May 31, 2013—June 2013: A device is bought to make back-ups of Clinton’s private server, but a Clinton company makes clear it doesn’t want any back-up data stored remotely.

130531austinmcchorderiktraufmannhearstctmedia1

Datto Cloud engineer Charles Lundblad (left) chats with CEO and founder of Datto, Austin McChord, at the firm’s Norwalk, CT headquarters. (Credit: Erik Traufmann / Hearst Connecticut Media)

On May 31, 2013, Platte River Networks (PRN) takes over management of Clinton’s private server. On the same day, PRN buys a Datto SIRIS S2000 data storage device, which is made by Datto, Inc. Over the next month, this is attached to Clinton’s server to provide periodic back-up copies of the data on the server. PRN sends a bill for the device to Clinton Executive Service Corp. (CESC), which is a Clinton family company.

CESC employees work with PRN employees on how the Datto device is configured. Datto offers a local back-up and a remote back-up using the Internet “cloud.” CESC asks for a local back-up and specifically requests that no data be stored in the Internet cloud at any time.

However, due to an apparent misunderstanding, back-up copies of the server will be periodically made both locally and in the cloud. This will only be discovered by PRN as a whole in August 2015. (US Congress, 9/12/2016)

However, despite internal PRN emails from August 2015 indicating many PRN employees didn’t know about the Datto cloud back-up until that time, the FBI will later find evidence that an unknown PRN employee deleted data from the cloud back-up in March 2015, meaning that at least one PRN employee had to have known about the cloud back-up by that time.

June 24, 2013—August 2015: Another company stores the contents of Clinton’s email server on a cloud storage system; this could help the FBI recover deleted emails.

The Datto, Inc. office in Rochester, New York. (Credit: The New York Times)

The Datto, Inc. office in Rochester, New York. (Credit: The New York Times)

Shortly after taking over management of Clinton’s private email server, Platte River Networks (PRN) buys a device called the Datto SIRIS S2000 from another company called Datto, Inc. that frequently makes copies of all the server’s contents. They use this device on a copy of Clinton’s server, which has been moved to a data storage facility in New Jersey. Then, apparently without PRN asking or paying for it, or even being aware of it, Datto stores those copies of the server’s contents on a “cloud” storage system elsewhere. (McClatchy Newspapers, 10/6/2015)

A September 2016 FBI report will explain, “At the Clintons’ request, PRN only intended that the backup device store local copies of the backups. However, in August 2015, Datto informed PRN that, due to a technical oversight, [Clinton’s] server was also backing up the server to Datto’s secure cloud storage. After this notification, PRN instructed Datto to discontinue the secure cloud backups.”

The FBI report will also reveal that the first Datto back-up takes place on June 24, 2013. But a new server is still being set-up and data being transferred from the old server, so the June 29, 2013 back-up will later prove most useful to FBI investigators. the FBI will say the back-ups will stop on December 23, 2013, but it isn’t explained why. (Federal Bureau of Investigation, 9/2/2016)

In 2015, an unnamed source familiar with Datto’s account will say that PRN was billed for “private cloud” storage, and since PRN didn’t have a cloud storage node of its own, the data bounced to Datto’s cloud. This source says that even though nobody seemed to realize it, Datto was “managing the off-site storage throughout.”

When asked if the FBI might recover Clinton’s deleted emails from Datto’s storage, the source will say, “People don’t use Datto’s service for getting rid of data.” Apparently, the FBI will ask for and get the contents of Datto’s storage in September 2015. (McClatchy Newspapers, 10/6/2015)

Senator Ron Johnson (R), who will write a letter to Datto in late 2015 seeking more information, will say that “questions still remain as to whether Datto actually transferred the data from its off-site data center to the on-site server, what data was backed up, and whether Datto wiped the data after it was transferred.” It is also unknown if Datto employees have security clearances allowing them to view classified information. (CNN, 10/8/2015) 

A Datto official will later say that investigators may be able to recover Clinton’s deleted emails if the data was on the server at the time Datto’s service was first used in 2013. (The Washington Post, 10/7/2015)

The FBI will later confirm that Datto back-ups to the cloud will occur, but it isn’t clear if the FBI recovered any emails from this that they didn’t find through other means. It also isn’t clear if the June 29, 2013 back-up that the FBI finds useful is from the Datto SIRIS S2000, the cloud, or both. (Federal Bureau of Investigation, 9/2/2016)

Also, despite internal PRN emails from August 2015 indicating many PRN employees didn’t know about the Datto cloud back-up until that time, by November 2015, the FBI will find evidence that an unknown PRN employee deleted data from the cloud back-up in March 2015.

June 29, 2013: Some of Clinton’s emails are later recovered due to a back-up of computer files made on this date.

130629DattoSIRISS2000Datto

The Datto SIRIS S2000 (Credit: Datto, Inc.)

In June 2013, Platte River Networks (PRN) takes over management of Clinton’s server. Late in the month, they replace the server with a new one and then transfer the data to it. They subcontract with the company Datto, Inc. and purchase a device called the Datto SIRIS S2000 to make periodic back-ups of all the data on the new server. The first such back-up takes place on June 24, 2013.

But data is still being transferred from the old server to the new one. The June 29, 2013 back-up will later prove to be the most important one for FBI investigators, as it apparently is the first one after the data transfer is completed. From that point onwards, emails from Clinton’s four years as secretary of state are likely to only get lost from the server, not added.

The FBI will later report that all of Clinton’s emails at the start of Clinton’s tenure as secretary of state, from January 23, 2009 to March 17, 2009 were missing from the over 30,000 emails Clinton handed over. But the FBI’s Clinton investigation recovered some these emails because they were “captured through a Datto backup on June 29, 2013. However, the emails obtained are likely only a subset of the emails sent or received by Clinton during this time period.”

Clinton’s first server was replaced around March 18, 2009 by the same server that PRN then decided to replace in June 2013. But presumably some of the emails on the first server were transferred to the second server, from instance by being in email inboxes, and then were transferred again by PRN to the newest (and third) server.

One thing that isn’t clear is how many of the emails from after March 18, 2009 were recovered by the FBI. It also isn’t clear if the FBI recovered emails from a Datto device attached to the new server, or if it was from a copy of the data that Datto kept in the “cloud,” over the Internet. (Federal Bureau of Investigation, 9/2/2016)

Between March 25 and 31, 2015: A Platte River Networks employee allegedly deletes all of Clinton’s emails and then wipes them to prevent their recovery, despite apparently having no clear order to do so.

Platte River Networks (PRN) is managing Clinton’s private server, and two PRN employees are occasionally working on it. Around December 2014, PRN employee Paul Combetta was told by one of Clinton’s lawyers (and her former chief of staff) Cheryl Mills to delete all copies of Clinton’s emails off Mills’ computer and the computer of another lawyer working for Clinton, Heather Samuelson. He did so. But he says he was also told by Mills to change the email retention policy on Clinton’s clintonemail.com email account so that Clinton’s unwanted “personal” emails would be deleted after 60 days, and he forgot to do that.

Combetta will be interviewed by the FBI on February 18, 2016. At that time, he will say that after a conference call between PRN and the staff of former President Bill Clinton on March 25, 2015, roughly between March 25 and 31, 2015, he will realize he forgot to make the change, but then will tell the FBI that he didn’t do anything about it.

However, Combetta will be interviewed by the FBI again on May 3, 2016, and his answers will change. This time, he will say he had what told the FBI was “an ‘oh shit’ moment.” Then, sometime between March 25 and 31, 2015, he deleted the Clinton archive mailbox from Clinton’s server. Furthermore, he used BleachBit to delete the exported .pst files he had created on the server system containing Clinton’s emails.

150326PlatteMontage

There are six employees leading PRN in 2015. From left to right they are Brent Allshouse, David DeCamillis, Treve Suavo, Sam Hickler, Craig Papke, and Dave Robinson (not pictured). (Credit: Linked In and Platte River Networks)

An FBI report will explain, “BleachBit is open source software that allows users to ‘shred’ files,” as well as other functions. “BleachBit’s ‘shred files’ function claims to securely erase files by overwriting data to make the data unrecoverable.”

Additionally, the FBI investigation will later find “evidence of these deletions and determined the Datto backups of the [Clinton’s] server were also manually deleted during this timeframe.” However, the FBI will not mention if they figured out who deleted the Datto back-ups, whether it is Combetta or someone else.

150326BleachBitSystemCleaner1.8

BleachBit System Cleaner 1.8 (Credit: BleachBit)

Note that Combetta was only asked by Mills to change the deletion policy on Clinton’s account, which would have deleted only her “personal” emails 60 days later. He actually immediately deleted all of her emails, including her work-related ones, and then used a program to make their later recovery impossible. It is not clear if anyone told him to do this, and if so who, or if he did it on his own.

Furthermore, Combetta took these actions even though Mills sent him (and others at PRN) an email on March 9, 2015, which mentioned how the House Benghazi Committee had requested to Clinton’s lawyers that all of Clinton’s emails should be preserved. In his first FBI interview, he will deny being aware of this. But in his second FBI interview, according to the FBI, at the time he made the deletions, “he was aware of the existence of the preservation request and the fact that it meant he should not disturb Clinton’s email data on [Clinton’s] server.” (Federal Bureau of Investigation, 9/2/2016)

Around Late March 2015: An Internet cloud back-up of Clinton’s server is deleted at this time, despite the company managing the server seemingly not knowing the cloud copy exists.

On November 19, 2015, an unnamed Datto executive will be interviewed by the FBI. Datto had provided back-up service and equipment to Platte Rivers Networks (PRN) when PRN was managing Clinton’s private server from June 2013 onwards. It will later be reported that in early August 2015, PRN employees discovered that in addition to a Datto back-up device attached to Clinton’s server, Datto had been also backing up Clinton’s server to the Internet “cloud.” Some internal PRN emails from early August 2015 show some employees acting surprised after being told about this.

A graphic of Datto's cloud structure. (Credit: Datto, Inc.)

A graphic of Datto’s cloud structure. (Credit: Datto, Inc.)

However, according to a later FBI summary of the Datto executive’s interview, he said that PRN must have known about the cloud back-up all along. “As evidence, [he] stated the partner portal, that PRN had log-in credentials to, had a feature displaying backed-up data an options to ‘delete cloud’ or ‘delete local.’ [He] stated PN would have seen their back-ups under ‘delete cloud.'”

More crucially, during the interview, the FBI will show him a Datto document “indicating email records were manually deleted from the Datto secure cloud back-ups of the [Clinton] server in March 2015.” He then will tell the FBI that it couldn’t have been a Datto employee who made the deletions, because there would have been a work ticket created showing that. Furthermore, IP addresses associated with the deletions indicate that someone from PRN must have done it, although PRN had a shared account so it can’t be proven who exactly made the deletions. (Federal Bureau of Investigation, 10/17/2016)

A Datto letter sent to the FBI in October 2015 will indicate that Datto technical experts reviewed administrative files and discovered through the device’s Internet interface that a series of deletions took place on the device on March 31, 2015, between 11:27 a.m. and 12:41 a.m. Furthermore, a much greater amount of data had been “deleted automatically based on the local device’s then-configured pruning parameters.” (US Congress, 9/12/2016) It is unclear if this refers to data deleted from the local Datto device or the Internet cloud back-up.

Although it is unknown who made these deletions, in a May 2016 FBI interview, PRN employee Paul Combetta will confess to deleting all of Clinton’s emails on her server as well as the Datto back-up device in precisely this time period, between March 25, 2015 and March 31, 2015.

August 2015: A company recommends improving security for Clinton’s server, which is still in use, but the FBI wants no changes.

At some point in August 2015, employees at Datto, Inc., a company that specializes in backing up computer data, realize that a private server they have been backing up belongs to Clinton. The server is being managed by Platte River Networks (PRN), and Datto made the connection after media reports revealed PRN’s role.

According to an unnamed Datto official, due to worries about the “sensitive high profile nature of the data,” Datto then recommends that PRN should upgrade security by adding sophisticated encryption technology to its backup systems.

150801AndyBoianFoxNews

Andy Boian (Credit: Fox News)

PRN spokesperson Andy Boian later acknowledges receiving upgrade requests from Datto, but he says, “It’s not that we ignored them, but the FBI had told us not to change or adjust anything.”

Boian adds, however, the company did not take Datto’s concerns to the FBI.

The newest version of the server is still in use by the Clintons’ personal office at the time, despite being in news headlines since March 2015. (The Washington Post, 10/7/2015)

On August 12, 2015, the FBI takes an older version of the server from PRN’s control. The FBI doesn’t realize Clinton’s emails were moved from the old server to the new one. They eventually will figure this out and take the new server away as well, on October 3, 2015.

August 1, 2015—August 7, 2015: The company managing Clinton’s private server learns that another company has been making back-up copies of all the server data in the Internet “cloud” since 2013.

Clinton’s server has been managed by Platte River Networks (PRN) since June 2013. And since that time, PRN has subcontracted Datto, Inc. to make periodic back-ups of all the data on the server. PRN has thought that the back-ups have been only made through a device attached to the server called the Datto SIRIS S2000.

Sam Hickler (Credit: public domain)

Sam Hickler (Credit: public domain)

However, on August 1, 2015, an unnamed PRN employee notices that data from the server was possibly being sent to an off-site Datto location. On August 6, 2015,  Sam Hickler, PRN’s vice president of operations, contacts Datto employee Leif McKinley about this, CCing PRN employees Paul Combetta and Treve Suazo.

McKinley confirms that, due to a misunderstanding, Datto has been making periodic back-ups of the server data through the Internet “cloud” as well as locally through the device. Furthermore, periodic back-ups have been made this way since June 2013.

Treve Suazo (Credit: Platte River Networks)

Treve Suazo (Credit: Platte River Networks)

Suazo, the CEO of PRN, tells Datto on August 6, 2015, that “This is a problem.” This is because the Clinton Executive Services Corp. (CESC), the Clinton family company that hired PRN to manage the server, explicitly stated from the beginning that they didn’t want any remote back-ups to be made. Thus, PRN employees tell Datto not to delete whatever data was stored in the cloud, and instead work to get it back to the control of PRN.

On August 7, 2015, Datto and PRN employees discuss saving the data on a thumb drive and sending it to PRN. Then, according to an email from one unnamed PRN employee to another, they would have Datto “wipe [the data] from the cloud.”

This is according to a letter that will be sent in October 5, 2015 to Datto CEO Austin McChord by Senator Ron Johnson (R). Johnson is chair of the Senate Homeland Security and Government Affairs Committee, and is conducting oversight of the FBI’s Clinton email investigation. However, Johnson will be unable to determine what happened next, such as if the thumb drive was sent and the data was wiped. Furthermore, McChord will not be able to reveal that information to Johnson because Datto needs PRN’s permission to share that information and PRN won’t give it. (US Congress, 9/12/2016) (US Congress, 9/12/2016)

August 17, 2015: The company that recently managed Clinton’s private server, says it is “highly likely” that a backup copy of the server was made.

The Datto logo (Credit: Datto, Inc.)

The Datto logo (Credit: Datto, Inc.)

That company is Platte River Networks (PRN), which managed her server from mid-2013 until early August 2015. The company is cooperating with the FBI.

That means that any emails Clinton deleted before she handed the server over to investigators may still be accessible. (Business Insider, 8/17/2015)

The mention of a backup copy of the server could be a reference to Datto, Inc., a company that made backups of Clinton’s server while it was in Platte River’s possession. (McClatchy Newspapers, 10/6/2015)

August 21, 2015: An email reveals that every employee of the company managing Clinton’s private server can access the server through the Internet.

150815PlatteRiverEmployees

PRN grew exponentially in 2015, including a number of new employees. (Credit: Platte River Networks)

Paul Combetta, an employee of Platte River Networks (PRN), sends an email to Leif McKinley, an employee of Datto, Inc. PRN is managing Clinton’s private server, and Datto has been subcontracted by PRN to provide back-up for the server. Combetta writes: “We are trying to tighten down every possible security angle on this customer. It occurs to us that anyone at PRN with access to the Datto Partner Portal (i.e. everyone here) could potentially access this device via the remote web feature. Can we set up either two-factor authentication, or move this device to a separate partner account, or some other method (disable remote web access altogether?) to allow only who we permit on our end to access this device via the Internet?” (US Congress, 9/12/2016)

On May 14, 2015, a photo of PRN employees was posted to their website and suggests the number of employees working there at the time to be approximately 28.  (Platte River Networks, 5/14/15)

In September 2016, after the email is publicly released, Representative Jason Chaffetz (R) will comment, “If I understand the email correctly, every single employee of PRN could have accessed some of the most highly classified national security information that’s ever been breached at the State Department.” (US Congress, 9/13/2016)

Early September 2015—September 17, 2015: The company that manages Clinton’s server won’t let Congressional investigators interview its employees.

Ken Eichner is rated as one of the top criminal defense attorneys in Denver, CO. (Credit: public domain)

Ken Eichner (Credit: public domain)

Platte River Networks (PRN) is the computer company that has been managing Clinton’s private server. In August 2015, the Senate Homeland Security Committee asked PRN for a staff-level briefing on the server, and got one later that month.

In early September 2015, Congressional investigators communicate with Ken Eichner, a lawyer working for PRN, asking to interview five employees in Denver, Colorado, where PRN is located. But on September 17, 2015, Eichner writes in an email, “I am going to respectfully decline [permission for] any interviews.”

In September 2015, some PRN employees are interviewed by the FBI, but details of that remain unknown. In November 2015, it will be reported that PRN isn’t cooperating with Congressional investigators at all, and isn’t allowing Datto, Inc., a company it subcontracted to help back up Clinton’s server, to cooperate either. (Politico, 11/13/2015)

Ken Eichner has been listed as a “Super Lawyer” for more than a decade and named by 5280 Magazine as one of Colorado’s top criminal lawyers. (Super Lawyers) (5280 Magazine)

October 2, 2015: The company that makes a back-up of Clinton’s server data is given permission to share the data with the FBI.

Platte River Networks (PRN) has been managing Clinton’s private server since June 2013, and since that time they used the service of another company, Datto, Inc., to make back-ups of the data on the server. As a result, they need PRN’s permission to share data.

Austin McChord, founder and CEO of Datto, Inc. (Credit: Erik Traufmann / HearstCTMedia

Austin McChord, founder and CEO of Datto, Inc. (Credit: Erik Traufmann / Hearst Connecticut Media)

On this day, David Kendall, Clinton’s personal lawyer, and PRN agree to allow Datto to turn over the data from the backup server to the FBI. This is according to an unname person familiar with Datto’s storage, quoted in McClatchy Newspapers four days later.

Datto says in a statement that “with the consent of our client and their end user, and consistent with our policies regarding data privacy, Datto is working with the FBI to provide data in conjunction with its investigation.”

However, according to McClatchy Newspapers, the unnamed source says “that Platte River had set up a 60-day retention policy for the backup server, meaning that any emails to which incremental changes were made at least 60 days prior would be deleted and ‘gone forever.’ While the server wouldn’t have been ‘wiped clean,’ the source said, any underlying data likely would have been written over and would be difficult to recover.” (McClatchy Newspapers, 10/6/2015)

It appears that the FBI does get data from Datto over the next couple of weeks, because an October 23, 2015 letter from Datto to the FBI will refer to some Datto back-up data that is now in the FBI’s possession. (US Congress, 9/12/2016)

A Datto back-up device was attached to the server, and the data was backed up to the “cloud” as well. It is unknown if the FBI ever gets useful data from the cloud copy.

October 5, 2015—October 19, 2015: The company managing Clinton’s private server gives permission for another company to cooperate with Congressional investigators, and then takes it away.

On October 5, 2015, Steven Cash, a lawyer for Datto, Inc., receives a letter from Senator Ron Johnson (R), chair of the Senate Homeland Security and Government Affairs Committee. Johnson’s is conducting oversight of the FBI’s Clinton investigation and he wants Datto to answer questions and turn over copies of documents by October 19, 2015. Platte River Networks (PRN) is managing Clinton’s private server, and they have subcontarcted with Datto to provide back-up services. As part of Datto’s contact with PRN, Datto needs PRN’s permission before they can share any information relating to the case.

Ken Eichner (Credit: public domain)

Ken Eichner (Credit: public domain)

So the next day, Cash emails Ken Eichner, lawyer for PRN, and asks permission.

Eichner emails him back later that same day, “Steven, no objection.” (US Congress, 9/12/2016)

However, on October 19, 2015, the date of the deadline set by the committee, Datto sends the committee saying the company can’t answer most questions because although PRN originally gave Datto permission, “counsel to Platte River withdrew their previous non-objection, and objected to any further disclosure of confidential information to the committee. Consequently, Datto is not authorized to disclose such information absent consent from its client, Platte River, or unless required by law or by order of court or governmental agency.”

Andy Boian (Credit: public domain)

Andy Boian (Credit: public domain)

On November 13, 2015, PRN spokesperson Andy Boian will be quoted in a Politico article, saying, “There was a suggestion by our legal counsel and the legal counsel of Datto that everything has been turned over regarding the Clinton matter by Datto, so there wasn’t an extraordinary need for Datto to do anything else. There wasn’t anymore information that Datto could provide that Platte River couldn’t, so there was a suggestion that any inquiry that goes to Datto … comes through us. And that’s just out of pure convenience.” (Politico, 11/13/2015)

The next day, Cash will email Eichner again and complain that the “description of communications between Platte River and Datto counsel attributed to Mr. Boian is not accurate, and leaves the reader with a distinctly false impression.” Cash points out that he is the only Datto lawyer who has talked to any PRN lawyers, so he knows this quote is untrue. He sends a copy of this complaint to Senator Johnson. (US Congress, 9/12/2016)

The idea that Datto has no other information to provide is clearly untrue. It will turn over documents containing previously released information after they are served subpoena to do so in September 2016.

October 23, 2015: A computer company tells the FBI that its back-up copy of Clinton’s private server data was deleted in late March 2015.

Steven Cash (Credit: LinkedIn)

Steven Cash (Credit: LinkedIn)

Steven Cash is a lawyer for Datto, Inc., the company that has been backing up the data on Clinton’s private server. They have been subcontracted to do this by Platte River Networks (PRN), the company managing the server. Cash emails an unnamed FBI agent, informing him of several issues to be aware of prior to a conference call planned for later that day.

A Datto hard drive, the Datto SIRIS S2000, has been attached to Clinton’s server since June 2013. Cash says that Datto technical experts have reviewed administrative files and discovered through the device’s Internet interface that a series of deletions took place on the device on March 31, 2015, between 11:27 a.m. and 12:41 a.m. The data had a date range from January 28, 2015 to March 24, 2015.

Furthermore, a much greater amount of data had been “deleted automatically based on the local device’s then-configured pruning parameters.” Cash writes that “These manual requests were requested from the Local Device’s web interface for the [redacted] agent…” (US Congress, 9/12/2016) While it is possible a person’s is in the redacted space, it could also be something such as “PRN employee.”

In a May 2016 FBI interview, PRN employee Paul Combetta will confess to deleting all of Clinton’s emails on her server as well as the Datto back-up device in precisely this time period, between March 25, 2015 and March 31, 2015. It is not known if the FBI knew of the deletions prior to this letter from Datto. However, the letter certainly makes it clear, but this will not become public knowledge until an FBI report released in September 2016, almost one year later.

November 13, 2015: The computer companies that worked on Clinton’s private server refuse interview and document requests from Congressional investigators.

The Platte River Networks Logo (Credit: PRN)

The Platte River Networks Logo (Credit: PRN)

Platte River Networks (PRN) is the computer company that has been managing Clinton’s private server since June 2013. Politico reports that it has declined requests by the Senate Homeland Security Committee to interview five employees about the security of Clinton’s server.

The Datto Logo (Credit: Datto)

The Datto Logo (Credit: Datto)

Additionally, Datto, Inc. was employed by PRN to back up data from the server. On October 6, 2015, McClatchy Newspapers quoted Datto’s attorney who said the company had permission from representatives of Clinton and Platte River to cooperate with the FBI investigation. But on October 19, 2015, Datto told the committee that it can’t answer questions from the committee because it has a confidentiality agreement with its client PRN and can only answer questions about that account with their permission. PRN gave permission initially but then changed its mind.

PRN spokesperson Andy Boian says that the interview requests from Congress weren’t “formal” inquiries, even though request letters were delivered on official Senate letterhead. He adds, “We as a company have felt like we have done everything we can to comply with every request by both the FBI and the Homeland Security Committee, and we really have nothing left to give.”

The Infograte Logo (Credit: Infograte)

The Infograte Logo (Credit: Infograte)

Tania Neild, CEO of the technology broker company InfoGrate, helped Clinton select PRN to run their server. She declined to be interviewed by Congressional investigators, invoking a nondisclosure agreement she had with her client.

The SECNAP Logo (Credit: SECNAP)

The SECNAP Logo (Credit: SECNAP)

Another computer company, SECNAP, was involved in the security of the server. They apparently aren’t cooperating with Republican investigators either, because Dennis Nowak, a lawyer for SECNAP, says that communications technology companies are governed by a law that imposes criminal and civil penalties for disclosing customer information, and that can only be waived by subpoena, search warrant, court order, or consent of the client.

These four companies apparently have fully cooperated with the FBI. But Politico reports, “While the firms have voluntarily produced some information for Congressional Republicans in the past, now it seems they’re not willing to go beyond their legal obligations when it comes to responding to committee inquiries.”

In September 2015, Clinton publicly said regarding the FBI’s Clinton investigation that she “would very much urge anybody who is asked to cooperate to do so.” However, Politico asked the Clinton campaign if it had encouraged these computer companies to cooperate with Congressional investigators, and the campaign had no comment. (Politico, 11/13/2015)

These companies will continue to refuse to cooperate with Congress. In August 2016, Congressional Republicans will issue subpoenas to PRN, Datto, and SECNAP to finally force their cooperation.

February 18, 2016 and May 3, 2016: A Platte River Networks employee is interviewed twice by the FBI and gives contradictory answers.

Paul Combetta (Credit: public domain)

Paul Combetta (Credit: public domain)

Platte River Networks (PRN) is the computer company managing Clinton’s private server from June 2013 until at least October 2015, and PRN employee Paul Combetta played a pivotal role in the deletion of Clinton’s emails from her server.

On February 18, 2016, Combetta is interviewed by the FBI for the first time. He says that between March 25 and 31, 2015, he realized he failed to change the email retention policy on Clinton’s email account on her server, as Clinton’s lawyer (and former chief of staff) Cheryl Mills told him to do in December 2014. This would result in the deletion of some of her emails after 60 days. However, he claims that despite this realization, he still didn’t take any action. Additionally, on March 9, 2015, Mills sent him and other PRN employees an email which mentioned that the House Benghazi Committee had made a formal request to preserve Clinton’s emails. Combetta tells the FBI that he didn’t recall seeing the preservation request referenced in the email.

On May 3, 2016, Combetta has a follow-up FBI interview, and his answers on key issues completely contradict what he said before. This time, he says that when he realized between March 25 and 31, 2015 that he forgot to change the email retention policy on Clinton’s email account, he had an “oh shit!” moment. Then, instead of finally changing the policy settings, he entirely deleted Clinton’s email mailbox from the server,  and used the BleachBit computer program to effectively wipe the data to make sure it could never be recovered. He also deleted a Datto back-up of the data. And he did all this without consulting anyone in PRN or working for Clinton. Furthermore, he admits that he was aware of the mention in the March 9, 2015 email from Mills mentioning the Congressional request to preserve Clinton’s emails.

A September 2016 FBI report will simply note these contradictions. There will be no explanation why Combetta was not indicted for lying to the FBI, obstruction of justice, and other possible charges. There also will be no explanation why his answers changed so much in his second FBI interview, such as him possibly being presented with new evidence that contradicted what he’d said before. (Federal Bureau of Investigation, 9/2/2016)

June 30, 2016: One company that possessed Clinton’s emails is accused of having shockingly poor security.

Datto Headquarters in Norwalk, Connecticut. (Credit: Stephen A. Schwartz / Daily Mail)

Datto Headquarters in Norwalk, Connecticut. (Credit: Stephen A. Schwartz / Daily Mail)

From around June 2013 until August 2015, Clinton’s private server containing her emails from her time as secretary of state was managed by Platte River Networks. But another company, Datto Inc., was making monthly back-up copies of all the server’s data in the Internet cloud.  Datto has 600 employees and is valued at $1 billion, but two people tell the Daily Mail that the company is extremely incompetent.

Marc Tamarin, president of Virtual IT Consulting, was a Datto business partner from 2009 until early 2016. He says he frequently worked with Datto’s technical support, but “Those guys were really morons. They weren’t qualified to handle our back-up and that was the biggest concern for us. … If they’re inept at the basic principles of technology, how are they going to handle something advanced like security? Most companies like mine trust their vendor that they are doing due diligence. I’ve never heard anything this bad before in my life, the dataincompetence was shocking.”

An unnamed former employee, who spent three years at the company, has even more complaints. “If you’re talking about high-level data security, at the political, presidential level, the security level of data [at Datto] … was nowhere near something that could have been protected from a good hacker that knows how to spread out their points at which to infiltrate. It’s not something that Datto was focused on. It was more about getting the data off-site quickly and cost-effectively than securing the data and keeping it from being hacked. There’s no doubt in my mind that someone could easily hack them – even today.”

He calls Datto’s security “a joke.” He claims a potential hacker could walk in off the street and sit down at an unused computer and access all the company’s data. There were no security guards, the receptionists didn’t ask questions of strangers, there was no key card access or other security features, passwords were not regularly changed, and so on. People who said they had lost their security pass would be let in without questions. Unused computers were frequently left on and logged in to the network.

He says, “For years, any Datto employee, even low-level ones, could go in any customer’s device, see their backups, restore files, and delete files.” Oftentimes, Datto customers would find themselves logged into the data of another customer without even wanting to. Datto’s internal servers were hacked in 2010. However, complaints were swept under the rug and security was not improved. (The Daily Mail, 6/30/2016)

August 22, 2016: A Congressperson issues subpoenas to three companies that helped manage Clinton’s private email server.

160822LamarSmithpublicdomain

Representative Lamar Smith (Credit: public domain)

Representative Lamar Smith (R), chair of the Committee on Science, Space and Technology, issues subpoenas for Platte River Networks, which managed Clinton’s server from May 2013 until August 2015; Datto, Inc., which made back-up copies of the server; and SECNAP, which carried out threat monitoring of the network connected to Clinton’s server. Smith wants documents from the companies by September 9, 2016, after they declined to voluntarily produce them. Congressional committees requested information since August and November 2015, to no avail. The companies had been threatened with subpoenas on July 12, 2016.

Smith comments, “Companies providing services to Secretary Hillary Clinton’s private email account and server are not above the law.” He claims the information he is seeking is “critical to… informing policy changes in how to prevent similar email arrangements in the future.”

Smith is working with Senator Ron Johnson (R), chair of the Senate Homeland Security and Governmental Affairs Committee. They are looking for information about breaches or potential breaches, and documents that detail the scope of the work of each company. (The Washington Post, 8/22/2016)

September 9, 2016: Congressional committees order five people involved with the management of Clinton’s private server to speak in a public hearing.

Representative Jason Chaffetz (R), the chair of the House Oversight and Government Reform Committee, orders two Platte River Networks (PRN) employees and three others to testify before a Congressional hearing, on September 13, 2016. PRN is the company that managed Clinton’s private server. The following people are ordered to appear:

Those subpoenaed to appear before the House Oversight committee are from left to right: Paul Combetta, Bryan Pagliano, Justin Cooper and Alex McChord and Bill Thornton. (Credits: public domain)

  • Paul Combetta. He is a PRN employee. On September 8, 2016, the New York Times revealed that Combetta deleted and wiped Clinton’s emails from her private server, and he also got an immunity deal from the Justice Department as part of the FBI’s Clinton email investigation. Congressional committees issued subpoenas for PRN interviews on August 22, 2016, after asking without coersion since September 2015.
  • Bill Thornton. He also is a PRN employee. The FBI’s final report indicated  two PRN employees worked on Clinton’s server, so it seems probable he is the other one.
  • Bryan Pagliano. He managed Clinton’s server until PRN took over. He was previously subpoenaed by the House Committee on Benghazi, but he pleaded the Fifth. However, he cooperated with the FBI after also getting an immunity deal.
  • Justin Cooper. He is a member of Bill Clinton’s staff and helped Pagliano manage the server.
  • Austin McChord. He is CEO of Datto, Inc. PRN subcontracted Datto to make back-up copies of the server. (The Wall Street Journal, 9/9/2016) (US Congress, 9/9/2016)

September 12, 2016: One company that helped manage Clinton’s server complies with a Congressional subpoena, but two do not.

On August 22, 2016,  two Congressional committees issued subpoenas on the three companies involved in the management of Clinton’s private server: Platte River Networks (PRN), Datto, Inc., and SECNAP, Inc. They were ordered to turn over all responsive documents by September 12, 2016. Datto complies with some documents by the deadline, but PRN and SECNAP do not.

Representative Lamar Smith (Credit: Harry Hamburg / The Associated Press)

Representative Lamar Smith (Credit: Harry Hamburg / The Associated Press)

Representative Lamar Smith (R), chair of the House Science, Space, and Technology Committee, one of the two committees that issued the subpoenas, releases a statement on September 12, 2016 about this: “It is clear that the server maintained by Platte River contained official government business and even sensitive state secrets.  Alarmingly, Platte River and SECNAP denied having any documents related to information technology security precautions on former Secretary Clinton’s server or network.  This type of blatant denial and willful misinterpretation of the subpoenas will not be tolerated. I’m hopeful for the sake of our nation’s officials that email server security will be taken seriously and that these two companies will comply with legally issued subpoenas.”

Smith claims that PRN and SECNAP “chose willfully to misinterpret the plain language of the subpoena and did not provide any documents responsive to the Chairman’s subpoena.  Both companies claim to possess no responsive documents despite evidence to the contrary found in the documents produced by Datto as well as details outlined in the FBI’s release of documents on September 2, 2016.”

As a result, new subpoenas have been issued to SECNAP and PRN demanding the documents. (US Congress, 9/12/2016)

 

September 13, 2016: A Congressperson alleges that Clinton is responsible for a computer company not complying with a Congressional subpoena related to Clinton’s private server.

On September 12, 2016, a deadline to respond to a subpoena issued by a Congressional committee passed. Three companies involved in the management of Clinton’s private server had been given the subpoena, and one – Datto, Inc. – responded in time with documents, while the other two – Platte River Networks (PRN) and SECNAP, Inc.  – did not.

The next day, Representative Lamar Smith (R) comments in a related Congressional hearing, “just this morning… SECNAP’s [legal] counsel confirmed to my staff that the Clinton’s private LLC [Clinton Executive Service Corp.] is actively engaged in directing their obstructionist responses to Congressional subpoenas.” (US Congress, 9/13/2016)

Clinton’s lawyer will later confirm that he is prohibiting SECNAP from fully complying with a subpoena.