the over 30,000 work emails that Clinton did turn over to the State Department in December 2014, working with other US government departments to determine which emails contained truly classified information at the time they were sent, and which ones were justifiably classified later.
  • James Comey (Credit: Fox News)

    James Comey (Credit: Fox News)

    From the group of 30,068 emails Clinton returned to the State Department, “110 emails in 52 email chains have been determined by the owning agency to contain classified information at the time they were sent or received. Eight of those chains contained information that was ‘top secret’ at the time they were sent; 36 chains contained ‘secret’ information at the time; and eight contained ‘confidential’ information, which is the lowest level of classification. Separate from those, about 2,000 additional emails were ‘up-classified’ to make them ‘confidential’; the information in those had not been classified at the time the emails were sent.”

  • It had previously been reported that the FBI had recovered most or all of the 31,830 emails that Clinton had deleted, allegedly because they contained personal information only. However, Comey reveals that was not the case, and thousands of emails were not recovered. He gives an example of how when one of Clinton’s servers was decommissioned in 2013, the email was removed and broken up into millions of fragments.
  • The FBI “discovered several thousand work-related emails” that were not included in the 30,068 emails Clinton returned to the State Department, even though Clinton claimed under oath that she had returned all her work-related emails. The FBI found these after they “had been deleted over the years and we found traces of them on devices that supported or were connected to the private email domain.” Others were found in the archived government email accounts of other government employees whom Clinton frequently communicated with. Still others were found “from the laborious review of the millions of email fragments” of the server decommissioned in 2013.
  • Out of these additional work emails, three were classified at the time they were sent or received – none at the ‘top secret’ level, one at the ‘secret’ level, and two at the ‘confidential’ level. None were found to have been deemed classified later.
  • Furthermore, Comey claims “we found no evidence that any of the additional work-related emails were intentionally deleted in an effort to conceal them. Our assessment is that, like many email users, Secretary Clinton periodically deleted emails or emails were purged from the system when devices were changed. Because she was not using a government account—or even a commercial account like Gmail—there was no archiving at all of her emails, so it is not surprising that we discovered emails that were not on Secretary Clinton’s system in 2014, when she produced the 30,000 emails to the State Department.”
  • 160705DeletingAttorneys

    The three Clinton attorneys who deleted emails are David Kendall (left), Cheryl Mills (center), and Heather Samuelson (right). (Credit: public domain)

    However, he also admits that “It could also be that some of the additional work-related emails we recovered were among those deleted as ‘personal’ by Secretary Clinton’s lawyers when they reviewed and sorted her emails for production in 2014.” He claims that the three lawyers who sorted the emails for Clinton in late 2014 (David Kendall, Cheryl Mills, and Heather Samuelson) “did not individually read the content of all of her emails…” Instead, they used keyword searches to determine which emails were work related, and it is “highly likely their search terms missed some work-related emails” that were later found by the FBI elsewhere.

  • Comey states it is “likely” that some emails may have disappeared forever. because Clinton’s three lawyers “deleted all emails they did not return to State, and the lawyers cleaned their devices in such a way as to preclude complete forensic recovery.” But he says that after interviews and technical examination, “we believe our investigation has been sufficient to give us reasonable confidence there was no intentional misconduct in connection with that sorting effort.”

Comey then begins stating his findings:

  • “Although we did not find clear evidence that Secretary Clinton or her colleagues intended to violate laws governing the handling of classified information, there is evidence that they were extremely careless in their handling of very sensitive, highly classified information.”
  • As an example, he points out that “seven email chains concern matters that were classified at the ‘Top Secret/Special Access Program’ [TP/SAP] level when they were sent and received. These chains involved Secretary Clinton both sending emails about those matters and receiving emails from others about the same matters. There is evidence to support a conclusion that any reasonable person in Secretary Clinton’s position, or in the position of those government employees with whom she was corresponding about these matters, should have known that an unclassified system was no place for that conversation.”
  • He adds that it was a similar situation with emails classified at the “secret” level when they were sent, although he doesn’t specify how many.
  • He comments, “None of these emails should have been on any kind of unclassified system, but their presence is especially concerning because all of these emails were housed on unclassified personal servers not even supported by full-time security staff, like those found at departments and agencies of the US government—or even with a commercial service like Gmail.”
  • He notes that “only a very small number of the emails containing classified information bore markings indicating the presence of classified information. But even if information is not marked ‘classified’ in an email, participants who know or should know that the subject matter is classified are still obligated to protect it.”
  • He then criticizes the State Department as a whole. The FBI found evidence that “the security culture” of the State Department “was generally lacking in the kind of care for classified information found elsewhere in the government.” This was especially true regarding the use of unclassified email systems.
  • Then he addresses whether “hostile actors” were able to gain access to Clinton’s emails. Although no direct evidence of any successful hacking was found, he points out that “given the nature of the system and of the actors potentially involved, we assess that we would be unlikely to see such direct evidence. We do assess that hostile actors gained access to the private commercial email accounts of people with whom Secretary Clinton was in regular contact from her personal account. We also assess that Secretary Clinton’s use of a personal email domain was both known by a large number of people and readily apparent. She also used her personal email extensively while outside the United States, including sending and receiving work-related emails in the territory of sophisticated adversaries. Given that combination of factors, we assess it is possible that hostile actors gained access to Secretary Clinton’s personal email account.”

After laying out the evidence of what the FBI found, Comey moves to the FBI’s recommendation to the Justice Department. He admits that it is highly unusual to publicly reveal the FBI’s recommendation, but “in this case, given the importance of the matter, I think unusual transparency is in order.”

James Comey (Credit: NPR)

James Comey (Credit: NPR)

Then he comes to these conclusions:

  • “Although there is evidence of potential violations of the statutes regarding the handling of classified information, our judgment is that no reasonable prosecutor would bring such a case. Prosecutors necessarily weigh a number of factors before bringing charges. There are obvious considerations, like the strength of the evidence, especially regarding intent. Responsible decisions also consider the context of a person’s actions, and how similar situations have been handled in the past.”
  • To justify this decision, he claims he examined other cases involving the mishandling or removal of classified information, and “we cannot find a case that would support bringing criminal charges on these facts. All the cases prosecuted involved some combination of clearly intentional and willful mishandling of classified information; or vast quantities of materials exposed in such a way as to support an inference of intentional misconduct; or indications of disloyalty to the United States; or efforts to obstruct justice. We do not see those things here.”
  • He then says, “To be clear, this is not to suggest that in similar circumstances, a person who engaged in this activity would face no consequences. To the contrary, those individuals are often subject to security or administrative sanctions. But that is not what we are deciding now. As a result, although the Department of Justice makes final decisions on matters like this, we are expressing to Justice our view that no charges are appropriate in this case.”
  • He concludes by saying the FBI’s investigation was done competently, honestly, and independently, and without any kind of outside influence.

He doesn’t address the possibility of recommending the indictment of any of Clinton’s aides or other figures like Sid Blumenthal or Justin Cooper. He also doesn’t make any mention of the Clinton Foundation, though there have been media reports the FBI has been investigating it as well. After finishing his speech, he leaves without taking any questions from the media. (Federal Bureau of Investigation, 7/5/2016)