In May 2009, begins working for the State Department while continuing to be paid by Clinton for managing her private server. However, he does not list his outside income in the required personal financial disclosures he files each year. This continues until his full time department job ends in February 2013, the same month Clinton’s tenure as secretary of state ends. In early 2015, a State Department official will say that the department has “found no evidence that he ever informed the department that he had outside income.” (The Washington Post, 9/5/2015) To lie on such a financial disclosure form is a felony punishable by up to five years in prison. (US Legal Code, 2/24/2012)
During the time Bryan Pagliano works as a political employee in the State Department’s IT [information technology] division starting in May 2009, he continues to secretly manage Clinton’s private email server in her house. The Washington Post will later report, “Three of Pagliano’s supervisors… told investigators they had no idea that Clinton used the basement server or that Pagliano was moonlighting on it.” (The Washington Post, 3/27/2016) However, Pagliano’s two direct supervisors (who apparently are Susan Swart and Charlie Wisecarver) will later tell department investigators that while they were aware Pagliano provided computer assistance to Clinton’s 2008 presidential campaign, they didn’t know he was supporting her server during working hours. They will question how he could do so given that he was supposed to be working full-time for the department. (US Department of State, 5/25/2016) An unnamed colleague in Pagliano’s division will later similarly say that Pagliano’s immediate supervisors didn’t know Clinton’s private server even existed until it was revealed in news reports in 2015. In March 2016, the Reuters will report that both Clinton and the State Department continue to decline “to say who, if anyone, in the government was aware of the email arrangement.” (Reuters, 3/24/2016)
An email is written by Shelby Smith-Wilson, an official in the State Department’s operations center. Parts of it will later be deemed “top secret,” then downgraded to “secret,” the medium classification level. The New York Times will later report, “Although that portion was entirely redacted, one government official familiar with the contents said it described a conference call among senior officials, including Mrs. Clinton, about the ballistic missile test that North Korea conducted that day in violation of United Nations Security Council resolutions.” Smith-Wilson’s initial email is addressed to “Dan,” possibly National Security Council official Dan Russel. It is titled “Summary of 1055 EDT DPRK Conference Call.” (“DPRK” stands for Democratic People’s Republic of [North] Korea.)
It is circulated amongst State Department officials, including Clinton aides Cheryl Mills, Huma Abedin, and Jake Sullivan. Abedin then forwards it to Clinton.
In 2015, the email will be included in a random sample of 40 Clinton emails reviewed by State Department Inspector General Steve Linick. He and Intelligence Community Inspector General Charles McCullough will deem parts of it “top secret.” The National Geospatial-Intelligence Agency will later concur, suggesting it contains intelligence from US spy satellites. But the State Department will disagree, and after months of dispute, in February 2016 the email will be downgraded to “secret,” with parts of it publicly released. Even then, this will be called a “provisional” decision, suggesting the dispute is on-going. (Politico, 2/29/2016) (US Department of State, 2/29/2016)
In June 2016, the Associated Press will finally gain access to some planning schedules from when Clinton was secretary of state. A comparison of these planning schedules with Clinton’s official calendar from that time will show that at least 60 meetings with Clinton’s donors and other outside interests were omitted. The Associated Press will give one specific example of a meeting on this day that is omitted from the calendar, even though the names of attendees to other meetings on the same day are not. Clinton meets with 13 major business leaders for a private breakfast discussion at the New York Stock Exchange:
- David M. Cote, CEO of Honeywell International Inc.;
- Fabrizio Freda, CEO of the Estee Companies Inc.;
- Lewis Frankfort, chair of Coach Inc.;
- Robert Kelly, CEO of the New York Bank of Mellon;
- Ellen Kullman, CEO of DuPont;
- Harold McGraw III, chair of McGraw Hill Companies;
- Duncan Niederauer, CEO of the New York Stock Exchange;
- Indra Nooyi, CEO of PepsiCo;
- Howard Schultz, CEO of Starbucks Corp;
- Steven Schwarzman, chair of the Blackstone Group;
- James Taiclet, chair of the American Tower Corp.;
- James Tisch, president of Loews Corp.; and
- John D. Wren, CEO of Omnicom Group.
All the companies represented except Coach Inc. lobby the US government in 2009. Four companies—Blackstone, Honeywell, Omnicom, and DuPont—lobby the State Department that year. All the companies except for American Tower and New York Bank of Mellon donate to the Clinton Foundation, and two attendees—Schwarzman and Frankfort—personally donate to the foundation. Four of the companies—PepsiCo, the Blackstone Group, DuPont, and Honeywell International Inc.—also donate to what the Associated Press calls “Clinton’s pet diplomatic project of that period,” the US pavilion at the 2010 Shanghai Expo. (The Associated Press, 6/24/2016)
On October 17, 2009, Clinton sends an email to her chief of staff Cheryl Mills and Jon Davidson, Bill Clinton’s deputy chief of staff. The subject heading is “Haiti,” and the full text is: “I’ve heard that both the PM [prime minister] and the finance minister will resign next week. I’m copying Jon so he can tell Bill.” (US Department of State, 6/30/2015)
The next day, Mills forwards a message from Kenneth Merten, the State Department’s special coordinator for Haiti, to Clinton and Davidson. The subject heading is “PML,” but most of the several lines of text will later be redacted except for the comment, “I’ll have more (most likely) tomorrow.” The redaction codes will indicate the message contains “foreign government information” and “foreign relations or foreign activities of the US, including confidential sources.” (US Department of State, 7/31/2015)
Haiti’s prime minister, Michèle Pierre-Louis, will be voted out of office on November 11, 2009. Davidson is not a government employee at the time and it is unknown if he has a security clearance.
In 2010, Clinton’s first full year as secretary of state, an internal study finds that in one week, more than 9,200 emails are sent from the State Department’s Executive Secretariat servers to 16 web-based email domains, including gmail.com, hotmail.com, and att.net. These could include both work-related and personal emails. (US Department of State, 5/25/2016)
These three years are the only full fiscal years during Clinton’s term as secretary of state. In the immediately previous years, foreign governments donated tens of millions of dollars every year.
In 2015, Reuters will report that in fact foreign governments did continue to give tens of millions each year during this time. After Reuters discovers the discrepancies, the Clinton Foundation will acknowledge the oversight and claims it will refile at least five years of tax returns to fix it.
However, the Clinton campaign will also call allegations of corruption in the Clinton Foundation “absurd conspiracy theories.” (Reuters, 4/23/2015)
It will remain publicly unknown until the video is leaked to Fox News in October 2016.
In the video, Clinton says that employees have a “special duty” to recognize the importance of cybersecurity. “The real key to cybersecurity rests with you. Complying with department computing policies and being alert to potential threats will help protect all of us.”
According to a later account by Fox News, “Clinton goes on in the video to underscore the important work the State Department Bureau of Diplomatic Security and IT department were doing to guard against cyber-attacks. She warns hackers try to ‘exploit’ vulnerabilities and penetrate department systems. She then urges staffers to log onto the internal cybersecurity awareness website or subscribe to their ‘cybersecurity awareness newsletter.’”
Representative Jason Chaffetz (R), chair of the House Oversight and Government Reform Committee, will later find the video ironic, given Clinton’s own security issues with her private email server. He will say, “Hillary Clinton needs only to look into the mirror to find the biggest cybersecurity risk.”
Clinton spokesperson Brian Fallon will say, “This is not new. It has been widely reported that during Clinton’s tenure the State Department issued these kinds of warnings about possible cybersecurity to employees. These warnings were more than appropriate given that it was subsequently confirmed that State’s email was hacked.” (Fox News, 10/22/2016)
Bill Johnson, the State Department’s political adviser to the special operations section of the US Pacific Command (PACOM), will later claim that he is present in Honolulu, Hawaii, while Clinton comes to visit. During her trip, news breaks of a large earthquake in Haiti, which takes place on January 12, 2010.
Clinton goes to a security communications facility in the basement of PACOM headquarters to help organize a humanitarian response to the earthquake. She wants to communicate with her top staff back at State Department headquarters in Washington, DC, but she and her aides are not allowed to bring their cell phones into PACOM headquarters because they are using unsecured, personal devices. They ask Johnson for an exception to the rules, but he refuses, citing alarms and lockdowns that would be automatically triggered if anyone brought an unauthorized signal-emitting unit into the building.
So instead, according to Johnson, “She had her aides go out, retrieve their phones, and call [State Department headquarters] from outside,” using open, unsecure lines. “It was really an eye-opener to watch them stand outside using nonsecure comms [communications] and then bring messages to the secretary so she could then conduct a secure [call] with the military” and the State Department. (Newsweek, 5/25/2016)
Around January 14, 2010, the Algerian government donates $500,000 to the Clinton Foundation. Algeria has never donated to the foundation before, which means this is a violation of the 2008 “memorandum of understanding” between the foundation and the Obama White House, which prohibited new or increased donations from foreign governments as long as Clinton is the secretary of state.
The donation is direct aid to assist relief efforts just days after a large earthquake in Haiti that killed thousands. It also coincides with a spike in Algeria’s lobbying visits to the State Department. In 2010, Algeria spends $400,000 lobbying US officials on Algeria’s human rights record and US-Algeria relations. (The Washington Post, 2/25/2015)
The next year, Clinton’s State Department will approve a 70% increase in military export authorizations to Algeria, despite continued issues with the country’s human rights records. For the first time, the department will authorize the sale of almost 50,000 items classified as “toxicological agents, including chemical agents, biological agents and associated equipment.” The sale of US military weapons to Algeria is $2.4 billion, triple what it was in the last four years of the previous Bush administration. (The International Business Times, 5/26/2015)
In June 2015, shortly after the Algerian donation is finally made public, former President Bill Clinton will comment on it, “[Critics] said, ‘Oh you got $500,000 from Algeria at very same time they were lobbying the State Department.’ Those two facts are accurate but if you put them back-to-back they are incredibly misleading. Here’s why: I never considered that the Algerians gave me the money.” (The International Business Times, 5/26/2015) He will add, “Two days after the Haiti earthquake…there were very few countries in the world I would not accept from for help to Haiti. […] [T]here may be a thing or two that I would change, but the basic idea, I think it is right. I still think it is the right thing to do.” (CNN, 6/11/2015)
Clinton emails her aide Jake Sullivan that she wants to read a statement regarding Jose Miguel Insulza, secretary general of the Organization of American States (OAS). Sullivan emails back that he can’t send it to her immediately because the State Department has put it on the classified network. Clinton quickly replies, “It’s a public statement! Just email it.” However, Sullivan responds, “Trust me, I share your exasperation, But until ops [operations] converts it to the unclassified email system, there is no physical way for me to email it. I can’t even access it.” (The Washington Post, 3/27/2016)
Huma Abedin, Clinton’s deputy chief of staff, writes Clinton that after another aide named Judith wrote Clinton an email, “It bounced back. She called the email help desk at state (I guess assuming u had state email) and told them that. They had no idea it was YOU, just some random address so they emailed.” (US Department of State, 8/31/2015)
While running for president in 2008, both Clinton and Senator Barack Obama (D) publicly opposed a US trade deal with Colombia, the United States–Colombia Free Trade Promotion Agreement, due to human rights violations there.
In June 2010, Secretary of State Hillary Clinton, her husband former President Bill Clinton, and Canadian mining financier Frank Giustra meet with Colombian President Alvaro Uribe in Colombia. Giustra has developed business ties worth hundreds of millions of dollars in Colombia after repeated meetings with Uribe and Bill Clinton. Giustra also has donated tens of millions of dollars to the Clinton Foundation. Uribe has been widely criticized for human rights abuses.
Representative Jim McGovern (D) warns Hillary in a private email that “while in Colombia, the most important thing the Secretary can do is to avoid effusive praise for President Alvaro Uribe.” But Hillary ignores this warning. After the dinner, she gives a public speech in which she praises Uribe as an “essential partner to the United States” whose “commitment to building strong democratic institutions here in Colombia” would “leave a legacy of great progress that will be viewed in historic terms.”
She also publicly supports the US trade deal, a deal which would greatly benefit Giustra and other US investors in Colombia. In 2011, workers for the Giustra-owned Pacific Rubiales company in Colombia go on strike. There are allegations they are forced to live and work in “concentration camp-like” conditions. However, the Colombian military uses force and breaks the strike. By this time, Giustra has donated $130 million to the Clinton Foundation.
Clinton’s State Department certifies that Colombia is “meeting statutory criteria related to human rights,” despite widespread evidence to the contrary, and Clinton and now President Obama decide to support the trade deal they had opposed. Later in 2011, the trade deal passes Congress and becomes law. This is followed by more donations from both Giustra and Pacific Rubiales to the Clinton Foundation. (The Hill, 4/9/2015) (The New York Review of Books,1/30/2016)
According to a September 2016 FBI report, Justin Cooper, a Bill Clinton aide who is helping to manage Clinton’s private server, contacts a Secret Service agent at some point during Clinton’s tenure as secretary of state. It is not clear when this happens, but apparently it is not long after the server begins to be frequently targeted by brute force hacking attacks around the middle of 2010.
Cooper will be asked about this in a September 2016 Congressional hearing shortly after the FBI report is published. He will say, “when we first experienced some of the repeated failed login attempts, I reported them to the Secret Service. … There was an instance where we shared some logs with [them]. … The Secret Service looked at logs from the server and made some recommendations to [server manager Bryan] Pagliano about the possible origins of those failed logins and some techniques he might use to mitigate that problem.” (The Secret Service agent will give advice on improving the server’s security that will not be followed.)
However, when Cooper is asked by Representative Blake Farenthold (R), “Did you turn over the logs and notifications that you received to the FBI, the emails of brute force attacks?” Cooper will say the FBI was not contacted.
Additionally, when Representative Jody Hice (R) will ask if Cooper consulted with any other “department or agency in the government,” Cooper will say, “No. No consultations of that type.” He will also specifically mention the State Department wasn’t consulted. (US Congress, 9/13/2016)
It’s possible that Pagliano contacted others, but the FBI will interview both Cooper and Pagliano in its investigation and then will mention only the contact with the Secret Service in its final report.
The number of hacking attacks steadily grows through the rest of Clinton’s time in office. (Federal Bureau of Investigation, 9/2/2016)
Huma Abedin, Clinton’s deputy chief of staff, writes to Clinton in an email, “OK I will [redacted] just FedEx secure cell phone from [Washington] DC. Anthony leaving office to bring me to airport now so hopefully will make it just in time.”
Four hours later, Clinton responds, “Maybe one of Anthony’s trusted staff could deliver secure phone?”
“Anthony” is a reference to Anthony Weiner, who is both Abedin’s husband and a member of Congress at the time. He will resign one year later, due to a sex scandal.
The Associated Press will later comment, “The emails show the degree of trust Clinton had for Weiner before he was hit by scandal.”
It is unclear where Clinton is on this day. State Department schedules list no public events for her between July 27, 2010 and August 2, 2010. But the Associated Press will also note, “The use of secure cell phones is commonplace among State Department staff when traveling to countries with advanced cyber-espionage capacities, such as China or Russia.”
These emails will be released in November 2016. They were not part of the 30,000 work-related emails Clinton turned over in December 2014, even though they are clearly work-related. It will be one of thousands of emails deleted by Clinton that were later recovered by the FBI.
After the release, State Department spokesperson Mark Toner will say it is unclear how the phone might have been delivered, or if it was at all. He will suggest that, in theory, sending a secure phone through FedEx could have been appropriate if the necessary safeguards were taken. “In 2010, secure cell phones were available to State Department employees, and they could be configured in such a way as to render them suitable for transport. When configured in this manner, the device would be inoperable until paired with additional components.” (The Associated Press, 11/3/2016)
Clinton and her deputy chief of staff, Huma Abedin, discuss the fact that Clinton’s emails to other State Department employees are sometimes not being received. Apparently, they are getting discarded as spam because they are coming from an unofficial address.
Abedin tells Clinton in an email that “we should talk about putting you on state email or releasing your email address to the department so you are not going to spam.”
In response, Clinton writes, “Let’s get separate address or device but I don’t want any risk of the personal being accessible.” (US Department of State, 5/25/2016)
In 2016, the New Yorker Magazine will comment that Clinton’s “personal being accessible” comment “seem[s] to confirm what many observers have suspected from the outset: Clinton’s main motive in setting up the email system wasn’t to make it easier for her to receive all her messages in one place, or to do all her business on her beloved BlackBerry; it was to protect some of her correspondence—particularly correspondence she considered private—from freedom-of-information requests and other demands for details, for example, from Republican-run congressional committees.” (The New Yorker, 5/26/2016)
These emails between Clinton and Abedin will not be included in the 30,000 work-related emails that Clinton turns over to the State Department in December 2014, even though they clearly discuss work matters. The State Department will later discover them through other means, most likely from Abedin’s email inbox. (The Associated Press, 5/26/2016)
WikiLeaks, working with several major media outlets, begins publicly releasing over 250,000 diplomatic cables between the State Department and US embassies around the world. The cables date from 1966 to February 2010. None of the cables are classified at a level higher than “confidential,” the lowest classification level.
Clinton responds with the public comment, “This disclosure is not just an attack on America’s foreign policy interests, it is an attack on the international community: the alliances and partnerships, the conversations and negotiations that safeguard global security and advance economic prosperity. […] It puts people’s lives in danger, threatens our national security, and undermines our efforts to work with other countries to solve shared problems.” (USA Today, 11/29/2010) (The New York Times, 11/28/2010)
Mark Penn, Clinton’s chief strategist for her 2008 presidential campaign, sends Clinton an email in which he recommends, “I think you need to order a full scale review and upgrading of the cyber security of the State Department immediately.” (US Department of State, 9/30/2015)
However, despite this being the largest breach of State Department classified information in history, Clinton doesn’t change her personal communication methods, and continues to use an unsecured BlackBerry and an unsecured private email server. It is unknown if the State Department changes its cybersecurity as a whole, and if so, how.
Clinton’s computer technician Bryan Pagliano is working with staff from the State Department’s Information Resources Management (IRM) office to resolve issues affecting the ability of emails sent from Clinton’s private server to be received at department .gov email addresses. Pagliano shows some staffers the computer logs from the server. The issue is eventually resolved. On December 21, 2010, IRM staff send an email to Clinton’s top aides describing the issue and summarizing what was done to resolve it. This appears to be one of the few times Clinton’s server is discussed with other department employees. (US Department of State, 5/25/2016)
Clinton aide Jake Sullivan emails Clinton and mentions a State Department diplomat who has “some interesting reports from the Pal [Palestinian] side, if you have a moment to talk secure.” The Washington Post will later refer to this as a rare instance where either Clinton or any of her aides shows concern about the communication of classified information. (The Washington Post, 9/1/2015) (US Department of State, 8/31/2015)
Two members of Clinton’s senior executive staff will later claim they discussed their concerns about Clinton’s use of a personal email address, each in a separate meeting with John Bentel, the director of the Office of the Executive Secretariat for Information Resource Management.
In one of those meetings, Bentel says that Clinton’s personal communication system has been reviewed and approved by the department’s legal staff and that the matter is not to be discussed any further. However, a later State Department inspector general investigation will find no evidence that any department lawyers ever make such a review.
The other staff member who raised concerns about the server is told by Bentel that the mission of his office is to support Clinton and, in the words of a May 2016 inspector general report, “instruct[s] the staff never to speak of the Secretary’s personal email system again.”
According to later released emails, Bryan Pagliano receives an IT [information technology] security briefing in late 2010 or early 2011. It has to do with cybersecurity risks facing the State Department. A letter by Charles Grassley (R) which summarizes the emails says this briefing is “in connection with his work on the Secretary’s non-government server.” Pagliano continues to run Clinton’s private email server after he is hired by the State Department in May 2009, and at least initially, his bosses and co-workers don’t know about his second job with Clinton’s server. It’s not clear who else learns about it and when. (Reuters, 3/24/2016) (US Department of State, 5/25/2016)
In July 2016, the State Department will reveal some limited details about 22 “top secret” emails involving Clinton. One email chain is sent sometime in 2011, and involves two “top secret” emails. The first is sent by Clinton to her aide Jake Sullivan, and the second is Sullivan’s reply. The content of the emails remain unknown. (Vice News, 7/22/2016)
In July 2016, the State Department will reveal some limited details about 22 “top secret” emails involving Clinton. One email chain is sent sometime in 2011, and involves seven “top secret” emails. The chain begins with an email from Clinton’s aide Jake Sullivan to Clinton. It goes back and forth, with three emails from Clinton to Sullivan, and three more emails from Sullivan to Clinton. The content of the emails remains unknown. (Vice News, 7/22/2016)
In July 2016, the State Department will reveal some limited details about 22 “top secret” emails involving Clinton. One email chain is sent sometime in 2011, and involves two “top secret” emails. The chain begins with an email written by an unnamed State Department official. It makes its way to Sullivan, who forwards it to Clinton. Clinton then sends a reply to Sullivan. The contents of the emails remain unknown. (Vice News, 7/22/2016)
In July 2016, the State Department will reveal some limited details about 22 “top secret” emails involving Clinton. One email chain is sent sometime in 2011, and involves five “top secret” emails. The chain begins with an email from Clinton’s aide Jake Sullivan to Clinton. The chain goes back and forth, with two emails from Clinton to Sullivan, and two more emails from Sullivan to Clinton. The contents of the emails remain unknown. (Vice News, 7/22/2016)
In July 2016, the State Department will reveal some limited details about 22 “top secret” emails involving Clinton. One email chain is sent sometime in 2011, and involves two “top secret” emails. The chain begins with an email written by an unnamed State Department official. It makes its way to Sullivan, who forwards it to Clinton. There is no known reply from Clinton. The contents of the emails remain unknown. (Vice News, 7/22/2016)
State Department diplomatic security staff give a cybersecurity PowerPoint presentation meant for Clinton. However, she doesn’t attend it. According to a 2016 letter by Julia Frifield, the department’s assistant secretary for legislative affairs, “although the PowerPoint indicates the briefing was for former Secretary Clinton, we understand from the testimony of the briefers that she was not in attendance.” The PowerPoint presentation has not yet been declassified so it can be publicly released. (US Senate Judiciary Committee, 3/3/2016)
According to a 2015 State Department inspector general report, in 2011, only 61,156 department emails out of a billion are formally archived, a rate of far less than one percent. In 2013, the number is even lower, only 41,749. Clinton will later justify her use of a private email address by claiming that her emails to other government officials would be permanently archived through their email accounts. (Politico, 3/11/2015)
The department has only an acting inspector general for most of this time. (The Associated Press, 6/8/2016)
Justin Cooper is a former advisor to President Clinton who provides technical support to Clinton’s private email server. On January 9, 2011, he emails Clinton’s deputy chief of staff, Huma Abedin, that “he had to shut down the server” because he believes “someone was trying to hack us and while they did not get in I didn’t want to let them have the chance to.”
Later in the day, Cooper emails Abedin to warn her, “We were attacked again so I shut [the server] down for a few min [minutes].”
On January 10, Abedin emails Clinton’s chief of staff, Cheryl Mills, and another Clinton aide and tells them not to email “anything sensitive” to Clinton, and says she can “explain more in person.”
Department policy requires employees to report suspicious cybersecurity incidents to security officials. However, a 2016 State Department inspector general’s investigative report will find no evidence that Clinton or her staff reported this incident to anyone else within the department. (US Department of State, 5/25/2016)
An email from someone named John Godfrey is forwarded to her, and she doesn’t recognize his name or email domain. After being told that he works for the State Department, Clinton comments in an email, “I was surprised that he used a personal account if he is at State.” (The Washington Post, 1/8/2016)
A New York Observer article will later comment, “It’s hard to miss the irony of Ms. Clinton expressing surprise about a State Department staffer using personal email for work, which the secretary of state noted in her own personal email.” (The New York Observer, 1/9/2016)
Assistant Secretary for Diplomatic Security Eric Boswell sends a memo to Clinton and other top State Department officials with the subject: “Compromise of Officials’ Personal Email Accounts.”
It states, “Threat analysis by the DS [Diplomatic Security] cyber security team and related incident reports indicate a dramatic increase since January 2011 in attempts by”—the next phrase is later redacted on the grounds of containing “foreign government information”—“to compromise the private home email accounts of senior Department officials. … Specifically, the actors are sending cleverly forged emails to victims’ private web-based accounts (e.g. Gmail, Hotmail, Yahoo). These ‘spear phishing’ messages appear to be sent by US government officials but are designed to trick recipients into activating embedded malicious code by clicking on an attachment or link. Although the targets are unclassified, personal email accounts, the likely objective is to compromise user accounts and thereby gain access to policy documents and personal information that could enable technical surveillance and possibly blackmail.”
Boswell concludes, “We urge Department users to minimize the use of personal web email for business, as some compromised home systems have been reconfigured by these actors to automatically forward copies of all composed emails to an undisclosed recipient.” (US Department of State, 11/5/2015)
Between May and July 2011, Clinton will get three emails that seems to perfectly fit Boswell’s warning. Despite this, Clinton continues to exclusively use a private email address for all her work and personal emails. (US Department of State, 10/30/2015) (US Department of State, 5/25/2016)
Clinton confidant Sid Blumenthal emails Clinton that Libyan rebel “military leaders are considering the possibility of hiring private security firms to help train and organize their forces.” Clinton forwards the email to her aide Jake Sullivan and comments that the “idea of using private security experts to arm the opposition should be considered.” (Note that Clinton’s comment will be released by the House Benghazi Committee in October 2015, but when the State Department releases the email in January 2016, it will be redacted. (House Benghazi Committee, 10/7/2015) (US Department of State, 1/7/2016)
On July 14, 2011, Blumenthal will email Clinton with a proposal for the rebels to hire a private security company that he’s invested in.
The email discusses the current security situation in Libya. It says that due to violence in the town of Ajdabiyah, US Special Envoy Christopher Stevens “is considering departure from Benghazi.” It also discusses Stevens’ concerns about departing and it details the “phased checkout” of Stevens’ staff from the area, possibly in a few hours. Additionally, it contains the latest secret intelligence from AFRICOM (US Africa Command, the US military in Africa), detailing nearby troop movements in the Libyan civil war that could threaten Stevens and his staff. Tim Davis, a special assistant to Clinton, writes the email and then sends it to Clinton aide Huma Abedin, who forwards it to Clinton. Davis marks it “SBU,” which means “sensitive but unclassified.” The email will be released to the public in full on May 13, 2015.
However, the State Department’s inspector general will later conclude that the email should not have been made public without redactions. Furthermore, in August 2015, an unnamed government official familiar with the investigation into Clinton’s emails will tell CBS News that at least the part of the email containing current military intelligence should have been marked classified at the time. Additionally, because that information originated from the military, the State Department did not have the right to declassify it at the time it was sent or later. The unnamed official will say that this kind of mistake is not unusual for State Department officials when they discuss information from multiple sources, but the difference is that this email is stored on Clinton’s private server, which can be easily hacked or monitored. (CBS News, 8/19/2015) (US Department of State, 5/13/2015)
In 2015, Fox News will claim that the email contained intelligence from the Defense Intelligence Agency (DIA), the National Security Agency (NSA), and the National Geospatial-Intelligence Agency (NGA), which oversees satellite imagery. Furthermore, “all three agencies confirmed to the intelligence community inspector general that the intelligence was classified when it was sent four years ago by Abedin to Clinton’s private account, and remains classified to this day.” (Fox News, 8/26/2015) Even though the email will be made public in full in May 2015, it will be reclassified as “secret” in September 2015. “Secret” is the medium level of classification, below “top secret.” (The New York Times, 9/30/2015)
Clinton’s deputy chief of staff Huma Abedin sends an email to another close Clinton staffer discuss Clinton’s concern that someone has been “hacking into her email” after she received an email with a suspicious link to a website with pornographic material.
The FBI will later report, “There is no additional information as to why Clinton was concerned about someone hacking into her email account or if the specific link referenced by Abedin was used as a vector to infect Clinton’s device…”
Several hours later, Clinton receives an email from the personal account of Under Secretary of State for Political Affairs William Burns that also has a link to a suspect website.
The next day, Clinton emails Burns: “Is this really from you? I was worried about opening it!” Department policy requires employees to report suspicious cybersecurity incidents to security officials. However, a 2016 State Department inspector general’s investigative report will find no evidence that Clinton or her staff reports this incident to anyone else within the department. It is unknown if either hacking attack is successful, since the incidents were not investigated at the time. (US Department of State, 5/25/2016) (Federal Bureau of Investigation, 9/2/2016)
The FBI will later be unable to determine if Clinton ever opened the attachment. But “Open source information indicated, if opened, the targeted user’s device may have been infected, and information would have been sent to at least three computers overseas, including one in Russia.” (Federal Bureau of Investigation, 9/2/2016)
In March 2011, a State Department security official warned Clinton and others that there was a dramatic increase in attempts “to compromise the private home email accounts of senior Department officials. […] Specifically, the actors are sending cleverly forged emails to victims’ private web-based accounts… These ‘spear phishing’ messages appear to be sent by US government officials but are designed to trick recipients into activating embedded malicious code by clicking on an attachment or link. […] We urge Department users to minimize the use of personal web email for business…” (US Department of State, 11/5/2015) Despite such warnings and incidents, Clinton continues to exclusively use a private email address for all her work and personal emails.
For several years, the CIA has been conducting a secret drone program in Pakistan, targeting Islamist militants in the mountainous region near the border with Afghanistan. The Pakistani government has secretly allowed the program while publicly protesting it, because the Pakistani public is mostly against it. In 2011, Pakistani officials push back against the program due to the growing number of strikes and an increasing public backlash.
In June 2011, the Wall Street Journal reports that there is a debate about the scale of the program inside the US government. State Department and military officials argue that the CIA needs to be more selective with their strikes. Also, for the first time, State Department officials are given a say. The CIA begins notifying US ambassador to Pakistan Cameron Munter about planned drone strikes, and this information gets passed up the State Department to Clinton and other top officials. The department then gets to concur or not concur with the strike.
For the rest of Clinton’s tenure until February 2013, the department objects to a planned strike only once or twice. But the strikes will often be discussed by Clinton and other State Department officials in unsecured email channels, and this will later be a focus of the FBI’s Clinton investigation. (The Wall Street Journal, 6/9/2016) (The Wall Street Journal, 6/4/2011)
According to a June 2016 Wall Street Journal article, there are a series of Clinton emails in these two years regarding the US drone program in Pakistan. Starting roughly around June 2011, the State Department is given the right to approve or disapprove of the CIA’s drone strikes in Pakistan as part of the US government’s attempt to mollify Pakistan’s concerns so they will continue their secret support of the program.
However, this creates a communication problem, because advanced warning of strikes varies from several days to as little as half an hour. According to the Journal, “Under strict US classification rules, US officials have been barred from discussing strikes publicly and even privately outside of secure communications systems.”
As a result, US intelligence officials want State officials to use a very secure system to discuss the strikes, called JWICS (Joint Worldwide Intelligence Community Systems). But few State officials have access to JWICS, even in Washington, DC, so they use another secure system commonly known as the “high side” (SIPR or, Secret Internet Protocol Router Network).
However, this can be slow as well as difficult to access outside of normal work hours. As a result, according to the Journal, on about a half-dozen different occasions, State officials use the “low side,” which means unsecure computers, such as emailing from a smart phone. This is often said to take place at night, or on the weekend or holiday, or when people are traveling, or when a proposed drone strike is imminent. It is not clear why secure phone lines are not used instead.
The emails are usually vaguely worded so they don’t mention the “CIA,” “drones,” or details about the militant targets, unnamed officials will later claim. These emails sometimes are informal discussions that take place in addition to more formal notifications done through secure communications. In some cases, these emails about specific drone strikes will later be deemed “top secret,” making up many of Clinton’s reported 22 top secret emails.
According to the Journal, unnamed US officials will later say that there “is no evidence Pakistani intelligence officials intercepted any of the low side State Department emails or used them to protect militants.” (The Wall Street Journal, 6/9/2016)
Gawker files a Freedom of Information Act (FOIA) request for some of Clinton’s deputy chief of staff Huma Abedin’s email correspondence. The exact scope of the request is not clear from media accounts. The State Department eventually returns no documents, although the timing of their reply also is not clear.
In March 2015, it will be revealed that Abedin primarily used an email account at the clintonemail.com server, just like Clinton did. Presumably this is why no emails are turned over. However, she also used a .gov email account. (Gawker, 3/3/2015)
Google Inc. publicly announces that hackers based in China are targeting the email accounts of senior US officials and hundreds of other prominent people. The attacks are on users of Google’s Gmail email service. If successful, the hackers are able to read the emails of their targets. (The Wall Street Journal, 6/2/2011)
Clinton’s chief of staff Cheryl Mills conducts government work through her Gmail account. Philippe Reines, Clinton’s senior advisor and press secretary, has a government account and a Gmail account, and uses both for work. However, there’s no evidence Mills or Reines stops using Gmail for work after this news report. (Judicial Watch, 9/14/2015) (Politico, 10/5/2015)
Furthermore, two days later, Mills indicates in an email that there was an attempt to hack her email: “As someone who attempted to be hacked (yes I was one)…” (CBS News, 9/30/2015)
Later in the month, the State Department will issue a warning to all employees not to use private emails for work, but apparently Mills and Reines still won’t stop using their Gmail accounts for work. (The Washington Post, 3/27/2016)
On June 3, 2011, recently retired State Department official Anne-Marie Slaughter sends an email to Clinton and some of her top aides lamenting that the State Department’s technology is “so antiquated that NO ONE uses a State-issued laptop and even high officials routinely end up using their home email accounts to be able to get their work done quickly and effectively.” She says more funds are needed and that an opinion piece might make the point to legislators.
Clinton replies that the idea “make good sense.”
However, one day later, Clinton’s chief of staff Cheryl Mills disagrees in another email: “As someone who attempted to be hacked (yes I was one), I am not sure we want to telegraph how much folks do or don’t do off state mail [because] it may encourage others who are out there.”
Slaughter concurs with Mills, and points out that Clinton aide Jake Sullivan “also has concerns.” Instead, she suggests, “Perhaps a better approach is to make the point more quietly to legislators through [Clinton].”
Clinton will be asked about this in a July 2016 FBI interview. She will say that doesn’t recall the compromise of Gmail accounts, but she does recall the frustration over the department’s information technology systems. (Federal Bureau of Investigation, 9/2/2016)
Mills, Clinton’s chief of staff, is responding to a suggestion from another State Department official that someone in the department should make a public complaint about the poor state of the department’s email system. Mills writes, “As someone who attempted to be hacked (yes I was one), I am not sure we want to telegraph how much folks do or don’t do off state mail [because] it may encourage others who are out there.” (Bloomberg News, 10/1/2015) (US Department of State, 9/30/2015)
Just two days earlier, Google gave a public warning that Chinese hackers were targeting US government officials using Google’s Gmail email service, and Mills uses a Gmail account for some work matters, in addition to her department email account. (The Wall Street Journal, 6/2/2011) (Judicial Watch, 9/14/2015)
She grows impatient as she waits for “talking points” about a sensitive matter.
Sullivan emails her, “They say they’ve had issues sending secure fax. They’re working on it.”
Then Clinton emails him, “If they can’t, turn into nonpaper w no identifying heading and send nonsecure.” (US Department of State, 1/7/2016)
Clinton spokesperson Brian Fallon will later claim, “What she was asking was that any information that could be transmitted on the unclassified system be transmitted. It is wrong to suggest that she was requesting otherwise. The State Department looked into this and confirmed that no classified material was sent through a non-secure fax or email.”
There has been no official comment from the State Department on this exchange yet. (The Washington Post, 3/27/2016)
Senator Charles Grassley (R), chair of the Senate Judiciary Committee, will later call the exchange between Clinton and Sullivan “disturbing.” He will say, “It raises a host of serious questions and underscores the importance of the various inquiries into the transmittal of classified information through her non-government email server.” (CNN, 1/8/2016)
In February 2016, Sullivan will give his opinion about this email in an FBI interview. According to the FBI, “Sullivan did not recall this specific email but believed that Clinton’s request indicated that she would have wanted him to make an unclassified version of the document, summarize the contents, and then send it to her on a non-secure fax.” (Federal Bureau of Investigation, 9/2/2016)
In 2016, Clinton will give her opinion about this email on two occasions.
Alo in 2016, FBI Diretor James Comey will give his opinion about the email.
A department cable issued under Clinton’s signature orders all employees to “Avoid conducting official Department business from your personal email accounts” because it has been discovered that hackers are targeting the personal emails of government employees. (The Washington Post, 3/10/2015) (US Department of State, 3/5/2015)
This comes in response to reports that Gmail accounts of government workers had been targeted by “online adversaries.”
However, Clinton herself ignores the warning and continues to use her unsecure BlackBerry and her private server. (The Washington Post, 3/27/2016)
In a July 2016 FBI interview, Clinton will claim that “she did not recall this specific notice, and she did not recall receiving any guidance from State regarding email policies outlined in the State FAM [Foreign Affair Manual].” (Federal Bureau of Investigation, 9/2/2016)
In July 2011, Rajiv Fernando is appointed to the International Security Advisory Board (ISAB), a panel filled with high-level foreign policy advisers and security experts. Fernando is granted “top secret” security clearance and given access to highly sensitive information in order to participate on the panel.
Fernando has no relevant experience for the panel but is a prominent donor to Democratic political campaigns, including Clinton’s 2008 campaign, to which he gave large amounts as a “bundler.” He also gave between $1 and $5 million to the Clinton Foundation.
ABC News later comments that Fernando, a “Chicago securities trader, who specialized in electronic investing, sat alongside an august collection of nuclear scientists, former cabinet secretaries, and members of Congress to advise Hillary Clinton on the use of tactical nuclear weapons and on other crucial arms control issues.”
On August 15, 2011, ABC News asks the State Department about Fernando’s apparent lack of qualifications for the panel. Fernando resigns two days later.
In 2016, some State Department emails will be publicly released about the matter. Department official Jamie Mannina writes in an August 15, 2011 email: “it appears there is much more to this story that we’re unaware of. […] [I]t’s natural to ask how he got onto the board when compared to the rest of the esteemed list of members. […] We must protect the secretary’s [meaning Clinton] and under secretary’s name, as well as the integrity of the [panel]. I think it’s important to get down to the bottom of this before there’s any response.”
Official Wade Boese replies that same day, “The true answer is that S staff (Cheryl Mills) added him. The board’s membership preceded me. Raj [Fernando] was not on the list sent to S; he was added at their insistence.” “S” refers to Secretary Clinton.
Clinton’s aides will later claim that Fernando’s appointment to the panel was not connected to his political donations. However, an unnamed former administration official familiar with the selection will say that department officials were probably “embarrassed” by the attention and the potential conflict of interest. (CNN, 6/11/2016) (ABC News, 6/10/2016)
In June 2011, Google Inc. publicly warned that hackers based in China were targeting the Gmail email accounts of senior US officials. (The Wall Street Journal, 6/2/2011) On this day, Clinton shows awareness of the problem through a joke.
Another State Department official sends Clinton an email, and some confusion results about the official’s two email accounts.
Clinton writes, “I just checked and I do have your state but not your Gmail – so how did that happen. Must be the Chinese!” (US Department of State, 9/3/2015)
After that official says “You’ve always emailed me on my State email,” Clinton jokes again, “Weird since my address book only has your Gmail. Maybe the Chinese hacked it and focused on you!” (US Department of State, 10/30/2015)
But despite this awareness,But despite this awareness, and a State Department warning not to use any private email addresses due to the problem that was sent out in Clinton’s name, Clinton apparently fails to make any changes to her own private email use and security set-up. (The Washington Post, 3/27/2016)
Clinton receives an email that purports to be from Neera Tanden, the president of the Center for American Progress. The subject heading is “Exclusively For You.” The text of the short email says, “Look what I’ve found”—an Internet link follows —“Here is a very nice offer. Enjoy.”
Clinton replies, “Neera–did you send me this? If not, I think your email address book has been hacked. If so, why? Anyway, hope you’re well.” (US Department of State, 10/30/2015)
In February 2011, a State Department security official warned to Clinton and others that there was a dramatic increase in attempts “to compromise the private home email accounts of senior Department officials. […] Specifically, the actors are sending cleverly forged emails to victims’ private web-based accounts… These ‘spear phishing’ messages appear to be sent by US government officials but are designed to trick recipients into activating embedded malicious code by clicking on an attachment or link. […] We urge Department users to minimize the use of personal web email for business…” (US Department of State, 11/5/2015)
Clinton apparently was the target of two other “spear phishing” attacks in May 2011, and she was warned again in June 2011 that the personal emails of government employees were being targeted by hackers. (US Department of State, 3/5/2015) (US Department of State, 5/25/2016)
The email from Tanden appears to perfectly fit this warning, and likely was not intentionally sent by Tanden at all. It is unknown if Clinton clicked on the link before realizing the email was bogus. Despite such warnings and this incident, Clinton continues to exclusively use a private email address for all her work and personal emails.
Clinton confidant Sid Blumenthal claims that the Libyan rebels are poised to win the civil war, but they are short on money and thus unable to provide humanitarian assistance in the areas they control. European countries are offering aid, but they want to tie it to future economic concessions, especially regarding Libya’s large oil industry.
Blumenthal then discusses how the Libyan rebels have signed an agreement with the US-based Osprey Security Group to provide emergency medical care and humanitarian assistance. He doesn’t mention that he is a business partner in Osprey. Mahmoud Jibril is the political head of the rebel Transitional National Council (TNC), and Blumenthal says that “Jibril’s advisors believe that the use of this American firm will not only allow the TNC to meet a pressing need, but will also serve to cement good relations with the US government and business community.”
Clinton sends two replies to Blumenthal the same day, but oddly, when both emails will be released by the State Department in 2016, they lack any heading or reply areas and are just exact copies of Blumenthal’s original email. (US Department of State, 1/7/2016) (US Department of State, 1/7/2016) (US Department of State, 1/7/2016)
Clinton’s private BlackBerry temporarily stops working, due to disruptions in the New York area following Hurricane Irene. Stephen Mull, the State Department’s executive secretary, emails Clinton’s top aides Huma Abedin, Cheryl Mills, and Patrick Kennedy about getting a government-issued BlackBerry linked to a government server for Clinton.
Mull writes, “We are working to provide the Secretary per her request a Department issued BlackBerry to replace personal unit, which is malfunctioning (possibly because of her personal email server is down.) We will prepare two versions for her to use – one with an operating State Department email account (which would mask her identity, but which would also be subject to FOIA requests), and another which would just have phone and Internet capability.”
Abedin responds, “Steve – let’s discuss the state BlackBerry. doesn’t make a whole lot of sense.”
It’s not clear why Abedin doesn’t like the idea, and Clinton will continue to use her private BlackBerry. But Mull’s mention of Clinton’s “personal email server” is proof that Mull, Abedin, Mills, and Kennedy had to be aware at least due to this email that Clinton in fact had a private email server, and yet they do nothing about it.
In February 2016, US District Judge Emmet Sullivan will cite that email when he says in court that it’s a legitimate question if some officials were helping Clinton to keep all of her emails out of reach of public records requests. He will comment, “We’re talking about a Cabinet-level official who was accommodated by the government for reasons unknown to the public. And I think that’s a fair statement: For reasons heretofore unknown to the public. And all the public can do is speculate. […] This is all about the public’s right to know.” (The Washington Post, 3/27/2016)
Clinton’s private BlackBerry temporarily stops working, due to disruptions in the New York area following Hurricane Irene, and some State Department officials are talking about what to do to fix the problem.
John Bentel, director of the department’s Information Resources Management (IRM) office, notes in an email sent to department official Monica Hanley that a government email address was set up for Clinton when she became secretary of state: SSHRC@state.gov. He points out, “you should be aware that any email would go through the Department’s infrastructure and subject to FOIA [Freedom of Information Act] searches.”
However, Clinton has never used the account, and she still chooses not to use it. Instead, this account is only used by Clinton’s staff to maintain an Outlook calendar.
Bentel notes there are some old emails associated with the account, but none since January 2011, and they could be deleted.
Hanley forwards the email to Clinton’s deputy secretary of state Huma Abedin, but if here’s any email reply from her or Clinton, it’s unknown. (US Department of State, 5/25/2016) (US Department of State, 6/20/2016)
The US is one of the founding members of the Open Government Partnership, an international initiative joined by over 60 countries to promote government transparency. The US State Department makes several commitments as part of a transparency action plan. One is to overhaul how the US government stores and manages its records, to create “a reformed, digital-era, government-wide records management framework that promotes accountability and performance.” It also pledges to reform how it processes requests under the Freedom of Information Act (FOIA), making government information more searchable and available to the public.
In 2015, Ryan Shapiro, a FOIA expert at the Massachusetts Institute of Technology, will point out that Clinton made this commitment even while she attempted to keep all of her emails from future public scrutiny. “Secretary Clinton’s hypocritical and self-serving stance on transparency should be deeply troubling to everyone who cares about open government and accountability. It’s ironic that Secretary Clinton championed an open government partnership for other countries while simultaneously working diligently to subvert transparency at home.” (Bloomberg News, 3/5/2015) (Opengovpartnership.org, 1/13/2016)