Ever since the news broke a little over a week ago that the IRS lost e-mails connected to Lois Lerner because of a computer hard drive crash, I’ve been wanting to write an article addressing the technical aspects of this situation. However, the story kept growing as each day went by so I waited. As I sit down to begin this article late in the evening of June 23rd, I’ve just spent almost 4 hours watching the latest hearing live on CSPAN-2. Yes, you can’t get much geekier than spending an evening watching a government hearing discussing hard drives, backup tapes, and IT department policy. But I am who I am and the intersection of technology and politics is my wheelhouse. In all of history, there probably hasn’t been a more famous political story revolving around technology issues. Because of the size and scope of the various technical issues involved, this article will be the first of a likely series of articles tackling each major point in this long chain of events.
I almost feel that I don’t need to write these articles because it seems even technology laypeople instinctively know there is something highly suspicious about this situation. In this day and age of advanced technology, a simple hard drive crash simply doesn’t seem like a justified excuse to lose an important trail of digital communication. This is especially true for a government bureaucracy that purportedly symbolizes accurate record keeping. However, I still think a thorough review of the technology and management issues are worth examining.
As a technology professional, I’ve seen more than my fair share of hard drive failures. In my experience, hard drive failures are far too common, so I have no problem believing that a hard drive crash could have befallen the computer used by Lois Lerner. However, looking at the big picture, the hard drive failure really shouldn’t be relevant. All the hubbub about a hard drive crash is truly a red herring. Nonetheless, I will address the hard drive issue in my next article.
Any organization with halfway competent IT management that is required to preserve e-mails will have an e-mail archiving system in place. They will not defer responsibility of preserving required communications to individual employees – unless, of course, the negligence is intentional. One very important idea behind archiving is that e-mail communication may be used for criminal investigations among other things and it should be obvious that employees may decide not to preserve e-mails that are incriminating. The reality is that it is much easier to archive messages as they pass through a central server than it is to attempt to store and retrieve them from individual computers. And of course, automated centralized archiving eliminates the possibility of employees “losing” e-mails to cover their asses. To not archive messages at the server level is literally “so 1990’s”.
There are many archiving products and services available that work with common e-mail servers. It is well-known that the IRS uses the Microsoft Exchange platform, easily the most popular e-mail system for large enterprises. Therefore the IRS would have had its pick of any number of e-mail archiving systems to choose from. In fact, the IRS did have a contract with a company called Sonasoft that specializes in e-mail archiving (their tagline is “Email Archiving Done Right”). This contract was terminated at the end of fiscal year 2011 (August 31st), which seems highly unusual given the timing of the Lois Lerner hard drive failure and the supposedly lost e-mails in June of 2011. It was testified that the IRS only contracted with Sonasoft to archive the e-mails of the Chief Counsel within the IRS, which covered just 3,000 employees, not all 90,000. This also seems highly unusual to select such a small subset of employees. If archiving the e-mails of 3,000 IRS employees is deemed important, why not all 90,000 employees? At the very least, shouldn’t the heads of major divisions within the IRS, such as Lois Lerner, have had automated e-mail archiving as well? If nothing else, just from a productivity standpoint, the loss of e-mails for key personnel would be highly detrimental and an e-mail archiving system would be well worth the cost for the protection it provides, not to mention compliance with federal regulations in case of wrongdoing.
From a technical standpoint, the costs to archive the e-mails of all employees would not have been significantly greater. As with many technology systems, the greatest costs are in the initial implementation and baseline infrastructure, not in scaling of said systems. While archiving the volume of e-mail generated from 90,000 people would require a large amount of storage, it is not an impossible task. There are many companies in the United States that have hundreds of thousands of employees and are required to archive e-mails in order to comply with federal regulations. Or that being said, we know the NSA has enourmous data centers that are more than capable of monitoring and archiving communications on hyper-massive scale. Certainly it wouldn’t be beyond the capability of another gigantic federal agency such as the IRS to properly manage their own required records. The agency that has been charged with enforcing the president’s signature legislation shouldn’t have a problem archiving emails of a piddly 90,000 accounts, should they? They are in charge of maintaining records of hundreds of millions of American citizens, after all.
But that’s exactly what the current IRS chief wants you to believe. That the IRS’s technology infrastructure plus the policies and procedures that manages it are so woefully antiquated and out-of-date, they just couldn’t prioritize the archiving of e-mail messages. This is true even though e-mail messages are considered official records by the IRS’s own handbook and they are required to preserve them. The excuse has been given that properly archiving all the e-mails of the agency would cost between $10-$30 million and they just didn’t have the proper funding. I would love to know where this figure was arrived at because this seems like an extraordinarily high number, given that they were already contracting with a company that was doing e-mail archiving and scaling it shouldn’t have approached anywhere near these costs. Even several hundred terabytes of storage didn’t cost anywhere near $10 million in 2011.
What the IRS wants the American public to accept is that they can’t be proven guilty because they were incompetent. The truth of the matter, speaking as a technology expert with 20 years of professional experience, is given the laughable policies and procedures the IRS had in place, the chain of events as they describe them are entirely plausible. The burning question is whether or not these policies were in place due truly to incompetence or for convenient plausible deniability. At this point, we can only assume they are “innocent by incompetence.” But this can not be acceptable. If anything, the hypocrisy implicated here is far too much for anyone but the most ardent authoritarian to embrace. The IRS, nor would most law enforcement agencies, accept the excuse that a technical problem resulted in the destruction of evidence. In fact, the term “spoliation of evidence” is a legal concept that allows for courts to assume that evidence destroyed for any reason (whether claimed “accidental” or otherwise) would have been detrimental to the defense and assume the worst. Given the stringent federal regulations that require publicly held corporations to archive years worth of e-mails, it would be a significant case of “do as I say, not as I do” statist double-standards to allow the IRS to get away with this highly convenient set of circumstances.
While many apologists claim that the scandal is unfairly targeting Barack Obama, the reality is that he is the Chief Executive and that the IRS is a agency of the Executive Branch. That alone should prompt any leader of integrity to take charge and demand answers. But what is especially disturbing is that Obama was elected under the auspices of “Hope and Change” and one of those key tenets was “transparent and open government.” In fact, one of his first acts as president was to release presidential memorandums addressing the free flow of information from government agencies, regardless of the protection of personal interests. So for Obama to turn a blind eye on this situation is an egregious violation of his own proclamations. Do we really want a president that doesn’t stand by his own promises?
While “innocence by incompetency” may keep certain IRS figures out of jail or the president from being impeached, it won’t help the IRS in the long run. As I mentioned before, even technology laypeople realize there is something extraordinary about this situation. People from all political persuasions are incredulous at the arrogance and audacity shown by the IRS management over having their credibility questioned. We the people can not stand and let this pass. If the IRS is wanting to prove just how incompetent they really are, they need to have this incompetence severely punished. Instead of rewarding them by increasing their budget, we need to drastically reduce the power this agency has over the American people. The first step is to eliminate or rescind any further increases in power the IRS receives, such as that dubiously authorized by Obamacare. The ultimate step would be to abolish the IRS completely. While such a thought seemed like fantasy only a short time ago, the unprecedented nature of this situation has people seriously questioning the justified existence of such an agency and their legitimate role in a free society.
What steps do you think should be taken against the IRS for their seeming incompetency?