By: Brent Parrish
A brief overview of the IRS targeting scandal by Bill Still:
First, email is not typically stored on a personal computer’s hard-drive disk (HDD). Email accounts for most organizations are stored and accessed on a mail server—a separate computer accessed from the user’s computer via a specific network protocol like SMTP, POP3, IMAP, MAPI, HTTP, etc. Mail servers can host multiple email accounts, and typically do. That’s their purpose.
Peter Sulderman, writing at Reason.com, sums it up like this:
The loss of a personal computer hard drive shouldn’t be able to permanently eliminate emails from a well-run workplace email system. Those emails are run through central email exchange servers, and backups are typically kept using those central exchanges. Add to that Lerner’s prominence in the investigation—she has repeatedly declined to answer questions before Congress, invoking her Fifth Amendment right not to self-incriminate—and the year it took for the IRS to inform the House Ways and Means Committee that the emails were lost in a crash, and the dog-ate-my-emails bit starts to smell rather fishy.
Is the IRS really claiming both the IRS’ mail server and Lois Lerner’s local hard-drive crashed? If the server’s hard-drive failed, that would mean email for everyone within the organization who had an account on that particular mail server would not be able to access their email accounts. Email still being sent from other email accounts on the same mail server that hosted Lois Lerner’s account, and during the same time period that Lerner claims her hard-drive crashed, would indicate the mail server was still operational, despite any misfortune that befell Lerner’s local hard-drive.
System engineers who administer mail servers at the enterprise level will typically strictly follow (and continuously develop) a robust backup plan for all data on mission-critical servers. For most organizations email communication is absolutely essential, if not critical. So, any critical IRS system failures that resulted in long-term outages could potentially create havoc, thus the need to have a comprehensive and redundant backup plan.
Tax software can be extremely complex (thanks to our god-awful progressive tax laws), and must interface with many complex IRS software systems and services. So, don’t tell me the IRS does not have some competent IT staff that can keep their email domains up and running, and their data backed up, according to their own rules and regulations for the retention of data, as prescribed by law.
… U.S. law, specifically 44 U.S.C. Chapter 33, requires that agencies must notify the Archivist of any records that are destroyed and the reasons for destroying them. In addition, federal regulations establish strict recoverability and redundancy requirements. Disposal of records outside these standards requires permission in writing.
The IRS satisfies these requirements through Microsoft Outlook/Exchange systems, which are backed up using Symantec NetBackup. According to the IT specialist, IRS had some of the best people in the federal government charged with making sure these systems work as intended.
Microsoft recommends configuring redundant relational databases (RDMS) with Microsoft Exchange Server. The RDMS (relational database management system) stores and accesses all the email text and metadata housed on the server. Even if the hard-drive(s) fail, the email data is still intact in backup databases. Once a new hard-drive is installed, and the operating system and email server are configured, the data from the replicated databases can be imported into the newly configured mail server.
Many computers nowadays running mail, web, application and database servers run high RAID levels—meaning, the computer (server) has multiple hard-drives that run as backups in case the boot drive fails.
The IRS also claims the tape backup for Lerner’s email was erased and reused after six months. This raises another big red flag with me. Typically tape backup storage is used only for mission-critical computers like mail, web and database servers. Rarely would tape backup be used for client (personal) computers, at least in my own systems administration experience.
Is the IRS saying tape backup was being used for Lois Lerner’s personal computer? Furthermore, why would backup tapes be reused? This is not a recommended practice that I’m aware of.
Granted, I have experienced with failures using tape backups. But that was years ago. Most organizations are moving away from tape backup systems. With the ability to backup to multiple types of external storage devices, and the cloud, tape backup is considered pretty ancient technology these days.
Data retention has been a requirement for years. It is a solved problem. It is simply not credible that IRS, an agency that itself imposes data retention requirements on the general public, would not have a data retention plan, with offsite backups and a generalized disaster recovery framework. Somebody is lying when it comes to Lois Lerner’s “missing emails,” and if this were going on in the private sector, somebody would be at risk of prison.
The IRS had a contract with email backup service vendor Sonasoft starting in 2005, according to FedSpending.org, which lists the contract as being for “automatic data processing services.” Sonasoft’s motto is “email archiving done right,” and the company lists the IRS as a customer.
In 2009, Sonasoft even sent out a Tweet advertising its work for the IRS.
Now The Daily Caller reports the IRS cancelled their contract with SonaSoft just weeks after learning about Lois Lerner’s missing emails. In July of 2012 the IRS awarded a contract to Unisys for an “on-demand storage service via private cloud solution.”
There are regulations governing how a federal agency like the IRS is supposed to handle electronic communications.
Allahpundit writes at HotAir.com:
A little something extra on The Mysterious Case of Lois Lerner’s Hard Drive. There seem to be two different IRS regs governing e-mails. The Daily Caller already flagged one of them, “Emails as Possible Federal Records,” section 188.8.131.52.3. Subsection 3 …
… [T]here’s another section of IRS regulations that’s relevant, “Standards for Managing Electronic Mail Records,” section 184.108.40.206.
According to Bill Still, “federal law requires that all IRS emails be transferred to the National Archive electronically, and as hard copy paper records, for permanent preservation”:
While researching the “tech take” on the missing emails, the very first Goggle search result was an article from the far-left Washington Post titled “Here’s How the IRS Lost Emails from Key Witness Lois Lerner.” It reads like a stenographer’s transcript of White House talking points, if you ask me.
Here’s a slice:
The IRS also had two other policies that complicated things. The first was a limit on how big its employees’ email inboxes could be. At the IRS, employees could keep 500 megabytes of data on the email server. If the mailbox got too big, email would need to be deleted or moved to a local folder on the user’s computer.
Emails considered an “official record” of the IRS couldn’t be deleted and, in fact, needed to also have a hard copy filed. Those emails that constitute an official record are ones that are loosely defined under IRS policy as ones that were “[c]reated or received in the transaction of agency business,” “appropriate for preservation as evidence of the government’s function or activities,” or “valuable because of the information they contain”. The letter sent to the senators suggests that it was up to the user to determine what emails met those standards. It’s not clear if Lerner had any hard copies of important emails.
Here’s a snippet of a letter the IRS sent to Congress last week about why they lost Lerner’s e-mails (Read pages 2-3):
So, the IRS is basically admitting that they are running dedicated mail servers by stating they store emails in two locations—on the client computer’s local hard-drive and on the “IRS centralized network.” Once again, this is where we enter the realm of incredulity. So, both the server hard-drive(s) and the Lerner’s local hard drive experienced catastrophic failures that resulted in the loss of all pertinent data requested by Congress for the period of 2009 thru 2011?
My eyebrow also raises a bit reading the IRS claim that employees are only permitted 500MB of email storage capacity. And, allegedly, prior to 2011, it was only 150MB! Huh. Do the servers only have 10GB hard-drives (cf. sarcasm)? Sorry, in the age of affordable terabyte hard-drives, I have a hard time with that.
You mean to tell me the head of the IRS only is only permitted 500MB of email storage on the “IRS centralized network”? Scratching head … But, then again, it would not surprise me if the IRS was still running Windows 98 and Netscape Enterprise Server. But I digress (cf. sarcasm, part deux).
According to the IRS letter, when an “active email box” approaches its maximum storage capacity the “system” alerts the user. Where is this “system message” originating from? The server or the client computer?
The IRS letter implies that not all IRS email is considered official record:
“In addition, if an email qualifies as an official record, per IRS policy, the email must be printed and placed in the appropriate file by the employee.”
This IRS seems to be saying the individual employee is given a great deal of discretion as to what is considered “official,” and what is not.
Paul Caron, Professor of Law at Pepperdine University, believes the IRS is “hanging their hat” on the so-called safe harbor provision (my emphasis):
If this issue [IRS missing emails] arose in federal court, under FRCP 26, parties are required at the outset to submit a “discovery plan” that includes how electronically stored information (“ESI”) will be retained and exchanged in order to prevent unnecessary expense and waste. The FRCP requires the parties to take reasonable steps to preserve relevant ESI (a litigation hold) or face possible sanctions. Under Rule 37′s so-called safe harbor provision, however, “absent exceptional circumstances, a court may not impose sanctions … for failing to provide electronically stored information lost as a result of the routine, good-faith operation of an electronic information system.” The IRS is hanging its hat on this safe harbor rule by arguing that, despite a good-faith effort, the emails were lost. Did the IRS, in fact, make a good faith effort?
While there is confusion among the courts on how to apply the good faith standard, there is precedent for a court to monetarily sanction the IRS if the court found that the IRS acted negligently when it lost the emails. The court would also have the authority to issue an adverse inference instruction (inferring that the lost evidence would have negatively impacted the IRS’s position), if it determined that the IRS acted grossly negligent or willful.
An important fact which will probably be discussed during the next few hearings is whether the IRS violated its own electronic information retention policy. The IRS was put on notice of the investigation last year, and so had a duty to put a litigation hold on the emails at that time (the very essence of what “good faith” means). It seems that the general IRS retention policy of ESI was six months (although now it is longer), but emails of “official record” had to have a hard copy which would never be deleted. Whether these emails constituted an “official record” is hard to determine since Lerner won’t testify to their content.
Even assuming the emails were lost before a litigation hold could be placed (or despite a litigation hold being in place), at the very minimum, it seems “good faith” means that the IRS should have notified Congress in February that it lost the emails. Rule 26 would have required Congress to do so. Indeed, such notice would have brought this issue to the forefront and could have saved a lot of money – the money it apparently has already cost to piece together some of the emails, and the money it will cost as the parties argue over whether the IRS negligently or willfully destroyed evidence. If the IRS had been upfront from the beginning, then subpoenas could have been issued months ago to other agencies who, as employers of the lost email recipients, might have copies of the missing emails.
If this discovery issue had arisen in federal court, the IRS would have likely been subject to monetary sanctions and possibly an adverse inference instruction. Shouldn’t the IRS be held to these standards?
Incredulously, Fox News reports six additional federal employees connected to the IRS targeting scandal also had their emails go “missing”:
Via Fox News, my emphasis:
Republican lawmakers charged Tuesday that the IRS knew for months they had “lost” a massive trove of emails from embattled ex-IRS official Lois Lerner, but kept it “secret” until this past Friday.
The lawmakers noted that during this period, newly appointed Commissioner John Koskinen nevertheless assured Congress the agency would produce the documents, which are considered critical to their efforts to probe the targeting of Tea Party and other groups. Further, lawmakers said records from six other IRS workers appear to have gone missing as well.
Not only did all six IRS employees connected to IRS targeting scandal mysteriously experience simultaneous hard-drive failures, one of them is Nikole Flax, Chief of Staff to former IRS Commissioner Steven Miller, who made no less than 31 visits to the White House between July 2010 and May 2011.
Noisy Room reports, my emphasis:
We’re not just speaking of Lois Lerner’s emails either. There were six other individuals, all complicit in this scandal, all have had their email magically destroyed. What a coinkydink, huh? Another important fact is that Lerner, during the time in question, made over 35 visits to the White House, indicating collusion with Obama and his cronies on the Tea Party witch hunt. Nikole Flax, Chief of Staff to former IRS Commissioner Steven Miller, was among the lucky other six who had all evidence erased against them. According to the Daily Caller, Flax “made 31 visits to the White House between July 12, 2010, and May 8, 2013, according to White House visitor logs.” Douglas Shulman made 118 visits to Obama’s lair.
This begs the question, did all six IRS workers experience local hard-drive failures on their computers? If so, did this occur simultaneously or at different times? Or did they allegedly lose their emails as a result of a server crash? If so, how many other IRS workers on the same “centralized network” lost access to their email during the same time period?
Another question is whether Lois Lerner used a third-party email account—for example, a Gmail or Yahoo! account. If so, was she conducting official IRS business using this account? It is a worthy question, if you ask me, considering former EPA chief Lisa Jackson was forced to resign after it was discovered she was using a third-party email account to conduct official EPA business under the moniker “Richard Windsor.”
Investigative reporter Sharyl Attkisson has put together an excellent list of questions for the IRS.
Here’s a few:
- Please provide a timeline of the crash and documentation covering when it was first discovered and by whom; when, how and by whom it was learned that materials were lost; the official documentation reporting the crash and federal data loss; documentation reflecting all attempts to recover the materials; and the remediation records documenting the fix. This material should include the names of all officials and technicians involved, as well as all internal communications about the matter.
- Please provide all documents and emails that refer to the crash from the time that it happened through the IRS’ disclosure to Congress Friday that it had occurred.
- Please provide the documents that show the computer crash and lost data were appropriately reported to the required entities including any contractor servicing the IRS. If the incident was not reported, please explain why….
- Please explain why redundancies required for federal systems were either not used or were not effective in restoring the lost materials, and provide documentation showing how this shortfall has been remediated.
- Please provide any documents reflecting an investigation into how the crash resulted in the irretrievable loss of federal data and what factors were found to be responsible for the existence of this situation.
I must say, this just doesn’t pass the smell test for me. It just brings up more and more questions:
- Why were the hard-drive(s) destroyed?
- How many hard-drives were destroyed?
- Were they local or server hard-drives, or both?
- Why were there no hard copies?
- Was the White House notified of missing emails six weeks before Congress?
No, I think his investigation has just begun. And it will probably follow the common pattern of an Obama scandal, as formulated by the Center for Security Policy’s Alex VanNess (hat tip: The Daily Caller):
Five Stages of an Obama Scandal
1. Feign Ignorance
2. Feign Anger
3. Feign Responsibility
On a sidenote, the new White House Press Secretary, Josh Earnest, is a computer forensics expert. Huh. What a coincidence. Imagine that.
<insert spooky music here>