The FBI is seeking to determine whether data from Democratic presidential candidate Hillary Clinton's private e-mail server may still exist elsewhere, a U.S. official said.
After acquiring the server on Wednesday, agents are attempting to determine whether e-mails may have been backed up on another machine, said the official, who asked for anonymity. The official said it's one of the next logical steps in the agency's investigation into whether the former secretary of state's private e-mail account handled classified information.
Barbara Wells, an attorney for Platte River Networks, a Denver-based company that has managed Clinton's private e-mail since 2013, said in a phone interview Thursday that the server turned over to the Federal Bureau of Investigation “is blank and does not contain any useful data.” But Wells added that the data on Clinton's server was migrated to another server that still exists. She ended the interview when questioned further, declining to say whether the data still exists on that other server and who has possession of it.
Subsequent calls and e-mails to Wells and the Clinton campaign went unanswered.
Justice Department spokesman Patrick Rodenbush declined in an e-mail to comment on whether it is aware of the other server and is trying to access it.
“The data on the old server is not now available on any server or device that is under Platte River’s control,” Wells said during the interview.
The suggestion that some of the data Clinton said she erased from her private e-mail server might still exist came as the Democrat turned over her server to government officials, who are investigating whether classified material might have been improperly exposed. Clinton and some of her closest aides used private e-mail accounts while she was the nation's top diplomat.
Clinton’s server was held in a secure data center operated by “a third-party” in New Jersey when it was handed over to the FBI on Wednesday, said Wells. She declined to identify the third party.
What the Server Might Reveal
The FBI’s examination of the private e-mail server used by Clinton could yield useful information, such as private communications thought to be deleted and evidence as to whether the device was hacked.
Or it could turn up nothing.
Michael Kortan, a spokesman for the FBI, declined to comment.
The outcome of the FBI’s forensic analysis of the server will depend on what steps were taken to delete and overwrite data on it, according to former law enforcement investigators and cybersecurity specialists.
“Most people don’t understand really what it takes to actually delete things from a computer permanently,” said Peter Toren, a former computer crimes prosecutor for the Justice Department. “The FBI has had a great deal of training and they’re very good about recovering data from computers that people think have been erased or deleted.”
The FBI took possession of the server on Wednesday after the intelligence community’s inspector general determined that the personal e-mail account used by Clinton when she was secretary of state contained some information that should have been classified and secured.
Clinton is not accused of any wrongdoing and has said she’s confident that material in her e-mails wasn't marked as being classified at the time it was sent and received through her server. Republican lawmakers have questioned why she used a private e-mail system and whether it jeopardized the security of sensitive data.
What the FBI Got
An e-mail server is a computer used to send, store, and manage electronic communications. Clinton, who was secretary of state from 2009 until February 2013, kept the server in her home in Chappaqua, New York.
Clinton said she turned over paper copies of 30,490 e-mails relating to government business from her tenure. She said another 31,830 personal messages—including yoga routines and condolence messages—were deleted. Clinton's critics have questioned whether she should have been the one to make the call about what to turn over to the government and what to hold back.
FBI investigators likely will first look to see if the deleted e-mails can be recovered, said Toren, a partner with the law firm Weisbrod Matteis & Copley Pllc.
However, the e-mails and any other data on the server could have been permanently deleted if the operating disk was overwritten—a process known as wiping, said Philip Lieberman, president of Lieberman Software Corp., a cybersecurity company based in Los Angeles.
“If the disk itself at the lowest level was wiped, it’s probably not recoverable,” Lieberman said.
“If only files were wiped, it’s probably recoverable.”
Not Just About E-mails
Investigators also will look at how often files were erased or the disk was wiped. If Clinton regularly had the system wiped, that indicates a common security practice. If the system was only wiped once, it could indicate an effort to hide evidence, Lieberman said.
If the server is barren, investigators could pursue other avenues to try to recover data, Lieberman said. For example, they could check if e-mails were sent to people using a service that keeps logs, such as Google Inc.’s Gmail. They could also ask if the Internet service provider used by Clinton kept logs.
It’s also not clear if Clinton’s data still exists on a backup server.
The FBI’s inspection of Clinton’s server could also yield valuable information into how secure the server was and whether it was ever hacked, said Elad Yoran, executive chairman of Koolspan Inc., a communications security company based in Bethesda, Maryland.
“They may be able to tell whether it was hacked and thatopens up a whole other set of questions,” Yoran said.
Toren, Lieberman, and Yoran all said they considered Clinton’s use of a private e-mail system and server to be extraordinary and weren’t aware of any other government officials doing the same.
“This wasn’t done because it was convenient for her,” Yoran said. “There’s a ton of email services that are available that are actually quite secure, easy to use, and you can use them on every device.”