Information pieced together from Hillary Clinton's trove of released email suggests that her request for a secure Blackberry may have followed an intrusion into her system during a trip to Asia, according to an analysis by a former Homeland Security official.
"There now seems to be a very real probability that Hillary Clinton rushed to install an encryption certificate in March 2009 because the U.S. intelligence community caught another country reading Clinton's unencrypted messages during her February 16-21, 2009, trip to China, Indonesia, Japan, and S. Korea," wrote Stewart Baker, a former assistant secretary for policy at the Department of Homeland Security, in a column for the Washington Post.
Clinton in 2009 asked the National Security Agency to create a secure Blackberry for her to use while traveling. The agency refused to give her one of the devices, citing its nearly $5,000 cost.
That request came months after Clinton began using the private server stored in the basement of her home, a fact just revealed last month. The timing, Baker notes, calls into question why Clinton suddenly felt a seemingly-spontaneous need to heighten security.
A staff memo describing a March 11, 2009 meeting at the State Department may have shed light on the issue. Baker recounted that "her attention was drawn to a sentence that indicates we [the diplomatic security office] have intelligence concerning … vulnerability during her recent trip to Asia."
"Eighteen days later, Clinton's server acquires a digital certificate supporting TLS encryption, closing the biggest security hole in her server," Baker recounts. "Did our agencies see Clinton's unencrypted messages transiting foreign networks? Did they spot foreign agencies intercepting those messages? It's hard to say, but either answer is bad, and the quick addition of encryption to the server suggests that Clinton saw it that way too."
"Getting a digital certificate to support encryption is hardly a comprehensive response to the server's security vulnerabilities," Baker added. "So who decided that that was all the security it needed? How pointed was the warning about her Asia trip? Does it expand the circle of officials who should have known about and addressed the server's insecurity? And why, despite evidence that Clinton was using the server in connection with work in January and February, did Clinton turn over no emails before March 18?"
"They do suggest that the investigation should be focusing heavily on who did what to clintonemail.com in January through March of 2009," Baker concluded.