January 2013—May 31, 2013: Clinton uses an agent to find new management for her private server.

Tania Neild (Credit: public domain)

Tania Neild (Credit: public domain)

Tania Neild runs a company called InfoGrate that connects very wealthy people with companies who oversee their personal technologies, such as emails, and her company is based only about twenty miles from Clinton’s New York house. (Politico, 11/10/2015) (The Washington Post, 9/5/2015) 

An FBI report will later state that “due to user limitations and reliability concerns regarding the [existing] server, staff for [Hillary] Clinton and President [Bill] Clinton discussed future email server options, and a search was initiated to find a vendor to manage a Clinton email server. Additionally, [Clinton’s computer technician Bryan] Pagliano’s expressed desire to seek new employment contributed to the decision to move to a new server.”

Clinton will also be interviewed, and she will recall “that the transition to [a new company] was initiated by President Clinton’s aides seeking a higher level of service than could be provided by the [existing] server.”

Around January 2, 2013, Neild is introduced to Clinton’s chief of staff Cheryl Mills through an unnamed mutual business associate. Neild will later tell the FBI that she worked with Mills and Pagliano to produce a proposal to solicit responses from multiple companies. (Federal Bureau of Investigation, 9/2/2016)

January 2013, Platte River Networks, a small company based in Colorado, is told by Neild they are in he running for a new contract. In mid-February, they find out they are a finalist for the contract, and that they might be working for Clinton. They will be hired by Clinton to manage her private server on May 31, 2013. (Politico, 11/10/2015) (The Washington Post, 9/5/2015) 

01-2013AlexMcGeorgeNewsmax

Alex McGeorge (Credit: Newsmax)

Pagliano will later tell the FBI who made the final decision to pick Platte River. But this person’s name will be redacted, and only identified as someone working for President Clinton. (Federal Bureau of Investigation, 9/2/2016)

In retrospect, the choice of Platte River will seem to be an odd one. Cybersecurity expert Alex McGeorge will later comment, “My big issue here is do you want a small firm with little/no government experience or contracting (according to what’s being reported) and no stated security expertise to be in charge of the email system for our secretary of state? That is fundamentally ridiculous.” (Business Insider, 8/17/2015)

February 2013—June 2013: At least one manager of Clinton’s server does very little during a transition phase, despite the Guccifer hack threat.

At the end of Clinton’s tenure of secretary of state in February 2013, her private server is still being managed by Bryan Pagliano and Justin Cooper, with Pagliano doing most of the technical work and Cooper doing most of the customer service work. The management of the server will be taken over by the Platte River Networks (PRN) computer company in June 2013. It seems possible that the server is not as actively managed in the months in between.

Justin Cooper testifies to the House Oversight and Government Affairs Committee. (Credit: Alex Wong / Getty Images)

Justin Cooper testifies to the House Oversight and Government Affairs Committee on September 13, 2016. (Credit: Alex Wong / Getty Images)

In September 2016, Cooper will be questioned by a Congressional committee. Representative Jason Chaffetz (R) will ask him, “[Y]ou stepped back from the day-to-day activities with the Clintons about the time of the transition, is that correct? As she left office?”

He will reply, ‘Yes.”

When asked about his knowledge of what happened to server security after the hacker known as Guccifer broke into the email account of a Clinton confidant and publicly exposed Clinton’s email address on the server in March 2013, Cooper will reply, “At that point in time I was transitioning out of any role or responsibility with the server as various teams were selecting Platte River Networks to take over the email services and I don’t know that I had any sort of direct response.”

Additionally, when Cooper will be asked about his contact with PRN, he will say, “My interaction was handing over user names and passwords and that was the totality of the interaction I’ve had. I’ve never had interaction with them.” (US Congress, 9/13/2016)

It is not known if Pagliano similarly cuts down his involvement with managing the server during this time, since he has refused to publicly comment about his experiences. The FBI has mentioned nothing about the management of Pagliano or Cooper during this time period. (Federal Bureau of Investigation, 9/2/2016)

May 31, 2013: Clinton hires the Colorado-based Platte River Networks to maintain her email server.

The Denver, Colorado, apartment building where Platte River was based until mid-2015. (Credit: Matthew Jones / The Daily Mail)

The Denver, Colorado, apartment building where Platte River was based until mid-2015. (Credit: Matthew Jones / The Daily Mail)

Platte River Networks (PRN) will begin managing the server in early June, with the management of Clinton’s aides Bryan Pagliano and Justin Cooper being phased out as a result. But the Service Level Agreement won’t be signed until July 18, 2013.

The original server is disconnected and shipped from Clinton’s house in Chappaqua, New York, to a data center in New Jersey. (Federal Bureau of Investigation, 9/2/2016) (The Associated Press, 10/7/2015) (McClatchy Newspapers, 10/6/2015)

This takes place three months after the hacker nicknamed Guccifer made public Clinton’s exact email address. However, the process of choosing the company began in January 2013, prior to the Guccifer hack, suggesting the change was at least partially due to Clinton’s time as secretary of state coming to an end in February 2013 instead. (The Washington Post, 9/5/2015)

Platte River will soon relocate Clinton’s server to New Jersey, then replace it with a new server, while keeping the old server running.

May 31, 2013—June 2013: A device is bought to make back-ups of Clinton’s private server, but a Clinton company makes clear it doesn’t want any back-up data stored remotely.

130531austinmcchorderiktraufmannhearstctmedia1

Datto Cloud engineer Charles Lundblad (left) chats with CEO and founder of Datto, Austin McChord, at the firm’s Norwalk, CT headquarters. (Credit: Erik Traufmann / Hearst Connecticut Media)

On May 31, 2013, Platte River Networks (PRN) takes over management of Clinton’s private server. On the same day, PRN buys a Datto SIRIS S2000 data storage device, which is made by Datto, Inc. Over the next month, this is attached to Clinton’s server to provide periodic back-up copies of the data on the server. PRN sends a bill for the device to Clinton Executive Service Corp. (CESC), which is a Clinton family company.

CESC employees work with PRN employees on how the Datto device is configured. Datto offers a local back-up and a remote back-up using the Internet “cloud.” CESC asks for a local back-up and specifically requests that no data be stored in the Internet cloud at any time.

However, due to an apparent misunderstanding, back-up copies of the server will be periodically made both locally and in the cloud. This will only be discovered by PRN as a whole in August 2015. (US Congress, 9/12/2016)

However, despite internal PRN emails from August 2015 indicating many PRN employees didn’t know about the Datto cloud back-up until that time, the FBI will later find evidence that an unknown PRN employee deleted data from the cloud back-up in March 2015, meaning that at least one PRN employee had to have known about the cloud back-up by that time.

Early June 2013—Early July 2013: Clinton’s server is relocated and then replaced by a new server, but the old server keeps running.

After Platte River Networks (PRN) is selected to manage Clinton’s private email server on May 31, 2013, the company decides to immediately relocate the server and then also replace it with a better one.

130601PlatteRiverFoundersPlatteRiverNetworks

The founders of Platte River Network: Brent Allshouse (left) and Treve Suavo (right). (Credit: Platte River Networks)

PRN assigns two employees to manage the new server (which will be the third server used by Clinton). The FBI will later redact the names of these two employees, but it is known that one of them works remotely from his home in some unnamed town and will handle the day-to-day administration of the server, and the other one works at PRN’s headquarters in Denver, Colorado, and handles all hardware installation and any required physical maintenance of the server. Media reports will later name the two employees as Paul Combetta, who works from Rhode Island, and Bill Thornton.

The employee at PRN’s headquarters (who logically would be Thorton) works with Clinton’s computer technician Bryan Pagliano to help with the transition. Around June 4, 2013, this person is granted administrator access to the server, as well as any accompanying services.

130601EquinixLogo

Equinix Logo (Credit: public domain)

On June 23, 2013, this person travels to Clinton’s house in Chappaqua, New York, shuts down the server, and transports it to a data center in Secaucus, New Jersey, run by Equinix, Inc. This older server will stay at the Equinix facility until it is given to the FBI on October 3, 2015.

The PRN headquarters employee (still likely to be Thornton) turns the old server back on in the Equinix data center so users can continue to access their email accounts. Then he spends a few days there setting up a new server. When he leaves, all the physical equipment for the new server is successfully installed except for an intrusion detection device, which Equinix installs later, once it gets shipped.

Meanwhile, the PRN employee who works remotely (Combetta) does his remote work to get the new server online. Around June 30, 2013, this employee begins to transfer all the email accounts from the old server to the new one. After several days, all email accounts hosted on the presidentclinton.com, wjcoffice.com, and clintonemail.com domains are transferred. However, PRN keeps the old server online at the Equinix data center along with the new server to ensure email continues to be delivered. But the old server no longer hosts email services for the Clintons.

According to an FBI report made public in September 2016, “The new Clinton email server hosted email for [Hillary] Clinton, President Clinton, [redacted], and their respective staffs.”

130601DellPowerEdgeR620

The Dell PowerEdge R620 (Credit: public domain)

This same FBI report will explain that the new server consists of the following equipment: “a Dell PowerEdge R620 server hosting four virtual machines, including four separate virtual machines for Microsoft Exchange email hosting, a BES for the management of BlackBerry devices, a domain controller to authenticate password requests, and an administrative server to manage the other three virtual machines, a Datto SfRlS 2000 to store onsite and remote backups of the server system, a CloudJacket device for intrusion prevention, two Dell switches, and two Fortinet Fortigate 80C firewalls.” (Federal Bureau of Investigation, 9/2/2016)

The FBI report will not make entirely clear what happens to the data on the old server. But a September 2015 Washington Post article will assert that after PRN moved all the data onto a new server, everything on the original server was deleted until it is “blank.” However, it was not wiped, which means having the old files overwritten several times with new data until they can never be recovered. (The Washington Post, 9/12/2015)

June 24, 2013—August 2015: Another company stores the contents of Clinton’s email server on a cloud storage system; this could help the FBI recover deleted emails.

The Datto, Inc. office in Rochester, New York. (Credit: The New York Times)

The Datto, Inc. office in Rochester, New York. (Credit: The New York Times)

Shortly after taking over management of Clinton’s private email server, Platte River Networks (PRN) buys a device called the Datto SIRIS S2000 from another company called Datto, Inc. that frequently makes copies of all the server’s contents. They use this device on a copy of Clinton’s server, which has been moved to a data storage facility in New Jersey. Then, apparently without PRN asking or paying for it, or even being aware of it, Datto stores those copies of the server’s contents on a “cloud” storage system elsewhere. (McClatchy Newspapers, 10/6/2015)

A September 2016 FBI report will explain, “At the Clintons’ request, PRN only intended that the backup device store local copies of the backups. However, in August 2015, Datto informed PRN that, due to a technical oversight, [Clinton’s] server was also backing up the server to Datto’s secure cloud storage. After this notification, PRN instructed Datto to discontinue the secure cloud backups.”

The FBI report will also reveal that the first Datto back-up takes place on June 24, 2013. But a new server is still being set-up and data being transferred from the old server, so the June 29, 2013 back-up will later prove most useful to FBI investigators. the FBI will say the back-ups will stop on December 23, 2013, but it isn’t explained why. (Federal Bureau of Investigation, 9/2/2016)

In 2015, an unnamed source familiar with Datto’s account will say that PRN was billed for “private cloud” storage, and since PRN didn’t have a cloud storage node of its own, the data bounced to Datto’s cloud. This source says that even though nobody seemed to realize it, Datto was “managing the off-site storage throughout.”

When asked if the FBI might recover Clinton’s deleted emails from Datto’s storage, the source will say, “People don’t use Datto’s service for getting rid of data.” Apparently, the FBI will ask for and get the contents of Datto’s storage in September 2015. (McClatchy Newspapers, 10/6/2015)

Senator Ron Johnson (R), who will write a letter to Datto in late 2015 seeking more information, will say that “questions still remain as to whether Datto actually transferred the data from its off-site data center to the on-site server, what data was backed up, and whether Datto wiped the data after it was transferred.” It is also unknown if Datto employees have security clearances allowing them to view classified information. (CNN, 10/8/2015) 

A Datto official will later say that investigators may be able to recover Clinton’s deleted emails if the data was on the server at the time Datto’s service was first used in 2013. (The Washington Post, 10/7/2015)

The FBI will later confirm that Datto back-ups to the cloud will occur, but it isn’t clear if the FBI recovered any emails from this that they didn’t find through other means. It also isn’t clear if the June 29, 2013 back-up that the FBI finds useful is from the Datto SIRIS S2000, the cloud, or both. (Federal Bureau of Investigation, 9/2/2016)

Also, despite internal PRN emails from August 2015 indicating many PRN employees didn’t know about the Datto cloud back-up until that time, by November 2015, the FBI will find evidence that an unknown PRN employee deleted data from the cloud back-up in March 2015.

June 29, 2013: Some of Clinton’s emails are later recovered due to a back-up of computer files made on this date.

130629DattoSIRISS2000Datto

The Datto SIRIS S2000 (Credit: Datto, Inc.)

In June 2013, Platte River Networks (PRN) takes over management of Clinton’s server. Late in the month, they replace the server with a new one and then transfer the data to it. They subcontract with the company Datto, Inc. and purchase a device called the Datto SIRIS S2000 to make periodic back-ups of all the data on the new server. The first such back-up takes place on June 24, 2013.

But data is still being transferred from the old server to the new one. The June 29, 2013 back-up will later prove to be the most important one for FBI investigators, as it apparently is the first one after the data transfer is completed. From that point onwards, emails from Clinton’s four years as secretary of state are likely to only get lost from the server, not added.

The FBI will later report that all of Clinton’s emails at the start of Clinton’s tenure as secretary of state, from January 23, 2009 to March 17, 2009 were missing from the over 30,000 emails Clinton handed over. But the FBI’s Clinton investigation recovered some these emails because they were “captured through a Datto backup on June 29, 2013. However, the emails obtained are likely only a subset of the emails sent or received by Clinton during this time period.”

Clinton’s first server was replaced around March 18, 2009 by the same server that PRN then decided to replace in June 2013. But presumably some of the emails on the first server were transferred to the second server, from instance by being in email inboxes, and then were transferred again by PRN to the newest (and third) server.

One thing that isn’t clear is how many of the emails from after March 18, 2009 were recovered by the FBI. It also isn’t clear if the FBI recovered emails from a Datto device attached to the new server, or if it was from a copy of the data that Datto kept in the “cloud,” over the Internet. (Federal Bureau of Investigation, 9/2/2016)

Late June 2013—October 2013: During this time, it appears that Clinton’s private server is wide open to hacking attempts.

On May 31, 2013, maintenance of the server was taken over by a small Colorado-based company called Platte River Networks (PRN), and the server is sent to a data center in New Jersey. PRN then pays to use threat monitoring software called CloudJacket SMB made by a company named SECNAP. SECNAP claims the software can foil “even the most determined hackers.”

Around June 30, 2013, PRN transfers all the email accounts from the old server to the new one. However, the new software doesn’t begin working until October 2013, apparently leaving the server vulnerable. It is known that the server is repeatedly attacked by hackers in the months from October 2013 on, but it is unknown if any attacks occur when the software is not yet installed. (The Associated Press, 10/7/2015) 

An FBI report will later obliquely confirm this by mentioning that when the new server is set up in June 2013, all the hardware is built up at the time, except for an “intrusion detection device” which has to be added later after it gets shipped to the server location. (Federal Bureau of Investigation, 9/2/2016)

Justin Harvey (Credit: Third Certainty)

Justin Harvey (Credit: Third Certainty)

Justin Harvey, chief security officer of a cybersecurity company, will later comment that Clinton “essentially circumvented millions of dollars’ worth of cybersecurity investment that the federal government puts within the State Department. […] She wouldn’t have had the infrastructure to detect or respond to cyber attacks from a nation-state. Those attacks are incredibly sophisticated, and very hard to detect and contain. And if you have a private server, it’s very likely that you would be compromised.” (The Associated Press, 10/7/2015) 

In March 2013, a Romanian hacker nicknamed Guccifer discovered Clinton’s private email address and the exact address was published in the media, which would have left the server especially vulnerable in the months after.

Around July 2013: Clinton’s emails still are not encrypted.

According to an unnamed Platte River Networks (PRN) employee, Clinton’s server has encryption protection to combat hackers, but the individual emails have not been protected with encryption. With PRN taking over management of the server in June 2013, this employee will later tell the FBI that “the Clintons originally requested that email on [Clinton’s] server be encrypted such that no one but the users could read the content. However, PRN ultimately did not configure the email settings this way, to allow system administrators to troubleshoot problems occurring within user accounts.” (Federal Bureau of Investigation, 9/2/2016)

July 2013: Clinton’s private server is reconfigured to use a commercial email provider.

The MX Logic logo (Credit: MX Logic)

The MX Logic logo (Credit: MX Logic)

The Colorado-based provider, MX Logic, is owned by McAfee Inc., a top Internet security company. This comes one month after Clinton hired the Colorado-based Platte River Networks to maintain her email server, and four months after a hacker named Guccifer publicly exposed Clinton’s private email address for the first time. (The Associated Press, 3/4/2015) 

Computer security expert Matt Devost will later comment: “The timing makes sense. When she left office and was no longer worried as much about control over her emails, she moved to a system that was easier to administer.” (Bloomberg News, 3/4/2015)

October 2013: Clinton’s server gets anti-hacking protection after going several months without any.

The CloudJacket Logo (Credit: public domain)

The CloudJacket Logo (Credit: public domain)

From late June 2013 until October 2013, Platte River Networks (PRN) is managing the server, apparently without any anti-hacking software. In October 2013, the software they have been waiting for arrives and is installed. This is an intrusion detection and prevention system called CloudJacket from SECNAP Network Security.

According to a later FBI report, it “had pre-configured settings that blocked or blacklisted certain email traffic identified as potentially harmful and provided real-time monitoring, alerting, and incident response services. SECNAP personnel would receive notifications when certain activity on the network triggered an alert. These notifications were reviewed by SECNAP personnel and, at times, additional follow-up was conducted with PRN in order to ascertain whether specific activity on the network was normal or anomalous. Occasionally, SECNAP would send email notifications to [an unnamed PRN employee], prompting him to block certain IP addresses. [This employee] described these notifications as normal and did not recall any serious security incident or intrusion attempt.”

Additionally, “PRN also implemented two firewalls for additional protection of the network. [This PRN employee] stated that he put two firewalls in place for redundancy in case one went down.”

The FBI report will also conclude, “Forensic analysis of alert email records automatically generated by CloudJacket revealed multiple instances of potential malicious actors attempting to exploit vulnerabilities on the PRN Server. FBI determined none of the activity, however, was successful against the server.” (Federal Bureau of Investigation, 9/2/2016)

 

December 2013: Clinton’s old server, no longer being used, is turned off.

In June 2013, Platte River Networks (PRN) took over the management of Clinton’s private server. They immediately moved her server to an Equinix data center in Secaucus, New Jersey, and then transferred the data to a new server. The old server remained turned on next to the new one, apparently to assist with the delivery of incoming emails.

According to a September 2015 FBI interview with Paul Combetta, the PRN employee who does most of the active management of the server, around December 2013, PRN decides that email delivery on the new server is working well. As a result, the old server is turned off. It, along with a NAS back-up hard drive attached to it, will remain disconnected until the FBI picks it up on August 12, 2015. (Federal Bureau of Investigation, 9/23/2016)

February 2014: A laptop containing all of Clinton’s emails from one year earlier is permanently lost in the mail.

In the spring of 2013, Clinton aide Monica Hanley made a copy of all of Clinton’s emails on a MacBook laptop to make a safe back-up copy of them. Then she apparently forgot to do anything with it for nearly a full year.

The 2013 Apple Mac Book Air Laptop (Credit: public domain)

The 2013 Apple MacBook Air Laptop (Credit: public domain)

In early 2014, Hanley finds the laptop where it has been stored at her personal residence. She attempts to transfer the archive of Clinton’s emails to Platte River Networks (PRN), the computer company which is managing Clinton’s private server by this time. She works with PRN employee Paul Combetta. After trying unsuccessfully to remotely transfer the emails to him, Hanley ships the laptop to his residence in February 2014. Combetta then transfers Clinton’s emails from the laptop onto Clinton’s private server.

This server already should contain all of Clinton’s old emails. But the server that existed when Hanley made the back-up in the spring of 2013 was replaced in June 2013 by a new server, so it is possible that some emails get transferred at the time didn’t get successfully transferred before.

Combetta transfers all of the Clinton email content to a personal Gmail email address he created. Then he downloads all the emails from the Gmail account to a mailbox on the new Clinton server. He will later tell the FBI that he used the Gmail as a middle step because he had format compatibility issues.

Hanley will later tell the FBI that she recommended that PRN wipe the laptop after the emails were transferred to the server. (“Wiping” means repeatedly overwriting the data so it can never be recovered.) However, Combetta will tell the FBI that once the transfer was done, he deleted the emails from the laptop but didn’t do any wiping. He also deleted the emails uploaded to the Gmail account.

According to the FBI’s final report, Combetta then ships the laptop to a person whose name will later be redacted, but works on Clinton’s staff in some capacity. He ships it through the mail, using United States Postal Service (USPS) or United Parcel Service (UPS). The unnamed Clinton staffer will later tell the FBI that she never received the laptop. She will say that Clinton’s staff was moving offices at the time, and it would have been easy for the package to get lost during the transition period.

According to Combetta’s September 2015 FBI interview, he “shipped the foregoing MacBook back to [redacted], but recalled nothing about the return shipment.” That would presumably mean he shipped it back to Hanley, since she shipped it to him. But in Hanley’s January 2016 interview, she will claim to have asked another woman (whose name is redacted) if they ever received laptop and were told they did not. Thus it would appear Combetta and Hanley will have different accounts of who is sent the laptop.

The laptop is apparently permanently lost. However, some of Clinton’s emails will somehow be recovered from the Gmail account in 2016, even though they were all deleted. (Federal Bureau of Investigation, 9/2/2016) (Federal Bureau of Investigation, 9/23/2016)

July 23, 2014: Clinton’s lawyers are sent some of Clinton’s emails so they can begin sorting them.

Unnamed employees at Platte River Networks (PRN), the company managing Clinton’s private server, discuss in an email sending copies of Clinton’s emails from when she was secretary of state overnight to Cheryl Mills, Clinton’s former chief of staff. A company spokesperson will later confirm that the company did begin sending the emails to Mills around this time. (The Washington Post, 9/22/2015) 

A September 2016 FBI report will confirm that PRN sent some of Clinton’s emails in response to a request from Mills, but only those which were sent to or received from a .gov email address while Clinton was secretary of state. An unnamed PRN employee remotely transferred a .pst file containing the emails onto the laptops of Mills and Heather Samuelson (another Clinton lawyer) via ScreenConnect. (Federal Bureau of Investigation, 9/2/2016)

Two weeks after the FBI report is released, an email reported in the media will reveal that on this day, PRN employee Paul Combetta overrnighted DVDs of data from Clinton’s server to Clinton Executive Services Corp. (CESC), a Clinton family company.  The exact shipping charge of $46.38 is mentioned in the email. (The New York Post, 9/18/2016)

It is unclear if this is in addition to the files being transferred over the Internet as described by the FBI, or instead of it. Combetta will claim in a September 2015 FBI interview that he ultimately never sent the DVD and only sent the data over the Internet. However, this may not settle the question, because Combetta will be interviewed three times and his answers will often be inacurate and/or contradictory. (Federal Bureau of Investigation, 9/23/2016)

July 2014 is the same month the State Department first informally requests Clinton’s emails. Mills and Samuelson will be two of three Clinton associates who sort through which emails to turn over and which to delete, along with Clinton’s personal lawyer David Kendall.

In late September 2014, PRN will send the rest of Clinton’s known emails to Mills and Samuelson.

July 24, 2014: The manager of Clinton’s server asks for help in a social media forum to remove Clinton’s address from her emails.

A captured shot of Combetta's 'stonetear' GMail account with picture included. (Credit: public domain)

A captured shot of Combetta’s ‘stonetear’ GMail account with picture included. (Credit: public domain)

A Reddit user by the name of “stonetear” makes a Reddit post that will later cause controversy. Overwhelming evidence will emerge that “stonetear” is Paul Combetta, one of two Platte River Networks (PRN) employees actively managing Clinton’s private server at the time. The post reads:

“Hello all — I may be facing a very interesting situation where I need to strip out a VIP’s (VERY VIP) email address from a bunch of archived email that I have both in a live Exchange mailbox, as well as a PST file. Basically, they don’t want the VIP’s email address exposed to anyone, and want to be able to either strip out or replace the email address in the to/from fields in all of the emails we want to send out. I am not sure if something like this is possible with PowerShell, or exporting all of the emails to MSG and doing find/replaces with a batch processing program of some sort. Does anyone have experience with something like this, and/or suggestions on how this might be accomplished?”

July 24, 2014 Reddit post contained this request for advice about “stripping out” the email address of a “VERY VIP” email account. (Credit: Reddit)

This July 24, 2014 Reddit post contained a request for advice about “stripping out” the email address of a “VERY VIP” email account. (Credit: Reddit)

A response captured in the Reddit chat warning Combetta that what he wants to do is illegal. (Credit: Reddit)

A response captured in the Reddit chat warning Combetta that what he wants to do could result in “major legal issues.” (Credit: Reddit)

The post in made in a sub-forum frequented by other people who manage servers. One poster comments: “There is no supported way to do what you’re asking. You can only delete emails after they’re stored in the database. You can’t change them. If there was a feature in Exchange that allowed this, it would result in major legal issues. There may be ways to hack a solution, but I’m not aware of any.”

Despite this warning, “stonetear” replies, “As a .pst file or exported MSG files, this could be done though, yes? The issue is that these emails involve the private email address of someone you’d recognize and we’re trying to replace it with a placeholder as to not expose it.” (Reddit, 9/19/2016)

The post occurs one day after the House Benghazi Committee reached an agreement with the State Department on the production of records relating to Clinton’s communications. It also came one day after Combetta sent some of Clinton’s emails to Clinton’s lawyers so they could begin sorting them.

After Combetta is discovered to have authored the post in September 2016, Fortune Magazine will comment, “it’s not clear if there is anything illegal about the Reddit request. But the optics sure don’t look good, and strongly suggest that Combetta turned to social media for advice about how to tamper with government records that should been preserved.” (Fortune, 9/21/2016)

Late July 2014—December 5, 2014: Heather Samuelson, one of Clinton’s lawyers, allegedly leads the sorting of over 60,000 of Clinton’s emails.

Heather Samuelson (Credit: public domain)

Heather Samuelson (Credit: public domain)

Samuelson’s task is to sort all the emails from Clinton’s tenure as secretary of state into those deemed work-related and those deemed personal. She appears to have no security clearance and no special skills or experience for such a task.

In late July 2014, Platte River Networks (PRN), the company managing Clinton’s private server, emails some of Clinton’s emails to the laptops of Samuelson and Cheryl Mills, another Clinton lawyer (and her former chief of staff). PRN sends Samuelson and Mills the rest of Clinton’s emails in late September 2014. In 2016, Samuelson will tell the FBI that the sorting review takes several months and is completed just prior to December 5, 2014, when copies of the work-related emails are given to the State Department.

According to Samuelson’s 2016 FBI interview, she does the sorting on her laptop. She puts the work-related emails she finds into a computer folder. She first adds all emails sent to or from Clinton’s email account with .gov and .mil email addresses. Then she searches the remaining emails for the names of senior leaders in the State Department, as well as members of Congress, foreign leaders, or other official contacts.

Finally, she conducts a keyword search of terms such as “Afghanistan,” “Libya,” and “Benghazi.” Samuelson will claim that she reviews the “to,” “from,” and “subject” fields of every email; but she doesn’t read the content of every individual email. In some instances, she decides a if an email is work or personal by only reviewing the “to,” “from,” and “subject’ fields.

After Samuelson finishes her sorting, she prints all of the emails to be given to the State Department using a printer in Mills’ office. Then Mills and Kendall subsequently reviews emails that Samuelson printed. Any hard copy of an email Mills and Kendall deem not to be work-related is shredded, and the digital copy of the email is removed from the computer folder Samuelson created of all of the work-related emails.

Mills will later tell the FBI that, she only reviewed emails where Samuelson requested her guidance. There is no sign in the FBI’s final report that Kendall was interviewed about this matter.

With the sorting process completed, Samuelson creates a .pst file containing all of the work-related emails, and also makes sure that all work-related emails are printed to give to the State Department. The .pst file is given to Kendall on a USB thumb drive. On August 6, 2015, Kendall will give this thumb drive to the FBI, with consent from Clinton.

This account appears to be based mostly or entirely on the accounts of Samuelson and Mills. An FBI report will note: “The FBI was unable to obtain a complete list of keywords or named officials searched from Samuelson, Mills, or Clinton’s other attorneys due to an assertion of [attorney-client] privilege. ”

The 30,068 emails deemed work-related are given to the State Department, while the 31,830 deemed personal will later be deleted. The FBI will eventually find over 17,000 of the deleted emails, and thousands of them will be determined work-related after all. (Federal Bureau of Investigation, 9/2/2016)

In Clinton’s July 2016 FBI interview, she will claim that she had no role whatsoever in the sorting process, other than telling her lawyers to do it.

Late September 2014: Clinton’s lawyers are sent the rest of Clinton’s emails so they can finish sorting them.

In late July 2014, the State Department informally requested Clinton to provide all her work-related emails from when she was secretary of state. Cheryl Mills, one of Clinton’s lawyers (as well as her former chief of staff), then had Platte River Networks (PRN), the company managing Clinton’s private server, send her and Clinton lawyer Heather Samuelson copies of all of Clinton’s emails that were sent to or received from anyone with a .gov email address.

According to a later FBI report, in late September 2014, Mills and Samuelson then ask an unnamed PRN employee to send them all of Clinton’s emails from her tenure as secretary of state, including emails sent to or received from non-.gov email addresses. Mills and Samuelson will later tell the FBI that “this follow-up request was made to ensure their review captured all of the relevant.” The PRN employee does so. (Federal Bureau of Investigation, 9/2/2016)

Although the name of the PRN employee is unknown, the only two employees actively managing Clinton’s server at the time are Paul Combetta and Bill Thornton. Combetta sent the earrlier batch of emails in late July 2014.

Shortly After October 28, 2014: A computer file from Platte River has a key role in how Clinton’s emails are sorted, according to testimony by Cheryl Mills.

Cheryl Mills after testifying privately to the House Benghazi Committee while Representatives Elijah Cummings and Trey Gowdy stand behind her, on September 3, 2015. (Credit Stephen Crowley / The New York Times)

On September 3, 2015, Clinton’s former chief of staff Cheryl Mills will testify under oath in front of the House Benghazi Committee. After being asked about her role in sorting and deleting Clinton’s emails, Mills says that “after the letter came” from the State Department on October 28, 2014 asking for Clinton’s work-related emails, “Secretary Clinton asked [Clinton’s personal lawyer] David Kendall and myself to oversee a process to ensure that any records that could be potentially work-related were provided to the department.”

Mills is asked if she or Kendall were in physical possession of the server at the time.

She replies, “No. … [T]hat server, as I understand it, doesn’t contain any of her records. So we asked Platte River to give us a .pst [computer file] of all of her emails during the tenure where she was there, which they did. And we used that .pst to first search for and set aside all of the state.gov records, then to actually do a name search of all of the officials in the department so that we could ensure that all the senior officials that she would likely be corresponding with got looked at and searched for by name, and then a review of every sender and recipient so that you knew, if there was a misspelling or something that was inaccurate, that you would also have that review done, as well. And then that created the body of, I think, about 30,000 emails that ended up being ones that were potentially work-related, and not, obviously, completely, but it was the best that we could do, meaning obviously there were some personal records that are turned over, and the department has advised the Secretary of that.”

Mills further explains that she and Kendall “oversaw the process. The person who actually undertook it is a woman who worked for me.” This woman is another lawyer, Heather Samuelson, who Mills admits doesn’t have any specialized training or skills with the Federal Records Act or identifying official records.

Then Mills is asked what happened to the “universe of the .pst file” after the work-emails had been sorted out.

She replies: “So the potential set of federal records, we created a thumb drive that David Kendall kept at his office. And then the records themselves, that would have been the universe that they sent, Platte River took back. […] So they just removed it. So it ended up being on system, and they just removed it. And I don’t know what is the technological way they do it, because it’s a way you have to access it, and then they make it so you can’t access it anymore.” (House Benghazi Committee, 10/21/2015)

December 2014: Clinton’s emails are copied to a different server, but the FBI will never check if that server had any of her work-related emails.

Paul Combetta is the Platte River Networks (PRN) employee doing most of the active managing of Clinton’s private server. In a September 2015 FBI interview, he will claim that a person working for the Clinton family company Clinton Executive Service Corp. (CESC) whose name is later redacted contacts him around December 2014 and tells him that Clinton and her aide Huma Abedin are getting new email accounts on a different server not administered by PRN. Indeed, other sources indicate that in December 2014, Clinton and Abedin get new email accounts on a server with the hrcoffice.com domain name.

As part of this change, Combetta copies Clinton’s email from her hrod17@clintonemail.com email address to her new hrcoffice.com address. Clinton began using the hrod17@clintonemail.com address in late March 2013, shortly after her tenure as secretary of state ended. Combetta will claim that nobody told him “to transfer any archived email to the new server.” (Federal Bureau of Investigation, 9/23/2016)

However, Clinton’s earlier emails could have been transferred to her new email address around the time it was created in late March 2013, in which case they too would get copied to the hrcoffice.com server. But the FBI will never search this server to see if any of Clinton’s emails from her tenure as secretary of state can be recovered from it.

Around December 2014 or January 2015: Copies of Clinton’s emails are deleted from the computers of two of Clinton’s lawyers.

On October 28, 2014, the State Department formally asked Clinton for copies of all her work-related emails, after asking informally for several months. Three lawyers working for Clinton, Cheryl Mills, David Kendall, and Heather Samuelson, then sorted Clinton’s emails into those they deemed work-related or personal.

Paul Combetta (Credit: Facebook)

Paul Combetta (Credit: Facebook)

According to a later FBI report, “on or around December 2014 or January 2015, Mills and Samuelson requested that [Platte River Networks (PRN) employee Paul Combetta] remove from their laptops all of the emails from the July and September 2014 exports. [Combetta] used a program called BleachBit to delete the email-related files so they could not be recovered.” PRN is the computer company managing Clinton’s emails at the time.

The FBI report will explain, “BleachBit is open source software that allows users to ‘shred’ files, clear Internet history, delete system and temporary files and wipe free space on a hard drive. Free space is the area of the hard drive that can contain data that has been deleted. BleachBit’s ‘shred files’ function claims to securely erase files by overwriting data to make the data unrecoverable.”

141201ScreenConnectLogo

ScreenConnect Logo (Credit: public domain)

Combetta then remotely connects to the laptops of Mills and Samuelson using the computer program ScreenConnect to complete the deletions. Clinton’s emails are being stored in a .pst file. Combetta will later tell the FBI “that an unknown Clinton staff member told him s/he did not want the .pst file after the export and wanted it removed from the [Clinton server]” as well.

The Clinton emails are deleted from the laptops of Mills and Samuelson around this time. But another copy of all the emails exist on the server. Combetta will delete those emails as well, in late March 2015. (Federal Bureau of Investigation, 9/2/2016)

Between December 5, 2014 and December 11, 2014: Clinton tells Mills she doesn’t need her “personal” emails, resulting in Mills telling those managing Clinton’s server to delete them.

In 2016, Clinton’s former chief of staff Cheryl Mills will be interviewed by the FBI. Mills will claim that in December 2014, Clinton decided she no longer needed access to any of her emails older than 60 days. This comes shortly after the State Department formally asked Clinton for all of her work-related emails, on October 28, 2014. This decision has to take place before an email discussing it on December 11, 2014, written Paul Combetta, the Platte River Networks (PRN) employee managing Clinton’s private server.

Paul Combetta (Credit: Facebook)

Paul Combetta (Credit: Facebook)

Even so, Mills will claim she instructed Combetta to modify the email retention policy on Clinton’s clintonemail.com email account to reflect this change. (PRN is managing Clinton’s private server at the time.) This means that the 31,830 Clinton emails that Mills and Clinton’s other lawyers David Kendall and Heather Samuelson recently decided were not work-related will be deleted after 60 days.

However, Combetta will later say in an FBI interview that he forgot to make the changes to Clinton’s clintonemail.com account and didn’t make them until late March 2015.

Clinton will also later be interviewed by the FBI. She will claim that after her staff sent her work-related emails to the State Department on December 5, 2014, “she was asked what she wanted to do with her remaining personal emails. Clinton instructed her staff she no longer needed the emails. Clinton stated she never deleted, nor did she instruct anyone to delete, her emails to avoid complying with FOIA [Freedom of Information Act], State [Department], or FBI requests for information.”

However, Clinton saying her personal emails were no longer needed, then having Mills tell PRN to have them delete them after 60 days, will result in all of Clinton’s emails that her lawyers deemed personal getting permanently deleted. The FBI will later recover some of the emails through other means and discover that thousands actually were work-related. (Federal Bureau of Investigation, 9/2/2016)

December 10, 2014: The manager of Clinton’s private server asks for Internet advice on how to keep copies of some of Clinton’s personal emails after changing a setting to delete them all.

On December 10, 2014, “stonetear” asks for advice from Reddit users on how to implement a 60-day email “purge” policy. This will later be revealed to be an alias for Paul Combetta, a Platte River Networks (PRN) employee actively managing Clinton’s private server at the time.

He writes: “Hello. I have a client who wants to push out a 60 day email retention policy for certain users. However, they also want these users to have a ‘Save Folder’ in their Exchange folder list where the users can drop items that they want to hang onto longer than the 60 day window.
All email in any other folder in the mailbox should purge anything older than 60 days (should not apply to calendar or contact items of course). How would I go about this? Some combination of retention and managed folder policy?”

141210stonetear60dayretention

Combetta as ‘stonetear’ asking Reddit users for help. (Credit: Reddit)

Cheryl Mills (Credit: Andrew Harrer / Getty Images)

Cheryl Mills (Credit: Andrew Harrer / Getty Images)

In 2016, Clinton’s former chief of staff Cheryl Mills will be interviewed by the FBI. Mills will claim that in December 2014, Clinton decided she no longer needed access to any of her personal emails, and they could be deleted after 60 days. This comes shortly after the State Department formally asked Clinton for all of her work-related emails, on October 28, 2014.

According to a later FBI report based on a February 2016 interview with Combetta, Combetta communicates with Mills and/or Clinton lawyer Heather Samuelson by email on December 10 and 12, 2014, as well as by phone on December 9 and 10,  2014. In these communications, they tell Combetta they want the last 60 days of the emails of Clinton and Clinton aide Huma Abedin moved to new accounts. (Federal Bureau of Investigation, 9/23/2016)

However, as can be seen from Combetta’s Reddit post, it appears Mills wanted Combetta to figure out how to keep some of the emails “longer than the 60 day window,” in contradiction to the later claim in Combetta’s interview, as well as Clinton’s later claim that all of her over 31,000 personal emails were unwanted and should be permanently deleted.

March 2, 2015: The company managing Clinton’s server tightens security on the server after its existence is exposed.

On the morning of March 2, 2015, a front-page New York Times article reveals Clinton’s use of her own private email server. Platte River Networks (PRN) is managing the server.

Bill Thornton (Credit: public domain)

Bill Thornton (Credit: public domain)

Later in the day, PRN employee Bill Thornton writes in an internal company email, “I spent some time in their firewall just now locking everything down (pretty tight).” (The New York Post, 9/18/2016)

However, on March 4, 2015, an analysis of the server’s publicly visible settings will show it has a misconfigured encryption system. Further articles the next day will expose more security vulnerabilities.

PRN will make more changes to improve the server’s security around March 7, 2015.

Shortly After March 2, 2015: A surge of hacking attempts follows the revelation of Clinton’s use of a private email server in the media.

On March 2, 2015, a New York Times article publicly reveals Clinton’s use of a personal email account and private server to conduct government business. The FBI’s Clinton email investigation will later identify an increased number of login attempts to her server and its associated domain controller just after this article comes out.

According to the FBI in September 2016, “Forensic analysis revealed none of the login attempts were successful. [The] FBI investigation also identified an increase in unauthorized login attempts into the Apple iCloud account likely associated with Clinton’s email address during this time period.” (Clinton’s email address, which had been publicly revealed in March 2013, was still used as the user name for the account.) “Investigation determined all potentially suspicious Apple iCloud login attempts were unsuccessful.”

Despite all this, Clinton does not simply turn the server off. Instead, Platte River Networks (PRN) employees, who are managing the server, make some security improvements around March 7, 2015.

PRN staff also discuss the possibility of conducting penetration testing against the server to highlight vulnerabilities, so they can be fixed. However, the penetration testing ultimately doesn’t happen. (Federal Bureau of Investigation, 9/2/2016)

Shortly After March 2, 2015: The company managing Clinton’s private server fails to fully test its security vulnerabilities.

Johannes Ullrich (Credit: LinkedIn)

Johannes Ullrich (Credit: LinkedIn)

Platte River Networks (PRN) is the company managing Clinton’s private server. Due to a wave of hacking attacks on the server following the public revelation of the server on March 2, 2015, PRN considers doing penetration testing. That  means hiring someone to try to hack the server in order to expose its vulnerabilities so they can be fixed.

Cybersecurity expert Johannes Ullrich will later comment, “It’s a good idea, and it’s also commonly done.”

However, the penetration testing never happens. It isn’t clear why. (The New York Post, 9/18/2016) (Federal Bureau of Investigation, 9/2/2016)

Shortly After March 2, 2015: Cheryl Mills has a computer company check on the condition of Clinton’s private server after the media makes Clinton’s use of the server front-page news.

On March 2, 2015, the New York Times publishes a front-page story about Clinton’s emails practices and her use of a private email server.

The Equinix data center in Secaucus, NY. (Credit: public domain)

In the days following the publication of the article, Cheryl Mills, who is one of Clinton’s lawyers as well as her former chief of staff, requests that Platte River Networks (PRN), the computer company managing Clinton’s server, conduct a complete inventory of all equipment related to the server.

In response to this request, an unnamed PRN employee travels to the Equinix data center in Secaucus, New Jersey, where the server is located, to conduct an onsite review of the equipment. At the same time, another unnamed PRN employee logs in to the server remotely to check on it.

This will result in some changes to the security settings of the server  around March 7, 2015. Additionally, many emails (other than Clinton’s) are deleted from the server on March 8, 2015. (Federal Bureau of Investigation, 9/2/2016)

March 3, 2015: The head of the company managing Clinton’s private server makes a curious political comment; he also wonders what Clinton emails might have to turn over.

David DeCamillis (Credit: Twitter)

David DeCamillis (Credit: Twitter)

David DeCamillis, the vice president of sales for Platte River Networks (PRN), emails other PRN employees about the news reported in the New York Times the day before revealing Clinton’s exclusive use of a private email address hosted on her private server. He writes, “I’m sure the Republicans are giving each other high fives; especially Jeb Bush.”

PRN is the company that has been managing the server since June 2013. There will later be suggestions that PRN was chosen by Clinton or her employees to manage the server at least in part due to the company’s political preference for Democrats, and this email seems to fit with such a preference.

DeCamillis also wonders what emails the company might be asked to turn over. PRN employee Paul  Combetta will send a reply detailing what work he’s done on Clinton’s server. (The New York Post, 9/18/2016)

At the time, Jeb Bush, the former Republican governor of Florida, is seen as the Republican frontrunner for the November 2016 presidential election, though he will ultimately fail to win the Republican nomination.

March 3, 2015 or Shortly Thereafter: The employee who will later delete all of Clinton’s emails is asked about what Clinton emails might be turned over.

On March 3, 2015, David DeCamillis, the vice president of sales for Platte River Networks (PRN), wonders what emails the company might be asked to turn over in an email to other PRN employees. This is because of a New York Times article on March 2, 2015 revealing Clinton’s exclusive use of a private email address hosted on her private server, and PRN has been managing that server since June 2013.

Paul Combetta (Credit: CSpan)

Paul Combetta (Credit: CSpan)

PRN employee Paul Combetta replies to the email, although the date of the reply hasn’t been specified. “I’ve done quite a bit already in the last few months related to this. Her [Clinton’s] team had me do a bunch of exports and email filters and cleanup to provide a .pst [personal storage file] of all of HRC’s [Hillary Rodham Clinton’s] emails to/from any .gov addresses. … I billed probably close to 10 hours in on-call tickets with CSEC related to it :).”

CSEC is a likely reference to Clinton Executive Services Corp. (CESC), a Clinton family company paying for PRN’s services. Combetta will delete and then wipe all of Clinton’s emails later in March 2015. His mention of sending Clinton’s emails likely refers to when PRN sent those emails to two of Clinton’s lawyers in late July 2014. (The New York Post, 9/18/2016)

It is not clear if this is all of Combetta’s reply. But if it is, it is notable that he doesn’t mention that he deleted and then wiped all of Clinton’s emails off the laptops of two lawyers working for Clinton by this time, and allegedly was told to change the settings on Clinton’s server so her emails would be deleted over time as well.

March 8, 2015: Someone deletes email accounts other than Clinton’s from Clinton’s private server.

In a September 2016 report, the FBI will reveal that the “FBI forensically identified deletions from [Clinton’s] server on March 8, 2015 of .pst files not associated with Clinton’ s email account or domain, and other server data.”

A .pst or “Personal Storage Table” file is a file format used to store copies of emails and other items within Microsoft software.

This incident will only be mentioned in a footnote in an FBI report, with no mention of who made the deletions or why. It also is not clear how thorough the deletions are. Clinton’s deputy chief of staff Huma Abedin had a frequently used email account hosted on the server, but it is unknown if these deletions include her emails.

Platte River Network's new, larger office, which they moved into in mid-2015. (Credit: Stuart Sipkin / Demotis / Corbis))

Platte River Network’s new, 12,000 sq. foot office, which they moved into in mid-2015. (Credit: Stuart Sipkin / Demotis / Corbis))

It seems probable an employee of Platte River Networks (PRN), the computer company managing Clinton’s server, made the deletions. Shortly after a news report made Clinton’s use of the server public knowledge on March 2, 2015, Cheryl Mills, who is one of Clinton’s lawyers as well as her former chief of staff, requested that PRN conduct a complete inventory of all equipment related to the server, and one unnamed PRN employee physically checked the server while another one remotely logged on to check it.

The FBI report will also mention that around March 7, 2015, PRN makes various changes to the server’s security settings. (Federal Bureau of Investigation, 9/2/2016)

March 9, 2015: An email from Cheryl Mills warns a Platte River Networks employee that Clinton’s emails should be preserved, but he will delete them all later in the month anyway.

Cheryl Mills, who is one of Clinton’s lawyers at the time, as well as being her former chief of staff, sends an email to some employees at Platte River Networks (PRN), the company that is managing Clinton’s private server. On March 3, 2015, the House Benghazi Committee sent a letter to Clinton’s lawyers, asking that they preserve all of Clinton’s emails. This is because of a New York Times report the day before that indicated Clinton probably had many emails from when she was secretary of state that the State Department did not. Mills’ email to PRN references this preservation request.

150303PlatteRiverNewOfficePRFB

In March 2015, PRN is preparing to move from a small downtown loft in Denver, to a more spacious 12,000 sq. foot office space. (Credit: Platte River Networks / Facebook)

PRN employee Paul Combetta is one of the recipients of this email from Mills. In a February 18, 2016 FBI interview, he will claim that he didn’t recall seeing the preservation request mentioned in the email. But he will be interviewed by the FBI again, on May 3, 2016. At that time, he will indicate that he deleted and then wiped all of Clinton’s emails from her server in late March 2015, despite the fact that, according to an FBI report, “he was aware of the existence of the preservation request and the fact that it meant he should not disturb Clinton’s email data on [Clinton’s] server.”

It is not clear why he will do this. He will also state during his second interview, “he did not receive guidance from other PRN personnel, PRN’s legal counsel, or others regarding the meaning of the preservation request.” (Federal Bureau of Investigation, 9/2/2016)

Shortly After March 10, 2015 or Later: An employee of the company managing Clinton’s server comments that company employees are seeking to “cover our asses” due to news that Clinton’s emails were deleted.

In September 2016, a New York Post article will reveal details of a number of emails between Platte River Networks (PRN) employees, the company managing Clinton’s private server since June 2013.

In it, the Post will mention that PRN employees “frantically sought to ‘cover our asses’ when news broke that [Clinton’s] communications were deleted.” Unfortunately, the article won’t mention which PRN employee wrote the “cover our asses” quote or when that email was sent. (The New York Post, 9/18/2016)

However, the revelation that over 30,000 of Clinton’s emails were deleted occcurs in public comments by Clinton on March 10, 2015, so it seems probable the email is from shortly after that date, although this is not certain. The timing could be important, because the emails won’t actually be deleted from Clinton’s private server by PRN employee Paul Combetta until around March 31, 2015, three weeks after Clinton’s public claim that they were deleted.

March 25, 2015: A conference call precedes the permanent deletion of Clinton’s “personal” emails.

Platte River Networks (PRN), the computer company managing Clinton’s server, holds a conference call with some members of former President Bill Clinton’s staff. This is according to a later FBI report, but the FBI has not revealed who exactly takes part in the conference call or what is discussed.

The four “President Clinton” aides who had access to the private server were from left to right, Justin Cooper, Doug Band, Jon Davidson, and Oscar Flores. (Credit for all photos: public domain)

PRN employee Paul Combetta will later say that in the days just after this call, between March 25 and 31, 2015, he suddenly remembers that he did not make changes to the email retention policy to Clinton’s email account, as one of Clinton’s lawyers (and her former chief of staff) Cheryl Mills requested him to do back in December 2014. He will then proceed to do so, resulting in the permanent deletion of all of Clinton’s emails that had been deemed personal.

PRN only has two employees involved in managing Clinton’s server, so it seems highly likely Combetta takes part in the conference call. (Federal Bureau of Investigation, 9/2/2016)

Between March 25 and 31, 2015: A Platte River Networks employee allegedly deletes all of Clinton’s emails and then wipes them to prevent their recovery, despite apparently having no clear order to do so.

Platte River Networks (PRN) is managing Clinton’s private server, and two PRN employees are occasionally working on it. Around December 2014, PRN employee Paul Combetta was told by one of Clinton’s lawyers (and her former chief of staff) Cheryl Mills to delete all copies of Clinton’s emails off Mills’ computer and the computer of another lawyer working for Clinton, Heather Samuelson. He did so. But he says he was also told by Mills to change the email retention policy on Clinton’s clintonemail.com email account so that Clinton’s unwanted “personal” emails would be deleted after 60 days, and he forgot to do that.

Combetta will be interviewed by the FBI on February 18, 2016. At that time, he will say that after a conference call between PRN and the staff of former President Bill Clinton on March 25, 2015, roughly between March 25 and 31, 2015, he will realize he forgot to make the change, but then will tell the FBI that he didn’t do anything about it.

However, Combetta will be interviewed by the FBI again on May 3, 2016, and his answers will change. This time, he will say he had what told the FBI was “an ‘oh shit’ moment.” Then, sometime between March 25 and 31, 2015, he deleted the Clinton archive mailbox from Clinton’s server. Furthermore, he used BleachBit to delete the exported .pst files he had created on the server system containing Clinton’s emails.

150326PlatteMontage

There are six employees leading PRN in 2015. From left to right they are Brent Allshouse, David DeCamillis, Treve Suavo, Sam Hickler, Craig Papke, and Dave Robinson (not pictured). (Credit: Linked In and Platte River Networks)

An FBI report will explain, “BleachBit is open source software that allows users to ‘shred’ files,” as well as other functions. “BleachBit’s ‘shred files’ function claims to securely erase files by overwriting data to make the data unrecoverable.”

Additionally, the FBI investigation will later find “evidence of these deletions and determined the Datto backups of the [Clinton’s] server were also manually deleted during this timeframe.” However, the FBI will not mention if they figured out who deleted the Datto back-ups, whether it is Combetta or someone else.

150326BleachBitSystemCleaner1.8

BleachBit System Cleaner 1.8 (Credit: BleachBit)

Note that Combetta was only asked by Mills to change the deletion policy on Clinton’s account, which would have deleted only her “personal” emails 60 days later. He actually immediately deleted all of her emails, including her work-related ones, and then used a program to make their later recovery impossible. It is not clear if anyone told him to do this, and if so who, or if he did it on his own.

Furthermore, Combetta took these actions even though Mills sent him (and others at PRN) an email on March 9, 2015, which mentioned how the House Benghazi Committee had requested to Clinton’s lawyers that all of Clinton’s emails should be preserved. In his first FBI interview, he will deny being aware of this. But in his second FBI interview, according to the FBI, at the time he made the deletions, “he was aware of the existence of the preservation request and the fact that it meant he should not disturb Clinton’s email data on [Clinton’s] server.” (Federal Bureau of Investigation, 9/2/2016)

Around Late March 2015: An Internet cloud back-up of Clinton’s server is deleted at this time, despite the company managing the server seemingly not knowing the cloud copy exists.

On November 19, 2015, an unnamed Datto executive will be interviewed by the FBI. Datto had provided back-up service and equipment to Platte Rivers Networks (PRN) when PRN was managing Clinton’s private server from June 2013 onwards. It will later be reported that in early August 2015, PRN employees discovered that in addition to a Datto back-up device attached to Clinton’s server, Datto had been also backing up Clinton’s server to the Internet “cloud.” Some internal PRN emails from early August 2015 show some employees acting surprised after being told about this.

A graphic of Datto's cloud structure. (Credit: Datto, Inc.)

A graphic of Datto’s cloud structure. (Credit: Datto, Inc.)

However, according to a later FBI summary of the Datto executive’s interview, he said that PRN must have known about the cloud back-up all along. “As evidence, [he] stated the partner portal, that PRN had log-in credentials to, had a feature displaying backed-up data an options to ‘delete cloud’ or ‘delete local.’ [He] stated PN would have seen their back-ups under ‘delete cloud.'”

More crucially, during the interview, the FBI will show him a Datto document “indicating email records were manually deleted from the Datto secure cloud back-ups of the [Clinton] server in March 2015.” He then will tell the FBI that it couldn’t have been a Datto employee who made the deletions, because there would have been a work ticket created showing that. Furthermore, IP addresses associated with the deletions indicate that someone from PRN must have done it, although PRN had a shared account so it can’t be proven who exactly made the deletions. (Federal Bureau of Investigation, 10/17/2016)

A Datto letter sent to the FBI in October 2015 will indicate that Datto technical experts reviewed administrative files and discovered through the device’s Internet interface that a series of deletions took place on the device on March 31, 2015, between 11:27 a.m. and 12:41 a.m. Furthermore, a much greater amount of data had been “deleted automatically based on the local device’s then-configured pruning parameters.” (US Congress, 9/12/2016) It is unclear if this refers to data deleted from the local Datto device or the Internet cloud back-up.

Although it is unknown who made these deletions, in a May 2016 FBI interview, PRN employee Paul Combetta will confess to deleting all of Clinton’s emails on her server as well as the Datto back-up device in precisely this time period, between March 25, 2015 and March 31, 2015.

March 31, 2015: A Platte River Networks employee talks to two of Clinton’s lawyers shortly after deleting and wiping all of Clinton’s emails from her server.

Platte River Networks (PRN) is a computer company managing Clinton’s private server. PRN employee Paul Combetta will later admit to the FBI that he deleted all of Clinton’s emails from her server and then used the computer program BleachBit to permanently eliminate the emails. This is despite the fact that he claims he had only been told by one of Clinton’s lawyers (and her former chief of staff) Cheryl Mills back in December 2014 to change the email retention policy on Clinton’s account.

On March 25, 2015, there was a conference call between PRN employees and members of former President Bill Clinton’s personal staff. On March 31, 2015, there is another conference call. Combetta will later say he made the deletions at some point between the two calls.

Details about the second call are murky because the FBI only discovered it took place due to discovering a PRN work ticket about it. The ticket mentions PRN employees talking to Clinton’s personal lawyer David Kendall as well as her lawyer Mills. But when Combetta was asked about it, according to the FBI, “PRN’s attorney advised [him] not to comment on the conversation with Kendall, based upon the assertion of the attorney-client privilege.”

In 2016, Mills will be interviewed by the FBI. She will state that she was unaware that Combetta made such deletions and modifications in March 2015. This presumably would mean they were not discussed in the second conference call, or any time after that. Clinton will also be interviewed in 2016, and she will also claim she was unaware of the March 2015 email deletions. (Federal Bureau of Investigation, 9/2/2016)

August 2015: A company recommends improving security for Clinton’s server, which is still in use, but the FBI wants no changes.

At some point in August 2015, employees at Datto, Inc., a company that specializes in backing up computer data, realize that a private server they have been backing up belongs to Clinton. The server is being managed by Platte River Networks (PRN), and Datto made the connection after media reports revealed PRN’s role.

According to an unnamed Datto official, due to worries about the “sensitive high profile nature of the data,” Datto then recommends that PRN should upgrade security by adding sophisticated encryption technology to its backup systems.

150801AndyBoianFoxNews

Andy Boian (Credit: Fox News)

PRN spokesperson Andy Boian later acknowledges receiving upgrade requests from Datto, but he says, “It’s not that we ignored them, but the FBI had told us not to change or adjust anything.”

Boian adds, however, the company did not take Datto’s concerns to the FBI.

The newest version of the server is still in use by the Clintons’ personal office at the time, despite being in news headlines since March 2015. (The Washington Post, 10/7/2015)

On August 12, 2015, the FBI takes an older version of the server from PRN’s control. The FBI doesn’t realize Clinton’s emails were moved from the old server to the new one. They eventually will figure this out and take the new server away as well, on October 3, 2015.

August 1, 2015—August 7, 2015: The company managing Clinton’s private server learns that another company has been making back-up copies of all the server data in the Internet “cloud” since 2013.

Clinton’s server has been managed by Platte River Networks (PRN) since June 2013. And since that time, PRN has subcontracted Datto, Inc. to make periodic back-ups of all the data on the server. PRN has thought that the back-ups have been only made through a device attached to the server called the Datto SIRIS S2000.

Sam Hickler (Credit: public domain)

Sam Hickler (Credit: public domain)

However, on August 1, 2015, an unnamed PRN employee notices that data from the server was possibly being sent to an off-site Datto location. On August 6, 2015,  Sam Hickler, PRN’s vice president of operations, contacts Datto employee Leif McKinley about this, CCing PRN employees Paul Combetta and Treve Suazo.

McKinley confirms that, due to a misunderstanding, Datto has been making periodic back-ups of the server data through the Internet “cloud” as well as locally through the device. Furthermore, periodic back-ups have been made this way since June 2013.

Treve Suazo (Credit: Platte River Networks)

Treve Suazo (Credit: Platte River Networks)

Suazo, the CEO of PRN, tells Datto on August 6, 2015, that “This is a problem.” This is because the Clinton Executive Services Corp. (CESC), the Clinton family company that hired PRN to manage the server, explicitly stated from the beginning that they didn’t want any remote back-ups to be made. Thus, PRN employees tell Datto not to delete whatever data was stored in the cloud, and instead work to get it back to the control of PRN.

On August 7, 2015, Datto and PRN employees discuss saving the data on a thumb drive and sending it to PRN. Then, according to an email from one unnamed PRN employee to another, they would have Datto “wipe [the data] from the cloud.”

This is according to a letter that will be sent in October 5, 2015 to Datto CEO Austin McChord by Senator Ron Johnson (R). Johnson is chair of the Senate Homeland Security and Government Affairs Committee, and is conducting oversight of the FBI’s Clinton email investigation. However, Johnson will be unable to determine what happened next, such as if the thumb drive was sent and the data was wiped. Furthermore, McChord will not be able to reveal that information to Johnson because Datto needs PRN’s permission to share that information and PRN won’t give it. (US Congress, 9/12/2016) (US Congress, 9/12/2016)

August 8, 2015 and Shortly Thereafter: The company that manages Clinton’s server gives a presentation to Congressional investigators but fails to mention the deletion and wiping of Clinton’s emails.

Senator Ron Johnson (Credit: public domain)

Senator Ron Johnson (Credit: public domain)

Platte River Networks (PRN) is the computer company that has been managing Clinton’s private server since June 2013. On August 8, 2015, Senator Ron Johnson (R), chair of the Senate Homeland Security Committee, asks PRN for a staff-level briefing on the server. A July 2016 letter co-written by Johnson will indicate that there was an “initial production” by PRN later in August 2015 about various matters, “including maintaining Secretary Clinton’s private server.” (US Congress, 7/22/2016) (Politico, 11/13/2015)

However, it seems apparent that PRN says nothing about the later-revealed fact that PRN employee Paul Combetta deleted and wiped all of Clinton’s emails off her server in late March 2015,  because Johnson will show no knowledge of that in the above-mentioned letter or other letters. Furthermore, in September 2015, PRN will publicly state that it has no knowledge of the server being wiped.

Furthermore, when the FBI picks up Clinton’s server from a data center in New Jersey on August 12, 2015, they only pick up one server. But actually there are two servers there, both being managed by PRN, and Clinton’s emails had been transferred from the old one to the new one. The FBI will discover this on their own and pick up the newer server as well on October 3, 2015, so it seems probable that PRN is not honest with the Congressional committee about this basic fact either.

Additionally, when Johnson’s committee asks to interview PRN employees one month later, the company will refuse and will cease cooperating with Congressional investigators.

 

August 11, 2015: Clinton finally agrees to allow the Justice Department to investigate her private server, as well as thumb drives housing her work emails.

This comes after months of her refusing to hand it over. (The New York Times, 8/11/2015The old server is picked up by the FBI from the management of Platte River Networks (PRN) one day later. It is being kept at an Equinix data center in Secaucus, New Jersey, and it is picked up there.

However, the company transferred Clinton’s data to a new server, which is also being managed by PRN and is kept at the same data center. The FBI won’t pick up that one until October 2015.

August 12, 2015: The company managing Clinton’s private server is worried they will be blamed for a change of policy that results in the deletion of Clinton’s emails.

Platte River Networks (PRN) has been managing Clinton’s private email server. According to a New York Post article in September 2016, around August 2015, PRN wants to double check their behavior after media reports that the FBI is investigating Clinton’s server. “Company execs scrambled to find proof that Clinton’s reps had months earlier asked to cut the retention of emails from 60 days to 30 days.”

Paul Combetta (left) Bill Thornton (right) (Credit: AP)

Paul Combetta (left) Bill Thornton (right) (Credit: AP)

On August 12, 2015, PRN employee Bill Thornton writes, “OK, we may want to work with our attorneys to draft up something that absolves us of that question. I can only assume that will be the first and last question for us, ‘Why did we have backups of the system since the time of inception, then decide to cut them back to just 60 or 30 days?’ If we can get that from them in writing, I would feel a whole lot better about this.”

The other PRN employee who has been actively managing the Clinton account with Thornton, Bill Combetta, responds that he believes the request was made to PRN by phone.

An email exchange between the two on the same topic several days later will make clear that the Clinton representatives are employees of Clinton Executive Services Corp. (CESC) the Clinton family company that has been paying PRN. (The New York Post, 9/18/2016)

August 12, 2015: The FBI picks up one of Clinton’s private email servers, as well as thumb drives containing copies of her emails.

An inside look at one Equinix’s many data centers across the United States. (Credit: Equinix)

The Washington Post reports that Clinton’s old server, which was in a New Jersey data center, had all its data deleted some time earlier.

A lawyer for Platte River Networks, the company that managed the server, says, “To my knowledge, the data on the old server is not available now on any servers or devices in Platte River Network’s control.”

Investigators also take thumb drives from Clinton’s lawyer David Kendall containing copies of Clinton’s emails. (The Washington Post, 8/12/2015) 

There are two Clinton servers in existence at the time, and both the old and new ones are located at the Equinix data center in Secaucus, New Jersey.

However, a September 2016 FBI report will explain that Clinton’s lawyers never revealed that Clinton’s emails had once been transferred from the old server to the new server, so the FBI only picks up the old server. The FBI will later learn on its own about the transfer and then pick up the new server as well, on October 3, 2015. (Federal Bureau of Investigation, 9/2/2016)

August 17, 2015: The company that recently managed Clinton’s private server, says it is “highly likely” that a backup copy of the server was made.

The Datto logo (Credit: Datto, Inc.)

The Datto logo (Credit: Datto, Inc.)

That company is Platte River Networks (PRN), which managed her server from mid-2013 until early August 2015. The company is cooperating with the FBI.

That means that any emails Clinton deleted before she handed the server over to investigators may still be accessible. (Business Insider, 8/17/2015)

The mention of a backup copy of the server could be a reference to Datto, Inc., a company that made backups of Clinton’s server while it was in Platte River’s possession. (McClatchy Newspapers, 10/6/2015)

August 18, 2015: Clinton’s private server has recently been managed by a surprisingly small company with no special security features.

The door to the apartment where Platte River Networks was based until mid-2015. (Credit: Matthew Jonas - The Daily Mail)

The door to the apartment where PRN was based until mid-2015. (Credit: Matthew Jonas – The Daily Mail)

Platte River Networks (PRN) managed Clinton’s server from June 2013 until early August 2015. Former employee Tera Dadiotis calls it a “mom and pop shop.” She adds, “At the time I worked for them they wouldn’t have been equipped to work for Hilary Clinton because I don’t think they had the resources… [It was] not very high security, we didn’t even have an alarm. […] [W]e literally had our server racks in the bathroom. […] We only had the three owners and like eight employees. We didn’t do any work in other states.” PRN’s facility was a 1,900 square foot apartment in an ordinary apartment building until it moved into a larger space in June 2015. (The Daily Mail, 8/18/2015)

However, the security of PRN’s offfice may not have been directly relevant to Clinton’s server, because a 2016 FBI report will give no indication that her server was ever physically located at the office. It was put in an Equinix data center in New Jersey instead, and mostly managed remotely by PRN. (Federal Bureau of Investigation, 9/2/2016)

PRN also has ties to prominent Democrats. For instance, the company’s vice president of sales David DeCamillis is said to be a prominent supporter of Democratic politicians. He once offered to let Senator Joe Biden (D) stay in his house in 2008, not long before Biden became Obama’s vice president. The company also has done work for John Hickenlooper, the Democratic governor of Colorado.

Another former employee says everyone was told to keep quiet about the fact they were doing work for Clinton. (The Daily Mail, 8/18/2015)

August 19, 2015: Nobody in the company that managed Clinton’s private email server had any government security clearances.

A generic photo of a relatively low-cost server rack. (Credit: rackmountsolutions)

A generic photo of a relatively low-cost server rack. (Credit: rackmountsolutions)

Platte River Networks is a small Colorado-based technology company, and they managed Clinton’s server from mid-2013 to early August 2015. They had never had a federal government contract and did not work for political campaigns. Nearly all their clients are local businesses. David DeCamillis, the company’s vice president of sales, says that if they’d had any clue what might have resulted from accepting the contract, “we would never have taken it on.” (The Washington Post, 8/19/2016) 

Furthermore, Cindy McGovern, a Defense Department spokesperson, says that Platte River “is not cleared” to have access to classified material. (Business Insider, 8/17/2015) 

Cybersecurity expert Alex McGeorge believes that if classified information was mishandled, the onus is on Clinton, not on the company. “The fact that Platte River is not a cleared contractor is largely irrelevant, [since] they were handling what should have been unclassified email. That classified email may have been received by a server under their control is troubling, and they may have been less equipped to deal with it, but it is ultimately not their fault.” (Business Insider, 8/19/2016)