Published June 17, 2014
How can it be in today's environment where the government is maintaining email and cell phone data on every US citizen, that it can selectively lose emails from a single hard drive of a government official that is under investigation?
It seems impossible in today's environment of government transparency, not to mention court mandated legal retention requirements, that when faced with document preservation notices in regard to possible misconduct and abuse of power allegations that emails could simply disappear without willful destruction. The level of incompetence necessary to allow this to happen rises above that which even this administration has achieved.
The IRS claims that it has spent nearly $10 million on efforts to recreate the tens of thousands of emails related to this former embattled administration official. There is no reason in today's technology environment that emails could not be recovered in an efficient and expedient manner- at a fraction of the cost claimed to have been expended.
Technology exists, and is available to the IRS, that would allow for the ease of recovery of these emails. In this particular instance, the claim that a single hard drive failure prevents the recovery of emails is at best suspect. The IRS has the resources within its computer forensic teams to recover items from damaged hard drives, as do many local companies such as CyTech Services.
Even if the drive were damaged beyond recovery -- which would then trigger thoughts of criminal destruction due to the forces and actions needed to permanently render data unrecoverable -- there are companies with the technology to attach to the IRS network and scan the live email database servers for responsive emails while simultaneously searching every other computer on the network for additional responsive data.
CyTech Service's enterprise investigation and network security tool, CyFIR, would have allowed the IRS to connect directly to the agency's mail server and perform a live search across the mail store to find emails using keywords and other parameters such as date or sender/recipient. Even if emails had been deleted, this tool would have allowed recovery of many of these emails from the mail storage or any other computer on which responsive data was found.
Additionally, CyFIR would have allowed searches of all of the desktop or laptop computers for not only emails, but other documents types such as Word, Excel, PDF -- virtually any document type that would be used by an IRS employee.
All of these searches, from the exchange database to the end user computers, would occur at virtually the same time. These search results would begin returning hits immediately, meaning that within minutes of the search initiation, search results would begin coming in. There is no reason that a search and the production of data of this type could not be completed in a matter of days depending on the depth of the search, or the number of iterative searches spawned from a review of the original keyword hits. This includes the recovery of deleted items from the end user computers and the mail storage database.
This incident reveals either systemic incompetence in how the IRS infrastructure is managed, or criminal intent in preventing the recovery of potentially damaging information. In either event, the money and time spent in recovering these emails has well exceeded industry standards, and continues to expose how the government operates outside of the bounds of same regulations that are imposed on corporate citizens of the United States.