2006 or Earlier: Justin Cooper provides computer help to Clinton and her aides well before Clinton becomes secretary of state.

In September 2015, Clinton’s future deputy chief of staff Huma Abedin will be interviewed under oath by the House Benghazi Committee. She will reveal that when she had an email or other computer problem while working on Clinton’s 2008 presidential campaign, or even earlier working as an aide when Clinton was a senator, Abedin would turn to Justin Cooper for help. “I usually called Justin. He was our go-to guy. He always was, you know, ‘I’m having a problem, can you help me fix it,’ and he always did…” She would also call on Cooper whenever Clinton was having an email problem.

Cooper will also be the person who suggests she get a clintonemail.com email account on Clinton’s private server shortly before Clinton becomes secretary of state, and then sets it up for her. This suggests his involvement managing Clinton’s private server starts early. Cooper is a longtime aide to Bill Clinton, but he apparently never has a government job or security clearance. (House Benghazi Committee, 10/21/2015)

February 1, 2008: Clinton’s private email domain is set up under a false name.

Another view of the Clinton family home in Chappaqua, New York. (Credit: Susan Farley / Getty Images)

A view of the Clinton family home in Chappaqua, New York. (Credit: Susan Farley / Getty Images)

An IP address associated with the clintonemail.com domain later used by Hillary Clinton is registered to “Eric Hoteham” on this date. The IP address for clintonemail.com, along with others registered in Hoteham’s name, is connected to Bill and Hillary Clinton’s home address in Chappaqua, New York. ABC News will later call Hoteham a “mystery man,” since no one with that name is known to exist.

He may or may not be the same as the similarly named Eric Hothem who worked for Bill Clinton when he was president, was an aide for Hillary Clinton in the early 2000s, and has worked for Citicorp and then JP Morgan since. That person has refused to comment on the matter. (ABC News, 3/5/2015) (ABC News, 3/6/2015)

Around June 2008: Clinton’s first private email server is set up in her house.

080601ApplePowerMcIntoshG4

The Apple Power Macintosh G4 Server (Credit: public domain)

According to the FBI, around 2007, Justin Cooper purchased an Apple OS X server. Cooper is a personal aide to former President Bill Clinton at the time. On February 1, 2008, the domain names clintonemail.com, wjcoffice.com, and presidentclinton.com were registered, but apparently the server that uses them won’t be operational until a few months later. The server is physically located in a house in Chappaqua, New York, where Bill and Hillary Clinton live.

The server consists of an Apple Power Macintosh G4 or G5 tower and an HP printer. According to Cooper, around June 2008, an Apple employee installs the server in the basement of the Chappaqua house. Cooper is the only person with administrative access to the server. However, the Clinton family and their house staff have physical access to it.

Hillary Clinton uses her att.blackberry.net email account as her primary email address until around mid-to-late January 2009 when she will switch to a newly created hdr22@clintonemail.com account hosted on this server. (Federal Bureau of Investigation, 9/2/2016)

After June 7, 2008: Clinton’s computer technician starts managing Clinton’s private server.

Carrie Pagliano, wife (left), Bill Clinton (center), and Bryan Pagliano (right). (Credit: Facebook)

Carrie Pagliano, wife (left), Bill Clinton (center), and Bryan Pagliano (right). (Credit: Facebook)

At some unknown point after Clinton ends her presidential campaign on June 7, 2008, Bryan Pagliano is tasked as the lead specialist to take care of the new private email server in Bill and Hillary Clinton’s Chappaqua, New York, house. He will keep the job until mid-2013. Pagliano worked as the IT (information technology) director for Hillary Clinton’s 2008 presidential campaign.

He is paid by Clinton’s Senate leadership PAC (political action committee) through April 2009, then starts working for the State Department a month later. (The Washington Post, 8/4/2015)

August 2008: State Department rules prohibit the way some sensitive information will later be used on Clinton’s private server.

According to the State Department’s Foreign Affairs Manual (FAM), department employees are allowed to send most Sensitive But Unclassified (SBU) information unencrypted over the Internet only when necessary.

In August 2008, the FAM is amended to further toughen the rules on sending SBU information on non-department-owned systems at non-departmental facilities – such as Clinton’s later use of a private email server. Employees have to:

  • ensure that SBU information is encrypted
  • destroy SBU information on their personally owned and managed computers and removable media when the files are no longer required
  • implement encryption certified by the National Institute of Science and Technology (NIST)

The FBI will later determine that SBU information was frequently and knowingly sent to and from Clinton’s private server, but none of these steps were taken. (Federal Bureau of Investigation, 9/2/2016)

Autumn 2008 to Mid-January 2009: It is decided to replace Clinton’s first private server with a larger server built by Pagliano.

080901MacOSXApple

The Mac OS X Logo (Credit: Apple)

Justin Cooper is an aide to former President Bill Clinton, and he is the administrator for the private server located in the Chappaqua, New York, house where Bill and his wife Hillary live. Cooper will later be interviewed by the FBI, and he will say that the decision is made to replace the server because the current server (being run on an Apple OS X computer) is antiquated and people using it are having email troubles.

At the recommendation of Hillary Clinton’s longtime aide Huma Abedin, Cooper contacts Bryan Pagliano, who worked on Clinton’s 2008 presidential campaign as an information technology specialist, to build a new server system and to assist Cooper with administrating it. Pagliano was getting rid of the computer equipment from Clinton’s presidential campaign, so it is decided to use some of this equipment for the new server at the Chappaqua house.

According to a later FBI interview, Hillary Clinton “told the FBI that at some point she became aware there was a server in the basement of her Chappaqua residence. However, she was unaware of the transition from the Apple server managed by Cooper to another server built by Pagliano and therefore, was not involved in the transition decision.”

Between the fall of 2008 and January 2009, Pagliano gets computer equipment from Clinton’s former presidential campaign headquarters, and also works with Cooper to buy additional necessary equipment.

Clinton becomes secretary of state on January 20, 2009, and begins using a clintonemail.com email address around that time, which is hosted on the old Apple server. The new server won’t be operational until March 2009. (Federal Bureau of Investigation, 9/2/2016)

Shortly Before January 13, 2009: Huma Abedin allegedly wants Clinton’s email account on a private server and not on a server that is managed by someone else, so that is what is arranged.

In a September 2016 Congressional hearing, Justin Cooper will reveal some information about how Clinton’s use of a private email account on her private server begins. He will state: “Secretary Clinton was transitioning from her presidential campaign and Senate role and had been using primarily a BlackBerry for email correspondence. There were limitations to her ability to use that BlackBerry as well as desire to change her email address because a number of people have received her email address over the course of those activities. So we created with a discussion, I believe, with [Clinton aide] Huma Abedin at the time [about] what domains might be of interest. We obtained a domain and we added it to the original server used by President Clinton’s office for [Hillary Clinton] to use with her BlackBerry at the time…”

Note that Cooper registers three domain names on January 13, 2009, so this discussion must have occurred before then.

Representative Mark Meadows (Credit: public domain)

Representative Mark Meadows (Credit: public domain)

Representative Mark Meadows (R) will ask Cooper in the hearing: “So, your testimony here today is that Huma Abedin said that she would prefer to have Ms. Clinton’s email on a private server versus a server that was actually managed by someone else? That’s your testimony?”

Cooper will reply, “My testimony is that that was communicated to me.”

He will also clarify that when it came to talking to Abedin, “I don’t recall conversations with her about the setting up of the server.” But he also will say, “At some point I had a conversation with her about the setting up of an email account for Secretary Clinton on the server.” (US Congress, 9/13/2016)

However, in Abedin’s April 2016 FBI interview, she will say nothing like this. In fact, she will deny even knowing the server existed until it was mentioned in the media, despite her having an email account hosted on the server for the entire duration of Clinton’s tenure as secretary of state and at least three email exchanges that show her discussing the server during that time. (Federal Bureau of Investigation, 9/2/2016)

January 21, 2009: Despite Clinton becoming secretary of state on this day, there is no apparent change in the way her private email server is managed.

Clinton arrives at the State Department on January 22, 2009. (Credit: public domain)

Clinton arrives at the State Department on January 22, 2009. (Credit: public domain)

Her server was installed in her house in Chappaqua, New York, and it continues to reside there. Her IT [Information Technology] expert Bryan Pagliano has been in charge of running it since 2008 as well, and continues to do so.

Yet the Washington Post will later report, “Four computer-security specialists interviewed by the Post said that such a system could be made reasonably secure but that it would need constant monitoring by people trained to look for irregularities in the server’s logs.”

One of the specialists will comment, “For data of this sensitivity… we would need at a minimum a small team to do monitoring and hardening.” (The Washington Post, 3/27/2016)

January 21, 2009—February 1, 2013: Most State Department officials claim they don’t know Clinton has a private email address or uses a private server.

A sample email of the "H" as it appears in an email sent by Clinton. (Credit: public domain)

A sample address with the “H” as it appears in an email sent by Clinton. (Credit: public domain)

A September 2016 FBI report will indicate that “some Clinton aides and senior-level State [Department] employees were aware Clinton used a personal email address for State business during her tenure [as secretary of state]. Clinton told the FBI it was common knowledge at State that she had a private email address because it was displayed to anyone with whom she exchanged emails. However, some State employees interviewed by the FBI explained that emails from Clinton only contained the letter ‘H’ in the sender field and did not display her email address.”

The report also notes, “The majority of the State employees interviewed by the FBI who were in email contact with Clinton indicated they had no knowledge of the private server in her Chappaqua residence.”

Even Clinton’s closest aides like her chief of staff Cheryl Mills and deputy chief of staff Huma Abedin will claim they didn’t know, though there is evidence that suggests otherwise (Federal Bureau of Investigation, 9/2/2016)

January 21, 2009—February 1, 2013: Clinton is unable to check her email in her office for the entire four years she is secretary of state.

She is said to be addicted to checking her email on her BlackBerry, but security officials refuse to let her take her BlackBerry into her office. Early in her tenure, security officials offer to install a secure computer with Internet access in her office to allow her to check email, but she doesn’t want it and never gets one.

In 2015, an unnamed senior NSA official will recall the conflict after retiring: “It was the usual Clinton prima donna stuff, the whole ‘rules are for other people’ act that I remembered from the ′90s. […] What did she not want put on a government system, where security people might see it? […]  I wonder now, and I sure wish I’d asked about it back in 2009.”

John Schindler (Credit: The Daily Telegraph)

John Schindler (Credit: The Daily Telegraph)

Former NSA counterintelligence officer John Schindler will later comment, “Why Ms. Clinton would not simply check her personal email on an office computer, like every other government employee less senior than the president, seems a germane question, given what a major scandal email-gate turned out to be.” (The New York Observer, 3/18/2016)

January 21, 2009—February 1, 2013: Clinton’s mobile devices and private server are never approved by her department’s security officials.

The Diplomatic Security Service Logo (Credit: public domain)

The Diplomatic Security Service Logo (Credit: public domain)

According to a May 2016 State Department inspector general’s report, the department’s Diplomatic Security (DS) and Information Resources Management (IRM) security officials claim that Clinton never demonstrates to them that her private server or BlackBerry or iPad meets the minimum security requirements specified by the Federal Information Security Management Act and the Foreign Affairs Manual (FAM). (US Department of State, 5/25/2016)

February 17, 2009: Clinton and her aides meet with security officials about using BlackBerrys in secure rooms, but no solution is found.

Cheryl Mills (Credit: Black Christian News Network One)

Cheryl Mills (Credit: Black Christian News Network One)

Clinton is frustrated, because she insists on using her personal BlackBerry device for all her emails, but she is not allowed to take it into her suite of offices where she works every day. The BlackBerry is considered a security risk, as it could be hijacked by hackers and turned into a listening device, so she always has to put it into a lockbox before entering her office.

On this day, she and her top aides have a meeting about this. Clinton, her chief of staff Cheryl Mills, and others meet with five National Security Agency (NSA) officials and security officials from the State Department and other agencies. They discuss ways for Clinton and her aides to use their BlackBerrys in secure rooms, but no easy solution is found.

Clinton continues to use her BlackBerry after the meeting while others keep trying to find a solution. Apparently, all the security officials in the meeting are unaware that Clinton’s emails are being stored on a private server in her house.

The Washington Post will later report, “Those officials took no steps to protect the server against intruders and spies, because they apparently were not told about it.” (The Washington Post, 3/27/2016)

March 2009: Clinton’s personal email server is replaced; she will use the new one for the rest of her term as secretary of state.

Justin Cooper, an aide to former President Bill Clinton, has been working with Bryan Pagliano, who worked as a computer technician on Hillary Clinton’s 2008 presidential campaign, to build a new private server located in the Clintons’ Chappaqua, New York, house. Some time in March 2009, Pagliano and Cooper met at the Chappaqua house to physically install the server and related equipment in a server rack in the basement.

Once the new server is up and running, Pagliano migrates the email data from the old server to the new one. Pagliano will later be interviewed by the FBI, and he will claim that after the migration, no email content should have remained on the old server. He will tell the FBI that he only transferred clintonemail.com email accounts for Clinton aide Huma Abedin and others (whose names will later be redacted), and he was unaware of and did not transfer an email account for Hillary Clinton.

However, Clinton emails using a clintonemail.com domain address start getting sent in January 2009, showing she must had had an account on the old server since that time. Cooper will also later be interviewed by the FBI, and he will say he believed Clinton had a clintonemail.com email account on the old server and Abedin did not. The FBI will be unable to obtain the old server to analyze it, so the dispute has not been fully resolved.

130601DellPowerEdge2900public

The Dell Power Edge 2900 (Credit: public domain)

This new server will be used for the rest of Clinton’s term as secretary of state, then will be replaced in 2013. Later in March 2009, the old server is repurposed to serve as a personal computer for household staff at Clinton’s Chappaqua house. (Federal Bureau of Investigation, 9/2/2016)

The Washington Post will later report, “The server was nothing remarkable, the kind of system often used by small businesses, according to people familiar with its configuration at the end of her tenure. It consisted of two off-the-shelf server computers. Both were equipped with antivirus software. They were linked by cable to a local Internet service provider. A firewall was used as protection against hackers.” (The Washington Post, 3/27/2016)

According to the FBI, the new server initially consists of the following equipment: “a Dell PowerEdge 2900 server miming Microsoft Exchange for email hosting and management, a Dell PowerEdge 1950 server miming BlackBerry Enterprise Server (BES) for the management of BlackBerry devices, a Seagate external hard drive to store backups of the Dell PowerEdge 2900 server, a Dell switch, a Cisco firewall, and a power supply.” (Federal Bureau of Investigation, 9/2/2016)

In 2015, Hillary Clinton will say of her server, “It was sitting there in the basement. It was not any trouble at all.” (The Wall Street Journal, 9/27/2015)

March 2009—May 31, 2013: Bryan Pagliano and Justin Cooper jointly manage Clinton’s private server.

160301PaglianoCooperMontage

Bryan Pagliano (left), Justin Cooper (right) (Credit: public domain)

In March 2009, Clinton’s private email server is replaced by a larger one built by her computer technician Pagliano. Cooper had been the only person with administrative access for the previous server, but now both him and Pagliano have administrative accounts on the new one.

Pagliano handles all software upgrades and general maintenance. He works at the State Department in Washington, DC, and there is only evidence of him going to Chappaqua, New York, to directy work on the server three times: in March 2009, to install the server; in June 2011, to upgrade the equipment; and in January 2012, to fix a hardware issue.

By contrast, in a later FBI interview, Cooper will describe his role as “the customer service face.” He can add users or reset passwords on the email server. He also works at the Chappaqua house as an aide to former President Bill Clinton, so it is much easier for him to physically interact with the server there.

Cooper and Pagliano both handle the selection and purchase of server-related items.

In a later FBI interview, Hillary Clinton will state “she had no knowledge of the hardware, software, or security protocols used to construct and operate the servers. When she experienced technical issues with her email account she contacted Cooper for assistance in resolving those issues.”

The roles of Cooper and Pagliano will be phased out in mid-2013, with the Platte River Networks company winning a contact to manage Clinton’s server on May 31, 2013.

Around Spring 2009: Pagliano is warned that classified information could be sent to Clinton’s private server, but there is no sign he takes action or passes this warning on.

When Clinton’s computer technician Bryan Pagliano is interviewed by the FBI in December 2015, he will recall a conversation with a person whose name is redacted that takes place at the beginning of Clinton’s tenure as secretary of state. According to the FBI, this person “advised he would not be surprised if classified information was being transmitted to Clinton’s personal server.”

Pagliano joins the State Department in May 2009, and he also is the main person to manage problems with the server. But there is no mention of him taking any action about this warning or passing it on to anyone else. The unnamed person also gives Pagliano advice on how to improve the server security that goes unheeded as well. (Federal Bureau of Investigation, 9/2/2016)

Around Spring 2009: Clinton’s computer technician is advised to make a key improvement to the security of Clinton’s private server, but the improvement is never made.

When Bryan Pagliano, the manager of Clinton’s private server while she Clinton’s is secretary of state, will be interviewed by the FBI in December 2015, he will recall a conversation that takes place around the beginning of Clinton’s tenure. This person, whose name is later redacted, recommends that email transiting from a state.gov account to Clinton’s private server should be sent through a Transport Layer Security (TLS) “tunnel.” Most of Clinton’s email traffic is with State Department officials using state.gov accounts.

A diagram of the Transport Layer Security (TLS) (Credit: public domain)

A diagram described as Networking 101: Transport Layer Security (TLS) (Credit: public domain)

A September 2016 FBI report will explain: “TLS is a protocol that ensures privacy between communicating applications, such as web browsing, email, and instant messaging, with their users on the Internet. TLS ensures that no third-party eavesdrops on the two-way communication. TLS is the successor to SSL and is considered more secure.”

Pagliano is the main person to manage problems with the server, but he will tell the FBI that the transition to TLS never occurred. It is not clear why. The FBI will be unable to forensically determine if TLS was ever implemented on the server.

The same unnamed person who gives Pagliano this advice also tells him at the same time that he would not be surprised if classified information was being transmitted to Clinton’s personal server.  (Federal Bureau of Investigation, 9/2/2016)

March 6, 2009—March 15, 2009: Clinton says she “gets it” about BlackBerry security concerns, but she keeps on using her BlackBerry.

Eric Boswell (Credit: public domain)

Eric Boswell (Credit: public domain)

On March 6, 2009, Assistant Secretary for Diplomatic Security Eric Boswell emails an internal State Department memo with the subject line “Use of BlackBerrys in Mahogany Row.” (“Mahogany Row” is where the seventh floor offices of Clinton and her top aides are.) The memo states, “Our review reaffirms our belief that the vulnerabilities and risks associated with the use of BlackBerrys in the Mahogany Row [redacted] considerably outweigh the convenience their use can add. … Any unclassified BlackBerry is highly vulnerable in any setting to remotely and covertly monitoring conversations, retrieving emails, and exploiting calendars.”

According to an email by another security official nine days later on March 15, Clinton tells Boswell that she read his memo and “gets it.” That email adds, “Her attention was drawn to the sentence that indicates (Diplomatic Security) have intelligence concerning this vulnerability during her recent trip to Asia.”

However, Clinton continues to use her BlackBerry and private server without any apparent changes. (The Washington Post, 3/27/2016)

March 29, 2009: For the first two months Clinton uses her private server for all her emails, it operates without the standard encryption generally used to protect Internet communication.

Clinton meets Chinese State Councillor Dai Bingguo in the Diaoyutai State Guesthouse in Beijing, China, on February 21, 2009. (Credit: Greg Baker / Getty Images)

Clinton meets Chinese State Councillor Dai Bingguo in the Diaoyutai State Guesthouse in Beijing, China, on February 21, 2009. (Credit: Greg Baker / Getty Images)

This is according to a 2015 independent analysis by Venafi Inc., a cybersecurity firm that specializes in the encryption process. Not until this day does the server receive a “digital certificate” that encrypts and protects communication over the Internet through encryption.

The Washington Post will later report, “It is unknown whether the system had some other way to encrypt the email traffic at the time. Without encryption—a process that scrambles communication for anyone without the correct key—email, attachments and passwords are transmitted in plain text.”

A Venafi official will later comment, “That means that anyone could have accessed it. Anyone.” (The Washington Post, 3/27/2016)

Clinton began sending emails using the server by January 28, 2009, but will later claim she didn’t start using it until March 18, 2009—a two-month gap similar to the two-month gap the server apparently wasn’t properly protected. Apparently, she has not given investigators any of her emails from before March 18. (The New York Times, 9/25/2015)

A 2016 op-ed in the Washington Post will suggest that security concerns during Clinton’s February 2009 trip to Asia could have prompted the use of encryption on her server. (The Washington Post, 4/4/2016)

An FBI report released in September 2016 will confirm that encyption only began in March 2009. It states that “in March 2009, [Bill Clinton aide Justin] Cooper registered a Secure Sockets Layer (SSL) encryption certificate at [Bryan] Pagliano’s direction for added security when users accessed their email from various computers and devices.” (Federal Bureau of Investigation, 9/2/2016)

March 29, 2009: The encryption certificate used on Clinton’s private server starting on this day has an unusually long duration.

It is valid for four years and then will be renewed with a five year certificate in 2013. Kevin Bocek, vice president of security company Venafi, will later say, “Most security professionals wouldn’t recommend that. Google uses three-month certificates.” The certificate used a standard strength 2,048-byte encryption key. However, it doesn’t use “perfect forward secrecy.” That means that if the key is broken, multiple emails can be accessed. (ComputerWorld, 3/11/2015)

A 2016 FBI report will confirm this, mentioning that the certificate is valid until September 13, 2013, at which time a new certificate is obtained which is valid until September 13, 2018. (Federal Bureau of Investigation, 9/2/2016)

May 2009—February 2013: Pagliano is paid by the Clintons to manage their private server, but details are murky.

According to a later account by Clinton’s legal counsel, Clinton’s computer technician Bryan Pagliano performs “technology services for the Clinton family for which he [is] compensated” by check or wire transfer in varying amounts at various times between 2009 and 2013. Most importantly, he manages her private email server as an outside job, including doing so during his hours for the State Department. However, exactly how much he gets paid is unknown. Other details such as who he directly reports to, who directly pays him, and how many hours a week he works on the task also remain unknown. It appears that Justin Cooper, an assistant to Bill Clinton who does not work in government, sometimes helps manage the server as well. But Cooper’s role is even more unclear. (US Department of State, 5/25/2016)

May 2009—February 2013: Clinton’s computer technician lies about his outside income running Clinton’s private server.

In May 2009, begins working for the State Department while continuing to be paid by Clinton for managing her private server. However, he does not list his outside income in the required personal financial disclosures he files each year. This continues until his full time department job ends in February 2013, the same month Clinton’s tenure as secretary of state ends. In early 2015, a State Department official will say that the department has “found no evidence that he ever informed the department that he had outside income.” (The Washington Post, 9/5/2015To lie on such a financial disclosure form is a felony punishable by up to five years in prison. (US Legal Code, 2/24/2012)

May 2009—February 2013: Clinton’s computer technician secretly manages her server during government work time and without the knowledge of his supervisors.

Bryan Pagliano (Credit: LinkedIn)

Bryan Pagliano (Credit: LinkedIn)

During the time Bryan Pagliano works as a political employee in the State Department’s IT [information technology] division starting in May 2009, he continues to secretly manage Clinton’s private email server in her house. The Washington Post will later report, “Three of Pagliano’s supervisors… told investigators they had no idea that Clinton used the basement server or that Pagliano was moonlighting on it.” (The Washington Post, 3/27/2016) However, Pagliano’s two direct supervisors (who apparently are Susan Swart and Charlie Wisecarver) will later tell department investigators that while they were aware Pagliano provided computer assistance to Clinton’s 2008 presidential campaign, they didn’t know he was supporting her server during working hours. They will question how he could do so given that he was supposed to be working full-time for the department. (US Department of State, 5/25/2016An unnamed colleague in Pagliano’s division will later similarly say that Pagliano’s immediate supervisors didn’t know Clinton’s private server even existed until it was revealed in news reports in 2015. In March 2016, the Reuters will report that both Clinton and the State Department continue to decline “to say who, if anyone, in the government was aware of the email arrangement.” (Reuters, 3/24/2016)

July 3, 2009: The NSA begins monitoring government email traffic for hacking attacks, but Clinton’s private server doesn’t benefit.

It is announced that the National Security Agency (NSA) will monitor the email traffic of 12 US government departments, including the State Department, in order to combat hacking. In a monitoring program called Einstein 3, telecommunication companies route data going to and from government networks through the NSA, which examine the traffic for any activity suggestive of an attack. (Wired Magazine, 7/8/2009) 

In 2015, Wired Magazine will note that because Clinton used a private email server, her “email [didn’t] have the benefit of any of that expensive government security.” (Wired, 3/4/2015)

October 3, 2009: Clinton arranges secure phone calls using her unsecured email.

US Ambassador Karl Eikenberry (Credit: Asia Society)

US Ambassador Karl Eikenberry (Credit: Asia Society)

Clinton writes an email to her deputy chief of staff Huma Abedin telling her to set up a conference call that will use Clinton’s home phone over the weekend. The call will be between Clinton, two assistant secretaries of state, and a US ambassador. Clinton writes, “As soon as I’m off call now. Tell ops to set it up now.” (US Department of State, 6/30/2015)

The Washington Times will later report on this email, “The coordination of secure communications on an insecure break with protocol would give foreign intelligence agencies an opportunity to learn about a call early, then target and intercept the call, US officials told the Times.” Clinton will do this on other occasions, including setting up a call the next day with Karl Eikenberry, US ambassador to Afghanistan. (The Washington Times, 9/1/2015)

January 13, 2010: Clinton is photographed on this day using a phone that clearly isn’t her blue-colored Blackberry that is seen in many other photos of her from before and after this time.

Left: Clinton reads her BlackBerry at a ceremony in New York on November 11, 2008. (Credit: Saul Loeb / Agence France Presse / Getty Images) Center: Clinton speaks on a phone in a hotel in Honolulu, Hawaii, on January 13, 2010. (Credit: Mandel Ngan / Agence France Presse) Right: Clinton uses her Blackberry inside a military plane bound for Tripoli, Libya, on October 18, 2011. (Credit: Kevin Lamarque / The Associated Press)

Left: Clinton reads her BlackBerry at a ceremony in New York on November 11, 2008. (Credit: Saul Loeb / Agence France Presse / Getty Images) Center: Clinton speaks on a phone in a hotel in Honolulu, Hawaii, on January 13, 2010. (Credit: Mandel Ngan / Agence France Presse) Right: Clinton uses her Blackberry inside a military plane bound for Tripoli, Libya, on October 18, 2011. (Credit: Kevin Lamarque / The Associated Press)

It is not known if it is a borrowed phone or her phone. (Getty Images) (Getty Images) In 2015, after her use of only one private email address will become public, she will claim that this was because she only had one phone. She will mention that she bought an iPad in 2010, but the first iPad model will not be released until April 2010 and she will not buy one until July 2010. (The Associated Press, 3/11/2015) (The Washington Post, 3/31/2015) (US Department of State, 8/31/2015)

April 1, 2010: An NSA official is convicted for possessing a document not marked classified.

Thomas Drake (Credit: H. Darr Beiser / USA Today)

Thomas Drake (Credit: H. Darr Beiser / USA Today)

Whistleblower Thomas Drake, a former senior National Security Agency (NSA) official, is indicted under the Espionage Act for keeping an NSA email printout at home that was not marked as classified. Drake will later plead guilty to a misdemeanor.

In contrast to this case, Clinton and some of her supporters will later claim that she does not face legal jeopardy if the emails on her private server were not explicitly labeled as classified. (The New York Times, 8/8/2015)

May 21, 2010—October 21, 2010: Computer records suggest Clinton’s private server could be located at the Clinton Foundation’s headquarters.

The result of an IP location look up of where Clinton's private server was in mid-2010 appears to indicate the middle of Manhattan, New York. (Credit: IP Finder / Google Maps)

The result of an IP location look up of where Clinton’s private server was in mid-2010 appears to indicate the middle of Manhattan, New York. (Credit: IP Finder / Google Maps)

According to publicly available computer records, the IP [Internet Protocol] address for the mail.presidentclinton.com server is 24.187.234.187 from at least 2009 to 2011. Records also show that mail.clintonemail.com server has the same exact IP address, 24.187.234.187, from at least May 21, 2010 to October 21, 2010. That means the two servers must have been in the same location for that overlapping time period.

Computer records can also indicate where the IP addresses are physically located, and that IP address at that time is somewhere in the middle of Manhattan, New York City. That makes sense for presidentclinton.com, since former President Bill Clinton’s offices are there, and the Clinton Foundation headquarters is also there. But that would suggest that Hillary Clinton’s clintonemail.com server used for all her secretary of state work is also based in Manhattan and not Chappaqua, New York, for at least part of 2010. (DNS History, 9/7/2015) (DNS History, 9/7/2015) (IP Tracker, 9/3/2015)

Around Mid-2010 and After: After contacting a Secret Service agent about frequent hacking attacks on Clinton’s server, the managers of the server apparently never contact anyone else from other government departments for help.

Justin Cooper (Credit: Alex Wong / Getty Images)

Justin Cooper (Credit: Alex Wong / Getty Images)

According to a September 2016 FBI report, Justin Cooper, a Bill Clinton aide who is helping to manage Clinton’s private server, contacts a Secret Service agent at some point during Clinton’s tenure as secretary of state. It is not clear when this happens, but apparently it is not long after the server begins to be frequently targeted by brute force hacking attacks around the middle of 2010.

Cooper will be asked about this in a September 2016 Congressional hearing shortly after the FBI report is published. He will say, “when we first experienced some of the repeated failed login attempts, I reported them to the Secret Service. … There was an instance where we shared some logs with [them]. … The Secret Service looked at logs from the server and made some recommendations to [server manager Bryan] Pagliano about the possible origins of those failed logins and some techniques he might use to mitigate that problem.” (The Secret Service agent will give advice on improving the server’s security that will not be followed.)

However, when Cooper is asked by Representative Blake Farenthold (R), “Did you turn over the logs and notifications that you received to the FBI, the emails of brute force attacks?” Cooper will say the FBI was not contacted.

Representative Jody Hice (Credit: Twitter)

Representative Jody Hice (Credit: Twitter)

Additionally, when Representative Jody Hice (R) will ask if Cooper consulted with any other “department or agency in the government,” Cooper will say, “No. No consultations of that type.” He will also specifically mention the State Department wasn’t consulted. (US Congress, 9/13/2016)

It’s possible that Pagliano contacted others, but the FBI will interview both Cooper and Pagliano in its investigation and then will mention only the contact with the Secret Service in its final report.

The number of hacking attacks steadily grows through the rest of Clinton’s time in office. (Federal Bureau of Investigation, 9/2/2016)

Around Mid-2010 to January 2013: “Brute force” hacking attempts on Clinton’s private server begin and steadily increase, but it is unknown if any are successful.

Blake Farenthold (Credit: Bill Clark / Congressional Quarterly Roll Call)

Blake Farenthold (Credit: Bill Clark / Congressional Quarterly)

Bryan Pagliano, the manager of Clinton’s private server while she is secretary of state, will be interviewed by the FBI in December 2015. According to an FBI report, he will claim that the server suffered no known security breaches. However, “he was aware there were many failed login attempts, which he referred to as brute force attacks. He added that the failed attempts increased over the life of the [server], and he set up the server’s logs to alert [Justin] Cooper when they occurred. Pagliano knew the attempts were potential attackers because the credentials attempting to log in did not match legitimate users on the system. Pagliano could not recall if a high volume of failed login attempts emanated from any specific country.”

The FBI report will explain, “A brute force attack is a trial-and-error method used to obtain information, such as a password… In a brute force attack, passwords may be attempted manually or automated software can be used to generate a large number of consecutive guesses as to the targeted information.” (Federal Bureau of Investigation, 9/2/2016)

Cooper, a Bill Clinton aide who helped Pagliano manage the server, will be asked about brute force attacks in a September 2016 Congressional hearing. He will respond, “I can’t say with any specificity how many had happened. They happened with some limited frequency over the period of, I’d say the last two and a half years, while she was in office. But we had developed systems to tamper these down.”

Representative Blake Farenthold (R) will ask Cooper that if the brute force attacker managed to enter the correct user name and password, “you wouldn’t have been notified, would you? You would have thought it was Mrs. Clinton or some legitimate user actually getting in?”

After further questioning, Cooper will admit that he only looked at failed attempts and didn’t check for related successful log-ins. (US Congress, 9/13/2016)

Around Mid-2010: A Secret Service agent advises Pagliano to take a step to improve the security of Clinton’s private server, but the step is not taken.

After Bryan Pagliano sets up Clinton’s new private server in January 2009, he sets up Internet Protocol (IP) filtering on the firewall, once a firewall is established in late March 2009. Pagliano will later tell the FBI that he tried to review the firewall log files once a month.

The US Secret Service Badge (Credit: public domain)

The US Secret Service Badge (Credit: public domain)

At some point, Justin Cooper, a Bill Clinton aide who is helping Pagliano manage the server, puts Pagliano in contact with a US Secret Service agent. The timing of this is not clear. However, in a September 2016 Congresssional hearing, Cooper will say it happened after Clinton’s server started to get frequent “brute force” hacking attacks, and that begins around the middle of 2010.

This agent recommends that Pagliano should also perform outbound filtering of email traffic. According to a September 2016 FBI report, “Pagliano further considered, but ultimately did not implement, a Virtual Private Network (VPN) or two-factor authentication to better secure administrative access to the server system by him and Cooper.”

The FBI report will explain: “‘VPN’ is a private network that runs on top of a larger network to provide access to shared network resources, which may or may not include the physical hard drives of individual computers… VPN offers an additional layer of security by encrypting the data traveling to the private network before sending it over the Internet. Data is then decrypted when it reaches the private network. … ‘Two-factor authentication’ is a method of confirming a user’s claimed identity by utilizing a combination of two different components…” (Federal Bureau of Investigation, 9/2/2016) (US Congress, 9/13/2016)

July 24, 2010: Clinton may start accessing the Internet at her Washington home using an unsecure, typical Wi-Fi connection.

Philippe Reines (Credit: Washington Post)

Philippe Reines (Credit: Washington Post)

Clinton and Philippe Reines have an email chain about Clinton’s new iPad. Reines is Clinton’s press secretary and a senior advisor. It is a Saturday and apparently Clinton is at her home in Washington, DC, and trying to get her new iPad to work. She cannot connect to the Internet with it, so she asks Reines, “I don’t know if I have wi-fi. How do I find out?” (Wi-Fi technology allows one to connect to the Internet using a wireless local area network.)

Reines responds, “Let me talk to Justin & Huma to check out the situation, and if there is wi-fi I’m happy to swing by and set it up.” “Justin” is a likely reference to Clinton aide Justin Cooper, who registered Clinton’s private server in her Chappaqua, New York, house, and “Huma” is a likely reference to Clinton’s deputy chief of staff Huma Abedin. (US Department of State, 11/30/2015) 

It is not known what happens, but it appears Reines is prepared to enable Clinton to regularly use her iPad at her home using a typical Wi-Fi network, without any extra security measures. Clinton begins using her iPad for her emails the next day, while continuing to use her BlackBerry. (US Department of State, 8/31/2015)

July 25, 2010: Clinton invites a US diplomat to discuss communications with foreign ministers with her using her private email address.

100725Montage

Italian Foreign Minister Franco Frattini (top left) (Credit: European Press Agency), Greek Prime Minister George Papandreou (top right) (Credit: Greek Reporter), Spanish foreign minister Miguel Angel Moratinos (lower left) (Credit: 525-gi gazet), Israeli Prime Minister Benjamin Netanyahu (lower right) (Credit: Israel Ministry of Foreign Affairs)

Clinton writes an email to former senator George J. Mitchell (D), who is the US Special Envoy for Middle East Peace at the time. The subject heading is “Here’s my personal email,” and the entire message is “Pls [Please] use this for reply–HRC [Hillary Rodham Clinton].” (US Department of State, 9/30/2015) 

Mitchell replies, “I talked with Frattini again and went over the point again. He said he understands and agrees.” The rest of his email is later redacted because it contains “foreign government information.” “Frattini” is a likely reference to Italian Foreign Minister Franco Frattini.

Clinton replies, “I told Papandreou the same.” “Papandreou” is a likely reference to Greek Prime Minister George Papandreou. (US Department of State, 9/30/2015) 

Mitchell then discusses communicating with “Moratinos,” a likely reference to Spanish foreign minister Miguel Angel Moratinos.

Clinton replies by mentioning a plan to call “Ashton,” a likely reference to the European Union foreign policy chief Catherine Ashton, and “Bibi,” the nickname of Israeli Prime Minister Benjamin Netanyahu. (US Department of State, 9/30/2015) 

It is not clear why Clinton invites Mitchell to discuss such high-level diplomatic communications via her unsecure personal email address. In 2015, J. William Leonard, former director of the US Information Security Oversight Office, will make the general comment, “If a foreign minister just told the secretary of state something in confidence, by US rules that is classified at the moment it’s in US channels and US possession. […] It’s born classified.” (Reuters, 8/21/2015)

November 2010: Clinton writes she doesn’t want “any risk of the personal being accessible” in her emails, contradicting her later claim that her main concern is “convenience.”

The seventeen words that merited a headline by the New Yorker: "Let's get separate address or device but I don't want any risk of the personal being accessible." (Credit: The New Yorker)

The seventeen words that merited a headline by the New Yorker: “Let’s get separate address or device but I don’t want any risk of the personal being accessible.” (Credit: The New Yorker)

Clinton and her deputy chief of staff, Huma Abedin, discuss the fact that Clinton’s emails to other State Department employees are sometimes not being received. Apparently, they are getting discarded as spam because they are coming from an unofficial address.

Abedin tells Clinton in an email that “we should talk about putting you on state email or releasing your email address to the department so you are not going to spam.”

In response, Clinton writes, “Let’s get separate address or device but I don’t want any risk of the personal being accessible.” (US Department of State, 5/25/2016)

In 2016, the New Yorker Magazine will comment that Clinton’s “personal being accessible” comment “seem[s] to confirm what many observers have suspected from the outset: Clinton’s main motive in setting up the email system wasn’t to make it easier for her to receive all her messages in one place, or to do all her business on her beloved BlackBerry; it was to protect some of her correspondence—particularly correspondence she considered private—from freedom-of-information requests and other demands for details, for example, from Republican-run congressional committees.” (The New Yorker, 5/26/2016)

These emails between Clinton and Abedin will not be included in the 30,000 work-related emails that Clinton turns over to the State Department in December 2014, even though they clearly discuss work matters. The State Department will later discover them through other means, most likely from Abedin’s email inbox. (The Associated Press, 5/26/2016)