No, we still don’t know where the Clinton server is, was, has been [UPDATED]

| March 12, 2015

Not her actual server. But it could be.


[UPDATE 03/12/15 1657 MDT]

A “Democratic source” is just now saying that the server was bought with personal funds and was for President Clinton’s office in the Chappaqua house. This sounds like an attempt to fend off any subpoena request based on it having been purchased and/or housed at taxpayer expense. In short, I take this with a large grain of salt; one has only to remember the infamous Rose Law Firm billing records that — after being subpoenaed — somehow vanished for two years and then magically reappeared in the White House itself. I strongly suspect that this sudden disclosure was made due to James Rosen’s article over at Fox News, which Drudge linked to.


[made a few minor edits & added a few links]

Hillary Clinton carried off some wonderful sleight-of-hand at the UN press conference (this line edit by Molly Hemmingway demonstrates some of the problems with HRC’s answers); one of the best was over the question of just where this legendary server has been located. This was so effective that I had an excellent journalist from a major news organization tell me that HRC said at the press conference that the server is at her home in Chappaqua.

HRC said no such thing.

At the press conference, what HRC did say was:

It was on property guarded by the Secret Service.

And in the FAQ released by the Clinton team after the press conference, it says:

Where was the server for her email located?

The server for her email was physically located on her property, which is protected by U.S. Secret Service.

Keep in mind that we’re dealing with a lawyer who also happens to be Hillary Clinton — a person not always known for her forthrightness and accuracy when it comes to discussing her own personal and professional behavior. That said, let’s look at at least four locations that could be considered “her property”:

I daresay that all four locations would be considered “guarded” or “protected” by the U.S. Secret Service. There could well be other leased office space that is not publicly known but that HRC would feel comfortable calling “her property”.

HRC at the press conference said, “Well, the system we used was set up for President Clinton’s office.” The FAQ actually words it a bit differently, though: “The security and integrity of her family’s electronic communications was taken seriously from the onset when it was first set up for President Clinton’s team.” So it is unclear whether “system” refers to the actual physical server or not, or merely the general precautions made for internet access and related technologies. Likewise, it is also unclear whether “President Clinton’s office” refers to his office at the Clinton Foundation, at the home in Chappaqua, or at the home in Washington DC, or any combination thereof.

Finally, there is no indication as to whether the server might have been moved from one location to another. Given WJC’s professed lack of e-mail usage, the computer could well have been moved from, say, the Chappaqua home or the Clinton Foundation offices to the Washington DC home during HRC’s time as SecState, and then moved back.

Another question — which I’ve seen someone else raise (sorry, can’t find the link) — is the age and technology of the e-mail server. Assume for a second that HRC in fact did have the domain hosted on a “[computer] system…set up for President Clinton’s office”.  We are talking about a computer that might have been set up as early as 2001 (right after WJC left office) or 2002 (when the Clinton Foundation offices were set up), and probably not much later than that. Remember, the FAQ talks about “when it was first set up for President Clinton’s team”, while HRC at the press conference said, ” So, I think that the — the use of that server, which started with my husband….” If that’s the case, then when HRC becomes SecState in 2009, that computer is already five (5) to seven (7) years old. That is old in terms of computer technology.

I have a hard time imagining any person with serious IT expertise recommending using a 5-to-7-year-old computer to host the Secretary of State’s official e-mail domain over the coming four (4) years, even with upgrades to the computer itself (more memory, new hard drive, upgraded OS). It would make far more sense to buy or build a brand new system, both for technological and for security reasons, especially given how cheap computer hardware is.

The alternative explanation is that this did, in fact, happen — that is, sometime just prior to HRC being confirmed at SecState, WJC got a brand new server — possibly even in anticipation of HRC’s confirmation. In terms of timeline, this might tie into the block of static IP addresses registered to ‘Eric Hoteham’ in February 2008, one of which shows up as being associated with for five months in 2010 (see my post here). Or it might not. It could be that the server was replaced (“additional upgrades”) during the course of those four years. We just don’t know, because HRC refuses to given any details or explanations about the private server from which she (by her own admission) sent over 30,000 e-mails directly related to her position as U.S. Secretary of State, or about the actual internet connection it used, or about the security protections on it, or about anything else related to it.

Now, HRC states that she has deleted all the “personal” e-mails on the server — apparently without ever reading them. Since she negotiated and turned over printouts of another 30,000+ e-mails related to her time as SecState, I suspect they are no longer on the server, either. So what is left on the server? Probably nothing, outside of the operating system and some applications. (Hopefully, no web browsers; as I mentioned in an earlier post on this subject, browsing the internet directly from a ‘protected’ server is a very bad idea.) There are plenty of free and commercial utilities to “clean up” a computer system — delete system log files, update and/or clear out file metadata, remove “deleted file” information from system directories, and wipe clean unallocated disk space on the hard drive(s) to prevent forensic recovery of files. I suspect all that has been done, and was done months ago.

But forensic examination of a computer system will show if that has been done. In other words, a third-party examination of the server almost certainly would not produce any useful information at this point except for this:  that steps were taken to remove all useful information from the server. The explanation will be that it was done for security reasons (“We had to remove all traces of the official State Department communications”) but the optics will be bad.

Interesting times still ahead.  ..bruce..

[Here are all posts related to the Clinton e-mail issue.]

Be Sociable, Share!

Category: 2016 Election, Clinton E-mails, Information Technology, Pitfalls

About the Author ()

Webster is Principal and Founder at Bruce F. Webster & Associates, as well as an Adjunct Professor of Computer Science at Brigham Young University. He works with organizations to help them with troubled or failed information technology (IT) projects. He has also worked in several dozen legal cases as a consultant and as a testifying expert, both in the United States and Japan. He can be reached at, or you can follow him on Twitter as @bfwebster.