> The IRS said technicians went to great lengths trying to recover data from Lerner's computer in 2011. In emails provided by the IRS, technicians said they sent the computer to a forensic lab run by the agency's criminal investigations unit. But to no avail.
> The IRS was able to generate 24,000 Lerner emails from the 2009 to 2011 because Lerner had copied in other IRS employees. The agency said it pieced together the emails from the computers of 82 other IRS employees.
So, reading between the lines here, it looks like the IRS doesn't archive email at the server level, and any copies of mail were retrieved from individual workstations.
I don't see conspiracy here. I see incompetent IT processes and a lack of mandated data retention policies. Maybe I'm predisposed to employ Hanlon's razor, but that's only because I've found it to be the best explanation for most situations like this. If it was a coverup, it's a terrible one.
>I see incompetent IT processes and a lack of mandated data retention policies.
Having worked in government for well over a decade now, I can tell you that this is undoubtedly the case. That is not to say all departments have poor practices, but on the whole there is no standardization and each organization does things differently.
I have worked in offices that have NO server archive and everyone relies on PST's, and others where there are server archives but they are limited to 500MB or something small and they just start deleting items by date.
I really do think Hanlon's razor applies here. I don't disagree that the incentive is there, but I think the total failure of the USG to do technology correctly is the more likely culprit. I can tell you from first hand experience that I know of very senior people who have lost months of data from what would be a simple migration or corrupted virtual instance. Boggles the mind really.
Agreed. A lot of it has to do how government contracts for IT support. Contracts quickly get out of date. The contractors are also all trying to lock themselves in.
It's common for the contractor to own all the IT equipment and just lease it to the government. What happens when it's time to change contracts and every single computer, phone, printer has to be replaced. There is no possibility for competitive bidding in the wake of that.
In my experience with Federal work, we had 50MB of server storage for email in 2013. Then there were the PPTs attachments placing some emails at 10MB and getting forwarded/replied with attachments multiple times. In effect everyone used local pst files or they were deleting emails as they read them.
It's an awful system, but a lot of it has to do how government awards IT contracts and how quickly they are out of date.
They waited until Friday when the President is out of town and didn't mention this problem when the original document requests went out. I will look up the exact rules when I get back to work, but I do believe they have violated the e-mail handling rules.
It's a fine coverup since what is the recourse? It's worked before, so why not now?
> They waited until Friday when the President is out of town and didn't mention this problem when the original document requests went out.
Yes, Friday news dumps are shitty. They're also standard practice in politics. The fact that it wasn't mentioned in the original document requests, though, might just be an extension of the aforementioned incompetence.
> It's a fine coverup since what is the recourse? It's worked before, so why not now?
What's worked before? Failing to keep the purported coverup secret and also turning over a large number of the purportedly destroyed documents because they were recoverable from other sources?
If you're looking to see intentional bad behavior, fine. But this kind of digital stupidity happens all over. I've no doubt that corporate America is full of Exchange implementations with small mailbox limits and a reliance on PST files that are stored locally.
Losing documents in all the other Congressional requests the last couple of years. Hell, a unrelated FOIA request produced documents for a news org that weren't given to the committee. There are no real consequences so why worry. If there was a problem and they didn't mention it in the original request then it is very close to criminal. I do believe the Official Records Act has been grossly violated at this point.
Then you would probably try to piece together your tax liability through indirect methods, completely analogous to what they did here to recover the emails. What did you expect they'd do?
Say, if you claimed $1000 in charitable donations but lost the receipts and got audited, you'd probably be able to go to the organization you donated to get their records. If they couldn't produce them, you'd probably have the deduction disallowed and have to pay back taxes + interest.
If you're going to try to glibly score points, chose a better example.
If one does one's job so poorly that no one can tell if one engaged in criminal activity while doing it or not, shouldn't that be grounds for permanent removal from government service?
It would only take a handful of examples and this stuff would go away.
To see whether something is amiss statistically, we'd have to also check whether data of no consequence goes missing at the same frequency.
If organizations are really bad at storing data, but it only gets tested with important queries, incompetence is going to look a lot like malice (I make no case for which this particular incident is).
Of course, I've painted somewhat of a false dichotomy. If you are required by policy to retain email, doing so is unlikely to give you any benefit and may well cause severe political problems.
The most logical thing to do is severely understaff and underbudget the sysadmins responsible. Then, when the backups are needed, there's a significant chance they'll be nowhere to be found, and you've saved money in the process too.
That would be malicious incompetence, so to speak.
I'm a fan of Gray's Law: "Sufficiently advanced stupidity is indistinguishable from malice"
That is to say, if you "fuck up" bad enough, why should society give a shit that you did not have malicious intent? Much like drunk driving, I think that this is a fine case for strict liability.
What is the good you hope to accomplish by this? The reason we have the idea of intent encoded in the law is not because intentional acts are more harmful, but because inflicting severe penalties on people for things they can't even have known they were doing wrong or didn't mean to do is both contrary to the idea of justice and ineffective as a deterrent. The idea of throwing out the principle of mens rea just because the results of something were bad is both anti-utilitarian and contrary to the idea of justice. (Especially since the bar for "bad enough" is apparently low enough to include "not fastidiously keeping manually generated email archives". Jaywalkers beware!)
You may as well just say "Always attribute everything to malice whenever possible." Hanlon's razor is only necessary when both stupidity and malice are plausible explanations, so your "exception" applies 100% of the time. By this philosophy, we must always attribute deeds to malice whether or not they can be adequately explained by stupidity, because even when mere stupidity is sufficient, we must still read in malice.
This discussion hearkens back to the current investigation into John Swallow, the former Attorney General of Utah who resigned less than a year into his term and is currently the subject of multiple investigations.
I have pretty extensive experience with government email systems and you can bet "poorly". So I would not be surprised if their entire email infrastructure is horribly out of date (think Exchange 2000). That said, government organizations tend to have good backups, retention, offsite storage of tapes via some service like Iron Mountain, etc. So yea, I agree, I am not buying it either.
Their resources are managed, it seems to me, to maximize the number of employees required.
I had to give them money once and they literally have different people to record a payment and another to look up your balance.
But they do give you the phone number that will get you to that other employee. You just go through the phone tree and you eventually get the person who can look up your balance.
Its the dumbest way to do things I've ever seen for an organization in the US.
Well if their IT department is anything like the Healthcare.gov initial team, or other government agencies. What I've heard from Code For America. This is totally realistic.
It doesn't seem _im_plausible for backups to have failed, or for recovery not to work or whatever. But, the other day I was working in a pottery studio with a ~8yo laptop as the only computer and they have offsite, encrypted, incremental backups of user data ... now it may not work correctly when it's needed (though it's been tested) ... but I'd kinda expect the USA's IRS to be slightly ahead of a micro-business working in arts-and-crafts as far as data security/recovery goes.
If you told the IRS you couldn't file your reports because you'd lost user data they'd consider it criminal negligence, I imagine, that you'd not secured the data through backup. Sauce for the goose ...
Data loss where there's no backup system even in place sounds like reason to fire all the IT managers in systems like the IRS where the preservation/security of data is vital to proper function.
of note: section 1.10.3.2.3 (07-08-2011) Emails as Possible Federal Records
5. Please note that maintaining a copy of an email or its attachments within the IRS email MS Outlook application does not meet the requirements of maintaining an official record. Therefore, print and file email and its attachments if they are either permanent records or if they relate to a specific case.
At least people might honestly believe Lerner and the IRS lost 2 years of email. That level of incompetence is expected of bureaucrats, and it's harder to prove misconduct than if you hid communications through an alias like Lisa Jackson at the EPA did.
Does anyone have expertise on whether there are any regulations on proper storage of government data? Does anyone know how an agency like the IRS would store their company email and if their claim is a feasible possibility?
I do have direct and extensive experience with government email systems. Caveat, mostly with other agencies but a pretty wide variety of them. Post 9/11 there were broad government initiatives to ensure systems like this were definitely backed up, backups stored offsite and usually along with some type of COOP initiative on top of all that. Maybe the IRS did not participate in that initiative, but I highly doubt it.
That they "lost" this data is highly unlikely in my book.
Yes, retention of records is mandatory due to the Federal Records Act. The IRS should store their e-mail on the server, and use IMAP, MS Exchange, or similar. Failure to properly store records is illegal, and not using a proper mailserver configuration is extremely convenient incompetence. It's so convenient, and so high a degree of incompetence, that it looks very much like willful destruction of evidence.
Records and retention is a large part of my current project. It permeates even the lowest levels, and it's practically impossible for the narrative to occur. I say practically impossible, because there is always some way some idiot can screw up big enough that this happens, but this narrative didn't happen. I'd stake 3 digits on it.
Rather than take a political side in this, I'd rather look at it pragmatically. If the IRS expects us to keep proper records, then they should set the example for us to follow.
How many businesses are required to store, archive, and always have ready access to email for "compliance" reasons (i.e. by law they have to, laws which are enforced by guns)? If the IRS doesn't have to follow the same rules, well that's very interesting.
What I wonder is, how do such people (Lerner, Holder, Obama) still have any credibility in the minds of those who vote for them?
(well, those who vote for them receive their information through filters, just like you and me, and so they'll probably never know that these hard drives, laptops, data, "disappeared")
Which leads to the follow-up question: how can we get this news to reach those who vote for these people, given they (or their filters) would avoid such a story in the first place?
Losing the evidence means the hole in Smaug's armor is temporarily patched for when it flies in to Laketown.
Secondly, losing the evidence means they get an innocuous selling point when they request a bigger budget to implement that arcane task of backing up files.
well, considering they are claiming its only emails from the director, any email sent to her from inside would be available as a sent email from that person.
True ... if you know who was sending her email. And then we found out the White House had created hundreds of "fake" email accounts with names belonging to no actual human working in the White House ...
Should be easy to fix, criminally charge those involved with obstruction of justice, declare it an issue of national security and request that the NSA provide these emails.
Where are the drives, where are the backups? Why haven't the drives been sent to 3rd parties for extraction including reading platters directly.
This appears to have been an individual workstation (see https://news.ycombinator.com/item?id=7891622), and the problem seems to have occurred in 2011, before this became a political issue. It's possible that nobody thought that it was an important enough problem to warrant sending the disks out for 3rd party forensics.
I find it difficult to believe that an organization that advocates keeping coffee receipts for 7 years wouldn't have an email archiving solution in place.
I like the idea but in the last 5-6 years it feels the government is putting itself completely above the law. IRS-gate, Solyndra-gate, Benghazi-gate, ... It just doesn't stop: the Administration lies again and again but nobody get prosecuted for that.
It is interesting to see the responses both ways here: those who think there is malfeasance and those who don't, both with various reasonings. It would be more interesting to see the same posts next to the author's political leaning. i.e. how many people have an opinion that reflects something outside their own inherit political bias.
Republican logic: Demand the strictest most penny pinching policies from the IRS while you are defunding them[1]. Complain when said defunding affects one of your pet issues because they can't afford a central server and store every email on local machines [2].
This is the same sort of stupidity that we see on parade every time they fight tooth and nail to get some borderline unconstitutional religious law passed only to the the fastest about face imaginable when they find out that "religion" doesn't main "only my religion" in law.
Is the 'us vs them' attitude really so strong in your mind? Do you think it's perfectly reasonable for an organization that spends $1.5billion on IT to be unable to retain their directors email? I can't help but think that your opinion would be different if this was email between oil executives.
"Do you think it's perfectly reasonable for an organization that spends $1.5billion on IT to be unable to retain their directors email?"
You do realize that the IRS it budget is spent on trying to keep a database of every American running for ever on $5 a years per person? Email servers don't have anything to do with that. And having seem "cost cutting" measures in both government and industry the "non-essential" services like a centralized email server would be the first to go.
So yes, it is, you get the government you pay for.
Surely organizations will always point to a lack of funding in response to a lack of performance. But I find it odd that they were certainly able to spare the time and budget to target opposition groups. Yet nothing was in the budget to keep any record of their actions.
I know someone who works at the IRS. It is seriously being defunded, by people like Darrell Issa. If Issa wants forever records of all emails, that costs.
Rah Rah Go Team! Is this a game of football or is it a government? You are so blinded by your party tribalism that you are willing to overlook criminal negligence.
The IRS is a violation of individual rights and should be dismantled. It is not in anyone's true self-interest. People who are actually pursuing their own self-interest are hurt by it, only those that are not receive the "benefits" of it.
You realize the income tax didn't exist about 100 years ago, right? The income tax is only a portion of the federal revenue.
The income tax also has a secondary effect to generating revenue: it implements control and enables targeted abuse of undesirables with a big dossier of filing mistakes.
companies are most certainly people; corporations are not. Don't like corporate taxes? Do business as a partnership.
Of course corporations should enjoy freedom of speech, etc (because to curtail those necessarily curtails some individual's freedom), but do they get to vote? No.
> The IRS said technicians went to great lengths trying to recover data from Lerner's computer in 2011. In emails provided by the IRS, technicians said they sent the computer to a forensic lab run by the agency's criminal investigations unit. But to no avail.
> The IRS was able to generate 24,000 Lerner emails from the 2009 to 2011 because Lerner had copied in other IRS employees. The agency said it pieced together the emails from the computers of 82 other IRS employees.
So, reading between the lines here, it looks like the IRS doesn't archive email at the server level, and any copies of mail were retrieved from individual workstations.
I don't see conspiracy here. I see incompetent IT processes and a lack of mandated data retention policies. Maybe I'm predisposed to employ Hanlon's razor, but that's only because I've found it to be the best explanation for most situations like this. If it was a coverup, it's a terrible one.