August 1, 2015—August 7, 2015: The company managing Clinton’s private server learns that another company has been making back-up copies of all the server data in the Internet “cloud” since 2013.

Clinton’s server has been managed by Platte River Networks (PRN) since June 2013. And since that time, PRN has subcontracted Datto, Inc. to make periodic back-ups of all the data on the server. PRN has thought that the back-ups have been only made through a device attached to the server called the Datto SIRIS S2000.

Sam Hickler (Credit: public domain)

Sam Hickler (Credit: public domain)

However, on August 1, 2015, an unnamed PRN employee notices that data from the server was possibly being sent to an off-site Datto location. On August 6, 2015,  Sam Hickler, PRN’s vice president of operations, contacts Datto employee Leif McKinley about this, CCing PRN employees Paul Combetta and Treve Suazo.

McKinley confirms that, due to a misunderstanding, Datto has been making periodic back-ups of the server data through the Internet “cloud” as well as locally through the device. Furthermore, periodic back-ups have been made this way since June 2013.

Treve Suazo (Credit: Platte River Networks)

Treve Suazo (Credit: Platte River Networks)

Suazo, the CEO of PRN, tells Datto on August 6, 2015, that “This is a problem.” This is because the Clinton Executive Services Corp. (CESC), the Clinton family company that hired PRN to manage the server, explicitly stated from the beginning that they didn’t want any remote back-ups to be made. Thus, PRN employees tell Datto not to delete whatever data was stored in the cloud, and instead work to get it back to the control of PRN.

On August 7, 2015, Datto and PRN employees discuss saving the data on a thumb drive and sending it to PRN. Then, according to an email from one unnamed PRN employee to another, they would have Datto “wipe [the data] from the cloud.”

This is according to a letter that will be sent in October 5, 2015 to Datto CEO Austin McChord by Senator Ron Johnson (R). Johnson is chair of the Senate Homeland Security and Government Affairs Committee, and is conducting oversight of the FBI’s Clinton email investigation. However, Johnson will be unable to determine what happened next, such as if the thumb drive was sent and the data was wiped. Furthermore, McChord will not be able to reveal that information to Johnson because Datto needs PRN’s permission to share that information and PRN won’t give it. (US Congress, 9/12/2016) (US Congress, 9/12/2016)

August 21, 2015: An email reveals that every employee of the company managing Clinton’s private server can access the server through the Internet.

150815PlatteRiverEmployees

PRN grew exponentially in 2015, including a number of new employees. (Credit: Platte River Networks)

Paul Combetta, an employee of Platte River Networks (PRN), sends an email to Leif McKinley, an employee of Datto, Inc. PRN is managing Clinton’s private server, and Datto has been subcontracted by PRN to provide back-up for the server. Combetta writes: “We are trying to tighten down every possible security angle on this customer. It occurs to us that anyone at PRN with access to the Datto Partner Portal (i.e. everyone here) could potentially access this device via the remote web feature. Can we set up either two-factor authentication, or move this device to a separate partner account, or some other method (disable remote web access altogether?) to allow only who we permit on our end to access this device via the Internet?” (US Congress, 9/12/2016)

On May 14, 2015, a photo of PRN employees was posted to their website and suggests the number of employees working there at the time to be approximately 28.  (Platte River Networks, 5/14/15)

In September 2016, after the email is publicly released, Representative Jason Chaffetz (R) will comment, “If I understand the email correctly, every single employee of PRN could have accessed some of the most highly classified national security information that’s ever been breached at the State Department.” (US Congress, 9/13/2016)