A professional IT trade group with significant expertise in IT best practices has 6 questions that need to be answered about Lois Lerner’s – and at least 20 other IRS employees – email.
- What happened to the IRS’s IT Asset Managers who appear to have disappeared at a key juncture? At organizations such as the IRS, the ordering of a hard drive destruction and the documenting of the process would be handled by trained IT Asset Managers — professionals with special training and certification. IAITAM’s records show that at least three IT Asset Managers who were working at the IRS prior to the 13 May 2013 Inspector General Report were shuffled out from those positions around the time of that report. Investigators need to determine if these in-house IT Asset Managers were removed from the picture as the IRS email investigation heated up.
- Where is the documentation proving that Lois Lerner’s hard drive was wiped or destroyed? Proper IT Asset Management requires clear proof and records of destruction when drives are wiped or destroyed. Until that documentation is provided, the hard drives should be considered lost, not destroyed.
- Were the drives destroyed by an outside vendor or firm? If so, by who, and can they verify the destruction? For federal government agencies, this kind of arrangement, in which a specialized IT Asset Destruction (ITAD) firm is called in to complete a hard drive wipe or destruction, is not unusual. If an ITAD firm was relied upon by the IRS in the case of the Lerner drives, it would add an entire second layer of documentation of the decision-making process leading up to the hard drive destruction.
- What are the IRS’s specific policies and procedures on document retention when hard drives are damaged or destroyed? In large organizations, hard drives don’t just get bulk erased. The IRS almost certainly has specific policies and procedures for hard drive reclamation and/or destruction. If the process was followed properly, there will documentation evidencing failed attempts to recover data from the hard drives and proper handling for destruction.
- What is the disaster recovery policy at the IRS? Data loss at large organizations is not uncommon. What would be unusual is the lack of a way for data to be recovered. Investigators need to understand exactly what the IRS would typically do in this kind of situation, if it was done, and, if not, why not.
- Where are Lois Lerner’s emails from her Blackberry device? Are those secure? What is on the enterprise server? It is difficult to imagine that none of the emails in question were done on a mobile basis. If so, there may be a freestanding stream of email records that would not be impacted by the Lerner hard drive loss.
It’s long past time to get the IT people who are on the front line, put them under oath, and get technical experts to start asking questions. The CongressCritters on the Oversight Committees don’t know squat about the kinds of technical issues that we’re dealing with. Put the IT people under oath, remind them about the penalty for perjury, and they’ll crack.
The Committees don’t have the ability to make the political appointees or the top level career Democrats squirm. They’re more concerned about the administration and they’d probably not talk if they were waterboarded (although we’d like to find out). Career IT people have a whole different loyalty structure. It’s time to go to work on them.