Datto Inc.

A Congressperson alleges that Clinton is responsible for a computer company not complying with a Congressional subpoena related to Clinton’s private server.

On September 12, 2016, a deadline to respond to a subpoena issued by a Congressional committee passed. Three companies involved in the management of Clinton’s private server had been given the subpoena, and one – Datto, Inc. – responded in time with documents, while the other two – Platte River Networks (PRN) and SECNAP, Inc.  – did not.

The next day, Representative Lamar Smith (R) comments in a related Congressional hearing, “just this morning… SECNAP’s [legal] counsel confirmed to my staff that the Clinton’s private LLC [Clinton Executive Service Corp.] is actively engaged in directing their obstructionist responses to Congressional subpoenas.” (US Congress, 9/13/2016)

Clinton’s lawyer will later confirm that he is prohibiting SECNAP from fully complying with a subpoena.

Congressional committees order five people involved with the management of Clinton’s private server to speak in a public hearing.

Representative Jason Chaffetz (R), the chair of the House Oversight and Government Reform Committee, orders two Platte River Networks (PRN) employees and three others to testify before a Congressional hearing, on September 13, 2016. PRN is the company that managed Clinton’s private server. The following people are ordered to appear:

Those subpoenaed to appear before the House Oversight committee are from left to right: Paul Combetta, Bryan Pagliano, Justin Cooper and Alex McChord and Bill Thornton. (Credits: public domain)

  • Paul Combetta. He is a PRN employee. On September 8, 2016, the New York Times revealed that Combetta deleted and wiped Clinton’s emails from her private server, and he also got an immunity deal from the Justice Department as part of the FBI’s Clinton email investigation. Congressional committees issued subpoenas for PRN interviews on August 22, 2016, after asking without coersion since September 2015.
  • Bill Thornton. He also is a PRN employee. The FBI’s final report indicated  two PRN employees worked on Clinton’s server, so it seems probable he is the other one.
  • Bryan Pagliano. He managed Clinton’s server until PRN took over. He was previously subpoenaed by the House Committee on Benghazi, but he pleaded the Fifth. However, he cooperated with the FBI after also getting an immunity deal.
  • Justin Cooper. He is a member of Bill Clinton’s staff and helped Pagliano manage the server.
  • Austin McChord. He is CEO of Datto, Inc. PRN subcontracted Datto to make back-up copies of the server. (The Wall Street Journal, 9/9/2016) (US Congress, 9/9/2016)

A Congressperson issues subpoenas to three companies that helped manage Clinton’s private email server.

160822LamarSmithpublicdomain

Representative Lamar Smith (Credit: public domain)

Representative Lamar Smith (R), chair of the Committee on Science, Space and Technology, issues subpoenas for Platte River Networks, which managed Clinton’s server from May 2013 until August 2015; Datto, Inc., which made back-up copies of the server; and SECNAP, which carried out threat monitoring of the network connected to Clinton’s server. Smith wants documents from the companies by September 9, 2016, after they declined to voluntarily produce them. Congressional committees requested information since August and November 2015, to no avail. The companies had been threatened with subpoenas on July 12, 2016.

Smith comments, “Companies providing services to Secretary Hillary Clinton’s private email account and server are not above the law.” He claims the information he is seeking is “critical to… informing policy changes in how to prevent similar email arrangements in the future.”

Smith is working with Senator Ron Johnson (R), chair of the Senate Homeland Security and Governmental Affairs Committee. They are looking for information about breaches or potential breaches, and documents that detail the scope of the work of each company. (The Washington Post, 8/22/2016)

One company that possessed Clinton’s emails is accused of having shockingly poor security.

Datto Headquarters in Norwalk, Connecticut. (Credit: Stephen A. Schwartz / Daily Mail)

Datto Headquarters in Norwalk, Connecticut. (Credit: Stephen A. Schwartz / Daily Mail)

From around June 2013 until August 2015, Clinton’s private server containing her emails from her time as secretary of state was managed by Platte River Networks. But another company, Datto Inc., was making monthly back-up copies of all the server’s data in the Internet cloud.  Datto has 600 employees and is valued at $1 billion, but two people tell the Daily Mail that the company is extremely incompetent.

Marc Tamarin, president of Virtual IT Consulting, was a Datto business partner from 2009 until early 2016. He says he frequently worked with Datto’s technical support, but “Those guys were really morons. They weren’t qualified to handle our back-up and that was the biggest concern for us. … If they’re inept at the basic principles of technology, how are they going to handle something advanced like security? Most companies like mine trust their vendor that they are doing due diligence. I’ve never heard anything this bad before in my life, the dataincompetence was shocking.”

An unnamed former employee, who spent three years at the company, has even more complaints. “If you’re talking about high-level data security, at the political, presidential level, the security level of data [at Datto] … was nowhere near something that could have been protected from a good hacker that knows how to spread out their points at which to infiltrate. It’s not something that Datto was focused on. It was more about getting the data off-site quickly and cost-effectively than securing the data and keeping it from being hacked. There’s no doubt in my mind that someone could easily hack them – even today.”

He calls Datto’s security “a joke.” He claims a potential hacker could walk in off the street and sit down at an unused computer and access all the company’s data. There were no security guards, the receptionists didn’t ask questions of strangers, there was no key card access or other security features, passwords were not regularly changed, and so on. People who said they had lost their security pass would be let in without questions. Unused computers were frequently left on and logged in to the network.

He says, “For years, any Datto employee, even low-level ones, could go in any customer’s device, see their backups, restore files, and delete files.” Oftentimes, Datto customers would find themselves logged into the data of another customer without even wanting to. Datto’s internal servers were hacked in 2010. However, complaints were swept under the rug and security was not improved. (The Daily Mail, 6/30/2016)

A Platte River Networks employee is interviewed twice by the FBI and gives contradictory answers.

Paul Combetta (Credit: public domain)

Paul Combetta (Credit: public domain)

Platte River Networks (PRN) is the computer company managing Clinton’s private server from June 2013 until at least October 2015, and PRN employee Paul Combetta played a pivotal role in the deletion of Clinton’s emails from her server.

On February 18, 2016, Combetta is interviewed by the FBI for the first time. He says that between March 25 and 31, 2015, he realized he failed to change the email retention policy on Clinton’s email account on her server, as Clinton’s lawyer (and former chief of staff) Cheryl Mills told him to do in December 2014. This would result in the deletion of some of her emails after 60 days. However, he claims that despite this realization, he still didn’t take any action. Additionally, on March 9, 2015, Mills sent him and other PRN employees an email which mentioned that the House Benghazi Committee had made a formal request to preserve Clinton’s emails. Combetta tells the FBI that he didn’t recall seeing the preservation request referenced in the email.

On May 3, 2016, Combetta has a follow-up FBI interview, and his answers on key issues completely contradict what he said before. This time, he says that when he realized between March 25 and 31, 2015 that he forgot to change the email retention policy on Clinton’s email account, he had an “oh shit!” moment. Then, instead of finally changing the policy settings, he entirely deleted Clinton’s email mailbox from the server,  and used the BleachBit computer program to effectively wipe the data to make sure it could never be recovered. He also deleted a Datto back-up of the data. And he did all this without consulting anyone in PRN or working for Clinton. Furthermore, he admits that he was aware of the mention in the March 9, 2015 email from Mills mentioning the Congressional request to preserve Clinton’s emails.

A September 2016 FBI report will simply note these contradictions. There will be no explanation why Combetta was not indicted for lying to the FBI, obstruction of justice, and other possible charges. There also will be no explanation why his answers changed so much in his second FBI interview, such as him possibly being presented with new evidence that contradicted what he’d said before. (Federal Bureau of Investigation, 9/2/2016)

The computer companies that worked on Clinton’s private server refuse interview and document requests from Congressional investigators.

The Platte River Networks Logo (Credit: PRN)

The Platte River Networks Logo (Credit: PRN)

Platte River Networks (PRN) is the computer company that has been managing Clinton’s private server since June 2013. Politico reports that it has declined requests by the Senate Homeland Security Committee to interview five employees about the security of Clinton’s server.

The Datto Logo (Credit: Datto)

The Datto Logo (Credit: Datto)

Additionally, Datto, Inc. was employed by PRN to back up data from the server. On October 6, 2015, McClatchy Newspapers quoted Datto’s attorney who said the company had permission from representatives of Clinton and Platte River to cooperate with the FBI investigation. But on October 19, 2015, Datto told the committee that it can’t answer questions from the committee because it has a confidentiality agreement with its client PRN and can only answer questions about that account with their permission. PRN gave permission initially but then changed its mind.

PRN spokesperson Andy Boian says that the interview requests from Congress weren’t “formal” inquiries, even though request letters were delivered on official Senate letterhead. He adds, “We as a company have felt like we have done everything we can to comply with every request by both the FBI and the Homeland Security Committee, and we really have nothing left to give.”

The Infograte Logo (Credit: Infograte)

The Infograte Logo (Credit: Infograte)

Tania Neild, CEO of the technology broker company InfoGrate, helped Clinton select PRN to run their server. She declined to be interviewed by Congressional investigators, invoking a nondisclosure agreement she had with her client.

The SECNAP Logo (Credit: SECNAP)

The SECNAP Logo (Credit: SECNAP)

Another computer company, SECNAP, was involved in the security of the server. They apparently aren’t cooperating with Republican investigators either, because Dennis Nowak, a lawyer for SECNAP, says that communications technology companies are governed by a law that imposes criminal and civil penalties for disclosing customer information, and that can only be waived by subpoena, search warrant, court order, or consent of the client.

These four companies apparently have fully cooperated with the FBI. But Politico reports, “While the firms have voluntarily produced some information for Congressional Republicans in the past, now it seems they’re not willing to go beyond their legal obligations when it comes to responding to committee inquiries.”

In September 2015, Clinton publicly said regarding the FBI’s Clinton investigation that she “would very much urge anybody who is asked to cooperate to do so.” However, Politico asked the Clinton campaign if it had encouraged these computer companies to cooperate with Congressional investigators, and the campaign had no comment. (Politico, 11/13/2015)

These companies will continue to refuse to cooperate with Congress. In August 2016, Congressional Republicans will issue subpoenas to PRN, Datto, and SECNAP to finally force their cooperation.

A computer company tells the FBI that its back-up copy of Clinton’s private server data was deleted in late March 2015.

Steven Cash (Credit: LinkedIn)

Steven Cash (Credit: LinkedIn)

Steven Cash is a lawyer for Datto, Inc., the company that has been backing up the data on Clinton’s private server. They have been subcontracted to do this by Platte River Networks (PRN), the company managing the server. Cash emails an unnamed FBI agent, informing him of several issues to be aware of prior to a conference call planned for later that day.

A Datto hard drive, the Datto SIRIS S2000, has been attached to Clinton’s server since June 2013. Cash says that Datto technical experts have reviewed administrative files and discovered through the device’s Internet interface that a series of deletions took place on the device on March 31, 2015, between 11:27 a.m. and 12:41 a.m. The data had a date range from January 28, 2015 to March 24, 2015.

Furthermore, a much greater amount of data had been “deleted automatically based on the local device’s then-configured pruning parameters.” Cash writes that “These manual requests were requested from the Local Device’s web interface for the [redacted] agent…” (US Congress, 9/12/2016) While it is possible a person’s is in the redacted space, it could also be something such as “PRN employee.”

In a May 2016 FBI interview, PRN employee Paul Combetta will confess to deleting all of Clinton’s emails on her server as well as the Datto back-up device in precisely this time period, between March 25, 2015 and March 31, 2015. It is not known if the FBI knew of the deletions prior to this letter from Datto. However, the letter certainly makes it clear, but this will not become public knowledge until an FBI report released in September 2016, almost one year later.

The company that makes a back-up of Clinton’s server data is given permission to share the data with the FBI.

Platte River Networks (PRN) has been managing Clinton’s private server since June 2013, and since that time they used the service of another company, Datto, Inc., to make back-ups of the data on the server. As a result, they need PRN’s permission to share data.

Austin McChord, founder and CEO of Datto, Inc. (Credit: Erik Traufmann / HearstCTMedia

Austin McChord, founder and CEO of Datto, Inc. (Credit: Erik Traufmann / Hearst Connecticut Media)

On this day, David Kendall, Clinton’s personal lawyer, and PRN agree to allow Datto to turn over the data from the backup server to the FBI. This is according to an unname person familiar with Datto’s storage, quoted in McClatchy Newspapers four days later.

Datto says in a statement that “with the consent of our client and their end user, and consistent with our policies regarding data privacy, Datto is working with the FBI to provide data in conjunction with its investigation.”

However, according to McClatchy Newspapers, the unnamed source says “that Platte River had set up a 60-day retention policy for the backup server, meaning that any emails to which incremental changes were made at least 60 days prior would be deleted and ‘gone forever.’ While the server wouldn’t have been ‘wiped clean,’ the source said, any underlying data likely would have been written over and would be difficult to recover.” (McClatchy Newspapers, 10/6/2015)

It appears that the FBI does get data from Datto over the next couple of weeks, because an October 23, 2015 letter from Datto to the FBI will refer to some Datto back-up data that is now in the FBI’s possession. (US Congress, 9/12/2016)

A Datto back-up device was attached to the server, and the data was backed up to the “cloud” as well. It is unknown if the FBI ever gets useful data from the cloud copy.

The company that manages Clinton’s server won’t let Congressional investigators interview its employees.

Ken Eichner is rated as one of the top criminal defense attorneys in Denver, CO. (Credit: public domain)

Ken Eichner (Credit: public domain)

Platte River Networks (PRN) is the computer company that has been managing Clinton’s private server. In August 2015, the Senate Homeland Security Committee asked PRN for a staff-level briefing on the server, and got one later that month.

In early September 2015, Congressional investigators communicate with Ken Eichner, a lawyer working for PRN, asking to interview five employees in Denver, Colorado, where PRN is located. But on September 17, 2015, Eichner writes in an email, “I am going to respectfully decline [permission for] any interviews.”

In September 2015, some PRN employees are interviewed by the FBI, but details of that remain unknown. In November 2015, it will be reported that PRN isn’t cooperating with Congressional investigators at all, and isn’t allowing Datto, Inc., a company it subcontracted to help back up Clinton’s server, to cooperate either. (Politico, 11/13/2015)

Ken Eichner has been listed as a “Super Lawyer” for more than a decade and named by 5280 Magazine as one of Colorado’s top criminal lawyers. (Super Lawyers) (5280 Magazine)

An email reveals that every employee of the company managing Clinton’s private server can access the server through the Internet.

150815PlatteRiverEmployees

PRN grew exponentially in 2015, including a number of new employees. (Credit: Platte River Networks)

Paul Combetta, an employee of Platte River Networks (PRN), sends an email to Leif McKinley, an employee of Datto, Inc. PRN is managing Clinton’s private server, and Datto has been subcontracted by PRN to provide back-up for the server. Combetta writes: “We are trying to tighten down every possible security angle on this customer. It occurs to us that anyone at PRN with access to the Datto Partner Portal (i.e. everyone here) could potentially access this device via the remote web feature. Can we set up either two-factor authentication, or move this device to a separate partner account, or some other method (disable remote web access altogether?) to allow only who we permit on our end to access this device via the Internet?” (US Congress, 9/12/2016)

On May 14, 2015, a photo of PRN employees was posted to their website and suggests the number of employees working there at the time to be approximately 28.  (Platte River Networks, 5/14/15)

In September 2016, after the email is publicly released, Representative Jason Chaffetz (R) will comment, “If I understand the email correctly, every single employee of PRN could have accessed some of the most highly classified national security information that’s ever been breached at the State Department.” (US Congress, 9/13/2016)