Skip to comments.IRS has ‘no excuses’ for latest twist in email saga, says IT expert
Posted on 07/23/2014 11:37:46 AM PDT by McGruff
The IRS has no excuses for the latest twist in the saga of its missing emails, says an expert in electronic discovery.
Whether its incompetence or deliberate obstruction, the IRS has no excuses for having handled this so poorly, said Bruce Webster, partner at Provo, Utah-based IT consulting and expert witness firm Ironwood Experts.
House investigators said Tuesday that a hard drive belonging to Lois Lerner, the former agency official at the center of the departments targeting scandal, was just scratched, not irreparably damaged. The IRS had described the hard drives data as unrecoverable.
(Excerpt) Read more at foxnews.com ...
I’ve worked with Ironwood. They’re pitbulls.
My $2 is on deliberate obstruction.
Sure they do: “I won.”
Can’t we bet on both choices?
Why would they need excuses???
They’re all going to get off without so much as a single day in jail.
The Republicans in Congress will see to it.
If this is an IT “expert” why are they still talking about *A* hardrive instead of servers and backup?
Latest twist? They’ve no excuses for ANY of this.
What ya gonna do about it--impeach me?
who needs excuses when you have a compliant press?
Legally, I would think they would be obligated to retain 7 years of information at least in archival form. Those e-mails exist on backup tapes - a reliable and proven mass backup medium.
Aside from the multitude of general Government and IRS specific regulations on data preservation, the data was given special status for both collection of potentially responsive information , as well as that informations preservation and secure storage to prevent evidence tampering because of lawsuit filed in 2010 for obstruction of a view point advocacy, tax exempt non profit.
In late 2010, IRS was being sued by an organization called Z- Street, a pro Israel group, and that suit was filed in 2010, well before the momentous crash of 20 or so high level Obama Administration and IRS operatives.
Lerner's computer and her information regarding obstruction and biased treatment of organizations opposed by the Obama Admin was subject to this special handling of litigation responsive information.
Even if her drive (and all the others that “crashed” ) had been considered damaged beyond repair and unrecoverable, they should have been preserved in secure storage pending trial., not destroyed .
Furthermore, there would have been a flurry of reports notifying responsible parties in the court system and the IRS that litigation hold data was compromised and asking for direction on how to proceed with chain of custody, documentation and data preservation procedures.
This should have been reported to the presiding Judge immediately to inform both him and the litigants as well as to get his direction on how to proceed.
The fact that there was no correspondence on this at the very implies that there was no loss of data because full back ups were available and the data storage devices were restored with a verified no loss of information.
At any rate, this whole sequence of events,if they actually happened, should have been reported to the Federal Judge presiding over the Z- Street case as soon the crashes occurred.
This is really serious stuff and the only explanation is that the IRS is stalling in order to give them time to evaluate what is on the back ups and to doctor and sanitize the backed up data to remove any damaging evidence.
Or that one or more of the IRS IT people involved kept their own private clean copies of the back ups as insurance to make sure that they would not go to jail if the IRS scandal heated up.
How did they determine a scratch was the cause of failure? Did they open it up and look? Hard disk platter is not too easily “scratched” at least not to the eye unless something really hard did it. A fingernail will not leave a visible scratch.
Most drives I have seen have multiple platters, and they use both sides. One surface damaged still leaves a lot of data to recover
When they do get to a tech, I hope they ask if the manufacturers seals on the case were still intact.
Yep, no reason to worry about the pussycats who are their GOPe accomplices.
Forget about the stupid hard drive. This stuff can be found on backups of the email server. COME ON!
Yes it is truly amazing. Many people have indicated that this is not about hard drives but email servers and their backups and for some reason this message isn’t driven home.
“incompetence or deliberate obstruction”
Sounds like something a jury should decide.
When are they going to charge these people?
Very interesting, thanks for the information.
I thought the IRS did have the legal responsibility to preserve their official emails (and they were only supposed to do those on their government supplied computers or phones) and also to turn correspondence over to the National Archivist at some point or at least let him know why they couldn’t do so. Not that the law matters to the folks at the IRS.
in the time frame they are talking about a 500MB quota is a large quota on an Exchange 2003 server and was considered a best practice in Corporate Land. Now if you are expected to retain documents for a long time, you had to buy an add-on to Exchange to save the emails on another server. With the advent of Exchange 2010 and 2013 plus Office 365, that no longer applies. Also, if the heads crash on a hard drive, recovery is going to cost around $2K and you are going to have a hard time recovering complete files off of it.
Yes it does.
They’re ‘cleaning.’ Everything related to the WH.
Of course you’re right. The odds on a hard drive failing in the manner described is VERY low. The odds of a hard drive being the EXACT one needed to prove the Administration’s wrongdoing failing? Unbelievably small. Like getting struck by lightning small.
Once is coincidence. Twice is enemy action.
Also - wasn’t it seven different people whose hard drives all “failed” in the same manner?
My bad. I just read that their quota was 150mb. I agree with what they should have done to preserve their email. They didn’t. I also agree with the $2000 for offsite recovery. However I’ve gone that route and probably got back 90+% of our files.
They get future worthless voters and keep the IRS scandal somewhat on the back pages.
In my opinion, OBummer and the boys (Jarret and Holder) fear the IRS scandal more than anything else.
Why not obstruct?
There's NO PENALTY whether professional, organizational or personal.
And you can destroy anyone who asks the wrong question.
A $5mil cash reward would flush that guy out.
And what about all the people that she sent emails to? Does this mean that everyone she contacted at the FEC, DOJ, WH, etc etc, all have destroyed hard drives and servers?
Why even worry about her stuff anymore? Go find what you’re looking for somewhere else, like the recipients of some of her emails.
The IRS should be required to keep all correspondence as far back as taxpayers have to keep their tax returns.
They do. The requirements are very clear, and it appears that they were ignored. The IRS's position is "oops, well, we'll do better next time." No taxpayer could ever get away with that one but they have so far.
So here is the take away from all of this. If the IRS is messing with you for “back taxes”, tell them you want to see EVERYTHING the investigating “official” and their colleagues have e-mailed about you. EVERYTHING. Because given what we know now? Chances are the IRS will lose a discovery phase of a counter lawsuit regardless of your tax standing. It’s an ambulance chasers’ dream come true at taxpayers expense. Maybe this is how “we” cloward-piven the IRS. They want to play games? What if a million of us played and started demanding the full correspondence to our “cases” when the IRS comes a knocking?
He was an enjoyable read in Byte magazine, along with conservative writer Jerry Pournelle.
I miss those days.
E-mail’s do not reside on the desktop or laptop computer. They reside on the e-mail server, which may be a cluster of servers for fault-tolerance. The several hard drives arranged in an array that spreads the data out among all the drives with a “parity” bit to rebuild the drive in case of failure. If a drive fails, a spare drive takes over and the data is “rebuilt” from that “parity” bit and recovery algorithm. The probability of complete loss of data is next to zero unless the server and drive is incinerated.
On top of all that, the e-mail data is incrementally backed-up to tape most likely on a daily basis. And, a full back-up every week. Common criminals.
The SOB knows he’s untouchable...he’s black dontcha know!
Next we’ll discover that the IRS employs Statisticians.....
Actually with Exchange Server, local files are stored in an .OST format. This is so people can work off-line while traveling (assumes Learner had a laptop with all of her sensitive IRS info on it). You can't view the contents of .OST files in Outlook without Exchange Server and an account. There are some kludgy utilities developed in someone's basement that purport to convert .OST files to the more open .PST format. If Learner used Outlook to "export" all of the data while everything was still available on the server, she could have saved it in a .PST file, but it would no longer communicate with her Exchange Server account.
Offline Folder files (.ost)
Typically when you use Microsoft Exchange Server, your e-mail messages, calendar, and other items are delivered to and stored on the server. You can configure Outlook to keep a local copy of your items on your computer in an Outlook data file called an Offline Folder file (.ost). This allows you to use Cached Exchange Mode or to work offline when a connection to the Exchange Server computer may not be possible or wanted. The .ost file is synchronized with the Exchange Server computer when a connection is available.
The last sentence from Microsoft tells us the emails are still on the server. If a size limit is reached, the user must export some emails to a .PST file, then delete, or they can delete large attachments, etc. All of these actions create a log entry on the Exchange Server(s). An sysadmin could easily determine who did what and when. Everything is logged and logs are backed up so there's an appropriate disaster recovery window (logs are used for delta-backup recoveries [recovery from incremental backups]).
Whatever Learner (or whoever) did, it should be in a log file that's saved somewhere. It would have to be a totally pathetic disaster recovery operation, violating all federal laws and industry data standards, not to save log files capturing mass delete operations.
I've always had this silly image of them being on 1970s dumb terminals still. I just don't know...
BTW fantastic sleuthing.
As long as the data is there - even in OST, which probably includes compression and possibly encryption - it can be accessed. All that's needed is a flat file and a stock text editor (once the OST is decompressed and decrypted).
So the "Republican Congress" is blocking the use of the Congressional swat team? How are they going to apprehend the criminals so that the Congressional judge can send them to the Congressional penitentiary?
Yes, mostly XP on the desktop that's long been sunset by Microsoft. They don't do maintenance patches anymore (our illustrious fedgov is probably paying MSFT $millions to keep patching security holes to XP).
Gov't employees probably lack the gumption and intellectual horsepower to move to Ubuntu or XUbuntu...
First, mapped drives that redirect everything the user thinks they are putting onto their hard drive is stored on the servers in Personal Folders. Standard Government practice in the US Department of State.
Secondly, many users are finding their entire desktop is only a platform to allow their User Profile to boot from a virtual server - so nothing actually resides on the desktop. As virtual servers become more widespread, this technology is also being implemented just because of the Security and Complete Control it allows both System's Administrators and those who perform as Information Systems Officers and Security Officers; the Network Admins also love it because it is difficult to hack or damage virtual servers or disrupt the networks - everything is running on a different machine from the one with the IP address.
Team Obama was stupid to Diss the Systems Administrators and Systems Security Officers.
The Democrats won’t do anything about it, so that leaves only the Republicans in Congress.
And what will they do?
Hold more hearings until it’s gone on long enough for them to “move on”.
How about hold Lerner in contempt and have her arrested? How about seize some hard drives and serve warrants on people who are in contempt?
No, by all means, let’s wash our hands of it - since we can’t call out the Congressional swat team. Go along to get along. You bet!
If one reads/downloads the answers given to True the Vote case
Case l:13-cv-00734-RBW Document 92-2 Filed 07/18/14
STEPHEN L. MANNING June - September of 2011, my position at the Internal Revenue Service was Associate Chief Information Officer, Enterprise Networks.
. . . Information Technology Specialist (Customer Support) (hereinafter “the Specialist”) was assigned and inspected the laptop assigned to Lois Lerner and determined that the hard drive on the laptop was not operating properly. ..
6. Because the Internal Revenue Service IT inventory control
system does not place bar code property tags on computer
component parts like the hard drive and because the Internal
Revenue Service has no business purpose for recording the
serial numbers of the numerous internal component parts of
desktop and laptop computers, to the best of my knowledge no
one at the Internal Revenue Service has first-hand knowledge
of the serial number on the hard drive that was in the laptop
computer assigned to Lois Lerner at the time of the Help Desk
complaint on June 13, 2011.
7. In response to recent inquiries made by the Internal
Revenue Service to the 3rd party IT hardware support vendor who
supplied the laptop computer at issue, the 3rd party vendor
advised the Internal Revenue Service that the hard’ drive that was in the computer assigned to Lois Lerner when the
Specialist responded to the June 13, 2011 Help Desk call
contained the serial number 2AGAH01E1XN0ON.
8. According to the June 13th Help Desk Ticket, after
determining that there were problems with the operation of the
hard drive, the Specialist made the initial efforts at data
preservation and/or data recovery with respect to the hard
drive in Lois Lerner’s laptop computer and all of the
Specialist’s efforts to recover any data were unsuccessful.
. . . According to the IRS Enterprise Learning Management System, the Specialist has received regular IT technical training going back to 2008
. . . According to the Specialist, prior to joining the Internal Revenue Service, from 2004 to 2005, formal Microsoft training was completed through ****Lions World Services for the Blind,***** a certified Microsoft training and testing center, which included the following curriculum: CompTia A+ Hardware 2000, CompTia A+ Software 2000, Microsoft MCP 2000, Microsoft MCSE 2000, Microsoft MCSA 2000, . . .
IT APPEARS that the IT specialist may have been blind or had very poor vision. That would not stop him from running standard software tests on lerner computer..
What is not knosw is who removed hard drive and supposedly sent it to CI while installing a new drive for Lois. EG no credible chain of evidence other than a ticket
Now in same case DECLARATION OF TODD O. EGAAS
” 3. In July of 2011 at the request of the User and Network
Services branch of the Internal Revenue Service Information
Technology business unit, a Senior Investigative Analyst in
the CID Electronic Crimes Technology & Support Center
(hereinafter “the Analyst”’) received a hard drive that had
been removed from a laptop assigned to an IRS employee and
attempted to recover data from the hard drive on July 22, 2011
and August 4, 2011.’
NOTE no serial number noted- - could well have been a really trashed HD - not that of lerner.
” 4. The hard drive had been removed from a laptop assigned to
Lois Lerner by an employee of the User and Network Services
branch of the Internal Revenue Service Information Technology
business unit before it was received by the Analyst.
How did he determine that - What proof it was the lerner hard drive ?
5. All of the Analyst’s attempts were unsuccessful in
recovering any data from the hard drive at issue.
6. On August 5, 2011 the Analyst sent the hard drive back to
the User and Network Services branch of the Internal Revenue
NOTE OK it was sent back - but again no serial number
COULD THERE HAVE BEEN SOME SLIGHT OF HAND RE HARD DRIVE(S)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.