August 21, 2015: An email reveals that every employee of the company managing Clinton’s private server can access the server through the Internet.

150815PlatteRiverEmployees

PRN grew exponentially in 2015, including a number of new employees. (Credit: Platte River Networks)

Paul Combetta, an employee of Platte River Networks (PRN), sends an email to Leif McKinley, an employee of Datto, Inc. PRN is managing Clinton’s private server, and Datto has been subcontracted by PRN to provide back-up for the server. Combetta writes: “We are trying to tighten down every possible security angle on this customer. It occurs to us that anyone at PRN with access to the Datto Partner Portal (i.e. everyone here) could potentially access this device via the remote web feature. Can we set up either two-factor authentication, or move this device to a separate partner account, or some other method (disable remote web access altogether?) to allow only who we permit on our end to access this device via the Internet?” (US Congress, 9/12/2016)

On May 14, 2015, a photo of PRN employees was posted to their website and suggests the number of employees working there at the time to be approximately 28.  (Platte River Networks, 5/14/15)

In September 2016, after the email is publicly released, Representative Jason Chaffetz (R) will comment, “If I understand the email correctly, every single employee of PRN could have accessed some of the most highly classified national security information that’s ever been breached at the State Department.” (US Congress, 9/13/2016)

August 21, 2015: In many cases, information in Clinton’s emails were “born classified.”

That means they were classified from their creation. A Reuters analysis concludes, “In the small fraction of emails made public so far, Reuters has found at least 30 email threads from 2009, representing scores of individual emails, that include what the State Department’s own ‘classified’ stamps now identify as so-called ‘foreign government information.’ The US government defines this as any information, written or spoken, provided in confidence to US officials by their foreign counterparts.” Although unmarked, Reuters’ analysis suggests that these emails “were classified from the start.”

J. William Leonard, a former director of the NARA Information Security Oversight Office, said that such information is “born classified” and that “If a foreign minister just told the secretary of state something in confidence, by US rules that is classified at the moment it’s in US channels and US possession.” According to Reuters, the standard US government nondisclosure agreement “warns people authorized to handle classified information that it may not be marked that way and that it may come in oral form.”

The State Department disputes Reuters’ analysis but does not elaborate or explain why. (Reuters, 8/21/2015)