White House Says Hard Drives Were Destroyed

wanderindiana brings us an update on the White House missing emails mess, which we have discussed before. It seems the hard drives of many White House computers are gone beyond the possibility of recovery. Is it unusual in your experience for, say, a corporate IT department to destroy hard drives by policy? "Older White House computer hard drives have been destroyed, the White House disclosed to a federal court Friday in a controversy over millions of possibly missing e-mails from 2003 to 2005. The White House revealed new information about how it handles its computers in an effort to persuade a federal magistrate it would be fruitless to undertake an e-mail recovery plan that the court proposed."

No it is not usual

[Spiked_Three]

"Is it unusual in your experience for, say, a corporate IT department to destroy hard drives by policy?"

I worked on some projects involving email at the white house. The system tracks other things includuding gifts and snail mail.

There are very specific rules and laws that must be followed and the million dollar consultants the white house pays to manage this stuff is very aware of those rules and laws.

Any destruction of email by the white house is purely intentional, period.

Re:Banking

[malkavian]

I work in the NHS, and we're required to do two things:
1: Destroy hard drives comprehensively.
2: Ensure that any data on them of a sensitive/clinical nature is kept on a secure backup (in clinical data, for 25 years).

So, yes, destroying hard disks is a common thing. Now destroying DATA.. That's something else altogether.
For sensitive government documents, there is no excuse. Destroying the data can be arrived at through two ways:

1: Incompetence of the IT staff (with the amount of change control in a high profile environment such as high government/clinical, you'd have to be REALLY incompetent, and probably picked up way before this).
2: Someone said "This data is embarrassing. Make it go away.".

I'd say 2 was the most probable.

Re:Not really the point

[KenSeymour]

Unlike HIPPA, which requires destruction of data, the White House is subject to the various laws mandating the preservation of all presidential records.

This includes the Presidential Records Act of 1978. This states that upon leaving office, white house documents become the property of the government. A different law, the Hatch Act, prohibits federal employees from engaging in partisan political activities.

In order to address the Hatch Act, about 88 people who work in the White House were given separate computers purchased by the Republican National Committee and given email addresses in the domain gwb43.com, georgewbush.com, and rnchq.org.

It appears that White House staff consciously used the political equipment and email for some official business, presumably so that no "paper trail" would be left behind. Indeed, instead of a paper trail, in each case, the investigators requested relevant emails
but it was found that those emails were handled on the RNC machines and thus were destroyed.

So part of the legacy of the Bush Administration is a blueprint for obstruction of justice.

I disagree that this is a non-story. I worry that this will now be added to the toolkit of future administrations. Every administration will thinks it knows best for the country and some will want to get around all these pesky laws.

Re:Not really the point

[jackpot777]

HIPAA states that medical records must be held for years. Even after a patient dies, records could be audited up to two years after a patient's death.

http://www.hipaadvisory.com/regs/recordretention.htm

There are many policies that facilities will be required to have based on the new HIPAA regulations. Facilities should consider having a policy that specifies how long to retain or keep the medical records. These are known as retention periods. Many states have their own state specific law. Many hospitals and other facilities have one policy that lists all records and documents in their facility and not just medical records. According to the proposed privacy regulation, documents relating to uses and disclosures, authorization forms, business partner contracts, notices of your information practice, responses to a patient who wants to amend or correct their information, the patient's statement of disagreement, and a complaint record must be maintained for 6 years. (See 64 Fed. Reg. 59994). This is the federal statute of limitation for civil penalties. (42 CFR Part 1003). It is the amendment why hospitals and other health care providers maintain medical records as well as billing records on Medicare (Title XVIII), Medicaid (Title XIX), and Maternal and Child Health (Title V) for at least 6 years. Records must also be retained for two years after a patient's death under HIPAA. The Medicare Conditions of Participation, section 42 CFR 482.24 (b), states that all hospitals must retain medical records in their original or legally produced form for a period of 5 years.

Disclaimer: I am a document specialist for a company that itself specialized in business processes for major Part C and Part D health providers. So I know this stuff.

So having you say this is a non-story, based on you citing that records must be adequately destroyed without first stressing that those destroyed records had to be on file, and available at a moment's notice, for YEARS, is disingenuous at best.

It's a story PRECISELY because of th amount of time the records HAD to be retained.

http://www.washingtonpost.com/wp-dyn/content/article/2008/01/21/AR2008012102070_pf.html

The administration's e-mail policies have been repeatedly challenged by lawmakers and open-government groups, in congressional hearings and in court. Two groups, the National Security Archive and Citizens for Responsibility and Ethics in Washington, have accused the White House in lawsuits of violating the Federal Records Act because of what they say is its failure to preserve millions of e-mails, a charge the White House rejects.

The White House's record-keeping problems have thrown new attention on a gap in statutory language covering the retention of presidential records.

"If it is a presidential record, then it does need to be retained. It doesn't matter what the format is -- e-mails can be records," said Susan Cooper, a spokeswoman for the National Archives and Records Administration. But the agency has no power to intervene if an administration is not preserving presidential records, inadvertently or not, Cooper said.

The law governing nonpresidential federal records is stronger. The National Archives can demand an explanation from any federal agency that it suspects is mishandling records, and it can request a Justice Department probe. Private parties can sue to force compliance with federal records laws, but not the presidential-records statute.

So what happens if a probe is launched? Well, thanks to Sarbanes-Oxley (and the fuck up that was Enron, with BushCo's friend Kenneth Lay), Chapter 73 of USC18 (United States Code 18, Obstruction of Justice) was beefed up. Specifically Section 1505.

1505. Obstruction of proceedings before departments, agencies, and committee

Re:How they are destroyed

[RobertM1968]

Why not just write 0s or 1s all over writeable area? I mean each and every sector on each track on each platter. Why all the grinding and shredding? Unless it is somehow possible to recover WIPED data, it should not be neccessary..

It is possible to still retrieve the data. A hard drive never, ever, ever has a zero or one written on it. Instead (if I can accurately sum this up in a non-technical way that doesnt invalidate my answer), it has a close to "0" or close to "1" written. Much like how certain electronic chips (that lets say are +5 = on, 0 = off) arent truly at +5 or zero. A "threshold value" is used to determine on or off.

In the case of hard drives, assuming "0" and "1" are the desired results, a zero gets "written" to the disk (which ends up being a .0020919) or a one gets written (which ends up being a .98298329) - gotta remember it's not an actual number written - it's something that (loosely) corresponds with a voltage/magnetic resistance that indicates 0 or 1 when compared to a threshold... thus .1 or less may be 0, .9 or more may be 1, and anything inbetween indicates errors.

The government (various parts - the requirements vary) mandates multiple wipes, because there are recovery tools out there, that by reading the actual magnetic/electrical value can interpolate what the data was after a single wipe. The reason apparently being, setting from "1" to "0" (or vice versa) leaves enough of the residual one to determine it was a one.

Thats (I can guarantee you) a very poor attempt at explaining it, but the basic theory behind what I am trying to say is correct...

A better idea would be to read up on it for a better explanation...

http://en.wikipedia.org/wiki/Data_remanence

Data remanence is the residual representation of data that has been in some way nominally erased or removed. This residue may be due to data being left intact by a nominal delete operation, or through physical properties of the storage medium.

Scroll down the article to the section on "The Gutmann Method" to see why (a format is not acceptable means of wiping a drive).

A key point to this discussion is that "as of Nov 2007, overwriting is no longer a DoD-acceptable sanitization method for magnetic media. Only degaussing or physical destruction is acceptable." (Wikipedia)

This I find interesting timing, since it coincides with many requests for info and/or discovery of such info - that now, the DoD requires to be non-recoverable...