For 7:20 Call: JDP MTP Memo & Attachments

From:mfisher@hillaryclinton.com To: jpalmieri@hillaryclinton.com, tcarrk@hillaryclinton.com, creynolds@hillaryclinton.com, bfallon@hillaryclinton.com, slatham@hillaryclinton.com CC: john.podesta@gmail.com Date: 2015-12-20 02:00 Subject: For 7:20 Call: JDP MTP Memo & Attachments

Hi all- I've attached JDP's MTP memo for your review in advance of tomorrow's 7:20 am prep call. It contains background, logistics, and run of show. Also attached: V. ATTACHMENTS: • Other Sunday Shows (FYI) [in main memo] • Three Data Breach HFA Statements [in main memo] • Friends & Allies TPs, Pre-Debate • Friends & Allies TPs, Post-Debate [TK] • HRC Morning Communications Memo— December 19th • NH Political Briefing I also sent him blog posts from Jennifer and from Amy Dacey for additional background on the data breach. Pasted below. The call will take place at 7:20 am tomorrow. Dial in: 1 (718) 839-6957 // no pin Thank you! Milia Four Questions Bernie Sanders Needs to Answer By Jennifer Palmieri <https://twitter.com/JmPalmieri> We’re glad that the Sanders campaign and DNC reached an agreement last night and that the Sanders campaign has agreed to an independent audit of the data breach. This saga - and having our campaign’s hard work violated by the Sanders’ campaign - has been disturbing to our campaign and the volunteers who worked hard to build a strong organization. But it has also been a distraction from the issues that the American people care about. We think those issues should be the focus of the debate tonight: issues like raising wages, access to healthcare, and keeping America safe. However, given news that Senator Sanders and his team apparently want to make this topic the centerpiece of their debate strategy <http://www.politico.com/story/2015/12/sanders-gets-the-fight-he-wanted-216965#ixzz3umM1GWEH>, here are some questions that should be on the table. *1: Why'd your campaign say you didn't store anything?* <https://www.washingtonpost.com/politics/dnc-sanders-campaign-improperly-accessed-clinton-voter-data/2015/12/17/a2e2e14e-a522-11e5-b53d-972e2751f433_story.html> <http://t.sidekickopen32.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJW7t5XZs2zWYTbN3MPm7jdVn3dVQsyTK56dBQXf3znM2n02?t=https%3A%2F%2Fwww.washingtonpost.com%2Fpolitics%2Fdnc-sanders-campaign-improperly-accessed-clinton-voter-data%2F2015%2F12%2F17%2Fa2e2e14e-a522-11e5-b53d-972e2751f433_story.html&si=5269663110135808&pi=136acf21-1678-4515-c000-39c5f296b0ad> The Sanders campaign was able to access (and save) 24 different lists of proprietary Clinton campaign information, as seen in their NGPVAN activity logs. Here, for example, is a Sanders staffer searching for and saving <http://www.scribd.com/doc/293643104/Sanders-Campaign-Audit-Sheet-1>a list of voters that the Clinton campaign identified as persuadable in Iowa. [image: Capture (1)] <https://m.hrc.onl/briefing/Capture-1.png> Let’s be clear about how the VAN system works: when you look at the log, “saving” means an attempt to store the data to your own account–and there are reports that there were preliminary attempts to export the data into excel sheets. They knew what they were doing. Which brings me to my next point. *2: Why'd your campaign claim it was an accident?* In an interview with Bloomberg yesterday, Tad Devine claimed this was all a “mistake.” <http://www.bloomberg.com/politics/videos/2015-12-18/tad-devine-dnc-s-grinding-our-campaign-to-a-halt>A mistake? NGPVAN’s audit found that Sanders staffers conducted 25 targeted searches of Clinton campaign data, just like the example above. Let me reiterate what this being a “mistake” would mean. Take a look at this pull out from the audit activity logs. [image: Capture] <https://m.hrc.onl/briefing/Capture.png> For this to be a “mistake,” the Sanders campaign would have had to accidentally… - Searched for the voters we've identified as being unlikely to support Hillary Clinton in the South Carolina primary - Saved that list into their own account folder - Searched for the voters we've identified as supporters who are very likely to turn out to vote in the South Carolina primary - Saved that list into their own account folder - Searched for the voters we've identified as supporters who are unlikely to turn out to vote in the South Carolina primary This is just a sample. They pulled *21 more lists.* That seems hardly accidental to me. *3: Why did the Sanders campaign claim that only <http://gawker.com/report-bernie-sanders-campaign-improperly-accessed-c-1748653937>**one staffer was involved <http://gawker.com/report-bernie-sanders-campaign-improperly-accessed-c-1748653937> in accessing Clinton campaign data?* Contrary to their claims, there were four <http://abcnews.go.com/Politics/documents-show-sanders-staffers-accessed-clinton-voter-data/story?id=35846799>staffers involved. In fact, from the audit logs provided by NGPVAN, the staffer they fired wasn’t even the person involved in accessing the most data. *4. Why did your campaign claim that the "one staffer" was junior level? <http://www.mprnews.org/story/2015/12/19/npr-bernie-sanders-access-restored>* In initial reports, the Sanders campaign claimed that the “single staffer” involved in accessing Clinton campaign data was at the junior level. Tad Devine even went so far as to say that he’d never met the guy. Josh Uretsky, the staffer who was fired, was the campaign’s most senior data strategist. <https://www.linkedin.com/in/josh-uretsky-a165825> From his Linkedin page: [image: Capture (2)] <https://m.hrc.onl/briefing/Capture-2.png>Our data director is involved in our strategic, day-to-day decision making. That’s a pretty broad interpretation of junior. *In conclusion...* To most voters, this will all seem pretty arcane. They care about raising wages for their family. They care about security for their family. They care about who’s going to keep them safe. They certainly don’t spend much time thinking about campaign data theft. With that said, if Senator Sanders intends to make his campaign’s theft of our data a rallying point, he should have to answer these questions. His campaign took advantage of a security flaw to access and retain proprietary Clinton campaign information. We don’t know if they still have it. Those are all facts. No amount of misdirection changes those facts. We look forward to tonight’s debate. *Here’s what happened with NGP VAN, the Sanders Campaign, and the Clinton Campaign* *By AMY DACEY* *And here are the steps we are taking to address the problem* The Democratic National Committee, through its software partner NGP VAN, provides tools for Democratic campaigns that are invaluable and second to none. This week, there was error with that system, however, which led to an incident involving the Sanders campaign. We want to lay out exactly what happened so that people better understand why the DNC needed to suspend the Sanders campaign’s access to our system and how we’ve been working to fully resolve a serious problem — and get everyone back to work electing a Democrat to the White House in 2016. On Wednesday morning, NGP VAN applied a new software patch to the DNC’s voter database system, and because of an error in the code, users were capable of accessing some limited, yet extremely valuable information belonging to other campaigns for a very brief window of time. Even though the glitch opened access, users still needed to take deliberate steps to seek out such information. *It’s important to make a few things clear from the start. At no point were donor records, financial information, or volunteer data exposed between campaigns. At no point was any data exposed to the public. With the correction of the glitch and further audits by NGP VAN, we are confident now that the data within the system is secure.* Once NGP VAN had taken steps to contain the glitch, the DNC directed NGP VAN to conduct a thorough analysis to: - Identify any users who may have accessed information from another campaign inappropriately, - Pinpoint exactly what actions any such users took in the system, and - Report these findings to the DNC so we would know what, if any, data was actually acquired. As a result of this analysis, NGP VAN found that campaign staff on the Sanders campaign, including the campaign’s national data director, had accessed proprietary information about which voters were being targeted by the Clinton campaign — and in doing so violated their agreements with the DNC. These staffers then saved this information in their personal folders on the system, and over the course of the next day, we learned that at least one staffer appeared to have generated reports and exported them from the system. None of this is in dispute. It’s fully documented in the system logs. And these details reveal nothing less than a serious violation of the agreements governing the use of this data. Underscoring that fact is the point that the Sanders campaign has fired their national data director and indicated further disciplinary actions may be taken pending the results of their own investigation. *When we understood what initially happened, we asked the Sanders campaign to tell us who exactly accessed Hillary for America information, share their understanding of what data was accessed, describe what was done with that information, and detail how the campaign intended to discipline the staffers involved.* On Thursday, further NGP VAN analysis revealed that it was very likely that a user had taken data out of the system during the breach. Upon learning that, the DNC had to suspend the Sanders campaign’s access to the voter file to ensure the integrity of the system. This action was not taken to punish the Sanders campaign — it was necessary to ensure that the Sanders campaign took appropriate steps to resolve the issue and wasn’t unfairly using another campaign’s data. This temporary suspension was well within the DNC’s authority. Moreover, the DNC was left with little choice in the matter when the Sanders campaign declined to respond in a timely manner to the requests for assistance with an investigation. On Thursday, the Sanders campaign did move to fire its national data director. But we still weren’t provided the information we needed from the campaign until late in the evening on Friday. Once they complied with our prior request and provided documentation that we were then able to review, we immediately restored the Sanders campaign’s access to the voter file — as was always our intention and as we had advised well before they sued the Committee. And the information obtained so far shows that the DNC’s concern to have a full, thorough inquiry was fully justified: As confirmed by the Sanders campaign in the account given the DNC Friday evening, one of the employees of the campaign involved in the misconduct tried to delete the notes they made recording their accessing of Clinton campaign data to hide his activities. The next step is to continue to investigate the incident with the help of an independent auditor. This is necessary to confirm, as the Sanders campaign has assured us, that the data that was inappropriately accessed is no longer in possession of the Sanders campaign. The Sanders campaign has agreed to fully cooperate with the continuing DNC investigation of this breach. The DNC has also instructed NGP VAN to conduct a review process of their internal procedures to identify how this mistake was allowed to happen and prevent further such mistakes. The DNC is currently beginning the process of securing an additional, independent audit by a data security firm of NGP VAN’s procedures. We are glad that all parties are moving forward and that the candidates and Democrats can refocus on engaging voters to show how our party will continue growing the economy and keep Americans safe. *Amy K. Dacey is the CEO of the Democratic National Committee.* -- Milia Fisher Special Assistant to the Chair Hillary for America mfisher@hillaryclinton.com c: 858.395.1741