61 comments

[ 3.3 ms ] story [ 133 ms ] thread
As much as I hate HRC, I really don't think the email issue is ever going to lead to anything. Not for her at least. Some poor IT guy may get it in the end, but it's painfully obvious the same rules do not apply to elected officials as they do to the rest of us.
None of these suggestions were particularly helpful, I doubt he was successful in scrubbing these addresses.
Oh, are all your old emails regularly examined by the FBI and a hostile press, and published across global media? When did you testify to Congress about it?
I'm not an American, and I am not very sure if my view is correct. But is the press really hostile to HRC?
At first I thought this was a total hoax, but the account has been deleted and the incriminating posts are over 2 years old. Here is a pastebin I found of online information linking all his profiles together: http://pastebin.com/NmXcUC1X

This is pretty incriminating.

> This is pretty incriminating.

It is, but it isn't.

One could argue that someone, let's say Bob, happened to overhear some guy named Paul needing to do exactly this. He overheard it at a bar.

Bob then thought "oh, well if it's someone really VIP, this could make for some good lulz with my efriends. Who does Paul work for that is _really_ VIP? Let me Google Paul."

"Oh, here's his email address... stonetear@gmail.com. I wonder if he's on reddit. ... Guess not. Let's make a post that's pretty obviously incriminating."

I think that'd be the first argument made, at least. IANAL, but I do have some courtroom experience.

An IP is also not a person, https://torrentfreak.com/ip-address-not-person-140324/

Stonetear's post history spans for years, is quite extensive, and includes photos of himself and his family, and references to a car and other items, all of which apparently match up to the subject in question. I became pretty convinced within a few minutes of reading it (and checking the primary material to see if it checked out, which it has so far). If true, this is incredible, that a subreddit was able to uncover publicly available evidence that the FBI missed.
It isn't court of law incriminating, but it's more than enough for the court of public opinion.
> It isn't court of law incriminating, but it's more than enough for the court of public opinion.

I doubt it; its reinforcing for the people that are already inclined to the belief and so need no additional evidence, and not likely to be particularly interesting to most of the rest of the public (who, in any case, has pretty much tuned out the whole issue by now.)

Which is probably all that matters here. I can't imagine Clinton ever seeing serious legal punishment for this stuff regardless of proof, and Mr. Combetta has been granted immunity, but this stuff will definitely affect the election.
Based on what? I mean this would seem to be in the circumstantial category, but that can be evidence. It seems kind of relevant that the guy who just pleaded the 5th to avoid incriminating himself about Hillary's server logs asked this specific question - though not a smoking gun.

I'm also curious of those who think that this was 2 years ago makes it irrelevant... are you guys suggesting that if Hillary's team were committing blatant felonies they wouldn't make any effort to clean up the trail until after it hit the front page? (by if I mean the material conditional)

(comment deleted)
About the Pontiac Aztec mentioned in that post, some 4chan user found 2012 Google street-view images of what is/was apparently his house (there was a Paul R Combetta that lived there) with a Pontiac Aztec in the driveway (he asked for help with his Aztec in /r/cartalk 3 years ago)
I don't want to speculate on who's account this is, and perhaps I'm missing something, but tokenizing the to/from addresses sounds like exactly the sort of thing you'd want to do before publicly releasing a lot of emails.

Replacing VIP@example.com with ##VIP1## allows you to release the messages without revealing the email addresses of every person they've ever interacted with.

It also would be a good idea if you're doing this to solicit opinions about it in order to prove to a judge or grand jury that you're following some form of best practices to do this rather than just making up shit on your own.

Of course it should have really been done from a throw-away to avoid precisely this kind of spectacle from the general public.

The one thing I'll say is that clearly this IT guy really is an IT guy and is completely clueless about optics.

This isn't incriminating at all. There's no mention of changing the content/body, only removing her address from the to/from fields. That's a sensible thing to do if she doesn't want her private email address to be public knowledge, and the presence of her address in the to/from field can be inferred since, you know, it's her inbox.

I feel like Hillary could hire someone to take her dog for a walk and millions of people would find it corrupt and scandalous for some reason.

Removing her address isn't a big deal.

However the part about the 60 day retention policy and the user being able to choose which emails are saved past that policy might well lead to valid questions about the decision process on what was and was not retained.

Sure it is. It means Hillary sent emails that appeared to not be from her when they were, meaning they are emails out there relevant to the FBI investigation that were never included. I doubt this fact came out during their investigation. It also means that the data Hillary herself had to turn over was incomplete, since she could have left out lots of emails that "weren't hers" because the sender address was different.
This seems to have taken place in July 2014, which is many months before the emails went missing (Mar. 2015). Even taking into account that he was apparently instructed to delete the email in Dec. 2014 (and forgot to), it still leaves a large amount of time between these two incidents.
Look at the timing as laid out in

http://www.zerohedge.com/news/2016-09-19/dear-fbi-does-const...

and it's more clear.

Timeline here: http://www.zerohedge.com/news/2016-09-02/fbi-report-shows-ho...

But The Hill has the more important detail:

http://thehill.com/policy/national-security/296680-house-pan...

"The Reddit message was sent on July 23, 2014, according to an archive of the page saved by other users. The day before, the Benghazi Committee had reached an agreement with the State Department on the production of related records, according the FBI's investigation into Clinton's use of the server."

Let's not forget, Combetta didn't have a security clearance.. just immunity.
Maybe I'm completely ignorant of the situation, but it just sounds like he was trying to keep some email addresses private, in anticipation of some kind of potential release. Is that bad?
Yes it's pretty clear that the content of the email is not to be adjusted, just the To/From fields.

This seems to be legitimate work before an anticipate public release of email.

If that were true, why did he specifically ask for help to "strip out or replace the email address in the to/from fields in all of the emails".

source: reddit via http://redstatewatcher.com/article.asp?id=38414

> > Yes it's pretty clear that the content of the email is not to be adjusted, just the To/From fields.

> If that were true, why did he specifically ask for help to "strip out or replace the email address in the to/from fields in all of the emails".

What your quote said he asked for help to do is exactly what GP suggested was the only thing he was trying to do.

So, what you say he asked is exactly what you'd expect if he was trying to do only what GP suggested.

Oh right I had that exactly backwards... I apologize, it's been long day.

It does make me wonder why this matters, though. Ripping the to/from from an export would be trivially easy. He wanted to strip it from the server for some reason. So that doesn't make me feel better... isn't it what you would do to prevent emails from being discovered. I mean if they wanted to sanitize files after export, it's just bulk search and replace, right?

> Ripping the to/from from an export would be trivially easy. He wanted to strip it from the server for some reason.

He wanted to strip it from a file that remained otherwise in the same format as was stored on the server; perhaps it was expected that there would be an electronic release in that format rather than plain text, perhaps he just had a suboptimal preparation-for-release workflow (redact the mailbox copy -> export as text) rather than the reverse.

Yeah, while I'm sorry for my other, idiotic comment in sub-thread thread... I don't understand how you could think that's "pretty clear".

Why would he seek help on doing it in a way that is difficult to impossible, compared to redacting/tokenizing after export? That makes zero sense. On the other hand, doing it this way would prevent the normal justice-based extraction procedures from working, because subpoenas are specific to people usually. I can't see any advantage of doing the hard way, other than that... it's hard for me to imagine a lawyer or professional investigator employee making direct use of a PST file or the equivalent.

There's now a post in /r/exchangeserver that's making fun of this old post[1], but is there a link to the original (or has the post been deleted?).

I'm still rather skeptical of things I read on /r/conspiracy.

1. https://www.reddit.com/r/exchangeserver/comments/53ick9/remo...

This actually surfaced on many different sub-reddits, but kept getting removed due to the 'anti-doxxing' policy, which I think is generally a good policy to have, but in this case the whole point of the story is linking a real world person to an online alias.

Anyway, I don't have a horse in this race, just thought it was an interesting story both politically and from a security perspective.

I believe it, but can't he just claim coincidence on the Reddit handle?
Unless Reddit was subpoenaed and they linked his account with a known email of his.
Supposedly post history/images confirm it was his.
This seems like enough to demonstrate intent (the big thing they couldn't prove previously) is there any reason this isn't enough evidence to open a case by the justice department?
(comment deleted)
Yes, Obama endorsed HRC.
How does the President get to dictate how the Justice dept rules? The executive and judicial branches are separate
(comment deleted)
You clearly haven't followed this Administration's activities much. Executive overreach is a daily activity the past 8 (actually 16) years.
The last 8 have been worse than the 8 before, though. (And my strong suspicion is that the next 4 or 8 are going to be worse than the last 8, no matter who wins.)
(comment deleted)
Exactly why I thought HN might find this story interesting, the 'we did it reddit!' factor is funny in light of the many times they've gotten things horribly wrong -- the Boston marathon bombing comes to mind.

Kind of wish it hadn't been flagged and disappeared from the front page so quickly.

Improperly marking a similar post this morning as a "dupe" didn't work -- https://news.ycombinator.com/threads?id=threepipeproblm -- so people who don't want to hear this seem to have "flagged" it as off topic?

Meanwhile, some recent HN topics that were not flagged as off topic include:

* The '80s Public Access Films Produced by a California UFO Cult

* Affliction and Salvation: Love Was a Learned Art for Iris Murdoch

* My Motherland: Finding–and writing–the worlds where only I had been

* Plaster Perspectives on “Magical Gems”: Rethinking the Meaning of “Magic” in Cornell’s Dactyliotheca

* I quit my job, bought an army truck, and spent 19 months circumnavigating Africa

* The Real Lolita

So two points --

(a) I am not a Republican; and

(b) This seems deeply broken at best.

Can anyone convince me it isn't a form of censorship? I'm not too familiar with HN's moderation setup.

HN loves the establishment. They are getting rich, why would they want to shake things up?
Ah the first person to downvote this has no actual defense of it... I was legitimately asking, open to me having misinterpreted this but I'd like know how
I'm not one of the people to flag or downvote this, but all the post shows is that he wanted to keep some email addresses private. I'm not sure why people think this is a smoking gun? I get that people hate HRC, but how is a desire to tokenize email addresses noteworthy?

Edit: Also, the title doesn't fit the post.

Maybe because (a) he didn't use the language of tokenization, he asked how to "strip out or replace the email address in the to/from fields in all of the emails", and

(b)He just plead the 5th on questions involving whether or not he complied with the investigation legally, which people normally do to avoid incriminating themselves.

At least that's how I understand the situation.

> he didn't use the language of tokenization

If by that you mean he didn't say "tokenization" specifically, sure. But "strip out or replace the email address in the to/from fields in all of the emails" sounds kind of like tokenization, doesn't it? Sounds to me like how I might ask about it if I don't know the exact words for it.

All I know for certain is that I sure hope nothing important ever rests on the exact phrasing of something I've written on reddit.

OK, we'll try overriding some of the user flags and see how the discussion goes.

We detached this subthread from https://news.ycombinator.com/item?id=12534132 and marked it off-topic.

Huge props to you for this. I think this is relevant news for HackerNews, but I suspect people flag it due to other reasons.
Assuming it's true it isn't incriminating but it does kind of make him look like an idiot. Posting to reddit anything about a VIP seems like a bad idea. Posting it under a username you use all over the internet is even worse. I think it adds to the list of bad decisions HRC and her subordinates have made regarding email in specific and technology in general.