The White House's mail archiving policy

| Comments (3) | Software
In response to lawsuits over missing emails, the White House claims that they have been following some somewhat unusual IT practices:
"When workstations are at the end of their lifecycle and retired ... the hard drives are generally sent offsite to another government entity for physical destruction," the White House said in a sworn declaration filed with U.S. Magistrate Judge John Facciola.

It has been the goal of a White House Office of Administration "refresh program" to replace one-third of its workstations every year in the Executive Office of the President, according to the declaration.

Some, but not necessarily all, of the data on old hard drives is moved to new computer hard drives, the declaration added.

In proposing an e-mail recovery plan Tuesday, Facciola expressed concern that a large volume of electronic messages may be missing from White House computer servers, as two private groups that are suing the White House allege.

Facciola proposed the drastic approach of going to individual workstations of White House computer users after the White House disclosed in January that it recycled its computer backup tapes before October 2003. Recycling -- taping over existing data -- raises the possibility that any missing e-mails may not be recoverable.

Some initial observations:

  • Every three years is a fairly fast retirement cycle. For comparison, the IRS depreciation schedule for computers is 5 years.
  • It's not clear to me that the hard drive destruction issue is that relevant. When you convert from one machine to another, it's by far easiest to simply move your entire mail archive over, rather than picking and choosing. If you do that, the primary difference between the old and new computers in terms of what data is available is going to be remanent data from explicitly deleted messages, which obviously is not on the new macine. First, most mail systems don't store data in large flat files (yes, yes, I know about MH, but I think we an assume Karl Rove does not use that) or databases, so it's reasonably likely that anything that old will already have been reclaimed and written over. Second, I would really hope that if the White House wants to securely delete something, they do better than just hitting the delete key and hoping.
  • I wonder what mail server logs are available. Even if the data has been deleted, many mail servers keep extensive logs. This could be used both for traffic analysis and as a guide to what should be found with enough effort. Of course, there's always the chance of remanent data on the server as well.
  • What you want is to have confidence that the data you want retained really is retained and that the data you want destroyed really is destroyed, not to rely on the relatively unpredictable properties of your media. It doesn't sound to me like this policy really achieves either. Of course, there is always the possibility that the White House is playing dumb and/or lying, but incompetence wouldn't exactly shock me either.

3 Comments

Away from my computer so reduced to commenting on my own blog. This should say that mail programs DO use large flat files. Thanks to Steve bellovin for pointing this out

(sent from my iPhone, etc.)

Observation 1:

Your comparison is wrong. The depreciation schedule you linked to is for home businesses. In almost every company I've worked for the depreciation schedule is 3 years -or- they leased all their computers which makes the depreciation schedule irrelevant. Some companies roll computers every two years and others suck every single bit of useful life out of that machine regardless of depreciation schedule.

Observation 2:

This all comes down to what mail strategy they use. Last I checked the White House uses Exchange which not only allows for auto-archiving into a separate datastore but e-mail can be stored on server and synced to a local laptop. However most companies tend to set the e-mail storage limits ridiculously low so e-mail ends up stored locally in PST files. Also - if memory serves they are still on a really old version of Exchange.

Observation 3:

Mail servers may keep extensive logs but that requires you to actually keep the logs. Any company worth their salt has a log retention strategy. The last company I worked for we were required to delete all logs 3 months or older or file with the retention committee (yes there was one) what our strategy was and why we need longer (or shorter). But most of the time its just a default config. On windows server logs disappears fairly quickly, on unix - the same. Someone has to purposely go in and change the settings for longer retention or to move the logs to another box.

Observation 4

I really don't understand your point here.

Bottom line - this strategy is not unusual for a private organization. But I find it unusual for the executive branch of the US government that has regulations over what data must be maintained. The tools are available and they didn't do it. Either because of incompetence, lack of resources, or purposely. My gut feel its a mixture of all three. This isn't rocket science folks. I don't see covered anywhere about the fact that much e-mail was sent via RNC e-mail systems (my guess via a web interface).

"If, in fact, the bulk of the White House email records are now stored in bundles of rotting PST files, all at or above their maximum safe load-level, that ain't good in a very big way."

See: http://www.dominopower.com/issues/issue200803/00002140001.html

Fairly depressing reading on the crappy email technology under the hood at the white house

Leave a comment