An international organization representing information technology (IT) managers says there is a relatively easy way to get to the bottom of the Internal Revenue Service’s mounting scandal over thousands of "missing" (and possibly incriminating) e-mails. The congressional investigation into the unlawful targeting by the IRS of conservative organizations has led to a string of cover-ups and stonewalling, one after the other. The federal Department of Justice insists that it is carrying out an “exhaustive” investigation, including a probe into the “lost” e-mails of former administrator Lois Lerner, who headed the division that processed applications for tax-exempt status. Lerner, who claims she did nothing improper or illegal, has refused to answer questions, citing her Fifth Amendment right against self-incrimination. The U.S. House of Representatives voted in May to hold her in contempt of Congress.
David Ferriero, chief archivist at the National Archives, in testimony on June 24 before the House Oversight Committee, stated that the IRS broke federal law in not reporting Lois Lerner's hard drive failure and the loss of e-mails demanded by Congress.
Dr. Barbara Rembiesa, the president and founder of the International Association of Information Technology Asset Managers (IAITAM), says there is a straightforward and relatively simple way to cut through the roadblocks — a way that is clear to IT professionals who deal with issues of this sort on a daily basis. In a statement issued on July 21, Dr. Rembiesa’s organization called on the DOJ and congressional investigators to focus on six questions. Those questions, and the IAITAM's followup comments are:
1. What happened to the IRS's IT Asset Managers who appear to have disappeared at a key juncture? At organizations such as the IRS, the ordering of a hard drive destruction and the documenting of the process would be handled by trained IT Asset Managers — professionals with special training and certification. IAITAM's records show that at least three IT Asset Managers who were working at the IRS prior to the 13 May 2013 Inspector General Report were shuffled out from those positions around the time of that report. Investigators need to determine if these in-house IT Asset Managers were removed from the picture as the IRS e-mail investigation heated up.
2. Where is the documentation proving that Lois Lerner's hard drive was wiped or destroyed? Proper IT Asset Management requires clear proof and records of destruction when drives are wiped or destroyed. Until that documentation is provided, the hard drives should be considered lost, not destroyed.
3. Were the drives destroyed by an outside vendor or firm? If so, by whom, and can they verify the destruction? For federal government agencies, this kind of arrangement, in which a specialized IT Asset Destruction (ITAD) firm is called in to complete a hard drive wipe or destruction, is not unusual. If an ITAD firm was relied upon by the IRS in the case of the Lerner drives, it would add an entire second layer of documentation of the decision-making process leading up to the hard drive destruction.
4. What are the IRS's specific policies and procedures on document retention when hard drives are damaged or destroyed? In large organizations, hard drives don't just get bulk erased. The IRS almost certainly has specific policies and procedures for hard drive reclamation and/or destruction. If the process was followed properly, there will be documentation evidencing failed attempts to recover data from the hard drives and proper handling for destruction.
5. What is the disaster recovery policy at the IRS? Data loss at large organizations is not uncommon. What would be unusual is the lack of a way for data to be recovered. Investigators need to understand exactly what the IRS would typically do in this kind of situation, if it was done, and, if not, why not.
6. Where are Lois Lerner's e-mails from her Blackberry device? Are those secure? What is on the enterprise server? It is difficult to imagine that none of the e-mails in question [was] done on a mobile basis. If so, there may be a freestanding stream of e-mail records that would not be impacted by the Lerner hard drive loss.
On June 26, 2014 IAITAM put out a release raising grave concerns about the plausibility of the IRS story that Lois Lerner’s computer hard drive had crashed and had been subsequently “recycled,” causing the requested e-mails to be permanently erased.
“The notion that these emails just magically vanished makes no sense whatsoever,” Rembiesa said. “That is not how IT asset management at major businesses and government institutions works in this country. When the hard drive in question was destroyed, the IRS should have called in an accredited IT Asset Destruction (ITAD) professional or firm to complete that process, which requires extensive documentation, official signoffs, approvals, and signatures of completion. If this was done, there would be records. If this was not done, this is the smoking gun that proves the drive or drives were destroyed improperly — or not at all.”
Rembiesa said it is inconceivable that a federal agency handling the personal financial data of millions of Americans would not be using ITAD experts to destroy hard drives. “If Congress wants to get to the bottom of this, we can put together a team of IT asset management experts who can find out if this was done properly or improperly," Rembiesa said. “This is not rocket science, but you have to have the real experts on hand to get to the bottom of this.”
Dr. Rembiesa and IAITAM are not the only IT experts who have challenged the credibility of the excuses offered by the IRS for losing the e-mails. Nor are they alone in suggesting that the e-mails in question may still be recoverable. As we reported recently, IRS Deputy Associate Chief Counsel Thomas Kane, who supervises the Internal Revenue Service’s targeting scandal document production to Congress, contradicted previous IRS categorical assertions that the subpoenaed e-mails no longer exist. In testimony before the House Oversight Committee, Kane said he is unsure whether or not the e-mails still exist, “but it’s an issue that’s being looked at.”