Gone, but not forgotten

April 12, 2007

It’s one thing for White House staffers to break the law preserving documents; it’s another to have to admit it publicly; but it’s something altogether different when those emails come back from the dead.

“[D]eleted” doesn’t mean what it used to, according to computer forensic experts. Indeed, deleted emails and files, even years-old ones, are recovered all the time.

“We do it every day of the week,” said Beryl Howell of Stroz Freidburg LLC, a Washington, D.C.-based firm that specializes in recovering lost data for businesses complying with court orders, criminal investigators and others.

Companies turn to Howell’s firm when they “have a duty to preserve certain emails,” not unlike the White House in this scenario. “Companies are sanctioned when they do not preserve electronic data,” even if it means putting technicians to work extracting bits and bytes of “deleted” data that has not yet disappeared from hard drives.

“They look at their backup systems and backup tapes,” Howell said, adding that “with any electronic storage media, you can do forensic recovery and find deleted data.”

Computer forensics expert Rob Lee added that that “the only way someone could claim something has been destroyed is if the emails themselves have been wiped” from a hard drive or tape backup, he said, “overwriting every piece of data.” That requires special software designed explicitly to cover any trace of deleted information.

And if that’s what happened here, wouldn’t that be a tad suspicious?

A few related thoughts…

Talk Left has a helpful suggestion: “Congress should issue a forthwith subpoena duces tecum for the server itself.” Why not?

I’d also be interested in knowing the date some of these deletions occurred. If, for example, emails on the RNC’s server started getting purged after administration officials were instructed to preserve documents, wouldn’t that almost certainly constitute an obstruction of justice charge?

Moreover, the press corps seemed “inquisitive” about the missing emails during the White House press gaggle this morning. Paul Kiel explained that there was a policy change on staffer’s RNC emails in 2004. During the first few years of Bush’s first term, the RNC would purge emails after 30 days. After 2004, the RNC wasn’t responsible for deleting emails; the White House staffers were. In order to do this, the WH aide would have to delete the email twice — once from the inbox and again from the trash folder. A reporter asked if that meant that staffers made two affirmative decisions to delete certain emails. Spokesman Scott Stanzel responded:

Since 2004, the RNC has had a policy of excluding White House staff from their automatic deletion policy, which means that the RNC every 30 days has automatic deletion policy. Since 2004, it’s our understanding, that White House staff who have political email accounts provided by the RNC have been excluded from that policy. And in terms of the double delete, what you’re talking about is the user’s ability, if they are sitting at their laptop, and decide that, ‘gosh, I’ve got a hundred emails here that I just — are cluttering up my inbox, I want to put them in the deleted file, and I right-click the deleted items to empty my deleted file.’ It’s possible, possible, that those records could have been lost….

Reading the transcript, you can almost hear Stanzel sweating….

It will be interesting to see if the RNC hires any reputable data-recovery firms or not.

I’m guessing not.

That alone should be cause for Dems to subpoena the servers and other machines where the data would still exist (albeit hidden from non-geeks).

  • “They look at their backup systems and backup tapes,” Howell said, adding that “with any electronic storage media, you can do forensic recovery and find deleted data.”

    Hmmm … Now Where have I read that before … ?

    🙂

    The 5 million number seems a bit … wow. No way does one “lose” that many unless the building housing the servers, backups, and user-computers burns down … twice.

    I just hope this turns into Bush’s “missing 18 minutes” moment.

  • I wonder if they set thier mailbox size so small that they were forced to delete items from thier inbox before they could send a new message.

  • Data on Hard Drives is incredibly hard to destroy unless you destroy the drive itself.

    Actually, the RNC mail servers is just another metaphor for the Bush Admin’s MO of bypassing regular checks and balances.

    I’m thinking that Camp X is really too good for them and spending time in a Sunni run Iraqi prison is a better option for these Jeebus Doofi Ideologuies.

  • I wouldn’t be surprised if the drives were gone and replaced. Can’t recover something that was never there.

  • “It will be interesting to see if the RNC hires any reputable data-recovery firms or not.”

    Actually, it would be more interesting to see if the RNC already has hired such a firm. If the quotes in the story above are true, it seems that you would have to hire an outside expert to really (and I mean, really) get rid of the stuff.

    If the RNC has hired such a firm in the past (before this all came to light), there’s the smoking gun.

    If not, then the emails are still around . . . in some form.

  • Why the hell would anyone put in email what they wouldn’t want read publicly? Will people never learn? Or were they just counting on the GOP’s ability to continue controlling Congress forever? I’m guessing a bit of both.

  • As was hinted at in the Anon Liberal quote in the prior thread, in litigation the intentional destruction or reckless failure to preserve relevant evidence is called spoliation of evidence. Under the law, a judge finding spoliation has occurred may instruct the jury that it may draw the inference that the missing evidence would have been adverse. Congress, the media, the public should not hesitate to assume the worst case scenario here about the missing evidence. And when the time comes, the courts hearing the prosecution of these little C-student brownshirted frat boys and Regent girls should assume the worst against them as well.

  • Someone noted on an earlier thread that presidents are generally allowed to retire gracefully, and that’s not a good thing to do. Ford pardoned Nixon and everyone lost interest in Watergate. Bush pardoned some people, Ronnie retired, and everyone let Iran-Contra drop. I agree that this is a bad precedent. Bush as president can do a certain amount of running and ducking, but as a private citizen retired from the presidency he (and his cohorts) should be hauled into the dock to explain their massive abuse of office and be held accountable for it.

    I figure cleaning up all Bush’s crap will be inordinately expensive (we still have to rebuild New Orleans; we haven’t spent what we need to on domestic security; we will need to rebuild and re-equip the military; we will probably need to buy out or duplicate a great many Bush appointees in the civil service, and I haven’t even got to fixing Iraq and Afghanistan properly.) That’s easily many billions without New Orleans, Iraq, and Afghanistan. Thus spending $100-500 million on a full-fledged investigation of Bush, Cheney, and Rove to keep this degree of crap from ever happening again would appear to be money extremely well spent.

    Then hand them over to The Hague.

  • Thus spending $100-500 million on a full-fledged investigation of Bush, Cheney, and Rove to keep this degree of crap from ever happening again would appear to be money extremely well spent. — N.Wells, @9

    Heck, put them in jail *and* assess heavy damages. Bankrupt the b—ds and the investigations will have paid for themselves, with some left over for rebuilding the country.

  • The Chinese Book of Songs (the Shih Ching), written as early as 1000 B.C., has a great line: “As is the hidden, so is the pattern.”

  • “overwriting every piece of data… And if that’s what happened here, wouldn’t that be a tad suspicious?” — CB

    A tad. Sort of like a “handful?”

  • I would be sweating bullets. Email gets around like crazy. All it takes is one email on a low level staffer’s computer, or on a hard drive somewhere that has been forwarded and forwarded and contains the whole conversation.

    Every server room I have seen has 3 or 4 old hard drives and/or back up tapes that have been sitting around for who knows how long and nobody remembers whats on them. Scary!

    Getting rid of each and every instance of incriminating email is pretty much impossible.

    All they can really do is sit there and sweat

  • It takes a great deal of effort to totally wipe data off a hard drive. There’s freeware programs out there that allow you to recover deleted material off a hard drive even if part of it has been over written. The professionals can recover data from a hard drive even if it’s been over written several times. Last I knew you had to overwrite each bit like 10 or 20 times before the original data is irrecoverable.

  • Either way they’re in BIG trouble.

    Erased or not, it was not legal.

    Double – triple erased and no evidence, goes to the ‘finding spoliation has occurred’ as mentioned in post #8

    • Comments are closed.