WASHINGTON -  U.S. Rep. Lamar Smith (R-Texas), chairman of the U.S. House Science, Space, and Technology Committee, released the following statement after receiving documents from Datto Inc., the company responsible for backing up the Clinton private server, responsive to the Chairman’s August 22, 2016, subpoena for documents related to the security posture of Secretary Clinton’s private server.  

“It is clear that the server maintained by Platte River contained official government business and even sensitive state secrets.  Alarmingly, Platte River and SECNAP denied having any documents related to information technology security precautions on former Secretary Clinton’s server or network.  This type of blatant denial and willful misinterpretation of the subpoenas will not be tolerated. I’m hopeful for the sake of our nation’s officials that email server security will be taken seriously and that these two companies will comply with legally issued subpoenas.”

The documents show Datto warning Platte River Networks, the company responsible for setting up the Clinton private server network, of potential vulnerabilities to the server starting in August 2015, the same timeframe the FBI began their investigation into the Clinton private servers.   These documents solidify concerns that Secretary Clinton’s private server was not subject to basic cybersecurity protocols like encryptions measures, as outlined in FISMA and the NIST Cybersecurity Framework meant to be a road map to bolster private entities’ cybersecurity posture. 

SECNAP Inc. and Platte River Networks, the two companies subpoenaed for documents on August 22nd, chose willfully to misinterpret the plain language of the subpoena and did not provide any documents responsive to the Chairman’s subpoena.  Both companies claim to possess no responsive documents despite evidence to the contrary found in the documents produced by Datto as well as details outlined in the FBI’s release of documents on September 2, 2016.  As a result, Chairman Smith issued new subpoenas to SECNAP and Platte River compelling documents related to the security of Secretary Clinton’s server and these companies’ adherence to FISMA and the NIST Cyber Framework intended to safeguard entities of this type. 

Smith’s subpoenas built on July 12 bicameral efforts to request information and earlier investigations initiated separately by Chairman Smith and Chairman Johnson.

Below are documents provided to the Committee by Datto:

  • Letter – Datto writes Platte River Networks about deletion of emails despite “legal retention requirements”.  Datto also warns of highly sophisticated cyber-attacks recommending data be encrypted for protection August 13, 2015.
  • Letter – Datto writes Platte River about again about need to encrypt data on servers September 14, 2015. 
  • Letter – Datto writes FBI concerning issues relevant to the ongoing investigation into Clinton private server.  Data explains information on server is not encrypted and potentially vulnerable, also a third party accessed one of Datto’s servers prompting an internal inquiry by Datto October 23, 2015. 
  • Email– all Platte River employees have access to the private Clinton server August 21, 2015. 
  • Email – A second redundant backup up the Private Clinton server is discovered August 6, 2015.  Considered a “problem” despite FBI investigation underway and preservation order issued by Benghazi Select Committee Chairman Gowdy.
  • Email – Platte River “buried with this Clinton fiasco as you are well aware of” August 13, 2015. 
  • Emails – Documents deliberating how to respond to congressional inquiries. 

SECNAP documents provided to the committee Sept. 23 can be found here.