May 2, 2016: The State Department changes its policy on when foreign intelligence should be considered classified.

State Department legislative liaison Julia Frifield sends a letter to the Senate indicating an apparent change in what information the State Department considers properly classified. The vast majority of redactions in Clinton’s emails are for foreign government information, to which Frifield refers as “FGI.”

Frifield writes, “Although the unauthorized release of FGI is presumed to cause harm to the national security—thereby qualifying as Confidential [level] classified information, department officials of necessity routinely receive such information through unclassified channels. For example, diplomats engage in meetings with counterparts in open settings, have phone calls with foreign contacts over unsecure lines, and email with and about foreign counterparts via unclassified systems. Diplomats could not conduct diplomacy if doing so violated the law.” As a result, not all such information should automatically be considered classified.

However, regulations in effect when Clinton was secretary of state called for FGI to be marked “confidential” unless it was designated “C/MOD” (for “confidential/modified handling”). But none of Clinton’s emails appear to have been given that designation. (Politico, 5/12/2016)

May 25, 2016: A former senior State Department military adviser claims Clinton’s “sloppy communications with her senior staff” may have compromised at least two counterterrorism operations.

Wanted Poster for terrorist Umbra Jumdail a.k.a. Dr. Abu (Credit: NBC News)

Wanted Poster for terrorist Umbra Jumdail a.k.a. Dr. Abu (Credit: NBC News)

Bill Johnson was the department’s political adviser to the special operations section of the US Pacific Command (PACOM) from 2010 to 2011, after a long military career. He says secret plans targeting Umbra Jumdail, the leader of a Filipino Islamist separatist group, as well as plans to intercept Chinese-made weapons components being smuggled into Iraq, were both repeatedly foiled.

He claims that he and his team determined unprotected phone calls of Clinton and her aides were the likely problem, after eliminating other possibilities. Johnson says, “I had several missions that went inexplicably wrong, with the targets one step ahead of us.” For instance, his target Jumdail in the Philippines was repeatedly tipped off. He traced the problem to unsecure communications between Washington, DC, and the US embassy in Manila. “Anyone can just sit outside the embassy and listen” with off-the-shelf eavesdropping devices, he claims.

He argues that the leaks stopped after Special Operations Command stopped giving advance warning to senior State Department officials about the raids. Jumdail was killed in a US-based airstrike not long thereafter.

Johnson says such problems “could’ve been avoided if the CIA gave her a secure phone. She requested one, but they turned it down.”

A Clinton spokesperson calls the allegations “patently false.” (Newsweek, 5/25/2016)

June 3, 2016: Former Secretary of State Albright says nobody will die due to Clinton’s emails.

Madeleine Albright appears on CNN's 'New Day' with Chris Cuomo on June 3, 2016. (Credit: CNN)

Madeleine Albright appears on CNN’s ‘New Day’ with Chris Cuomo on June 3, 2016. (Credit: CNN)

Madeline Albright tries to defend Clinton in her email scandal. “She has said she made a mistake, and nobody is going to die as a result of anything that happened on emails.” Albright then turns to criticism of Republican presidential candidate Donald Trump. Albright was secretary of state under Hillary Clinton’s husband Bill Clinton. (Politico, 6/3/2016)

July 2, 2016: Clinton’s comments about the security of her classified reading rooms contradict other evidence and testimony.

SCIF rooms are made of metal before the final plaster is put on the walls. (Credit: diaa.com)

At the beginning of Clinton’s tenure as secretary of state, the State Department outfitted Clinton’s houses in Whitehaven, Washington, DC, and Chappaqua. New York, with a Sensitive Compartmented Information Facility (SCIF) so she could read highly classified documents. According to the FBI’s notes of Clinton’s July 2, 2016 FBI interview, Clinton claims, “Both SCIFs had a combination lock that only Clinton knew the combination to. … It was Clinton’s practice to lock the SCIF every time it was vacated.”

However, according to the FBI interview of Clinton aide Huma Abedin, “the SCIF door at the Whitehaven residence was not always locked, and Abedin, Hanley, and [redacted] had access to the SCIF.” Additionally, “Investigation determined the Chappaqua SCIF was not always secured, and Abedin, [Clinton aide Monica] Hanley, and [redacted] had routine access to the SCIF.”

Furthermore, the FBI will later report, “According to Abedin, [Bill Clinton aide Justin] Cooper, and [redacted], there were personally-owned desktop computers in the SCIFs in Whitehaven and Chappaqua. Conversely, Clinton stated to the FBI she did not have a computer of any kind in the SCIFs in her residences.” (Federal Bureau of Investigation, 9/2/2016)

July 5, 2016: A State Department official denies the department generally has lax security.

In his public comments concluding the FBI’s Clinton investigation, FBI Director James Comey not only criticizes Clinton and her aides for being “extremely careless in their handling of very sensitive, highly classified information,” but criticizes the department as a whole. He says that the FBI found evidence that “the security culture” of the State Department “was generally lacking in the kind of care for classified information found elsewhere in the government.” This is especially true regarding the use of unclassified email systems.

However, State Department spokesperson John Kirby says, “We’re going to continue to look for ways to improve, but we don’t share the broad assessment made of our institution that there’s a lax culture here when it comes to protecting classified information.” (Federal Bureau of Investigation, 7/5/2016) (The New York Times, 7/5/2016)

July 5, 2016—July 6, 2016: Comey’s comments indicate it is “very likely” Clinton’s emails were hacked, but solid proof may never be found.

In a July 5, 2016 public speech, FBI Director James Comey addresses the possibility that Clinton’s emails were accessed by outsiders. He says, “We did not find direct evidence that Secretary Clinton’s personal email domain, in its various configurations since 2009, was successfully hacked. But, given the nature of the system and of the actors potentially involved, we assess that we would be unlikely to see such direct evidence. We do assess that hostile actors gained access to the private commercial email accounts of people with whom Secretary Clinton was in regular contact from her personal account. We also assess that Secretary Clinton’s use of a personal email domain was both known by a large number of people and readily apparent. She also used her personal email extensively while outside the United States, including sending and receiving work-related emails in the territory of sophisticated adversaries. Given that combination of factors, we assess it is possible that hostile actors gained access to Secretary Clinton’s personal email account.” (Federal Bureau of Investigation, 7/5/2016)

The next day, the New York Times reports that although Comey said there was no “direct evidence” Clinton’s email account had been successfully hacked, “both private experts and federal investigators immediately understood his meaning: It very likely had been breached, but the intruders were far too skilled to leave evidence of their work.”

The Times says that Comey’s comments were a “blistering” critique of Clinton’s “email practices that left Mrs. Clinton’s systems wide open to Russian and Chinese hackers, and an array of others.” However, “the central mystery — who got into the system, if anyone — may never be resolved.”

Adam Segal (Credit: public domain)

Adam Segal (Credit: public domain)

Adam Segal, a cybersecurity expert at the Council on Foreign Relations (CFR), says, “Reading between the lines and following Comey’s logic, it does sound as if the FBI believes a compromise of Clinton’s email is more likely than not. Sophisticated attackers would have known of the existence of the account, would have targeted it, and would not have been seen.”

Before Comey’s comments, Clinton and her spokespeople had said on numerous occasions that her server had never been hacked. In an October 2015 interview, President Obama came to a similar conclusion about her server: “I don’t think it posed a national security problem.”

The Times also comments that Comey’s “most surprising suggestion” may have been his comment that Clinton used her private email while in the territory of “sophisticated adversaries.” This is understood to mean China and Russia and possibly a few more countries.

Former government cybersecurity expert James Lewis says, “If she used it in Russia or China, they almost certainly picked it up.” (The New York Times, 7/6/2016)

Cybersecurity consultant Morgan Wright says the most likely suspects are Russia, China and Israel, “in that order.”

Ben Johnson, a former National Security Agency official and security strategist, says “Certainly foreign military and intelligence services” would have targeted Clinton’s emails. “They’re going to have a lot of means and motives to do this.” He also says it wasn’t just likely countries such as China and Russia, but “any country that’s looking to potentially have adversarial relations with us or just [desires] more relations with us.” He specifically cites Middle East countries specifically as having a likely motive. (Politico, 7/5/2016)

July 7, 2016: Clinton won’t face punishment if she wins the presidency, but some of her former aides could.

Since Clinton is the presumptive Democratic nominee for president, she is unlikely to face any punishment for her email practices, despite FBI Director James Comey calling her “extremely careless” with highly classified information. Once she officially becomes the Democratic presidential nominee, she will automatically get security briefings. If she wins the presidency in the November 2016 election, she won’t have to apply for a security clearance.

160707WilliamCowdenpublicdomain

William Cowden (Credit: public domain)

National security lawyer Gregory Greiner says that if a typical low-level government employee did what Clinton did, “he would have lost his clearance and lost his job.” William Cowden,  a former Justice Department lawyer, similar says, “If she were currently a federal employee, she would be sanctioned.” But Clinton isn’t currently employed in the government, and the FBI chose not to take away Clinton’s security clearance during their investigation into her email practices, even though that is routine in similar cases.

Mark Zaid, a Washington lawyer who specializes in national security employment law, says he is particularly interested to see whether Clinton’s former aides will get security clearances if she wins the presidency. “Having seen the hundreds of people I’ve represented over a 20-plus year career who have lost their clearances for doing far less” than Clinton and her top aides, “I’m going to be really, really bothered and troubled” if they come out unscathed in the security clearance process.

The Washington Post notes that “losing a security clearance often is the equivalent of being fired. In some agencies, all jobs or most of the good ones, require a security clearance. Many of the individual contractors who work for those agencies also must have a security clearance. If you lose it, you could lose the ability to work in your field.” (The Washington Post, 7/7/2016)

July 7, 2016: FBI Director James Comey says Clinton’s private server was less secure than the State Department’s computer network or a commercial email provider.

160707JamesComeyJackGruberUSAToday

Comey testifies to the House Benghazi Committee on July 7, 2016. (Credit: Jack Gruber / USA Today)

In a Congressional hearing, Comey says, “The challenge of security is not binary, it’s just degrees of security. [Clinton’s private server] was less secure than one at the State Department, or as I said, even one at a private commercial provider like a Gmail.” (CNN, 7/7/2016)

Representative Rod Blum (R) asks, “Director Comey, are you implying in [your comments] that the private email servers of Secretary Clinton’s were perhaps less secure than a Gmail account that is used for free by a billion people around this planet?”

Comey replies, “Yes. And I’m not looking to pick on Gmail. Their security is actually pretty good; the weakness is individual users. But, yes, Gmail has full-time security staff and thinks about patching, and logging, and protecting their systems in a way that was not the case here.”

Blum also comments, “I know some security experts in the industry. I check with them. The going rate to hack into somebody’s Gmail account, $129. For corporate emails, they can be hacked for $500 or less. If you want to hack into an IP address, it’s around $100. I’m sure the FBI can probably do it cheaper. This is the going rate.” (CNN, 7/7/2016)

July 7, 2016: The non-prosecution of Clinton could make it more difficult to get convictions in other cases.

160707GregoryGreinerpublicdomain

Gregory Greiner (Credit: public domain)

In the wake of FBI Director James Comey’s decision not to recommend Clinton’s indictment, the Washington Post reports, “The extraordinary case of Hillary Clinton and her emails raises intriguing questions for federal employees facing charges related to classified materials. … Because she has escaped prosecution, will others, too?”

Mark Zaid, a lawyer who specializes in national security employment cases, says that after former CIA Director David Petraeus got what was seen as a very generous plea deal, resulting in no prison time despite pleading guilty to mishandling classified material, he used that case to push for leniency for one of his clients “right away. I mean, literally, the ink was not dry.” Zaid’s client also was charged with mishandling classified information, but “We talked to the prosecutors and said, ‘We want the Petraeus deal.’ We got it.” Zaid plans to use Clinton’s case to push for leniency in future cases.

National security lawyer Gregory Greiner similarly argues that after Clinton’s non-prosecution, defense lawyers will try to raise the bar for prosecutors. He says that it only takes one person on a jury to argue that “this guy didn’t do anything different than what Hillary Clinton did.” (The Washington Post, 7/7/2016)