Is the IRS lost email story plausible?

Summary:The initial news that the IRS had lost two years of Lois Lerner's email seemed preposterous. It had to be a lie. But it's worse than that: It could be true.

How you feel about the scandal of the IRS targeting Tea Party organizations may depend on your politics generally, but if you're in IT you certainly took notice when the news came out last week that the IRS had lost many of Lois Lerner's emails between January 2009 and April 2011.

Lerner had been director of exempt organizations and at the center of the affair.

The central event cited as the cause of the loss was (pp. 14-15 of the letter from the IRS to Congress) an unrecoverable hard drive crash on Ms. Lerner's computer in mid-2011, early in the development of the affair. How, you might ask, should the state of her personal computer matter in an organization of 90,000 employees? Surely their email is on servers and surely they have backup and archival polices, right? That's what I thought, so I wondered how the emails could be lost.

Then I read the actual document. I've also followed analysis by others, such as Bloomberg's Megan McArdle, herself a former Microsoft Exchange administrator. A consensus has emerged: Only a profoundly IT-incompetent organization could lose emails in this way, and the IRS appears to be that organization.

I don't think we can feel confident of the facts in this case yet, or of the accuracy of the information provided by the IRS, even if we assume it was produced honestly and forthrightly. Consider this statement (on page 10 of the document):

"The IRS email system runs on Microsoft Outlook. Each of the Outlook email servers are located at one of three IRS data centers."

The servers are, as you may have guessed, Microsoft Exchange servers. Nowhere in the 27 page document does the word "Exchange" appear, even though Exchange is at least as central to the story as Outlook. This makes me wonder about the level of technical proficiency of the authors of the document, and therefore the accuracy of the information in it.

To assume that the information is accurate is faint praise for the IRS. The document describes policies that range from cheap to baffling. Prior to May 2013, the IRS did daily tape backups of the server mail databases. They reused the tapes after six months to save money (the change in policy in May 2013 to retain tapes cost $200,000 according to the document).

Combine this with several other facts: At the time of the Lerner crash, the IRS allowed a user maximum of 500MB, which is not a whole lot. When users approached their maximum they were told to delete messages from Outlook to make room (page 11; emphasis mine):

"When a user needs to create space in his or her email box, the user has the option of either deleting emails (that do not qualify as official records) or moving them out of the active email box (inbox, sent items, deleted items) to an archive. In addition, if an email qualifies as an official record, per IRS policy, the email must be printed and placed in the appropriate file by the employee. Archived email is moved off the IRS email server and onto the employee's hard drive on the employee's individual computer."

There's a lot in this document to make you scratch your head, but this last statement just about makes my head explode. This is an official records retention policy? I don't know about you, but I fear for the republic.

Not only are the important records stored in dead tree databases, but the rest of the email, assuming it hasn't been deleted, is stored on PSTs on the user's computer. This opens up myriad opportunities for employees to manipulate records and no meaningful way to stop it.

The policy explanation also clears up another big question, the first one asked by Congressional Republican leaders after the IRS response was analyzed: How could it have taken a year to determine all this and to produce what records they have produced? Any Exchange admin knows that if you have a few search terms, you run a few searches and you get your results. Unfortunately, the document requests from the Congressional committees asked for messages more than six months old.

This entails reading paper files and searching individual PST files on users' computers. These PSTs and all the older messages in them are lost if the hard disk crashes, as Lerner's allegedly did.

The Lerner hard drive crash is not the only unrecoverable disaster preventing the IRS from complying: Six other IRS workers had hard drive crashes which lost their emails. Here's another good one (page 7, footnote):

"We have been informed that in a broad migration of computer systems from Windows XP to Windows 7, Outlook calendar information from before 2012 was lost."

I could go on for a long time about the descriptions, but it all comes down to one conclusion: If IRS IT actually operates in the way described in the document provided by the IRS to Congress, then it's perfectly reasonable to believe that they lost Lerner's emails.

Topics: Government : US

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.