WASHINGTON — The chairman of the Senate's homeland security committee has asked a small, 13-year-old Denver technology company that managed tens of thousands of emails for former Secretary of State Hillary Clinton to describe what measures it took to safeguard national security information.
The FBI, which has embarked on its own scrutiny of Clinton's private server, also has shown interest in the company, Platte River Networks, which began managing Clinton's emails in 2013, according to published reports.
Her use of a private, non-governmental server to conduct official State Department business is causing increased turbulence for Clinton as she pursues what many thought would be a relatively smooth ride to the Democratic presidential nomination.
Clinton said late Tuesday that she would turn over to the Justice Department her private server as part of a widening security investigation into her use of private emails to conduct official business. McClatchy reported Tuesday that two emails found on Clinton's server were classified as "Top Secret," heightening concerns that Clinton may have improperly shared classified information or stored them on vulnerable Internet equipment that might be open to hacking.
"Given that the server was used to conduct official State Department business, questions have been raised regarding whether classified information was stored on the private server," Republican Sen. Ron Johnson of Wisconsin wrote Platte's president in a letter Tuesday. He said he also wants to know "if that data was secure, who had access to that material and whether all official documents were appropriately preserved."
Clinton has said that after she turned over all of her official emails to the State Department last December, she wiped clean her server, which contained more than 61,000 emails. Clinton said she permanently deleted about half because they were personal and turned over the rest because they were related to State Department business. Senior Republicans in Congress now want to know whether Platte River has a backup file containing the deleted emails.
In the letter obtained by McClatchy, Johnson asked company president Treve Suazo to respond to detailed questions within two weeks.
He requested all communications referring to the server "between or among employees or contractors of Platte River" and between company employees and the family's global charity, the Clinton Foundation. Johnson also sought an explanation of whether the company is "authorized to maintain or access classified information."
Suazo and other company officials did not respond to phone requests seeking comment.
Platte River's role grew more crucial Tuesday when the inspector general for the U.S. Intelligence Community advised Congress that two emails contained information it deemed "Top Secret." The emails were not marked as classified when they were written, and Clinton has repeatedly denied ever sending or receiving classified information.
At a State Department briefing Wednesday, Mark Toner, a spokesman, said the two emails designated as Top Secret "weren't sent by her."
The declaration by Inspector General I. Charles McCullough III, however, ramped up the stakes, because security officials had been less concerned about the arrangement if information was classified no higher than "Secret."
Platte River's services were sought in early 2013 to improve security of the server, which was installed for former President Bill Clinton at the couple's home in New York state years earlier, the Washington Post reported recently.
The Colorado company's hiring coincided with the discovery that an email account for Clinton's longtime confidant, private consultant Sidney Blumenthal, had been hacked by a Romanian national Marcel Lazar Lehel, known as Guccifer.
Brian Reid, a cybersecurity expert with Internet Systems Consortium, said Clinton's use of a reputable company to manage her server means it was less likely to be vulnerable to hackers.
Reid and a second security expert said that if Platte River used a backup server for extra security, it's likely that some data Clinton had deleted could be retrieved.
Darren Hayes, a cybersecurity professor at Pace University's Seidenberg School of Computer Science and Information Systems, said it's very common "in this day and age" for a company working with a client to back up their materials.
Nonetheless, it's unclear what investigators might find on the server.
Hayes said what might be found will be determined by how the deletions were done.
"It depends on what kind of tools they used," Hayes said.
Reid, a cybersecurity expert with Internet Systems Consortium, said there are two types of backups.
One is a physical security back-up, which protects against the loss of data during a computer crash. That type of backup is short-term.
"Every company in the managed IT business will do physical security backups," he said. "It's similar to the concept of security video from the cops shows. If a cop subpoenas it, there are only very recent backups. A physical security backup can be overwritten in a matter of weeks."
Another type archives data farther back in time and is intended to be a record of what the data was at certain times in the past, Reid said. Companies dedicated to archival backups store the data in high-security warehouses.
"Archival backups can be subpoenaed. They are evidence," he said. "They're extremely hard to wipe clean."
If Clinton had a backup, the type likely would be specified in her contract with the company that provided the server, Reid said.
Clinton's campaign did not respond to questions Wednesday.
But her communications director, Jennifer Palmieri, sent a lengthy email to supporters to dispel "misinformation," explaining why she used a private email account, what emails she turned over and assuring that there is no criminal inquiry into Clinton's conduct.
"Look, this kind of nonsense comes with the territory of running for president ... and we expect it to continue from now until Election Day," she said.