Autumn 2008 to Mid-January 2009: It is decided to replace Clinton’s first private server with a larger server built by Pagliano.

080901MacOSXApple

The Mac OS X Logo (Credit: Apple)

Justin Cooper is an aide to former President Bill Clinton, and he is the administrator for the private server located in the Chappaqua, New York, house where Bill and his wife Hillary live. Cooper will later be interviewed by the FBI, and he will say that the decision is made to replace the server because the current server (being run on an Apple OS X computer) is antiquated and people using it are having email troubles.

At the recommendation of Hillary Clinton’s longtime aide Huma Abedin, Cooper contacts Bryan Pagliano, who worked on Clinton’s 2008 presidential campaign as an information technology specialist, to build a new server system and to assist Cooper with administrating it. Pagliano was getting rid of the computer equipment from Clinton’s presidential campaign, so it is decided to use some of this equipment for the new server at the Chappaqua house.

According to a later FBI interview, Hillary Clinton “told the FBI that at some point she became aware there was a server in the basement of her Chappaqua residence. However, she was unaware of the transition from the Apple server managed by Cooper to another server built by Pagliano and therefore, was not involved in the transition decision.”

Between the fall of 2008 and January 2009, Pagliano gets computer equipment from Clinton’s former presidential campaign headquarters, and also works with Cooper to buy additional necessary equipment.

Clinton becomes secretary of state on January 20, 2009, and begins using a clintonemail.com email address around that time, which is hosted on the old Apple server. The new server won’t be operational until March 2009. (Federal Bureau of Investigation, 9/2/2016)

2009: The State Department rolls out an easy way to preserve emails for record keeping, but Clinton’s office elects not to use it and Clinton will later claim she never even heard of it.

Ernie Milner, division chief for SMART Testing and Implementation, and Kevin Gatlin, division chief for SMART Messaging, in the State Department SMART lab in Newington, VA. (Credit: American Diplomacy / University of North Carolina)

Ernie Milner, division chief for SMART Testing and Implementation, and Kevin Gatlin, division chief for SMART Messaging, in the State Department SMART lab in Newington, VA. (Credit: American Diplomacy / University of North Carolina)

In 2009, the first year Clinton is secretary of state, the State Department begins using the State Messaging and Archive Retrieval Toolset (SMART), which allows employees to electronically tag emails to preserve a copy for posterity. This allows employees to easily comply with record keeping regulations, instead of having to print out copies of each email.

Although most of the State Department starts using SMART in 2009; the Office of the Secretary elects not to use the SMART system to preserve emails, partly due to concerns that the system would “allow overly broad access to sensitive materials.” (This quote is from an FBI report, but the name of the official who said it is redacted.)

Representatives from the Executive Secretariat (which includes Clinton’s office) ask to be the last to receive the SMART rollout. Ultimately SMART is never used by the Executive Secretariat Office or Clinton for the rest of Clinton’s four-year tenure.

This leaves printing out each email as the only approved method by which the Clinton or her staff in the Office of the Secretary could preserve emails for record keeping. But when Clinton leaves office in February 2013, she won’t even do that.

Remarkably, when Clinton will be interviewed by the FBI in July 2016, the FBI summary will indicate: “Clinton was not aware how other State [Department] staff maintained their records and was unaware of State’s State Messaging and Archive Retrieval Toolset (SMART).” (Federal Bureau of Investigation, 9/2/2016)

SMART will have security and cost overrun problems for the rest of Clinton’s tenure, and beyond.

January 21, 2009—February 1, 2013: Most State Department officials claim they don’t know Clinton has a private email address or uses a private server.

A sample email of the "H" as it appears in an email sent by Clinton. (Credit: public domain)

A sample address with the “H” as it appears in an email sent by Clinton. (Credit: public domain)

A September 2016 FBI report will indicate that “some Clinton aides and senior-level State [Department] employees were aware Clinton used a personal email address for State business during her tenure [as secretary of state]. Clinton told the FBI it was common knowledge at State that she had a private email address because it was displayed to anyone with whom she exchanged emails. However, some State employees interviewed by the FBI explained that emails from Clinton only contained the letter ‘H’ in the sender field and did not display her email address.”

The report also notes, “The majority of the State employees interviewed by the FBI who were in email contact with Clinton indicated they had no knowledge of the private server in her Chappaqua residence.”

Even Clinton’s closest aides like her chief of staff Cheryl Mills and deputy chief of staff Huma Abedin will claim they didn’t know, though there is evidence that suggests otherwise (Federal Bureau of Investigation, 9/2/2016)

January 21, 2009—February 1, 2013: Hundreds of classified emails are sent or received by Clinton while she is outside the US, including some to or from President Obama.

Clinton boards the State Department jet with her BlackBerry, destination unknown. (Credit: Andrew Harnik / The Associated Press)

Clinton boards the State Department jet while using her BlackBerry, date and location are unknown. (Credit: Andrew Harnik / The Associated Press)

This is according to a September 2016 FBI report. The report indicates that Clinton and her immediate staff were repeatedly “notified of foreign travel risks and were warned that digital threats began immediately upon landing in a foreign country, since connection of a mobile device to a local network provides opportunities for foreign adversaries to intercept voice and email transmissions.”

Additionally, the State Department has a Mobile Communications Team responsible for establishing secure mobile voice and data communications for Clinton and her team wherever they travel. But even so, Clinton and her staff frequently use their private and unsecure mobile devices and private email accounts while overseas.

The number of Clinton emails sent or received outside the US will be redacted in the FBI report. Although it will mention that “hundreds” were classified at the “confidential” level, additional details are redacted. Nearly all mentions of “top secret” emails are redacted in the report, so it’s impossible to know if any of those are sent while Clinton is overseas.

The report will mention that some emails between Clinton and President Obama are sent while Clinton is overseas. However, the exact number will be redacted. None of these overseas emails between them will be deemed to contain classified information. According to the report, “Clinton told the FBI that she received no particular guidance as to how she should use President Obama’s email address…”

The details of the FBI’s report on Clinton’s July 2016 FBI interview will indicate that Clinton emailed Obama on July 1, 2012 from Russia. However, it is not clear if she sent the email from on the ground or on a plane. (Federal Bureau of Investigation, 9/2/2016)

January 21, 2009—February 1, 2013: Clinton may regularly carry two mobile devices at once, although she will later claim otherwise.

In March 2015, after it becomes public knowledge that Clinton exclusively used a private email account for all her email usage, she will claim she did this for “convenience,” so she wouldn’t have to carry two personal devices at once.

During a trip to the Middle East, Clinton is seen using two Blackberrys while being filmed for a National Geographic documentary called “Inside the State Department” on June 15, 2010. (Credit: National Geographic)

During a trip to the Middle East, Clinton is seen using two Blackberrys while being filmed for a National Geographic documentary called “Inside the State Department” on June 15, 2010. (Credit: National Geographic)

However, in 2016, Justin Cooper, an aide to Bill Clinton who helps manage the Clinton private server, will claim otherwise. In an FBI interview, “Cooper stated that he was aware of Clinton using a second mobile phone number. Cooper indicated Clinton usually carried a flip phone along with her BlackBerry because it was more comfortable for communication and Clinton was able to use her BlackBerry while talking on the flip phone.”

However, in Clinton’s 2016 FBI interview, “she did not recall using a flip phone during her tenure [as secretary of state], only during her service in the Senate.” In their FBI interviews, Clinton’s aides Huma Abedin and Cheryl Mills “advised they were unaware of Clinton ever using a cellular phone other than the BlackBerry.”

According to FBI investigators, Clinton has “two known phone numbers… which potentially were used to send emails using Clinton’s clintonemail.com email addresses.” One is associated with her BlackBerry usage. Toll records associated with the other phone number “indicate the number was consistently used for phone calls in 2009 and then used sporadically through the duration of Clinton’s tenure and the years following. Records also showed that no BlackBerry devices were associated with this phone number.” (Federal Bureau of Investigation, 9/2/2016)

January 21, 2009—February 1, 2013: Clinton uses 11 different BlackBerrys and four iPads while she is secretary of state.

In March 2015, after it becomes public knowledge that Clinton exclusively used a private email account for all her email usage, she will claim she did this for “convenience,” so she wouldn’t have to carry two personal devices at once.

A 2009 Blackberry Bold 9700 (left) and a 2013 Blackberry 9720. (Credit: public domain)

A 2009 Blackberry Bold 9700 (left) and a 2013 Blackberry 9720. (Credit: public domain)

However, the FBI will later determine that Clinton actually used in succession 11 email-capable BlackBerrys while secretary of state. She uses two more BlackBerrys with the same phone number after her tenure is over. The FBI will not be able to obtain any of the BlackBerrys to examine them.

The FBI will later identify five iPad devices associated with Clinton which might have been used by Clinton to send emails. The FBI will later obtain three of the iPads. They will only examine two, because one was a gift that Clinton gave away as soon as she purchased it.

Clinton aide Monica Hanley often buys replacement BlackBerrys for Clinton from AT&T stores. Justin Cooper, a Bill Clinton aide who helps run Clinton’s private server, usually sets up the new devices and then syncs them to the server so she can access her email inbox. According to an FBI interview with Clinton aide Huma Abedin, “it was not uncommon for Clinton to use a new BlackBerry for a few days and then immediately switch it out for an older version with which she was more familiar.” (Federal Bureau of Investigation, 9/2/2016)

January 21, 2009—February 1, 2013: Clinton’s frequently discarded BlackBerrys are sometimes destroyed and sometimes disappear.

The FBI will later determine that Clinton uses 11 BlackBerrys while secretary of state and two more using the same phone number after she leaves office. In a 2016 FBI interview, “Clinton stated that when her BlackBerry device malfunctioned, her aides would assist her in obtaining a new BlackBerry, and, after moving to a new device, her old SIM cards were disposed of by her aides.”

Justin Cooper, a Bill Clinton aide who helps manage Clinton’s private server, will later tell the FBI that he “did recall two instances where he destroyed Clinton’s old mobile devices by breaking them in half or hitting them with a hammer.”

However, according to Clinton aides Huma Abedin and Monica Hanley, “the whereabouts of Clinton’s devices would frequently become unknown once she transitioned to a new device.” (Federal Bureau of Investigation, 9/2/2016)

Around February 2009: Clinton allegedly wants to use a iPad in her office but is not allowed to do so; however the iPad won’t be released until one year later.

The first Apple iPad was released in January, 2010. (Credit: public domain)

The first Apple iPad (Credit: public domain)

Around February 2009, the NSA refuses to make a BlackBerry for Clinton that’s secure enough to use in SCIF rooms, citing security concerns. (Highly classified materials can only be read in SCIF rooms, and Clinton’s office in State Department headquarters is a SCIF room.)

According to a September 2016 FBI report, at roughly the same time, Clinton’s executive staff also ask about the possibility of Clinton using an iPad to read her emails in her office. But “this request was also denied due to restrictions associated with the Secretary’s office being in a SCIF.” (Federal Bureau of Investigation, 9/2/2016)

However, the FBI will fail to mention that the iPad won’t actually be announced by Apple until January 2010, and won’t be released until a couple of months after that, making the above claim impossible. (Apple.com, 1/27/2010)

Clinton will buy an iPad and begin using it a couple of months after it comes out, in July 2010.

February 12, 2009: An email suggests Clinton gets a new cell phone, despite her later claims that she didn’t use one.

090212clintonflipphonekarenbleierafpgetty

Clinton talks on a flip phone in Washington, DC on November 14, 2006. (Credit: Karen Bleir / Agence France Presse / Getty Images)

An email sent to or received by Clinton on this day has the subject heading: “Re: New cell.” It won’t be found in the over 30,000 Clinton emails given to the State Department in December 2014. Thus, the details are known because she will be asked about it in her July 2016 FBI interview.

According to a later FBI report, “Clinton stated she was familiar with the phone number ending in [redacted] referenced in the email. She believed the number was that of her BlackBerry because she did not recall using a flip phone during her time at State, only while in the Senate.”

However, in the FBI Clinton email investigation final report, evidence will be mentioned that Clinton actually had two phone numbers. One was for her BlackBerry, which she used just for emails, and one for her flip phone, which she used for phone calls. (Federal Bureau of Investigation, 9/2/2016)

March 2009—June 2011: An external hard drive backs up the data on Clinton’s private server, but it is unclear what happens to it or its replacement.

The Seagate Expansion External Hardrive (Credit: Seagate)

The Seagate Expansion External Hard Drive (Credit: Seagate)

When Clinton’s first server is upgraded with a new server in March 2009, a Seagate external hard drive is attached to the server to store back-up copies of all of its data.

Bryan Pagliano, who manages the server at the time, will later tell the FBI that daily changes are backed up onto the hard drive every day, and a complete back-up is made once a week. As space on the hard drive runs out, backups are deleted on a “first in, first out” basis.

This continues until June 2011. That month, Pagliano travels from Washington, DC, where he works in the State Department, and goes to where the server is, in Chappaqua, New York. Pagliano replaces the Seagate external hard drive with a Cisco Network Attached Storage (NAS) device, also to store backups of the server.

The Cisco FS 5500 and 5700 Series Integrated NAS. (Credit: Cisco)

The Cisco FS 5500 and 5700 Series Integrated NAS. (Credit: Cisco)

It is unclear what becomes of either back-up device or the data they contained. The FBI’s September 2016 final report on the Clinton email investigation will only mention: “The FBI was unable to forensically determine how frequently the NAS captured backups of the Pagliano Server.” But the report will also complain about the “FBI’s inability to recover all server equipment,” and there will be no mention of any data recovered from either back-up device. (Federal Bureau of Investigation, 9/2/2016)

Also in September 2016, Justin Cooper, who helped Pagliano manage the server, will be asked about these hard drives at a Congressional hearing. He will say he only heard about them from reading the FBI final report. (He claims he handled customer service while Pagliano handled the technical aspects.)

He will also be asked if FBI agents ever came to the Clinton’s Chappaqua house to seize any equipment. Cooper worked as an aide to Bill Clinton in the house, but he will say he is unaware of the FBI ever coming to the house. (US Congress, 9/13/2016)

March 2009: Clinton’s personal email server is replaced; she will use the new one for the rest of her term as secretary of state.

Justin Cooper, an aide to former President Bill Clinton, has been working with Bryan Pagliano, who worked as a computer technician on Hillary Clinton’s 2008 presidential campaign, to build a new private server located in the Clintons’ Chappaqua, New York, house. Some time in March 2009, Pagliano and Cooper met at the Chappaqua house to physically install the server and related equipment in a server rack in the basement.

Once the new server is up and running, Pagliano migrates the email data from the old server to the new one. Pagliano will later be interviewed by the FBI, and he will claim that after the migration, no email content should have remained on the old server. He will tell the FBI that he only transferred clintonemail.com email accounts for Clinton aide Huma Abedin and others (whose names will later be redacted), and he was unaware of and did not transfer an email account for Hillary Clinton.

However, Clinton emails using a clintonemail.com domain address start getting sent in January 2009, showing she must had had an account on the old server since that time. Cooper will also later be interviewed by the FBI, and he will say he believed Clinton had a clintonemail.com email account on the old server and Abedin did not. The FBI will be unable to obtain the old server to analyze it, so the dispute has not been fully resolved.

130601DellPowerEdge2900public

The Dell Power Edge 2900 (Credit: public domain)

This new server will be used for the rest of Clinton’s term as secretary of state, then will be replaced in 2013. Later in March 2009, the old server is repurposed to serve as a personal computer for household staff at Clinton’s Chappaqua house. (Federal Bureau of Investigation, 9/2/2016)

The Washington Post will later report, “The server was nothing remarkable, the kind of system often used by small businesses, according to people familiar with its configuration at the end of her tenure. It consisted of two off-the-shelf server computers. Both were equipped with antivirus software. They were linked by cable to a local Internet service provider. A firewall was used as protection against hackers.” (The Washington Post, 3/27/2016)

According to the FBI, the new server initially consists of the following equipment: “a Dell PowerEdge 2900 server miming Microsoft Exchange for email hosting and management, a Dell PowerEdge 1950 server miming BlackBerry Enterprise Server (BES) for the management of BlackBerry devices, a Seagate external hard drive to store backups of the Dell PowerEdge 2900 server, a Dell switch, a Cisco firewall, and a power supply.” (Federal Bureau of Investigation, 9/2/2016)

In 2015, Hillary Clinton will say of her server, “It was sitting there in the basement. It was not any trouble at all.” (The Wall Street Journal, 9/27/2015)

March 2009—May 31, 2013: Bryan Pagliano and Justin Cooper jointly manage Clinton’s private server.

160301PaglianoCooperMontage

Bryan Pagliano (left), Justin Cooper (right) (Credit: public domain)

In March 2009, Clinton’s private email server is replaced by a larger one built by her computer technician Pagliano. Cooper had been the only person with administrative access for the previous server, but now both him and Pagliano have administrative accounts on the new one.

Pagliano handles all software upgrades and general maintenance. He works at the State Department in Washington, DC, and there is only evidence of him going to Chappaqua, New York, to directy work on the server three times: in March 2009, to install the server; in June 2011, to upgrade the equipment; and in January 2012, to fix a hardware issue.

By contrast, in a later FBI interview, Cooper will describe his role as “the customer service face.” He can add users or reset passwords on the email server. He also works at the Chappaqua house as an aide to former President Bill Clinton, so it is much easier for him to physically interact with the server there.

Cooper and Pagliano both handle the selection and purchase of server-related items.

In a later FBI interview, Hillary Clinton will state “she had no knowledge of the hardware, software, or security protocols used to construct and operate the servers. When she experienced technical issues with her email account she contacted Cooper for assistance in resolving those issues.”

The roles of Cooper and Pagliano will be phased out in mid-2013, with the Platte River Networks company winning a contact to manage Clinton’s server on May 31, 2013.

Around Spring 2009: Pagliano is warned that classified information could be sent to Clinton’s private server, but there is no sign he takes action or passes this warning on.

When Clinton’s computer technician Bryan Pagliano is interviewed by the FBI in December 2015, he will recall a conversation with a person whose name is redacted that takes place at the beginning of Clinton’s tenure as secretary of state. According to the FBI, this person “advised he would not be surprised if classified information was being transmitted to Clinton’s personal server.”

Pagliano joins the State Department in May 2009, and he also is the main person to manage problems with the server. But there is no mention of him taking any action about this warning or passing it on to anyone else. The unnamed person also gives Pagliano advice on how to improve the server security that goes unheeded as well. (Federal Bureau of Investigation, 9/2/2016)

Around Spring 2009: Clinton’s computer technician is advised to make a key improvement to the security of Clinton’s private server, but the improvement is never made.

When Bryan Pagliano, the manager of Clinton’s private server while she Clinton’s is secretary of state, will be interviewed by the FBI in December 2015, he will recall a conversation that takes place around the beginning of Clinton’s tenure. This person, whose name is later redacted, recommends that email transiting from a state.gov account to Clinton’s private server should be sent through a Transport Layer Security (TLS) “tunnel.” Most of Clinton’s email traffic is with State Department officials using state.gov accounts.

A diagram of the Transport Layer Security (TLS) (Credit: public domain)

A diagram described as Networking 101: Transport Layer Security (TLS) (Credit: public domain)

A September 2016 FBI report will explain: “TLS is a protocol that ensures privacy between communicating applications, such as web browsing, email, and instant messaging, with their users on the Internet. TLS ensures that no third-party eavesdrops on the two-way communication. TLS is the successor to SSL and is considered more secure.”

Pagliano is the main person to manage problems with the server, but he will tell the FBI that the transition to TLS never occurred. It is not clear why. The FBI will be unable to forensically determine if TLS was ever implemented on the server.

The same unnamed person who gives Pagliano this advice also tells him at the same time that he would not be surprised if classified information was being transmitted to Clinton’s personal server.  (Federal Bureau of Investigation, 9/2/2016)

Around Mid-2010 to January 2013: “Brute force” hacking attempts on Clinton’s private server begin and steadily increase, but it is unknown if any are successful.

Blake Farenthold (Credit: Bill Clark / Congressional Quarterly Roll Call)

Blake Farenthold (Credit: Bill Clark / Congressional Quarterly)

Bryan Pagliano, the manager of Clinton’s private server while she is secretary of state, will be interviewed by the FBI in December 2015. According to an FBI report, he will claim that the server suffered no known security breaches. However, “he was aware there were many failed login attempts, which he referred to as brute force attacks. He added that the failed attempts increased over the life of the [server], and he set up the server’s logs to alert [Justin] Cooper when they occurred. Pagliano knew the attempts were potential attackers because the credentials attempting to log in did not match legitimate users on the system. Pagliano could not recall if a high volume of failed login attempts emanated from any specific country.”

The FBI report will explain, “A brute force attack is a trial-and-error method used to obtain information, such as a password… In a brute force attack, passwords may be attempted manually or automated software can be used to generate a large number of consecutive guesses as to the targeted information.” (Federal Bureau of Investigation, 9/2/2016)

Cooper, a Bill Clinton aide who helped Pagliano manage the server, will be asked about brute force attacks in a September 2016 Congressional hearing. He will respond, “I can’t say with any specificity how many had happened. They happened with some limited frequency over the period of, I’d say the last two and a half years, while she was in office. But we had developed systems to tamper these down.”

Representative Blake Farenthold (R) will ask Cooper that if the brute force attacker managed to enter the correct user name and password, “you wouldn’t have been notified, would you? You would have thought it was Mrs. Clinton or some legitimate user actually getting in?”

After further questioning, Cooper will admit that he only looked at failed attempts and didn’t check for related successful log-ins. (US Congress, 9/13/2016)

Around Mid-2010: A Secret Service agent advises Pagliano to take a step to improve the security of Clinton’s private server, but the step is not taken.

After Bryan Pagliano sets up Clinton’s new private server in January 2009, he sets up Internet Protocol (IP) filtering on the firewall, once a firewall is established in late March 2009. Pagliano will later tell the FBI that he tried to review the firewall log files once a month.

The US Secret Service Badge (Credit: public domain)

The US Secret Service Badge (Credit: public domain)

At some point, Justin Cooper, a Bill Clinton aide who is helping Pagliano manage the server, puts Pagliano in contact with a US Secret Service agent. The timing of this is not clear. However, in a September 2016 Congresssional hearing, Cooper will say it happened after Clinton’s server started to get frequent “brute force” hacking attacks, and that begins around the middle of 2010.

This agent recommends that Pagliano should also perform outbound filtering of email traffic. According to a September 2016 FBI report, “Pagliano further considered, but ultimately did not implement, a Virtual Private Network (VPN) or two-factor authentication to better secure administrative access to the server system by him and Cooper.”

The FBI report will explain: “‘VPN’ is a private network that runs on top of a larger network to provide access to shared network resources, which may or may not include the physical hard drives of individual computers… VPN offers an additional layer of security by encrypting the data traveling to the private network before sending it over the Internet. Data is then decrypted when it reaches the private network. … ‘Two-factor authentication’ is a method of confirming a user’s claimed identity by utilizing a combination of two different components…” (Federal Bureau of Investigation, 9/2/2016) (US Congress, 9/13/2016)

January 5, 2013: Someone accesses the email account of one of Bill Clinton’s staffers on the private server used to host Hillary Clinton’s emails.

130101TorLogopublic

The Tor Logo (Credit: public domain)

This is according to a FBI report that will be released in September 2016. It is known the staffer whose account gets breached is female, but her name will be redacted. The unnamed hacker uses the anonymity software Tor to browse through this staffer’s messages and attachments on the server.

The FBI will call this the only confirmed “successful compromise of an email account on the server.” But the FBI will not be able to determine who the hacker is or how the hacker obtained the staffer’s username and password to access her account. (Federal Bureau of Investigation, 9/2/2016)

Wired will later comment, “The compromise of a Bill Clinton staffer—who almost certainly had no access to any of then-Secretary Clinton’s classified material—doesn’t make the security of those classified documents any clearer. But it will no doubt be seized on by the Clintons’ political opponents to raise more questions about their server’s security.”

Dave Aitel (Credit: Immunity)

Dave Aitel (Credit: Immunity)

Clinton’s computer technician Bryan Pagliano is in charge of monitoring the server’s access logs at the time.

But Dave Aitel, a former NSA security analyst and founder of the cypersecurity company Immunity, will later comment that the breach shows a lack of attention to the logs. “They weren’t auditing and restricting IP addresses accessing the server. That’s annoying and difficult when your user is the secretary of state and traveling all around the world… But if she’s in Russia and I see a login from Afghanistan, I’d say that’s not right, and I’d take some intrusion detection action. That’s not the level this team was at.” (Wired, 9/2/2016)

When Pagliano is interviewed by the FBI in December 2015, he will claim that he knew of no instance when the server was successfully breached, suggesting he didn’t know about this incident. (Federal Bureau of Investigation, 9/2/2016)

And when Justin Cooper, a Bill Clinton aide who helped Pagliano manage the server, will be asked about the incident in September 2016, he will say he knew nothing about it until he read about it in the FBI report released earlier that month. (US Congress, 9/13/2016)

Around February 1, 2013: Clinton later claims she wasn’t given any instructions on how to preserve her emails when she left office.

In a July 2016 FBI interview, “Clinton [will state] that she received no instructions or direction regarding the preservation or production of records from [the] State [Department] during the transition out of her role as secretary of state in early 2013. Furthermore, Clinton believed her work-related emails were captured by her practice of sending emails to State employees’ official State email accounts.”

A May 2016 State Department inspector general report will conclude this wasn’t a proper method, and Clinton should have printed and filed her emails when she left office. (Federal Bureau of Investigation, 9/2/2016)

Spring 2013: A back-up of all of Clinton’s emails are put onto a laptop and then forgotten about.

Monica Hanley (Credit: Bolton-St. Johns)

Monica Hanley (Credit: Bolton-St. Johns)

In the spring of 2013, Clinton aide Monica Hanley works with Bill Clinton aide Justin Cooper to create an archive of Clinton’s emails. Clinton aide Huma Abedin will later tell the FBI that the archive was created as a reference for the future production of a book. Whereas Hanley will later tell the FBI that the archive was created as a security precaution after Clinton confidant Sid Blumenthal had his email account broken into on March 14, 2013, publicly exposing Clinton’s email address.

Cooper gives Hanley an Apple MacBook laptop from the Clinton Foundation and helps her through the process of remotely transferring Clinton’s emails from Clinton’s server to the laptop and a thumb drive. These two copies of the Clinton emails are intended to be stored in Clinton’s houses in Chappaqua, New York, and Whitehaven, Washington, DC. However, Hanley will tell the FBI that this doesn’t happen because she forgets to give the laptop and the thumb drive to Clinton’s staff.

Nearly a full year will pass before Hanley finds the laptop again. She will send it though the mail, only to apparently have it get permanently lost somehow. It is unclear what happens to the thumb drive, but it will not be seen again either. (Federal Bureau of Investigation, 9/2/2016)

March 15, 2013—March 21, 2013: Clinton’s private server is repeatedly scanned from Russia shortly after Guccifer’s hack revealed her server domain.

On March 14, 2013, the Romanian hacker known as Guccifer broke into the email account of Clinton confidant Sid Blumenthal and learned Clinton’s private email address and thus her clintonemail.com server domain.

A September 2016 FBI report will reveal that “An examination of log files [of Clinton’s server] from March 2013 indicated that IP addresses from Russia and Ukraine attempted to scan the server on March 15, 2013, the day after the Blumenthal compromise, and on March 19 and March 21, 2013. However, none of these attempts were successful, and it could not be determined whether this activity was attributable to [Guccifer].” (Federal Bureau of Investigation, 9/2/2016)

Early June 2013—Early July 2013: Clinton’s server is relocated and then replaced by a new server, but the old server keeps running.

After Platte River Networks (PRN) is selected to manage Clinton’s private email server on May 31, 2013, the company decides to immediately relocate the server and then also replace it with a better one.

130601PlatteRiverFoundersPlatteRiverNetworks

The founders of Platte River Network: Brent Allshouse (left) and Treve Suavo (right). (Credit: Platte River Networks)

PRN assigns two employees to manage the new server (which will be the third server used by Clinton). The FBI will later redact the names of these two employees, but it is known that one of them works remotely from his home in some unnamed town and will handle the day-to-day administration of the server, and the other one works at PRN’s headquarters in Denver, Colorado, and handles all hardware installation and any required physical maintenance of the server. Media reports will later name the two employees as Paul Combetta, who works from Rhode Island, and Bill Thornton.

The employee at PRN’s headquarters (who logically would be Thorton) works with Clinton’s computer technician Bryan Pagliano to help with the transition. Around June 4, 2013, this person is granted administrator access to the server, as well as any accompanying services.

130601EquinixLogo

Equinix Logo (Credit: public domain)

On June 23, 2013, this person travels to Clinton’s house in Chappaqua, New York, shuts down the server, and transports it to a data center in Secaucus, New Jersey, run by Equinix, Inc. This older server will stay at the Equinix facility until it is given to the FBI on October 3, 2015.

The PRN headquarters employee (still likely to be Thornton) turns the old server back on in the Equinix data center so users can continue to access their email accounts. Then he spends a few days there setting up a new server. When he leaves, all the physical equipment for the new server is successfully installed except for an intrusion detection device, which Equinix installs later, once it gets shipped.

Meanwhile, the PRN employee who works remotely (Combetta) does his remote work to get the new server online. Around June 30, 2013, this employee begins to transfer all the email accounts from the old server to the new one. After several days, all email accounts hosted on the presidentclinton.com, wjcoffice.com, and clintonemail.com domains are transferred. However, PRN keeps the old server online at the Equinix data center along with the new server to ensure email continues to be delivered. But the old server no longer hosts email services for the Clintons.

According to an FBI report made public in September 2016, “The new Clinton email server hosted email for [Hillary] Clinton, President Clinton, [redacted], and their respective staffs.”

130601DellPowerEdgeR620

The Dell PowerEdge R620 (Credit: public domain)

This same FBI report will explain that the new server consists of the following equipment: “a Dell PowerEdge R620 server hosting four virtual machines, including four separate virtual machines for Microsoft Exchange email hosting, a BES for the management of BlackBerry devices, a domain controller to authenticate password requests, and an administrative server to manage the other three virtual machines, a Datto SfRlS 2000 to store onsite and remote backups of the server system, a CloudJacket device for intrusion prevention, two Dell switches, and two Fortinet Fortigate 80C firewalls.” (Federal Bureau of Investigation, 9/2/2016)

The FBI report will not make entirely clear what happens to the data on the old server. But a September 2015 Washington Post article will assert that after PRN moved all the data onto a new server, everything on the original server was deleted until it is “blank.” However, it was not wiped, which means having the old files overwritten several times with new data until they can never be recovered. (The Washington Post, 9/12/2015)

June 24, 2013—August 2015: Another company stores the contents of Clinton’s email server on a cloud storage system; this could help the FBI recover deleted emails.

The Datto, Inc. office in Rochester, New York. (Credit: The New York Times)

The Datto, Inc. office in Rochester, New York. (Credit: The New York Times)

Shortly after taking over management of Clinton’s private email server, Platte River Networks (PRN) buys a device called the Datto SIRIS S2000 from another company called Datto, Inc. that frequently makes copies of all the server’s contents. They use this device on a copy of Clinton’s server, which has been moved to a data storage facility in New Jersey. Then, apparently without PRN asking or paying for it, or even being aware of it, Datto stores those copies of the server’s contents on a “cloud” storage system elsewhere. (McClatchy Newspapers, 10/6/2015)

A September 2016 FBI report will explain, “At the Clintons’ request, PRN only intended that the backup device store local copies of the backups. However, in August 2015, Datto informed PRN that, due to a technical oversight, [Clinton’s] server was also backing up the server to Datto’s secure cloud storage. After this notification, PRN instructed Datto to discontinue the secure cloud backups.”

The FBI report will also reveal that the first Datto back-up takes place on June 24, 2013. But a new server is still being set-up and data being transferred from the old server, so the June 29, 2013 back-up will later prove most useful to FBI investigators. the FBI will say the back-ups will stop on December 23, 2013, but it isn’t explained why. (Federal Bureau of Investigation, 9/2/2016)

In 2015, an unnamed source familiar with Datto’s account will say that PRN was billed for “private cloud” storage, and since PRN didn’t have a cloud storage node of its own, the data bounced to Datto’s cloud. This source says that even though nobody seemed to realize it, Datto was “managing the off-site storage throughout.”

When asked if the FBI might recover Clinton’s deleted emails from Datto’s storage, the source will say, “People don’t use Datto’s service for getting rid of data.” Apparently, the FBI will ask for and get the contents of Datto’s storage in September 2015. (McClatchy Newspapers, 10/6/2015)

Senator Ron Johnson (R), who will write a letter to Datto in late 2015 seeking more information, will say that “questions still remain as to whether Datto actually transferred the data from its off-site data center to the on-site server, what data was backed up, and whether Datto wiped the data after it was transferred.” It is also unknown if Datto employees have security clearances allowing them to view classified information. (CNN, 10/8/2015) 

A Datto official will later say that investigators may be able to recover Clinton’s deleted emails if the data was on the server at the time Datto’s service was first used in 2013. (The Washington Post, 10/7/2015)

The FBI will later confirm that Datto back-ups to the cloud will occur, but it isn’t clear if the FBI recovered any emails from this that they didn’t find through other means. It also isn’t clear if the June 29, 2013 back-up that the FBI finds useful is from the Datto SIRIS S2000, the cloud, or both. (Federal Bureau of Investigation, 9/2/2016)

Also, despite internal PRN emails from August 2015 indicating many PRN employees didn’t know about the Datto cloud back-up until that time, by November 2015, the FBI will find evidence that an unknown PRN employee deleted data from the cloud back-up in March 2015.

June 29, 2013: Some of Clinton’s emails are later recovered due to a back-up of computer files made on this date.

130629DattoSIRISS2000Datto

The Datto SIRIS S2000 (Credit: Datto, Inc.)

In June 2013, Platte River Networks (PRN) takes over management of Clinton’s server. Late in the month, they replace the server with a new one and then transfer the data to it. They subcontract with the company Datto, Inc. and purchase a device called the Datto SIRIS S2000 to make periodic back-ups of all the data on the new server. The first such back-up takes place on June 24, 2013.

But data is still being transferred from the old server to the new one. The June 29, 2013 back-up will later prove to be the most important one for FBI investigators, as it apparently is the first one after the data transfer is completed. From that point onwards, emails from Clinton’s four years as secretary of state are likely to only get lost from the server, not added.

The FBI will later report that all of Clinton’s emails at the start of Clinton’s tenure as secretary of state, from January 23, 2009 to March 17, 2009 were missing from the over 30,000 emails Clinton handed over. But the FBI’s Clinton investigation recovered some these emails because they were “captured through a Datto backup on June 29, 2013. However, the emails obtained are likely only a subset of the emails sent or received by Clinton during this time period.”

Clinton’s first server was replaced around March 18, 2009 by the same server that PRN then decided to replace in June 2013. But presumably some of the emails on the first server were transferred to the second server, from instance by being in email inboxes, and then were transferred again by PRN to the newest (and third) server.

One thing that isn’t clear is how many of the emails from after March 18, 2009 were recovered by the FBI. It also isn’t clear if the FBI recovered emails from a Datto device attached to the new server, or if it was from a copy of the data that Datto kept in the “cloud,” over the Internet. (Federal Bureau of Investigation, 9/2/2016)

Around July 2013: Clinton’s emails still are not encrypted.

According to an unnamed Platte River Networks (PRN) employee, Clinton’s server has encryption protection to combat hackers, but the individual emails have not been protected with encryption. With PRN taking over management of the server in June 2013, this employee will later tell the FBI that “the Clintons originally requested that email on [Clinton’s] server be encrypted such that no one but the users could read the content. However, PRN ultimately did not configure the email settings this way, to allow system administrators to troubleshoot problems occurring within user accounts.” (Federal Bureau of Investigation, 9/2/2016)

October 2013: Clinton’s server gets anti-hacking protection after going several months without any.

The CloudJacket Logo (Credit: public domain)

The CloudJacket Logo (Credit: public domain)

From late June 2013 until October 2013, Platte River Networks (PRN) is managing the server, apparently without any anti-hacking software. In October 2013, the software they have been waiting for arrives and is installed. This is an intrusion detection and prevention system called CloudJacket from SECNAP Network Security.

According to a later FBI report, it “had pre-configured settings that blocked or blacklisted certain email traffic identified as potentially harmful and provided real-time monitoring, alerting, and incident response services. SECNAP personnel would receive notifications when certain activity on the network triggered an alert. These notifications were reviewed by SECNAP personnel and, at times, additional follow-up was conducted with PRN in order to ascertain whether specific activity on the network was normal or anomalous. Occasionally, SECNAP would send email notifications to [an unnamed PRN employee], prompting him to block certain IP addresses. [This employee] described these notifications as normal and did not recall any serious security incident or intrusion attempt.”

Additionally, “PRN also implemented two firewalls for additional protection of the network. [This PRN employee] stated that he put two firewalls in place for redundancy in case one went down.”

The FBI report will also conclude, “Forensic analysis of alert email records automatically generated by CloudJacket revealed multiple instances of potential malicious actors attempting to exploit vulnerabilities on the PRN Server. FBI determined none of the activity, however, was successful against the server.” (Federal Bureau of Investigation, 9/2/2016)

 

2014: The data on Clinton’s first private server is transferred to another computer, causing some of Clinton’s emails to be lost.

When Clinton became secretary of state in January 2009, her emails were hosted on her first private email server, which was an Apple computer (either an Apple Power Macintosh G4 or G5 tower). In March 2009, the server was replaced by a new one built by Clinton’s computer technician Bryan Pagliano. The old server was repurposed to serve as a personal computer and/or workstation for household staff at Clinton’s Chappaqua, New York, house.

At some unknown point in 2014, the data on this Apple computer is transferred to an Apple iMac computer. The hard drive of the old Apple computer is then discarded. Clinton’s emails from January 2009 until around March 18, 2009, are apparently lost as a result.

On October 14, 2015, Williams & Connolly, the law firm of Clinton’s personal lawyer David Kendall, tells the Justice Department that a review of the iMac was conducted, as requested by the Justice Department, and no emails were found belonging to Clinton from when she was secretary of state. The FBI will not directly examine the iMac. (Federal Bureau of Investigation, 9/2/2016)

February 2014: A laptop containing all of Clinton’s emails from one year earlier is permanently lost in the mail.

In the spring of 2013, Clinton aide Monica Hanley made a copy of all of Clinton’s emails on a MacBook laptop to make a safe back-up copy of them. Then she apparently forgot to do anything with it for nearly a full year.

The 2013 Apple Mac Book Air Laptop (Credit: public domain)

The 2013 Apple MacBook Air Laptop (Credit: public domain)

In early 2014, Hanley finds the laptop where it has been stored at her personal residence. She attempts to transfer the archive of Clinton’s emails to Platte River Networks (PRN), the computer company which is managing Clinton’s private server by this time. She works with PRN employee Paul Combetta. After trying unsuccessfully to remotely transfer the emails to him, Hanley ships the laptop to his residence in February 2014. Combetta then transfers Clinton’s emails from the laptop onto Clinton’s private server.

This server already should contain all of Clinton’s old emails. But the server that existed when Hanley made the back-up in the spring of 2013 was replaced in June 2013 by a new server, so it is possible that some emails get transferred at the time didn’t get successfully transferred before.

Combetta transfers all of the Clinton email content to a personal Gmail email address he created. Then he downloads all the emails from the Gmail account to a mailbox on the new Clinton server. He will later tell the FBI that he used the Gmail as a middle step because he had format compatibility issues.

Hanley will later tell the FBI that she recommended that PRN wipe the laptop after the emails were transferred to the server. (“Wiping” means repeatedly overwriting the data so it can never be recovered.) However, Combetta will tell the FBI that once the transfer was done, he deleted the emails from the laptop but didn’t do any wiping. He also deleted the emails uploaded to the Gmail account.

According to the FBI’s final report, Combetta then ships the laptop to a person whose name will later be redacted, but works on Clinton’s staff in some capacity. He ships it through the mail, using United States Postal Service (USPS) or United Parcel Service (UPS). The unnamed Clinton staffer will later tell the FBI that she never received the laptop. She will say that Clinton’s staff was moving offices at the time, and it would have been easy for the package to get lost during the transition period.

According to Combetta’s September 2015 FBI interview, he “shipped the foregoing MacBook back to [redacted], but recalled nothing about the return shipment.” That would presumably mean he shipped it back to Hanley, since she shipped it to him. But in Hanley’s January 2016 interview, she will claim to have asked another woman (whose name is redacted) if they ever received laptop and were told they did not. Thus it would appear Combetta and Hanley will have different accounts of who is sent the laptop.

The laptop is apparently permanently lost. However, some of Clinton’s emails will somehow be recovered from the Gmail account in 2016, even though they were all deleted. (Federal Bureau of Investigation, 9/2/2016) (Federal Bureau of Investigation, 9/23/2016)

July 23, 2014: The House Benghazi Committee reaches an agreement relating to the production of Clinton’s emails.

The committee reaches an agreement with the State Department “regarding the production of records.” This will be mentioned in a September 2016 FBI report in the context of Clinton’s emails. However, further details are not known. (Federal Bureau of Investigation, 9/2/2016)

Late July 2014—December 5, 2014: Heather Samuelson, one of Clinton’s lawyers, allegedly leads the sorting of over 60,000 of Clinton’s emails.

Heather Samuelson (Credit: public domain)

Heather Samuelson (Credit: public domain)

Samuelson’s task is to sort all the emails from Clinton’s tenure as secretary of state into those deemed work-related and those deemed personal. She appears to have no security clearance and no special skills or experience for such a task.

In late July 2014, Platte River Networks (PRN), the company managing Clinton’s private server, emails some of Clinton’s emails to the laptops of Samuelson and Cheryl Mills, another Clinton lawyer (and her former chief of staff). PRN sends Samuelson and Mills the rest of Clinton’s emails in late September 2014. In 2016, Samuelson will tell the FBI that the sorting review takes several months and is completed just prior to December 5, 2014, when copies of the work-related emails are given to the State Department.

According to Samuelson’s 2016 FBI interview, she does the sorting on her laptop. She puts the work-related emails she finds into a computer folder. She first adds all emails sent to or from Clinton’s email account with .gov and .mil email addresses. Then she searches the remaining emails for the names of senior leaders in the State Department, as well as members of Congress, foreign leaders, or other official contacts.

Finally, she conducts a keyword search of terms such as “Afghanistan,” “Libya,” and “Benghazi.” Samuelson will claim that she reviews the “to,” “from,” and “subject” fields of every email; but she doesn’t read the content of every individual email. In some instances, she decides a if an email is work or personal by only reviewing the “to,” “from,” and “subject’ fields.

After Samuelson finishes her sorting, she prints all of the emails to be given to the State Department using a printer in Mills’ office. Then Mills and Kendall subsequently reviews emails that Samuelson printed. Any hard copy of an email Mills and Kendall deem not to be work-related is shredded, and the digital copy of the email is removed from the computer folder Samuelson created of all of the work-related emails.

Mills will later tell the FBI that, she only reviewed emails where Samuelson requested her guidance. There is no sign in the FBI’s final report that Kendall was interviewed about this matter.

With the sorting process completed, Samuelson creates a .pst file containing all of the work-related emails, and also makes sure that all work-related emails are printed to give to the State Department. The .pst file is given to Kendall on a USB thumb drive. On August 6, 2015, Kendall will give this thumb drive to the FBI, with consent from Clinton.

This account appears to be based mostly or entirely on the accounts of Samuelson and Mills. An FBI report will note: “The FBI was unable to obtain a complete list of keywords or named officials searched from Samuelson, Mills, or Clinton’s other attorneys due to an assertion of [attorney-client] privilege. ”

The 30,068 emails deemed work-related are given to the State Department, while the 31,830 deemed personal will later be deleted. The FBI will eventually find over 17,000 of the deleted emails, and thousands of them will be determined work-related after all. (Federal Bureau of Investigation, 9/2/2016)

In Clinton’s July 2016 FBI interview, she will claim that she had no role whatsoever in the sorting process, other than telling her lawyers to do it.

Late July 2014—December 5, 2014: The Clinton lawyer who sorts Clinton’s emails appears to have no security clearance and no special skills to do so.

Heather Samuelson (Credit: LinkedIn)

Heather Samuelson (Credit: LinkedIn)

Between late July 2014 and December 5, 2014, Clinton lawyer Heather Samuelson spends “several months” sorting Clinton’s emails into work-related and personal, according to an account she will later give to the FBI.

Samuelon allegedly does the vast majority of the sorting by herself. Clinton will later claim that she had no direct involvement in determining which emails to keep or delete and left that process to her lawyers. Her personal lawyer David Kendall, her lawyer and former chief of staff Cheryl Mills allegedly only assist Samuelson when there is an email she is uncertain about.

Samuelson is said to be a Clinton loyalist, and she worked under Clinton in the State Department in the White House Liaison Office. But she has no background in federal record keeping, and it is unclear if she has any security clearance. (Politico, 9/4/2015)

In the FBI’s final report on their Clinton email investigation, released on September 2016, there will be no mention of Samuelson having any kind of security clearance when she sorts the emails. However, the report will mention when other people who handled Clinton’s emails did have security clearances, such as Bill Clinton aide Oscar Flores.

It will later emerge that thousaands of emails Samuelson sorted as personal were recovered after being deleted and found to be work-related. (Federal Bureau of Investigation, 9/2/2016)

Around December 2014 or January 2015: Copies of Clinton’s emails are deleted from the computers of two of Clinton’s lawyers.

On October 28, 2014, the State Department formally asked Clinton for copies of all her work-related emails, after asking informally for several months. Three lawyers working for Clinton, Cheryl Mills, David Kendall, and Heather Samuelson, then sorted Clinton’s emails into those they deemed work-related or personal.

Paul Combetta (Credit: Facebook)

Paul Combetta (Credit: Facebook)

According to a later FBI report, “on or around December 2014 or January 2015, Mills and Samuelson requested that [Platte River Networks (PRN) employee Paul Combetta] remove from their laptops all of the emails from the July and September 2014 exports. [Combetta] used a program called BleachBit to delete the email-related files so they could not be recovered.” PRN is the computer company managing Clinton’s emails at the time.

The FBI report will explain, “BleachBit is open source software that allows users to ‘shred’ files, clear Internet history, delete system and temporary files and wipe free space on a hard drive. Free space is the area of the hard drive that can contain data that has been deleted. BleachBit’s ‘shred files’ function claims to securely erase files by overwriting data to make the data unrecoverable.”

141201ScreenConnectLogo

ScreenConnect Logo (Credit: public domain)

Combetta then remotely connects to the laptops of Mills and Samuelson using the computer program ScreenConnect to complete the deletions. Clinton’s emails are being stored in a .pst file. Combetta will later tell the FBI “that an unknown Clinton staff member told him s/he did not want the .pst file after the export and wanted it removed from the [Clinton server]” as well.

The Clinton emails are deleted from the laptops of Mills and Samuelson around this time. But another copy of all the emails exist on the server. Combetta will delete those emails as well, in late March 2015. (Federal Bureau of Investigation, 9/2/2016)

December 2014: Clinton finally stops using the clintonemail.com domain and server for her daily emails.

Since early 2009, Clinton and her aide Huma Abedin have had private email accounts on the clintonemail.com domain, which is hosted on Clinton’s private email server.

Chelsea Clinton and Huma Abedin chat while on the campaign trail in 2008. (Credit: Reuters)

Chelsea Clinton and Huma Abedin chat while on the campaign trail in 2008. Huma also appears to be holding two flip phones and a BlackBerry. (Credit: Reuters)

According to a September 2016 FBI report, the new domain hrcoffice.com is created in December 2014. In a later FBI interview, Abedin stated the clintonemail.com system was “going away,” and after the initiation of the new domain, she didn’t have access to her clintonemail.com account anymore. Presumably the same is true for Clinton (and the few others who had email accounts on the domain, such as Chelsea Clinton).

The FBI report will indicate the hrcoffice.com domain is hosted on different equipment, which presumably means a different server. But the clintonemail.com server will continue to run until October 2015, when it will be confiscated by the FBI.

As part of the transfer process, Platte River Networks employee Paul Combetta copies all of Clinton’s emails from her current account on the clintonemail.com server to her new acccount on the hrcoffice.com server.

In Clinton’s July 2016 FBI interview, the FBI will summarize Clinton as saying: “Clinton transitioned to an email address on the hrcoffice.com domain because she had a small number of personal staff, but no physical office or common email domain. To address these issues, she moved to a common email domain and physical office space. After this move, Clinton did not recall any further access to clintonemail.com.”

The switch comes about one month after the State Department formally asked Clinton for all of her work-related emails from her secretary of state tenure, when she used her clintonemail.com account. (Federal Bureau of Investigation, 9/2/2016)

Between December 5, 2014 and December 11, 2014: Clinton tells Mills she doesn’t need her “personal” emails, resulting in Mills telling those managing Clinton’s server to delete them.

In 2016, Clinton’s former chief of staff Cheryl Mills will be interviewed by the FBI. Mills will claim that in December 2014, Clinton decided she no longer needed access to any of her emails older than 60 days. This comes shortly after the State Department formally asked Clinton for all of her work-related emails, on October 28, 2014. This decision has to take place before an email discussing it on December 11, 2014, written Paul Combetta, the Platte River Networks (PRN) employee managing Clinton’s private server.

Paul Combetta (Credit: Facebook)

Paul Combetta (Credit: Facebook)

Even so, Mills will claim she instructed Combetta to modify the email retention policy on Clinton’s clintonemail.com email account to reflect this change. (PRN is managing Clinton’s private server at the time.) This means that the 31,830 Clinton emails that Mills and Clinton’s other lawyers David Kendall and Heather Samuelson recently decided were not work-related will be deleted after 60 days.

However, Combetta will later say in an FBI interview that he forgot to make the changes to Clinton’s clintonemail.com account and didn’t make them until late March 2015.

Clinton will also later be interviewed by the FBI. She will claim that after her staff sent her work-related emails to the State Department on December 5, 2014, “she was asked what she wanted to do with her remaining personal emails. Clinton instructed her staff she no longer needed the emails. Clinton stated she never deleted, nor did she instruct anyone to delete, her emails to avoid complying with FOIA [Freedom of Information Act], State [Department], or FBI requests for information.”

However, Clinton saying her personal emails were no longer needed, then having Mills tell PRN to have them delete them after 60 days, will result in all of Clinton’s emails that her lawyers deemed personal getting permanently deleted. The FBI will later recover some of the emails through other means and discover that thousands actually were work-related. (Federal Bureau of Investigation, 9/2/2016)

Shortly After March 2, 2015: A surge of hacking attempts follows the revelation of Clinton’s use of a private email server in the media.

On March 2, 2015, a New York Times article publicly reveals Clinton’s use of a personal email account and private server to conduct government business. The FBI’s Clinton email investigation will later identify an increased number of login attempts to her server and its associated domain controller just after this article comes out.

According to the FBI in September 2016, “Forensic analysis revealed none of the login attempts were successful. [The] FBI investigation also identified an increase in unauthorized login attempts into the Apple iCloud account likely associated with Clinton’s email address during this time period.” (Clinton’s email address, which had been publicly revealed in March 2013, was still used as the user name for the account.) “Investigation determined all potentially suspicious Apple iCloud login attempts were unsuccessful.”

Despite all this, Clinton does not simply turn the server off. Instead, Platte River Networks (PRN) employees, who are managing the server, make some security improvements around March 7, 2015.

PRN staff also discuss the possibility of conducting penetration testing against the server to highlight vulnerabilities, so they can be fixed. However, the penetration testing ultimately doesn’t happen. (Federal Bureau of Investigation, 9/2/2016)

Shortly After March 2, 2015: Cheryl Mills has a computer company check on the condition of Clinton’s private server after the media makes Clinton’s use of the server front-page news.

On March 2, 2015, the New York Times publishes a front-page story about Clinton’s emails practices and her use of a private email server.

The Equinix data center in Secaucus, NY. (Credit: public domain)

In the days following the publication of the article, Cheryl Mills, who is one of Clinton’s lawyers as well as her former chief of staff, requests that Platte River Networks (PRN), the computer company managing Clinton’s server, conduct a complete inventory of all equipment related to the server.

In response to this request, an unnamed PRN employee travels to the Equinix data center in Secaucus, New Jersey, where the server is located, to conduct an onsite review of the equipment. At the same time, another unnamed PRN employee logs in to the server remotely to check on it.

This will result in some changes to the security settings of the server  around March 7, 2015. Additionally, many emails (other than Clinton’s) are deleted from the server on March 8, 2015. (Federal Bureau of Investigation, 9/2/2016)

Around March 7, 2015: Changes are made to the security settings of Clinton’s private server after its existence was revealed in the media.

In the days following a New York Times article revealing Clinton’s use of her private server, Cheryl Mills, who is one of Clinton’s lawyers as well as her former chief of staff, requests that Platte River Networks (PRN), the computer company managing Clinton’s server, conduct a complete inventory of all equipment related to the server. Two unnamed PRN employees do so.

This results in some changes to the server’s security settings around March 7, 2015. According to a September 2016 FBI report, these changes “include disabling the server’s public-facing VPN page and switching from SSL protocol to TLS to increase security.”

The FBI will explain: “TLS is a protocol that ensures privacy between communicating applications, such as web browsing, email, and instant-messaging, with their users on the Internet. TLS ensures that no third-party eavesdrops on the two-way conummication. TLS is the successor to SSL and is considered more secure.” (Federal Bureau of Investigation, 9/2/2016)

March 8, 2015: Someone deletes email accounts other than Clinton’s from Clinton’s private server.

In a September 2016 report, the FBI will reveal that the “FBI forensically identified deletions from [Clinton’s] server on March 8, 2015 of .pst files not associated with Clinton’ s email account or domain, and other server data.”

A .pst or “Personal Storage Table” file is a file format used to store copies of emails and other items within Microsoft software.

This incident will only be mentioned in a footnote in an FBI report, with no mention of who made the deletions or why. It also is not clear how thorough the deletions are. Clinton’s deputy chief of staff Huma Abedin had a frequently used email account hosted on the server, but it is unknown if these deletions include her emails.

Platte River Network's new, larger office, which they moved into in mid-2015. (Credit: Stuart Sipkin / Demotis / Corbis))

Platte River Network’s new, 12,000 sq. foot office, which they moved into in mid-2015. (Credit: Stuart Sipkin / Demotis / Corbis))

It seems probable an employee of Platte River Networks (PRN), the computer company managing Clinton’s server, made the deletions. Shortly after a news report made Clinton’s use of the server public knowledge on March 2, 2015, Cheryl Mills, who is one of Clinton’s lawyers as well as her former chief of staff, requested that PRN conduct a complete inventory of all equipment related to the server, and one unnamed PRN employee physically checked the server while another one remotely logged on to check it.

The FBI report will also mention that around March 7, 2015, PRN makes various changes to the server’s security settings. (Federal Bureau of Investigation, 9/2/2016)

March 9, 2015: An email from Cheryl Mills warns a Platte River Networks employee that Clinton’s emails should be preserved, but he will delete them all later in the month anyway.

Cheryl Mills, who is one of Clinton’s lawyers at the time, as well as being her former chief of staff, sends an email to some employees at Platte River Networks (PRN), the company that is managing Clinton’s private server. On March 3, 2015, the House Benghazi Committee sent a letter to Clinton’s lawyers, asking that they preserve all of Clinton’s emails. This is because of a New York Times report the day before that indicated Clinton probably had many emails from when she was secretary of state that the State Department did not. Mills’ email to PRN references this preservation request.

150303PlatteRiverNewOfficePRFB

In March 2015, PRN is preparing to move from a small downtown loft in Denver, to a more spacious 12,000 sq. foot office space. (Credit: Platte River Networks / Facebook)

PRN employee Paul Combetta is one of the recipients of this email from Mills. In a February 18, 2016 FBI interview, he will claim that he didn’t recall seeing the preservation request mentioned in the email. But he will be interviewed by the FBI again, on May 3, 2016. At that time, he will indicate that he deleted and then wiped all of Clinton’s emails from her server in late March 2015, despite the fact that, according to an FBI report, “he was aware of the existence of the preservation request and the fact that it meant he should not disturb Clinton’s email data on [Clinton’s] server.”

It is not clear why he will do this. He will also state during his second interview, “he did not receive guidance from other PRN personnel, PRN’s legal counsel, or others regarding the meaning of the preservation request.” (Federal Bureau of Investigation, 9/2/2016)

March 25, 2015: A conference call precedes the permanent deletion of Clinton’s “personal” emails.

Platte River Networks (PRN), the computer company managing Clinton’s server, holds a conference call with some members of former President Bill Clinton’s staff. This is according to a later FBI report, but the FBI has not revealed who exactly takes part in the conference call or what is discussed.

The four “President Clinton” aides who had access to the private server were from left to right, Justin Cooper, Doug Band, Jon Davidson, and Oscar Flores. (Credit for all photos: public domain)

PRN employee Paul Combetta will later say that in the days just after this call, between March 25 and 31, 2015, he suddenly remembers that he did not make changes to the email retention policy to Clinton’s email account, as one of Clinton’s lawyers (and her former chief of staff) Cheryl Mills requested him to do back in December 2014. He will then proceed to do so, resulting in the permanent deletion of all of Clinton’s emails that had been deemed personal.

PRN only has two employees involved in managing Clinton’s server, so it seems highly likely Combetta takes part in the conference call. (Federal Bureau of Investigation, 9/2/2016)

Between March 25 and 31, 2015: A Platte River Networks employee allegedly deletes all of Clinton’s emails and then wipes them to prevent their recovery, despite apparently having no clear order to do so.

Platte River Networks (PRN) is managing Clinton’s private server, and two PRN employees are occasionally working on it. Around December 2014, PRN employee Paul Combetta was told by one of Clinton’s lawyers (and her former chief of staff) Cheryl Mills to delete all copies of Clinton’s emails off Mills’ computer and the computer of another lawyer working for Clinton, Heather Samuelson. He did so. But he says he was also told by Mills to change the email retention policy on Clinton’s clintonemail.com email account so that Clinton’s unwanted “personal” emails would be deleted after 60 days, and he forgot to do that.

Combetta will be interviewed by the FBI on February 18, 2016. At that time, he will say that after a conference call between PRN and the staff of former President Bill Clinton on March 25, 2015, roughly between March 25 and 31, 2015, he will realize he forgot to make the change, but then will tell the FBI that he didn’t do anything about it.

However, Combetta will be interviewed by the FBI again on May 3, 2016, and his answers will change. This time, he will say he had what told the FBI was “an ‘oh shit’ moment.” Then, sometime between March 25 and 31, 2015, he deleted the Clinton archive mailbox from Clinton’s server. Furthermore, he used BleachBit to delete the exported .pst files he had created on the server system containing Clinton’s emails.

150326PlatteMontage

There are six employees leading PRN in 2015. From left to right they are Brent Allshouse, David DeCamillis, Treve Suavo, Sam Hickler, Craig Papke, and Dave Robinson (not pictured). (Credit: Linked In and Platte River Networks)

An FBI report will explain, “BleachBit is open source software that allows users to ‘shred’ files,” as well as other functions. “BleachBit’s ‘shred files’ function claims to securely erase files by overwriting data to make the data unrecoverable.”

Additionally, the FBI investigation will later find “evidence of these deletions and determined the Datto backups of the [Clinton’s] server were also manually deleted during this timeframe.” However, the FBI will not mention if they figured out who deleted the Datto back-ups, whether it is Combetta or someone else.

150326BleachBitSystemCleaner1.8

BleachBit System Cleaner 1.8 (Credit: BleachBit)

Note that Combetta was only asked by Mills to change the deletion policy on Clinton’s account, which would have deleted only her “personal” emails 60 days later. He actually immediately deleted all of her emails, including her work-related ones, and then used a program to make their later recovery impossible. It is not clear if anyone told him to do this, and if so who, or if he did it on his own.

Furthermore, Combetta took these actions even though Mills sent him (and others at PRN) an email on March 9, 2015, which mentioned how the House Benghazi Committee had requested to Clinton’s lawyers that all of Clinton’s emails should be preserved. In his first FBI interview, he will deny being aware of this. But in his second FBI interview, according to the FBI, at the time he made the deletions, “he was aware of the existence of the preservation request and the fact that it meant he should not disturb Clinton’s email data on [Clinton’s] server.” (Federal Bureau of Investigation, 9/2/2016)

March 31, 2015: A Platte River Networks employee talks to two of Clinton’s lawyers shortly after deleting and wiping all of Clinton’s emails from her server.

Platte River Networks (PRN) is a computer company managing Clinton’s private server. PRN employee Paul Combetta will later admit to the FBI that he deleted all of Clinton’s emails from her server and then used the computer program BleachBit to permanently eliminate the emails. This is despite the fact that he claims he had only been told by one of Clinton’s lawyers (and her former chief of staff) Cheryl Mills back in December 2014 to change the email retention policy on Clinton’s account.

On March 25, 2015, there was a conference call between PRN employees and members of former President Bill Clinton’s personal staff. On March 31, 2015, there is another conference call. Combetta will later say he made the deletions at some point between the two calls.

Details about the second call are murky because the FBI only discovered it took place due to discovering a PRN work ticket about it. The ticket mentions PRN employees talking to Clinton’s personal lawyer David Kendall as well as her lawyer Mills. But when Combetta was asked about it, according to the FBI, “PRN’s attorney advised [him] not to comment on the conversation with Kendall, based upon the assertion of the attorney-client privilege.”

In 2016, Mills will be interviewed by the FBI. She will state that she was unaware that Combetta made such deletions and modifications in March 2015. This presumably would mean they were not discussed in the second conference call, or any time after that. Clinton will also be interviewed in 2016, and she will also claim she was unaware of the March 2015 email deletions. (Federal Bureau of Investigation, 9/2/2016)

July 10, 2015: The FBI’s Clinton investigation formally begins.

In September 2016, the FBI will reveal in a publicly released report, “On July 10, 2015, the Federal Bureau of Investigation (FBI) initiated a full investigation based upon a referral received from the US Intelligence Community Inspector General (ICIG), submitted in accordance with Section 81 1(c) of the Intelligence Authorization Act of 1995 and dated July 6, 2015, regarding the potential unauthorized transmission and storage of classified information on the personal email server of former Secretary of State Hillary Clinton. The FBI’s investigation focused on determining whether classified information was transmitted or stored on unclassified systems in violation of federal criminal statutes and whether classified information was compromised by unauthorized individuals, to include foreign governments or intelligence services, via cyber intrusion or other means.” (Federal Bureau of Investigation, 9/2/2016)

However, according to an account by CNN in August 2015, the FBI had already begun investigating Clinton’s emails in late May 2015, so presumably this merely formalized it. (CNN, 8/20/2015)

August 6, 2015: Clinton’s lawyers give the FBI a thumb drive containing over 30,000 Clinton work-related emails.

Williams & Connolly, the law firm of Clinton’s personal lawyer David Kendall, gives the FBI a thumb drive which has a .pst file containing 30,524 emails. On December 5, 2014, Clinton’s lawyers gave the State Department 30,490 emails, sorted to be all of Clinton’s work-related emails. It isn’t clear why there is a 34 email difference.

On July 31, 2016, the Justice Department asked Kendall to turn over his thumb drive.

Clinton lawyer Heather Samuelson put the .pst file on a thumb drive and gave it to Kendall around the above-mentioned December 5, 2014 date. (Federal Bureau of Investigation, 9/2/2016)