Clinton ran own computer system for her official emails

 

Clinton ran own computer system for her official emails

Hillary Clinton ran own computer system for her official emails, tracing back to NY estate

 

By Jack Gillum and Ted Bridis, Associated Press2 hours ago 3/4/2015

http://finance.yahoo.com/news/clinton-ran-own-computer-system-121721814.html

 

WASHINGTON (AP) -- The computer server that transmitted and received Hillary Rodham Clinton's emails — on a private account she used exclusively for official business when she was secretary of state — traced back to an Internet service registered to her family's home in Chappaqua, New York, according to Internet records reviewed by The Associated Press.

The highly unusual practice of a Cabinet-level official physically running her own email would have given Clinton, the presumptive Democratic presidential candidate, impressive control over limiting access to her message archives. It also would distinguish Clinton's secretive email practices as far more sophisticated than some politicians, including Mitt Romney and Sarah Palin, who were caught conducting official business using free email services operated by Microsoft Corp. and Yahoo Inc.

Most Internet users rely on professional outside companies, such as Google Inc. or their own employers, for the behind-the-scenes complexities of managing their email communications. Government employees generally use servers run by federal agencies where they work.

In most cases, individuals who operate their own email servers are technical experts or users so concerned about issues of privacy and surveillance they take matters into their own hands. It was not immediately clear exactly where Clinton ran that computer system.

Clinton has not described her motivation for using a private email account — hdr22@clintonemail.com, which traced back to her own private email server registered under an apparent pseudonym — for official State Department business.

Operating her own server would have afforded Clinton additional legal opportunities to block government or private subpoenas in criminal, administrative or civil cases because her lawyers could object in court before being forced to turn over any emails. And since the Secret Service was guarding Clinton's home, an email server there would have been well protected from theft or a physical hacking.

But homemade email servers are generally not as reliable, secure from hackers or protected from fires or floods as those in commercial data centers. Those professional facilities provide monitoring for viruses or hacking attempts, regulated temperatures, off-site backups, generators in case of power outages, fire-suppression systems and redundant communications lines.

A spokesman for Clinton did not respond to requests seeking comment from the AP on Tuesday. Clinton ignored the issue during a speech Tuesday night at the 30th anniversary gala of EMILY's List, which works to elect Democratic women who support abortion rights.

It was unclear whom Clinton hired to set up or maintain her private email server, which the AP traced to a mysterious identity, Eric Hoteham. That name does not appear in public records databases, campaign contribution records or Internet background searches. Hoteham was listed as the customer at Clinton's $1.7 million home on Old House Lane in Chappaqua in records registering the Internet address for her email server since August 2010.

The Hoteham personality also is associated with a separate email server, presidentclinton.com, and a non-functioning website, wjcoffice.com, all linked to the same residential Internet account as Mrs. Clinton's email server. The former president's full name is William Jefferson Clinton.

In November 2012, without explanation, Clinton's private email account was reconfigured to use Google's servers as a backup in case her own personal email server failed, according to Internet records. That is significant because Clinton publicly supported Google's accusations in June 2011 that China's government had tried to break into the Google mail accounts of senior U.S. government officials. It was one of the first instances of a major American corporation openly accusing a foreign government of hacking.

 

Then, in July 2013, five months after she resigned as secretary of state, Clinton's private email server was reconfigured again to use a Denver-based commercial email provider, MX Logic, which is now owned by McAfee Inc., a top Internet security company.

The New York Times reported Monday that Clinton exclusively used a personal email account it did not specify to conduct State Department business. The disclosure raised questions about whether she took actions to preserve copies of her old work-related emails, as required by the Federal Records Act. A Clinton spokesman, Nick Merrill, told the newspaper that Clinton complied with the letter and spirit of the law because her advisers reviewed tens of thousands of pages of her personal emails to decide which ones to turn over to the State Department after the agency asked for them.

In theory but not in practice, Clinton's official emails would be accessible to anyone who requested copies under the U.S. Freedom of Information Act. Under the law, citizens and foreigners can compel the government to turn over copies of federal records for zero or little cost. Since Clinton effectively retained control over emails in her private account even after she resigned in 2013, the government would have to negotiate with Clinton to turn over messages it can't already retrieve from the inboxes of federal employees she emailed.

The AP has waited more than a year under the open records law for the State Department to turn over some emails covering Clinton's tenure as the nation's top diplomat, although the agency has never suggested that it didn't possess all her emails.

Clinton's private email account surfaced publicly in March 2013 after a convicted Romanian hacker known as Guccifer published emails stolen from former White House adviser Sidney Blumenthal. The Internet domain was registered around the time of her secretary of state nomination.

 

Rep. Trey Gowdy, R-S.C., chairman of the special House committee investigating the Benghazi attacks, said the committee learned last summer — when agency documents were turned over to the committee — that Clinton had used a private email account while secretary of state. More recently the committee learned that she used private email accounts exclusively and had more than one, Gowdy said.

President Barack Obama signed a bill last year that bans the use of private email accounts by government officials unless they retain copies of messages in their official account or forward copies to their government accounts within 20 days. The bill did not become law until more than one year after Clinton left the State Department.

___

Associated Press writer Stephen Braun contributed to this report.

House committee subpoenas Clinton emails in Benghazi probe

By JACK GILLUM and TED BRIDIS
Published: Today 3/4/15

http://m.apnews.com/ap/db_289563/contentdetail.htm?contentguid=Fwk8oDHY

WASHINGTON (AP) - A House committee investigating the Benghazi, Libya, attacks issued subpoenas Wednesday for the emails of Hillary Rodham Clinton, who used a private account exclusively for official business when she was secretary of state - and also used a computer email server now traced back to her family's New York home.

The subpoenas from the Republican-led Select Committee on Benghazi demanded additional material from Clinton and others related to Libya, spokesman Jamal D. Ware said. The panel also instructed technology companies it did not identify to preserve any relevant documents in their possession.

The development on Capitol Hill came the same day AP reported the existence of a personal email server traced back to the Chappaqua, New York, home of Clinton. The unusual practice of a Cabinet-level official running her own email server would have given Clinton - who is expected to run for president in the 2016 campaign - significant control over limiting access to her message archives.

The practice also would complicate the State Department's legal responsibilities in finding and turning over official emails in response to any investigations, lawsuits or public records requests. The department would be in the position of accepting Clinton's assurances she was surrendering everything required that was in her control.

Congress said it learned last summer about Clinton's use of a private email account to conduct official State Department business during its investigation of the Benghazi attacks on a U.S. mission in which four Americans died.

"It doesn't matter if the server was in Foggy Bottom, Chappaqua or Bora Bora," House Speaker John Boehner said. "The Benghazi Select Committee needs to see all of these emails, because the American people deserve all of the facts."

The chairman of the Benghazi committee, Rep. Trey Gowdy, R-S.C., told reporters: "I want the documents. Sooner rather than later."

Democrats called it a fishing expedition.

"Everything I've seen so far has led me to believe that this is an effort to go after Hillary Clinton, period," said Rep. Elijah Cummings of Maryland, the top Democrat on the committee.

The questions about Clinton's email practices left the Obama administration in an awkward position. At one point, the State Department directed reporters to contact Clinton, who has not publicly commented about her emails. The White House said it was her responsibility to make sure any emails about official business weren't deleted from her private server.

Meanwhile, the AP said it was considering legal action under the Freedom of Information Act against the State Department for failing to turn over some emails covering Clinton's tenure as the nation's top diplomat after waiting more than one year. The department has never suggested that it doesn't possess all Clinton's emails.

It was not immediately clear exactly where Clinton's computer server was run, but a business record for the Internet connection it used was registered under the home address for her residence as early as August 2010. The customer was listed as Eric Hoteham.

An aide to then-first lady Clinton was identified in a 2002 congressional report as Eric Hothem, whose name is spelled differently than in the Internet records. Hothem, a financial adviser in Washington, was not available to take an AP reporter's phone call at his office Wednesday. He was a special assistant to Clinton as far back as 1997 and considered one of the family's information technology experts.

A parody Twitter account for Hoteham appeared Wednesday after the AP cited the records, sending satirical tweets supporting Clinton's campaign. Hoteham's name had not appeared with that spelling in public-record databases, campaign contribution records or online background searches.

In most cases, individuals who operate their own email servers are technical experts or users so concerned about issues of privacy and surveillance they take matters into their own hands.

Clinton - who emailed so frequently using her BlackBerry as secretary of state that it became an Internet meme - is particularly sensitive about disclosures of personal files based on her experiences in confronting congressional investigations and civil lawsuits during her husband's election and presidency and her own roles as first lady, senator, presidential candidate and Cabinet official.

State Department spokeswoman Marie Harf said Clinton as Cabinet secretary never used a government email account on the agency's separate network for sharing classified information, which Clinton would have been prohibited from forwarding to her private email account.

"She had other ways of communicating through classified email through her assistants or her staff, with people, when she needed to use a classified setting," Harf said.

Most Internet users rely on professional outside companies, such as Google Inc. or their own employers, for the behind-the-scenes complexities of managing their email communications. Government employees generally use servers run by federal agencies where they work. Clinton's email practices appear to be far more sophisticated than some politicians, including Mitt Romney and Sarah Palin, who were found to have been conducting official business using free email services operated by Microsoft Corp. and Yahoo Inc.

Clinton has not described her reasons for using a private email account - hdr22@clintonemail.com, which appears to include a nod to her middle name, Diane. A spokesman for her did not respond to requests seeking comment from the AP on Tuesday or Wednesday.

Operating her own server would have afforded Clinton additional legal opportunities to block government or private subpoenas in criminal, administrative or civil cases because her lawyers could object in court before being forced to turn over any emails. And since the Secret Service was guarding Clinton's home, an email server there would have been well protected from theft or a physical hacking.

But homemade email servers are generally not as reliable, secure from hackers or protected from fires or floods as those in commercial data centers.

The Hoteham registration is also associated with a separate email server, presidentclinton.com, and a nonfunctioning website, wjcoffice.com, all linked to the same residential Internet account as Mrs. Clinton's email server. The former president's full name is William Jefferson Clinton.

Hothem, the former Clinton aide, surfaced in at least two Clinton administration controversies. A congressional report in 2002 investigating pardons said a Citibank account linked to Hothem wired $15,000 to President Clinton's brother, Roger, in March 2001, while investigators were trying to compel Roger Clinton to testify about his role in several pardon cases. The president's lawyer told investigators the money came from a personal account of the Clintons and was intended for Clinton's brother to hire a lawyer.

In early 2001, Hothem was also named by a former White House chief usher as saying the Clintons were permitted to take furniture when they left the White House that later was determined to belong to the government.

Sue Hothem, his wife, is a well-known fundraiser and political consultant in Washington. Last year, she was named a vice president for the technology lobbying group TechNet. It said she previously headed development efforts for the Democratic Leadership Council and the Progressive Policy Institute.

Mrs. Clinton's email options included using an official State Department account or even a secret agency email address, which the AP revealed in 2013 as a common practice across the U.S. government and by previous administrations. Many senior U.S. officials use alternate addresses that aren't disclosed to the public for official business so they are not inundated with unwanted messages.

But the State Department's email system might not have been attractive to Clinton because it is frequently targeted by hackers. The AP revealed in 2006 and 2014 that the agency had suffered significant electronic break-ins. In the most recent incident, the department took the unprecedented step of shutting down its entire unclassified email system. While Clinton was secretary of state in 2010, a U.S. soldier, Chelsea Manning, stole 250,000 diplomatic cables and turned them over to WikiLeaks, which published them online.

___

Associated Press writers Stephen Braun, Matthew Daly and Donna Cassata contributed to this report.

Clinton’s E-Mail System Built For Privacy Though Not Security

http://www.bloomberg.com/news/articles/2015-03-04/clinton-s-e-mail-system-built-for-privacy-though-not-security

Bloomberg 3/4/15

(Bloomberg) -- A week before becoming Secretary of State, Hillary Clinton set up a private e-mail system that gave her a high level of control over communications, including the ability to erase messages completely, according to security experts who have examined Internet records.

“You erase it and everything’s gone,” Matt Devost, a security expert who has had his own private e-mail for years. Commercial services like those from Google Inc. and Yahoo! Inc. retain copies even after users erase them from their in-box.

Although Clinton worked hard to secure the private system, her consultants appear to have set it up with a misconfigured encryption system, something that left it vulnerable to hacking, said Alex McGeorge, head of threat intelligence at Immunity Inc., a Miami Beach-based digital security firm.

The e-mail flap has political significance because Clinton is preparing to announce a bid for the Democratic nomination for president as soon as April. It also reminds voters of allegations of secrecy that surrounded Bill Clinton’s White House. In those years, First Lady Hillary Clinton fought efforts by some White House advisers to turn over information to Whitewater investigators and, later, sought to keep secret records of her task force on health-care reform.

Representative Trey Gowdy, a South Carolina Republican who leads a special committee looking into the events surrounding the 2012 terrorist attack at a U.S. diplomatic facility in Benghazi, Libya, said he will subpoena Clinton’s e-mails.

“We’re going to use every bit of legal recourse at our disposal,” Gowdy said Wednesday during an interview on CNN.

Private Service

The committee also said Wednesday that it has discovered two e-mail addresses used by Clinton while secretary of state.

Nick Merrill, a Clinton spokesman, didn’t immediately respond to a request for comment, though he said in a statement Tuesday that her practices followed “both the letter and spirit of the rules.”

Setting up a private e-mail service was once onerous and rare. Now, it’s relatively easy, said Devost, president of FusionX LLC, based in Arlington, Virginia.

“There are tons of disadvantages of not having teams of government people to make sure that mail server isn’t compromised,” McGeorge said. “It’s just inherently less secure.”

Former Florida Governor and likely 2016 Republican presidential candidate Jeb Bush used a personal e-mail while he was governor and has done so since, according to his spokeswoman, Kristy Campbell. He kept a server he owned in his state office and didn’t have a private server at home, Campbell said in a phone interview.

Bush E-Mails

Bush differed from Clinton in that it was known he was using a personal e-mail, his aides had regular access to the server and “his office consistently throughout his term complied with Florida’s public records laws,” Campbell said.

In order to ensure her e-mails were private, Clinton’s system appeared to use a commercial encryption product from Fortinet -- a good step, McGeorge said.

However, when McGeorge examined the set-up this week he found it used a default encryption “certificate,” instead of one purchased specifically for Clinton’s service. Encryption certificates are like digital security badges, which websites use to signal to incoming browsers that they are legitimate.

“It’s bewildering to me,” he said. “We should have a much better standard of security for the secretary of state.”

Confirmation Hearing

Clinton’s private e-mail -- hdr22@clintonemail.com -- was on a domain set up Jan. 13, 2009, the same day a Senate committee held her confirmation hearing. She was confirmed and sworn in on Jan. 21 as President Barack Obama’s first Secretary of State.

It’s entirely possible that Clinton had a private e-mail system set up at her home as a way to maintain administrative and legal control over her communications, said Tim “T.K.” Keanini, chief technology officer for network security company Lancope Inc. based in Atlanta.

“What we know is that she cared about that communication channel so much that she went out of her way,” and likely hired an expert to configure it for her, Keanini said in a phone interview.

Even so, there’s no guarantee she had complete control over what happened to the e-mails, Keanini said.

Keanini searched Internet records to determine that the computer server supporting Clinton’s e-mail was located in her hometown of Chappaqua, New York. An exact physical address could not be determined. The Internet Protocol address for the server was registered to a person by the name of Eric Hoteham, according to the records.

Kerry’s E-Mail

Supporters note that e-mails sent to State Department employees would have been retained on the government’s system.

However, the e-mail system was also used by at least some close staff, including Huma Abedin, Clinton’s deputy chief of staff at the State Department.

Clinton has yet to speak publicly about her motivation for setting up the system or what discussions she had with her advisers at the time.

Secretary of State John Kerry is the first in his position to rely primarily on a state.gov e-mail account, Deputy Press Secretary Marie Harf said. Harf said that the State Department has “no indication that Secretary Clinton used her personal e-mail account for anything but unclassified purposes.”

While Clinton didn’t have a classified e-mail system, she had multiple ways of communicating in a classified manner, including assistants printing documents for her, secure phone calls and secure video conferences.

Top Aide

Clinton’s top aide during that period, Cheryl Mills, is a respected scandal-defense lawyer. As a member of the White House counsel’s office, Mills helped guide President Bill Clinton through a series of investigations in the 1990s and won praise for her performance in successfully defending him when the Senate voted not to remove him from office in 1999.

Mills would go on to combine two of the most powerful posts at the State Department -- chief of staff and counselor -- under Hillary Clinton. In that job, she spoke for Clinton on management matters within the department.

Mills didn’t reply to an e-mail seeking comment.

Not long after resigning as secretary of state, Clinton’s private e-mail service was transferred to a commercial provider, MX Logic, Devost said.

“The timing makes sense,” Devost said. “When she left office and was no longer worried as much about control over her e-mails, she moved to a system that was easier to administer.”

Encrypted Connection

It took less than a day for researchers to find potential problems with the Clinton’s system.

Using a scanning tool called Fierce that he developed, Robert Hansen, a web-application security specialist, found what he said were the addresses for Microsoft Outlook Web access server used by Clinton’s e-mail service, and the virtual private network used to download e-mail over an encrypted connection. If hackers located those links, they could search for weaknesses and intercept traffic, according to security experts.

Using those addresses, McGeorge discovered that the certificate appearing on the site Tuesday appeared to be the factory default for the security appliance, made by Fortinet Inc., running the service.

Those defaults would normally be replaced by a unique certificate purchased for a few hundred dollars. By not taking that step, the system was vulnerable to hacking.

Fortinet Statement

It’s unclear whether the site’s settings were the same before news of the private e-mail account emerged this week.

Fortinet issued a statement saying it wasn’t aware the company’s technologies were used by Clinton.

“If they were, our recommendation is to replace provided self-signed certificates with valid digital certificates for the protected domains,” said Andrea Cousens, a Fortinet spokeswoman.

“It may have fallen in the realm of acceptable risk,” Devost said. “They wanted to make sure that when she was in Egypt all of the traffic from her phone to the mail server was encrypted and that was their priority.”

To contact the reporters on this story: Michael Riley in Washington at michaelriley@bloomberg.net; Jordan Robertson in Washington at jrobertson40@bloomberg.net; Chris Strohm in Washington at cstrohm1@bloomberg.net

To contact the editors responsible for this story: Jon Morgan at jmorgan97@bloomberg.net; Craig Gordon at cgordon39@bloomberg.net Michael Shepard