Hillary Clinton was not publicly registered as the owner of the domain and server she used to operate a personal email account registered to her home, making it difficult to trace the account back to the former secretary of state, according to a CNN review of Internet business records.
Instead, Clinton’s accounts were registered under the names of aides, according to the review. She also used a proxy company to shield her involvement, a common practice among domain owners.
Clinton is under fire this week after revelations that she used her personal email server to conduct official State Department business. She had no official email at the State Department and took her email records with her when she left her post, shielding many of them from public view.
Internet business records show that the domain clintonemail.com was registered Jan. 13, 2009 – a week before she was sworn in as secretary of state. The domain was registered to Justin Cooper, a longtime adviser to former President Bill Clinton. Sec. Clinton would go on to use the email, firstname.lastname@example.org.
In 2014, after Clinton stepped down as secretary, the domain registration was changed to Perfect Privacy, a proxy company that allows domain users to shield their identities. It’s a common practice among domain owners who don’t want their personal information listed on a public database.
But through direct communication with Clinton’s email server and Internet records, CNN found that in the domain’s early days, emails went straight to a server near Clinton’s Chappaqua home. While CNN found that the email domain was registered to her home – and technical evidence suggests the emails were kept there – it is unclear whether the server was physically located at her house, or somewhere nearby. The server was registered in 2008 under the name “Eric Hoteham,” which appears to be a misspelling of Eric Hothem, a former aide to Clinton when she served as first lady. CNN has been unable to reach Hothem for comment.
Clinton took the rare step of setting up her own email rig. It’s something done by people particularly concerned about privacy or surveillance. Instead of relying on outside companies like Gmail or Yahoo to protect her data, Clinton decided to go alone.
But it only works if it’s configured correctly. CNN found that Clinton’s computer server wasn’t using trusted Web certificates – something that’s frowned upon by computer security experts. Running a personal mail server is generally harder to protect than, say, the State Department, which has a dedicated computer security team.
“It’s hard to say which is more secure,” said cybersecurity expert Martijn Grooten. “I would expect the State Department to have better security than any technical expert she would hire. But the department is also a target for hackers.”
Representatives for Clinton didn’t respond to a request for comment on this story.
On Wednesday, the House committee investigating the attack on the U.S. consulate in Benghazi subpoenaed Clinton’s communications regarding Libya and notified Internet companies that they have a legal obligation to preserve relevant documents.
Currently, emails to and from Clinton go to servers in Colorado and North Carolina operated by the cybersecurity firm McAfee. That means at least some of her emails can be accessed by congressional investigators through McAfee’s servers.
CORRECTION: This story has been updated to reflect the correct date that the domain clintonemail.com was registered.