The IRS’ lost emails – bad procedure or bad lie?

The recent news that the IRS “lost” Lois Lerner’s e-mails has been making headlines in the news media, but not so much in data protection circles. That may be because any data protection expert knows that this claim simply makes no sense. It’s either a case of extremely bad data protection procedures or a bald faced lie.

From what I have read and heard, the IRS claims that they lost all of Lerner’s emails during the time it was holding up tax exemption applications from conservative groups. When I first learned of this, apparently Lerner’s and six other employees’ hard drives crashed around the same time. My first thought was that all this email should be on a mail server. Interestingly, that server’s hard drive crashed too, and the data on all these drives can’t be recovered. Other than being incredibly convenient it leads me to believe something just doesn’t make sense here.

Bald Faced Lie?

It seems to me that the IRS is either counting on the ignorance of the public, with respect to how data protection works, or the IRS has the worst data protection policy of any government agency.

First, for this claim of lost emails to be true, seven laptop hard drives had to fail simultaneously. Second, the server “hard drive” had to fail. No mail server that I know of is running on a single hard drive. I think it is safe to assume that they had an array with at least RAID 5 protection. That means that the array had to have a double or even triple hard drive failure for data to have been lost. Third, it also means that all of the drives had to fail to the point that a drive recovery specialist could not pull data off of them. Fourth, it means that when the drive failed, the data could not be recovered from the backup system.

For all these things to have gone wrong at the same time is the mathematical equivalent of winning power ball and simply defies logic.

Bad Policy?

For its part, the IRS claims the failure was caused by a lack of an email archive, combined with a practice of erasing and reusing backup tapes every six months. To make matter worse the IRS apparently has a policy of allowing employees to decide for themselves which e-mails constitute an official agency record. In other words bad policy.

Go back and read that last paragraph and think to yourself for a minute. This is the IRS, not, Joe’s Plumbing! In fact Joe’s Plumbing, if they used the same excuse to defend themselves against an IRS audit, would be forced to close up shop for good.

The lack of policy is confusing because last year IRS CIO Terence Milholland said he was pushing the IRS toward world-class IT status. The above paragraph is not world class IT. Most small businesses do a much better job of protecting their email.

First, email backups should be retained for much longer than six months. Second, an email archiving system should be a standard requirement of any government agency. Third, not only should individual employees NOT be allowed to decide what constitutes an official agency record, the IT organization certainly should have locked down and put a legal hold on email records the moment the scandal broke.

The problem with the policy is that it is so egregious, that it  holds zero credibility; which can only lead me to assume that this is a bald faced lie. It’s time for the IRS to own up to what actually happened, it purposely erased information that it felt might be damaging, this was not a failure of IT.

 

Twelve years ago George Crump founded Storage Switzerland with one simple goal; to educate IT professionals about all aspects of data center storage. He is the primary contributor to Storage Switzerland and is a heavily sought after public speaker. With over 25 years of experience designing storage solutions for data centers across the US, he has seen the birth of such technologies as RAID, NAS and SAN, Virtualization, Cloud and Enterprise Flash. Prior to founding Storage Switzerland he was CTO at one of the nation's largest storage integrators where he was in charge of technology testing, integration and product selection.

Tagged with: , , , ,
Posted in Article
3 comments on “The IRS’ lost emails – bad procedure or bad lie?
  1. Ed says:

    What wasn’t considered but would be bad policy is encrypted backups and they lost the key. That almost is plausible. It is likely a policy issue regarding email retention – there are a lot of companies that do not back up email so e-discovery will fail.

    Whatever the reason, the public is being misled. Catastrophic failure of multiple drives from a single vendor and lot would be somewhat probable (I’ve had 3 fail within 24 hours luckily not in the same RAID) but different vendors I think would require beyond lotto odds.

    Not considered – EMP panic button for a room full of computers. Might work.

  2. George Wagner says:

    Adding to the list of “coincidences”, the IRS had an email archiving contract with Sonosoft from 2005 until just after Lois Lerner reported the “crash”.

    “Move along now, nothing to see here”- Frank Drebin

  3. Dan Tanner says:

    Well said.

    I now live in retirement outside the USA, but was a storage professional.

Comments are closed.

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 22,238 other followers

Blog Stats
  • 1,552,037 views
%d bloggers like this: