Slashdot Mirror
White House Says Hard Drives Were Destroyed
wanderindiana brings us an update on the White House missing emails mess, which we have discussed before. It seems the hard drives of many White House computers are gone beyond the possibility of recovery. Is it unusual in your experience for, say, a corporate IT department to destroy hard drives by policy? "Older White House computer hard drives have been destroyed, the White House disclosed to a federal court Friday in a controversy over millions of possibly missing e-mails from 2003 to 2005. The White House revealed new information about how it handles its computers in an effort to persuade a federal magistrate it would be fruitless to undertake an e-mail recovery plan that the court proposed."
What did they do with the harddrives? And why aren't there any backups? The IT staff either is malicious or highly incompetent.
Knowledge is power. Knowledge shared is power lost.
"Is it unusual in your experience for, say, a corporate IT department to destroy hard drives by policy?"
I worked on some projects involving email at the white house. The system tracks other things includuding gifts and snail mail.
There are very specific rules and laws that must be followed and the million dollar consultants the white house pays to manage this stuff is very aware of those rules and laws.
Any destruction of email by the white house is purely intentional, period.
slashdot troll = you make a compelling argument I do not like the implications of.
Awesome! Now arrest them for obstruction of Justice.
this administration will go down in history as "administration of coincidences". coincidences they need happening at the exact nick of time.
Read radical news here
If they are arrested now, they can (and likely would be) pardoned.
Much better to wait a year, when a new administration is in office, and then go after the lawbreakers.
"National Security is the chief cause of national insecurity." - Celine's First Law
I would certainly hope that any Whitehouse hard drive that is decommissioned is utterly destroyed.
The real question is why secure backups of email aren't part of the IT infrastructure.
Help! I'm a slashdot refugee.
"When workstations are at the end of their lifecycle and retired ... the hard drives are generally sent offsite to another government entity for physical destruction,"
That's standard practice, and required by law, for ANY government computers.
Violence is like duct tape. If it doesn't solve the problem, you didn't use enough.
This is the US you're talking about. I'm not trolling but I've been surprised by the lack of protests and resignations over such failed policy. A war based on false information, falling dollar, weakening economy, information getting destroyed, Katrina, etc. In old Europe, where I am from, governments would resign and write out new elections after such disastrous events. If they don't write out new elections they would be forced by countless protests from the public. In the US however people seem to fear being questioned about their patriotism when they publicly protest their government.
While the hard drives are destroyed, it shouldn't be too hard to determine what was on them. Recovering data is exactly why the administration has been so adamantly for "alternative interrogation techniques".
Here's the problem: The people who would be doing the prosecuting are the very same people who told the guy to press the button.
We're unfortunately in a bit of a bind. The branch of government designated to enforce our laws has no regard for them, and the only other branch of government that could do something about it is too spineless and fractured by party politics to lift a finger.
The current administration is trying real hard to out-do Nixon as the most criminal Presidency in our nation's history, and if anyone were to actually do some investigation into it, we may even find that it has been a success.
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
I work in the NHS, and we're required to do two things:
1: Destroy hard drives comprehensively.
2: Ensure that any data on them of a sensitive/clinical nature is kept on a secure backup (in clinical data, for 25 years).
So, yes, destroying hard disks is a common thing. Now destroying DATA.. That's something else altogether.
For sensitive government documents, there is no excuse. Destroying the data can be arrived at through two ways:
1: Incompetence of the IT staff (with the amount of change control in a high profile environment such as high government/clinical, you'd have to be REALLY incompetent, and probably picked up way before this).
2: Someone said "This data is embarrassing. Make it go away.".
I'd say 2 was the most probable.
"Is it unusual in your experience for, say, a corporate IT department to destroy hard drives by policy?"
:)
I don't think this is asking the right question as some other posters have alluded to. We're talking corporate IT departments versus a branch of the Federal Government. We're also talking about destruction of the only copy of a given piece of data rather than destruction of one of several means of storing it.
It is absolutely usual for my corporate IT department to destroy hard drives by policy; but I work for a bank. I don't work for the government where I'm required by law to archive anything and everything. After a person no longer needs a workstation, the workstation is kept in a locked room for about 90 days just in case anything pops up (oh crap, I forgot to copy my personal folder over to my new machine!). After that, the drive is securely erased. If the machine is going to be redeployed to a new user we then load a fresh install of the OS onto it and it's put in another secured room and marked as "Available for Redeploy" in the asset database. If it's not going to be redeployed then the hard drive will be removed and run through a degaussing machine and then put in a pallet box to be picked up by our secure shredding company. The company will shred the drives on site and take the materials to be recycled.
Servers are much the same way, except that by policy, we back servers up at least once a day. While the drive that originally contained the information may be long gone, the data lives on for whatever the normal retention policy is. For email I believe it's a year, unless there's a reason for that box to be kept indefinitely (e.g. if a notice of discovery has been received).
So to answer the question posed in the story posting, yes it is normal for corporate IT departments to completely destroy hard drives, but that's not germane to the discussion. A better question would be "Is it normal for corporate IT departments to destroy hard drives by policy without any suitable forms of backup or other mechanisms to make sure any retention policies mandated by law or policy are enforced." Of course that's a lot longer than the original question and the Slashdot eds probably would have gotten lost and not posted the article!
Or following orders. They were almost certainly following policy. The complaint here is that the data is missing/destroyed. The data is supposed to be retained by a backup solution. The hard drives are only a 'working area'. Sure the data is stored there while someone is actively using the computer but as soon as it leaves the person's desk it is now a security risk.
The drives should be thoroughly wiped and then recycled or destroyed. That is good IT policy. I run the IT hardware division for my company that supplies and supports customer's computers. When any computer is repaired or replaced the old drive is dated, put into secure storage for a minimum of 30 days, and then DOD wiped, and then recycled or physically destroyed. (The magnets are really good for hanging things on cubical walls.)
The reason our drives are 'aged' for 30 days is because we can't trust our customers to have a good backup. (or ANY backup...) The White House shouldn't have any issues with their backups so they have no reason to retain the drives. This brings us back to the backup question. The rule for a really secure backup methodology is, "Multiple methods of backup, and multiple media". About 10 years ago I saw an article in a trade journal (InfoWorld?) that quoted the statistic that after a catastrophic data loss, 15% of the time the backup method itself is found to be flawed. Having 2 methods of backup would reduce the chance of an unrecoverable flaw to 2.25% which is much more acceptable.
The solution to the White House problem is the judicious use of pink slips. Fire any one who bowed to pressure and allowed this to happen. (or was incompetent enough to allow a flawed backup scheme...)
Look, the DOJ will not investigate as they are republicans (total corruption within the party), so it is up to dems to do this. If they really wanted to investigate, they would call in Sibel Edmunds and put her before the senate or the house or both. But ALL of congress is trying to keep this quiet. Waxman and Clinton PROMISED her that if the dems took control of congress that they would help her. They lied (IMHO, this is why clinton is the weakest of the 3 candidates ). Apparently a number of dems promised her that. ALL OF THEM LIED. NONE HAVE DONE A DAMN THING. This shows that because we have allowed laws that pretty much limit this to a 2 party system, that nothing will happen. Currently, I do not see the dems as being as corrupt as the pubs. But the fact that they are giving a sham investigation into this WH's doings, says that they are wanting a "get out of jail free" card for future use. So, yeah, the old timer dems are not that much different than all the republicans.
Is it any wonder that Americans are picking up on a man who says that he will change things while the old timer dems and nearly all of the pub party dislike him.
I prefer the "u" in honour as it seems to be missing these days.
That's exactly why we are having this conversation because Cheney et. al. did exactly that. They used outside email servers against the law and got caught. They were using the RNC servers and when handed a subpoena for their email claimed it was all lost. It turns out they weren't all lost much to the chagrin of the administration.
http://www.washingtonpost.com/wp-dyn/content/article/2007/04/04/AR2007040402404.html
http://oversight.house.gov/story.asp?ID=1362
Of course, nobody will be punished in the least for violating The Presidential Records Act.
This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.
The other end of the trade show there was a company showing containers of metal shards. They had a shredder for disk drives. They have security clearances that allow them to shred drives with classified data. I have no direct knowledge of the drive disposal policy at the EOP, but I would expect that the NSA would require this as a matter of course. It is smart IT management.
But the argument over the drives is somewhat irrelevant as we know for a fact that members of the administration were using the RNC mail servers to transact government business, specifically to avoid leaving a paper trail. In the process they directed emails containing the most secret, most confidential government discussions through the machines of a small company that has no security clearance, does not even have a security policy and used the same network resources and mail servers for other customers.
The company concerned received the contract for the 2004 RNC convention. They would therefore have been an espionage target in any case. I would think that it is almost certain that multiple foreign powers have copies of the emails. Why don't we just call up the Iranian embassy and ask them nicely if they will share?
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
The 1978 Presidential Records Act expressly forbids it. In fact this admission that they intentionally destroyed hard drives just adds to the evidence of criminal wrongdoing in the current administration. These crooks were also using Republican National Committee servers to conduct official Whitehouse business in order to skirt the record keeping requirements of the act. http://www.motherjones.com/washington_dispatch/2007/03/white_house_emails.html
But the congress is gonna let them slide again, when they should impeach the bastards.
-- QED
I'm fairly sure that a lot of damaging info to the current administration would be found on those drives.
Privacy for ordinary citizens is a right, but our officials that WE ELECT, their job is our business and we should have the right to know what they do. If they've done nothing wrong, then why hide anything. This does not apply to citizens on ordinary, routine matters e.g. we should not have to voluntarily have our cars searched cause we're innocent.
We elect our officials - they work for us, and therefore need to have accountability.
..........FULL STOP.
The reason that this is a huge issue is that the destruction of presidential records is illegal. The Presidential Records Act mandates that all records from the President and Vice President are owned by the public, and that the President is not allowed to destroy any records without specific authorization from the Archivist of the United States stating that the records do not have any historical, informational, or evidentiary value.
There is a great desire on the part of many Americans to impeach Bush for his part in prosecuting the disastrous $2 Trillion+ debacle, the Iraq War, which is currently sinking our economy. Nixon wss easy to impeach because he left a lot of evidence in the form of tapes for his prosecution, but Bush and Cheney are not making that mistake -- they have both had very "convenient" situations where their records regarding among other things the Iraq War planning that have been "accidentally" destroyed.
If the American people were to have more evidence about White House activities, there would be many more people joining Scooter Libby in jail, and we would find out more about things like "ex" gay prostitute Jeff Gannon's entries and exits at the White House .