May 3, 2000: Secretary of State Madeline Albright chastises all State Department employees for being careless about security.

000503MadeleineAlbrightPolitico

Secretary of State Madeline Albright (Credit: Politico)

Albright gives a speech in front of 800 State Department officials in Washington, DC, that is also broadcast to other department officials in other states and countries. She says, ”I don’t care how skilled you are as a diplomat, how brilliant you may be at meetings, or how creative you are as an administrator, if you are not professional about security, you are a failure.” Her speech comes after some recently reported security breaches in her department, including the disappearance of a laptop containing classified information. She adds, “You may have seen reports indicating that I am furious about these incidents. Well, I am, and I hope you are, too.”

According to the New York Times, US diplomats privately acknowledge that they are sometimes cavalier about security. One unnamed longtime department official says, ”Nobody cares about security within the department.” (The New York Times, 5/4/2000)

Around June 2008: Clinton’s first private email server is set up in her house.

080601ApplePowerMcIntoshG4

The Apple Power Macintosh G4 Server (Credit: public domain)

According to the FBI, around 2007, Justin Cooper purchased an Apple OS X server. Cooper is a personal aide to former President Bill Clinton at the time. On February 1, 2008, the domain names clintonemail.com, wjcoffice.com, and presidentclinton.com were registered, but apparently the server that uses them won’t be operational until a few months later. The server is physically located in a house in Chappaqua, New York, where Bill and Hillary Clinton live.

The server consists of an Apple Power Macintosh G4 or G5 tower and an HP printer. According to Cooper, around June 2008, an Apple employee installs the server in the basement of the Chappaqua house. Cooper is the only person with administrative access to the server. However, the Clinton family and their house staff have physical access to it.

Hillary Clinton uses her att.blackberry.net email account as her primary email address until around mid-to-late January 2009 when she will switch to a newly created hdr22@clintonemail.com account hosted on this server. (Federal Bureau of Investigation, 9/2/2016)

January 15, 2009: The Clinton Foundation releases its list of donors for the first time.

Victor Dahdaleh (Credit: Leon Neal / Agence France Presse / Getty Images)

Victor Dahdaleh (Credit: Leon Neal / Agence France Presse / Getty Images)

The foundation is not legally obliged to do so, but there is political pressure, with this being the first day of Hillary Clinton’s Senate confirmation hearing for her to become the next secretary of state.

The list shows that over 200,000 donors gave at least $492 million dollars since the foundation was founded in 1997. Exact contribution amounts are unknown because the list only gives ranges. At least $46 million comes directly from foreign governments such as Saudi Arabia. The foundation promises to reveal all future donors on a yearly basis, and new foreign government donations will be scrutinized by “government ethics officers.” Some donations come from sources that could lead to controversy or conflicts of interest.

For instance, the Blackwater security firm donated between $10,001 to $25,000. The Associated Press notes the company is “at risk of losing its lucrative government contract to protect US diplomats in Iraq.”

The Internet company Yahoo, as well as its top executives Jerry Yang, Frank Biondi, and Terry Semel donated as well. The Associated Press comments that the company has been “involved in disputes over surrendering Internet information to Chinese authorities that led to the imprisonment of dissidents there.”

Also, Victor Dahdaleh gave between $1 million to $5 million. He is a Canadian investor involved in aluminum production. He has been sued for fraud and bribery by a Bahrain aluminum company, and the Justice Department opened a criminal investigation about it. (The Associated Press, 1/18/2009) Dahdaleh will be acquitted in the legal case in 2013. But he will be implicated in a different financial scandal in 2016. (Yahoo Finance, 5/25/2016)

January 21, 2009: Despite Clinton becoming secretary of state on this day, there is no apparent change in the way her private email server is managed.

Clinton arrives at the State Department on January 22, 2009. (Credit: public domain)

Clinton arrives at the State Department on January 22, 2009. (Credit: public domain)

Her server was installed in her house in Chappaqua, New York, and it continues to reside there. Her IT [Information Technology] expert Bryan Pagliano has been in charge of running it since 2008 as well, and continues to do so.

Yet the Washington Post will later report, “Four computer-security specialists interviewed by the Post said that such a system could be made reasonably secure but that it would need constant monitoring by people trained to look for irregularities in the server’s logs.”

One of the specialists will comment, “For data of this sensitivity… we would need at a minimum a small team to do monitoring and hardening.” (The Washington Post, 3/27/2016)

January 21, 2009—February 1, 2013: Evidence suggests Clinton regularly keeps her BlackBerry stored inside a secure area against regulations, but she will later deny this.

While Clinton is secretary of state, she has an office on the seventh floor of State Department headquarters, in an area often referred to as “Mahogany Row.” Her office and the surrounding area is considered a Sensitive Compartmented Information Facility (SCIF). Mobile devices such as BlackBerrys are not allowed in SCIF rooms, because they can be taken over by hackers and used to record audio and video.

But according to a September 2016 FBI report, “Interviews of three former DS [Diplomatic Security] agents revealed Clinton stored her personal BlackBerry in a desk drawer in a [Diplomatic Security] post which was located within the SCIF on Mahogany Row. State personnel were not authorized to bring their mobile devices into [the post], as it was located within the SCIF.”

A view from the 8th floor balcony at the State Department. (Credit: Thomas V. Dembski)

A view from the 8th floor balcony at the State Department. (Credit: Thomas V. Dembski)

However, according to Clinton’s deputy chief of staff Huma Abedin, Clinton would leave the SCIF to use her BlackBerry, often visiting the eighth floor balcony to do so. Former Assistant Secretary of State for Diplomatic Security Eric Boswell will later tell the FBI that he never received any complaints about Clinton using her BlackBerry inside the SCIF.

In contrast to the above evidence, in her July 2016 FBI interview, Clinton will claim that after her first month as secretary of state, she never brought her BlackBerry into the SCIF area at all, because she had been clearly told not to do that. (Federal Bureau of Investigation, 9/2/2016)

January 21, 2009—February 1, 2013: Clinton uses 11 different BlackBerrys and four iPads while she is secretary of state.

In March 2015, after it becomes public knowledge that Clinton exclusively used a private email account for all her email usage, she will claim she did this for “convenience,” so she wouldn’t have to carry two personal devices at once.

A 2009 Blackberry Bold 9700 (left) and a 2013 Blackberry 9720. (Credit: public domain)

A 2009 Blackberry Bold 9700 (left) and a 2013 Blackberry 9720. (Credit: public domain)

However, the FBI will later determine that Clinton actually used in succession 11 email-capable BlackBerrys while secretary of state. She uses two more BlackBerrys with the same phone number after her tenure is over. The FBI will not be able to obtain any of the BlackBerrys to examine them.

The FBI will later identify five iPad devices associated with Clinton which might have been used by Clinton to send emails. The FBI will later obtain three of the iPads. They will only examine two, because one was a gift that Clinton gave away as soon as she purchased it.

Clinton aide Monica Hanley often buys replacement BlackBerrys for Clinton from AT&T stores. Justin Cooper, a Bill Clinton aide who helps run Clinton’s private server, usually sets up the new devices and then syncs them to the server so she can access her email inbox. According to an FBI interview with Clinton aide Huma Abedin, “it was not uncommon for Clinton to use a new BlackBerry for a few days and then immediately switch it out for an older version with which she was more familiar.” (Federal Bureau of Investigation, 9/2/2016)

January 21, 2009—February 1, 2013: Clinton’s frequently discarded BlackBerrys are sometimes destroyed and sometimes disappear.

The FBI will later determine that Clinton uses 11 BlackBerrys while secretary of state and two more using the same phone number after she leaves office. In a 2016 FBI interview, “Clinton stated that when her BlackBerry device malfunctioned, her aides would assist her in obtaining a new BlackBerry, and, after moving to a new device, her old SIM cards were disposed of by her aides.”

Justin Cooper, a Bill Clinton aide who helps manage Clinton’s private server, will later tell the FBI that he “did recall two instances where he destroyed Clinton’s old mobile devices by breaking them in half or hitting them with a hammer.”

However, according to Clinton aides Huma Abedin and Monica Hanley, “the whereabouts of Clinton’s devices would frequently become unknown once she transitioned to a new device.” (Federal Bureau of Investigation, 9/2/2016)

January 21, 2009—February 1, 2013: Clinton is unable to check her email in her office for the entire four years she is secretary of state.

She is said to be addicted to checking her email on her BlackBerry, but security officials refuse to let her take her BlackBerry into her office. Early in her tenure, security officials offer to install a secure computer with Internet access in her office to allow her to check email, but she doesn’t want it and never gets one.

In 2015, an unnamed senior NSA official will recall the conflict after retiring: “It was the usual Clinton prima donna stuff, the whole ‘rules are for other people’ act that I remembered from the ′90s. […] What did she not want put on a government system, where security people might see it? […]  I wonder now, and I sure wish I’d asked about it back in 2009.”

John Schindler (Credit: The Daily Telegraph)

John Schindler (Credit: The Daily Telegraph)

Former NSA counterintelligence officer John Schindler will later comment, “Why Ms. Clinton would not simply check her personal email on an office computer, like every other government employee less senior than the president, seems a germane question, given what a major scandal email-gate turned out to be.” (The New York Observer, 3/18/2016)

January 22, 2009: Clinton gets an annual security briefing on the proper handling of classified materials, but this is her only one in her four years as Secretary of State.

Colonel James Waurishuk, former deputy director of intelligence for US Central Command. (Credit: 912organizer / YouTube)

Colonel James Waurishuk, former deputy director of intelligence for US Central Command. (Credit: 912organizer / YouTube)

All State Department employees are required to receive regular security training through a briefing at least once a year. It is not clear how or why Clinton will miss her briefing in the next three years. At the end of the briefing she does attend, she signs a document acknowledging her understanding of what she has been told. This is according to State Department documents that will be released to the Daily Caller in 2016 due to a Freedom of Information Act (FOIA) request.

State Department spokesperson Mark Toner will later tell reporters, “It’s my understanding that the secretary of state, everybody in this building, would receive that type of training and awareness. We all have to undergo through that. It’s considered mandatory.”

Former senior intelligence officer Colonel James M. Waurishuk will comment, “Who decided she would only get that one-time briefing? That almost sounds as if it’s a culture issue within her organization. I can’t imagine what went through her mind. There’s no excuse.” (The Daily Caller, 3/24/2016)

Around February 2009: Clinton allegedly wants to use a iPad in her office but is not allowed to do so; however the iPad won’t be released until one year later.

The first Apple iPad was released in January, 2010. (Credit: public domain)

The first Apple iPad (Credit: public domain)

Around February 2009, the NSA refuses to make a BlackBerry for Clinton that’s secure enough to use in SCIF rooms, citing security concerns. (Highly classified materials can only be read in SCIF rooms, and Clinton’s office in State Department headquarters is a SCIF room.)

According to a September 2016 FBI report, at roughly the same time, Clinton’s executive staff also ask about the possibility of Clinton using an iPad to read her emails in her office. But “this request was also denied due to restrictions associated with the Secretary’s office being in a SCIF.” (Federal Bureau of Investigation, 9/2/2016)

However, the FBI will fail to mention that the iPad won’t actually be announced by Apple until January 2010, and won’t be released until a couple of months after that, making the above claim impossible. (Apple.com, 1/27/2010)

Clinton will buy an iPad and begin using it a couple of months after it comes out, in July 2010.

February 2009: Security officials set up a space near Clinton’s office where she can check her private email account. 

Clinton meets with Supreme Court justice Ruth Bader Ginsburg in her outer office,on January 25, 2012. (Credit: public domain)

Clinton meets with Supreme Court justice Ruth Bader Ginsburg in her outer office, on January 25, 2012. (Credit: public domain)

Clinton’s office in State Department headquarters is a SCIF, which means a secure room, and she’s not allowed to bring her BlackBerry into it. Also, Clinton is unwilling to use a computer to check her emails. But around this time, security officials create a space where she can check her BlackBerry.

In 2016, a State Department official will explain, “There is an area dedicated to supporting the secretary outside but in the immediate vicinity of the secretary’s secure office. Secretary Clinton, as with anyone, could use such non-SCIF spaces to check personal devices.” Apparently, Clinton will use this arrangement for her entire four years as secretary of state. (Fox News, 3/16/2016)

February 13, 2009: The NSA refuses to set up a secure BlackBerry for Clinton.

Donald Reid (Credit: The Department of State Archives)

Donald Reid (Credit: The Department of State Archives)

Although the National Security Agency (NSA) has set up a secure, encrypted BlackBerry for President Obama, they are not interested in making one for Clinton.

On this day, Donald Reid, the State Department’s senior coordinator for security infrastructure, writes in an email, “The current state of the art is not too user friendly, has no infrastructure at State, and is very expensive.” He adds that “each time we asked the question ‘What was the solution for [President Obama]?’ we were politely told to shut up and color.”

On February 18, 2009, Reid had said in an email, “The issue here is one of personal comfort,” because Clinton and her top aides are “dedicated [BlackBerry] addicts.” (The Washington Post, 3/27/2016)

February 13, 2009: It appears the NSA will be able to give Clinton a secure BlackBerry, but this doesn’t happen.

The National Security Agency (NSA) headquarters, in Fort Meade, Maryland. (Credit: public domain)

The National Security Agency (NSA) headquarters, in Fort Meade, Maryland. (Credit: public domain)

Clinton’s chief of staff Cheryl Mills writes in an email to Clinton that a National Security Agency (NSA) official “indicated they could address our BB [BlackBerry] so that BB could work in” secure spaces, “based upon some modifications that could be done.”

Clinton writes back, “That’s good news.”

Eventually, the NSA will decide that creating special BlackBerry modification would be too problematic, so Clinton and her aides will continue to use their unsecure BlackBerrys.

In December 2014, Clinton will turn over more than 30,000 emails, claiming those were all her work-related emails and she deleted the rest. These work-related emails will not be included in those. Instead, the State Department will give them to Judicial Watch in 2016 in response to a Freedom of Information Act (FOIA) lawsuit. Clinton will later inaccurately claim that she didn’t start using her private email account until March, 18, 2009. (The Hill, 3/24/2016) (Judicial Watch, 3/24/2016) (Judicial Watch, 3/17/2016)

February 17, 2009: Clinton and her aides meet with security officials about using BlackBerrys in secure rooms, but no solution is found.

Cheryl Mills (Credit: Black Christian News Network One)

Cheryl Mills (Credit: Black Christian News Network One)

Clinton is frustrated, because she insists on using her personal BlackBerry device for all her emails, but she is not allowed to take it into her suite of offices where she works every day. The BlackBerry is considered a security risk, as it could be hijacked by hackers and turned into a listening device, so she always has to put it into a lockbox before entering her office.

On this day, she and her top aides have a meeting about this. Clinton, her chief of staff Cheryl Mills, and others meet with five National Security Agency (NSA) officials and security officials from the State Department and other agencies. They discuss ways for Clinton and her aides to use their BlackBerrys in secure rooms, but no easy solution is found.

Clinton continues to use her BlackBerry after the meeting while others keep trying to find a solution. Apparently, all the security officials in the meeting are unaware that Clinton’s emails are being stored on a private server in her house.

The Washington Post will later report, “Those officials took no steps to protect the server against intruders and spies, because they apparently were not told about it.” (The Washington Post, 3/27/2016)

February 24, 2009: A security official warns that BlackBerry could be easily hacked on overseas trips.

Joel Brenner (Credit: Kera News)

Joel Brenner (Credit: Kera News)

Joel Brenner, chief of counterintelligence at the Office of the Director of National Intelligence, gives a speech to government officials and urges them to consider what possible attacks could have occurred during a visit to the recent Beijing Olympics. “Your phone or BlackBerry could have been tagged, tracked, monitored and exploited between your disembarking the airplane and reaching the taxi stand at the airport. And when you emailed back home, some or all of the malware may have migrated to your home server. This is not hypothetical.”

Clinton had just returned from a trip to China and other Asian countries.

Although top State Department officials are aware of Brenner’s warning, she takes her BlackBerry on her future overseas trips despite it still not being inspected and secured by department officials. (The Washington Post, 3/27/2016)

Late February 2009: State Department security officials worry about Clinton’s BlackBerry use.

The US State Department headquarters in Washington, DC. "Mahogany Row" is on the top floor. (J. Scott Applewhite / The Associated Press)

The US State Department headquarters in Washington, DC. “Mahogany Row” is on the top floor. (J. Scott Applewhite / The Associated Press)

Few State Department officials appear to know that Clinton has a private email server in her house.

However, news about her frequent BlackBerry use soon spreads among the Department’s security officials. They are concerned about “Mahogany Row,” the seventh floor offices of Clinton and her top aides.

A decade earlier, Russian spies placed a listening device in a chair on that floor. Since then, on multiple occasions, hackers had breached computers in the State Department and other federal agencies.

State Department security officials are particularly concerned that Clinton’s BlackBerry could be compromised, and they worry that she could be setting a “bad example” for others in the department. They craft a memo that discusses the risks, which will be sent out on March 6. (The Washington Post, 3/27/2016)

March 6, 2009—March 15, 2009: Clinton says she “gets it” about BlackBerry security concerns, but she keeps on using her BlackBerry.

Eric Boswell (Credit: public domain)

Eric Boswell (Credit: public domain)

On March 6, 2009, Assistant Secretary for Diplomatic Security Eric Boswell emails an internal State Department memo with the subject line “Use of BlackBerrys in Mahogany Row.” (“Mahogany Row” is where the seventh floor offices of Clinton and her top aides are.) The memo states, “Our review reaffirms our belief that the vulnerabilities and risks associated with the use of BlackBerrys in the Mahogany Row [redacted] considerably outweigh the convenience their use can add. … Any unclassified BlackBerry is highly vulnerable in any setting to remotely and covertly monitoring conversations, retrieving emails, and exploiting calendars.”

According to an email by another security official nine days later on March 15, Clinton tells Boswell that she read his memo and “gets it.” That email adds, “Her attention was drawn to the sentence that indicates (Diplomatic Security) have intelligence concerning this vulnerability during her recent trip to Asia.”

However, Clinton continues to use her BlackBerry and private server without any apparent changes. (The Washington Post, 3/27/2016)

March 29, 2009: For the first two months Clinton uses her private server for all her emails, it operates without the standard encryption generally used to protect Internet communication.

Clinton meets Chinese State Councillor Dai Bingguo in the Diaoyutai State Guesthouse in Beijing, China, on February 21, 2009. (Credit: Greg Baker / Getty Images)

Clinton meets Chinese State Councillor Dai Bingguo in the Diaoyutai State Guesthouse in Beijing, China, on February 21, 2009. (Credit: Greg Baker / Getty Images)

This is according to a 2015 independent analysis by Venafi Inc., a cybersecurity firm that specializes in the encryption process. Not until this day does the server receive a “digital certificate” that encrypts and protects communication over the Internet through encryption.

The Washington Post will later report, “It is unknown whether the system had some other way to encrypt the email traffic at the time. Without encryption—a process that scrambles communication for anyone without the correct key—email, attachments and passwords are transmitted in plain text.”

A Venafi official will later comment, “That means that anyone could have accessed it. Anyone.” (The Washington Post, 3/27/2016)

Clinton began sending emails using the server by January 28, 2009, but will later claim she didn’t start using it until March 18, 2009—a two-month gap similar to the two-month gap the server apparently wasn’t properly protected. Apparently, she has not given investigators any of her emails from before March 18. (The New York Times, 9/25/2015)

A 2016 op-ed in the Washington Post will suggest that security concerns during Clinton’s February 2009 trip to Asia could have prompted the use of encryption on her server. (The Washington Post, 4/4/2016)

An FBI report released in September 2016 will confirm that encyption only began in March 2009. It states that “in March 2009, [Bill Clinton aide Justin] Cooper registered a Secure Sockets Layer (SSL) encryption certificate at [Bryan] Pagliano’s direction for added security when users accessed their email from various computers and devices.” (Federal Bureau of Investigation, 9/2/2016)

March 29, 2009: The encryption certificate used on Clinton’s private server starting on this day has an unusually long duration.

It is valid for four years and then will be renewed with a five year certificate in 2013. Kevin Bocek, vice president of security company Venafi, will later say, “Most security professionals wouldn’t recommend that. Google uses three-month certificates.” The certificate used a standard strength 2,048-byte encryption key. However, it doesn’t use “perfect forward secrecy.” That means that if the key is broken, multiple emails can be accessed. (ComputerWorld, 3/11/2015)

A 2016 FBI report will confirm this, mentioning that the certificate is valid until September 13, 2013, at which time a new certificate is obtained which is valid until September 13, 2018. (Federal Bureau of Investigation, 9/2/2016)

April 23, 2009: Clinton aide Huma Abedin sends Clinton a series of steps the State Department is taking to secure the US embassies in Afghanistan and Pakistan.

The US embassy in Kabul, Afghanistan, in 2010. (Credit: public domain)

The US embassy in Kabul, Afghanistan, in 2010. (Credit: public domain)

Abedin, Clinton’s deputy chief of staff, lists steps that include “increasing the number of hooches, and doubling up staff in lodging.” The email adds more details, for instance, “[W]e need to improve the security perimeter – acquiring property adjacent to our current facilities in Kabul, which is now difficult to secure.” In addition to mentioning information that could benefit attackers of the embassies, the email shows that Clinton was briefed on embassy security issues, despite her claim that she did not directly deal with such matters. (Politico, 10/30/2015)

July 3, 2009: The NSA begins monitoring government email traffic for hacking attacks, but Clinton’s private server doesn’t benefit.

It is announced that the National Security Agency (NSA) will monitor the email traffic of 12 US government departments, including the State Department, in order to combat hacking. In a monitoring program called Einstein 3, telecommunication companies route data going to and from government networks through the NSA, which examine the traffic for any activity suggestive of an attack. (Wired Magazine, 7/8/2009) 

In 2015, Wired Magazine will note that because Clinton used a private email server, her “email [didn’t] have the benefit of any of that expensive government security.” (Wired, 3/4/2015)

October 3, 2009: Clinton arranges secure phone calls using her unsecured email.

US Ambassador Karl Eikenberry (Credit: Asia Society)

US Ambassador Karl Eikenberry (Credit: Asia Society)

Clinton writes an email to her deputy chief of staff Huma Abedin telling her to set up a conference call that will use Clinton’s home phone over the weekend. The call will be between Clinton, two assistant secretaries of state, and a US ambassador. Clinton writes, “As soon as I’m off call now. Tell ops to set it up now.” (US Department of State, 6/30/2015)

The Washington Times will later report on this email, “The coordination of secure communications on an insecure break with protocol would give foreign intelligence agencies an opportunity to learn about a call early, then target and intercept the call, US officials told the Times.” Clinton will do this on other occasions, including setting up a call the next day with Karl Eikenberry, US ambassador to Afghanistan. (The Washington Times, 9/1/2015)

December 29, 2009: New rules clarify what the US government considers classified information

President Obama issues “Executive Order 13526: Classified National Security Information,” which updates a previous 1995 directive. The order clearly defines what the different levels of government classification are: “top secret,” “secret,” and “confidential.” It also states that: “The unauthorized disclosure of foreign government information is presumed to cause damage to the national security.” It further lists what information should be considered classified, and that list includes “foreign government information” and ‘foreign relations or foreign activities of the United States, including confidential sources.” (White House, 12/29/2009)

Around January 12, 2010: Clinton and her aides allegedly demonstrate lax communication security while in Hawaii.

Clinton speaks on her Blackberry in the lobby of a Honolulu hotel on January 13, 2010. (Credit: Mandel NGAN / Agence France Presse / Getty Images)

Clinton speaks on her Blackberry in the lobby of a Honolulu hotel on January 13, 2010. (Credit: Mandel NGAN / Agence France Presse / Getty Images)

Bill Johnson, the State Department’s political adviser to the special operations section of the US Pacific Command (PACOM), will later claim that he is present in Honolulu, Hawaii, while Clinton comes to visit. During her trip, news breaks of a large earthquake in Haiti, which takes place on January 12, 2010.

Clinton goes to a security communications facility in the basement of PACOM headquarters to help organize a humanitarian response to the earthquake. She wants to communicate with her top staff back at State Department headquarters in Washington, DC, but she and her aides are not allowed to bring their cell phones into PACOM headquarters because they are using unsecured, personal devices. They ask Johnson for an exception to the rules, but he refuses, citing alarms and lockdowns that would be automatically triggered if anyone brought an unauthorized signal-emitting unit into the building.

So instead, according to Johnson, “She had her aides go out, retrieve their phones, and call [State Department headquarters] from outside,” using open, unsecure lines. “It was really an eye-opener to watch them stand outside using nonsecure comms [communications] and then bring messages to the secretary so she could then conduct a secure [call] with the military” and the State Department. (Newsweek, 5/25/2016)

July 24, 2010: Clinton may start accessing the Internet at her Washington home using an unsecure, typical Wi-Fi connection.

Philippe Reines (Credit: Washington Post)

Philippe Reines (Credit: Washington Post)

Clinton and Philippe Reines have an email chain about Clinton’s new iPad. Reines is Clinton’s press secretary and a senior advisor. It is a Saturday and apparently Clinton is at her home in Washington, DC, and trying to get her new iPad to work. She cannot connect to the Internet with it, so she asks Reines, “I don’t know if I have wi-fi. How do I find out?” (Wi-Fi technology allows one to connect to the Internet using a wireless local area network.)

Reines responds, “Let me talk to Justin & Huma to check out the situation, and if there is wi-fi I’m happy to swing by and set it up.” “Justin” is a likely reference to Clinton aide Justin Cooper, who registered Clinton’s private server in her Chappaqua, New York, house, and “Huma” is a likely reference to Clinton’s deputy chief of staff Huma Abedin. (US Department of State, 11/30/2015) 

It is not known what happens, but it appears Reines is prepared to enable Clinton to regularly use her iPad at her home using a typical Wi-Fi network, without any extra security measures. Clinton begins using her iPad for her emails the next day, while continuing to use her BlackBerry. (US Department of State, 8/31/2015)

November 2010: Clinton writes she doesn’t want “any risk of the personal being accessible” in her emails, contradicting her later claim that her main concern is “convenience.”

The seventeen words that merited a headline by the New Yorker: "Let's get separate address or device but I don't want any risk of the personal being accessible." (Credit: The New Yorker)

The seventeen words that merited a headline by the New Yorker: “Let’s get separate address or device but I don’t want any risk of the personal being accessible.” (Credit: The New Yorker)

Clinton and her deputy chief of staff, Huma Abedin, discuss the fact that Clinton’s emails to other State Department employees are sometimes not being received. Apparently, they are getting discarded as spam because they are coming from an unofficial address.

Abedin tells Clinton in an email that “we should talk about putting you on state email or releasing your email address to the department so you are not going to spam.”

In response, Clinton writes, “Let’s get separate address or device but I don’t want any risk of the personal being accessible.” (US Department of State, 5/25/2016)

In 2016, the New Yorker Magazine will comment that Clinton’s “personal being accessible” comment “seem[s] to confirm what many observers have suspected from the outset: Clinton’s main motive in setting up the email system wasn’t to make it easier for her to receive all her messages in one place, or to do all her business on her beloved BlackBerry; it was to protect some of her correspondence—particularly correspondence she considered private—from freedom-of-information requests and other demands for details, for example, from Republican-run congressional committees.” (The New Yorker, 5/26/2016)

These emails between Clinton and Abedin will not be included in the 30,000 work-related emails that Clinton turns over to the State Department in December 2014, even though they clearly discuss work matters. The State Department will later discover them through other means, most likely from Abedin’s email inbox. (The Associated Press, 5/26/2016)

November 28, 2010: WikiLeaks releases over 250,000 State Department cables, but Clinton does not change her unsecure communication methods.

Mark Penn (Credit: PR News)

Mark Penn (Credit: PR News)

WikiLeaks, working with several major media outlets, begins publicly releasing over 250,000 diplomatic cables between the State Department and US embassies around the world. The cables date from 1966 to February 2010. None of the cables are classified at a level higher than “confidential,” the lowest classification level.

Clinton responds with the public comment, “This disclosure is not just an attack on America’s foreign policy interests, it is an attack on the international community: the alliances and partnerships, the conversations and negotiations that safeguard global security and advance economic prosperity. […] It puts people’s lives in danger, threatens our national security, and undermines our efforts to work with other countries to solve shared problems.” (USA Today, 11/29/2010) (The New York Times, 11/28/2010) 

Mark Penn, Clinton’s chief strategist for her 2008 presidential campaign, sends Clinton an email in which he recommends, “I think you need to order a full scale review and upgrading of the cyber security of the State Department immediately.” (US Department of State, 9/30/2015) 

However, despite this being the largest breach of State Department classified information in history, Clinton doesn’t change her personal communication methods, and continues to use an unsecured BlackBerry and an unsecured private email server. It is unknown if the State Department changes its cybersecurity as a whole, and if so, how.

November 29, 2010: Clinton pledges improved communication security after the WikiLeaks leak, but the department remains highly vulnerable.

WikiLeaks Logo (Credit: WikiLeaks)

WikiLeaks Logo (Credit: WikiLeaks)

One day after WikiLeaks releases over 250,000 State Department cables, Clinton states, “I have directed that specific actions be taken at the State Department, in addition to new security safeguards at the Department of Defense and elsewhere to protect State Department information so that this kind of breach cannot and does not ever happen again.” (US Department of State, 11/29/2010

However, in October 2013, Buzzfeed will report that “The State Department’s communications system is operating without basic technical security measures in place, despite warnings about its vulnerabilities…” The system, called SMART (the State Messaging and Archive Retrieval Toolset), is used to share department communications, including the exact same kind of cables leaked by WikiLeaks. Buzzfeed further reports that its anonymous sources “say the failures have left thousands of cables and messages, including highly sensitive and classified ones, vulnerable to espionage or leaks for the last four years.” (Buzzfeed, 10/2/2013)

December 23, 2010: A Clinton aide wants to talk on the phone about classified information.

Clinton aide Jake Sullivan emails Clinton and mentions a State Department diplomat who has “some interesting reports from the Pal [Palestinian] side, if you have a moment to talk secure.” The Washington Post will later refer to this as a rare instance where either Clinton or any of her aides shows concern about the communication of classified information. (The Washington Post, 9/1/2015) (US Department of State, 8/31/2015)

Late 2010 or Early 2011: Clinton’s computer technician is given a briefing; this shows some know Clinton has a private server.

Bryan Pagliano giving a speech in March 2011. (Credit: public domain)

Bryan Pagliano giving a speech in March 2011. (Credit: public domain)

According to later released emails, Bryan Pagliano receives an IT [information technology] security briefing in late 2010 or early 2011. It has to do with cybersecurity risks facing the State Department. A letter by Charles Grassley (R) which summarizes the emails says this briefing is “in connection with his work on the Secretary’s non-government server.” Pagliano continues to run Clinton’s private email server after he is hired by the State Department in May 2009, and at least initially, his bosses and co-workers don’t know about his second job with Clinton’s server. It’s not clear who else learns about it and when. (Reuters, 3/24/2016) (US Department of State, 5/25/2016)

March 9, 2011: Clinton asks an aide to print a Blumenthal email without any identifiers.

Sid Blumenthal sends Clinton an email with the subject line, “H: Serious problems for Libyan Rebels. Sid.” Blumenthal is a journalist and Clinton Foundation employee who frequently sends intelligence emails to Clinton, despite being a private citizen with no security clearance. Clinton forwards the email to her top aide Huma Abedin and asks her to print it out. But she also asks, “Can you print for me w/o any identifiers?” Abedin replies “Yes.” (The New York Times, 6/29/2015)

March 11, 2011: Clinton doesn’t think two emails from a former British prime minister should be flagged for classified content.

British Prime Minister Tony Blair (Credit: David Levene / The Guardian)

British Prime Minister Tony Blair (Credit: David Levene / The Guardian)

Clinton emails her deputy chief of staff Huma Abedin and tells her to print out two recent emails from former British Prime Minister Tony Blair. Both Clinton and Abedin are using private email accounts on Clinton’s server. The emails are CCed to Clinton aide Jake Sullivan, who also is using a private email account. Nearly all of the content of Blair’s messages is later redacted, due to containing “Foreign government information” and “foreign relations or foreign activities of the US, including confidential sources.” (Judicial Watch, 1/29/2016) At the time, Blair is the official Middle East envoy representing the US, Russia, the UN and the EU, and he is heavily involved in Middle Eastern peace negotiations. (BBC, 5/27/2015)

March 13, 2011—March 14, 2011: An email chain shows that Clinton is far from the only US official emailing obviously classified information.

Jeffrey D. Feltman (Credit: Patrick Tsui / FCO)

Jeffrey D. Feltman (Credit: Patrick Tsui / FCO)

On March 13, 2011, Assistant Secretary of State for Near Eastern Affairs Jeffrey D. Feltman writes in an urgent email that Saudi Arabia and The United Arab Emirates are sending troops into the neighboring country of Bahrain to quash anti-government protests there. The email is sent to more than 20 other US officials, and then replied to and forwarded ten times in the next 24 hours. Recipients include Clinton, US Ambassador to Kuwait Deborah Jones, Homeland Security Adviser John Brennan, Deputy National Security Adviser Denis McDonough, and US Ambassador to the United Nations Susan Rice.

Feltman’s original email and some of the replies contain information later deemed classified. However, many of the emails in the chain are sent through the State Department’s unclassified system, state.gov, nicknamed “the low side,” instead of the department’s system for classified information, nicknamed “the high side.” Clinton’s private server is considered even less secure than “the low side.”

The New York Times will later report on the email chain to illustrate how widespread the emailing of obviously classified information through improper channels had become during this time period. (The New York Times, 5/10/2016) (US Department of State, 2/29/2016)

June 2011—August 2012: A US ambassador is warned not to use private email for daily work matters, but Clinton’s identical behavior does not result in any warnings.

Scott Gration (Credit: New Republic)

Scott Gration (Credit: New Republic)

In June 2011, shortly after Scott Gration becomes the new US ambassador to Kenya, the State Department’s Bureau of Diplomatic Security (DS) learns that he has sent out a revised policy allowing himself and other personnel in his embassy to use private email addresses for the daily communication of official government business.

Gration’s new policy happens to take place the same month the department sends out a cable warning all embassies to “avoid conducting official department business from your personal email accounts” due to a surge in hacking attacks of the personal emails of government employees. DS warns Gration they will be sending an experienced computer security officer to Kenya to reestablish proper communications procedures. DS officials also email him that this visit will be “especially timely in the wake of recent headlines concerning a significant hacking effort directed against the private, web-based email accounts of dozens of senior [government] officials…”

However, Gration continues to use his private email for work matters. Then, on July 20, 2011, a DS cable quotes from the department’s Foreign Affairs Manual (FAM): “it is the department’s general policy that normal day-to-day operations be conducted on an authorized [system].” The cable then warns, “Given the threats that have emerged since 2005, especially in regard to phishing and spoofing of certain web-based email accounts, we cannot allow the proliferation of this practice beyond maintaining contact during emergencies,” and there is nothing in his situation that would warrant an exception.

But Gration ignores these warnings and continues to use his personal email account.

The department then initiates disciplinary proceedings against him for this and several other infractions, but he resigns in August 2012, just weeks before any disciplinary measures are due to be imposed.

However, even though Clinton uses only a private email account for all her emailed work matters, she is not warned or disciplined like Gration. Furthermore, Clinton doesn’t change her email habits after the measures taken against Gration’s email habits are reported internally and in the press.  (US Department of State, 5/25/2016) (US Department of State, 3/5/2015) (The New Republic, 6/20/2012)