Saturday, March 1, 2008

The White House email controversy: where have all the computers gone?


By David Gewirtz

In the melange of technology and politics that describes the story of the White House email controversy, there is yet another chapter. In our latest plot twist, the White House CIO claims that email messages from 2003 to 2005 either can't be produced because they're not missing, because the computers they were on have been destroyed, or because it's too hard to find them.

It's all very baffling, complex, confused, elaborate, impenetrable, intricate, involved, labyrinthine, perplexing, puzzling, serpentine, tangled, and tortuous.

"I've also uncovered at least two new serious security risks at the White House."

What's really going on? Sifting through all the posturing on both sides, what's the real story? What are the technical issues? How can they be solved? In this article, I'll dig in and do my best to answer all of these questions, along with exploring a key element that all of the parties to this controversy seem to be missing.

And, sadly, I've also uncovered at least two new serious security risks at the White House. Read on.

Executive summary

At 5,473 words, this Special Report is insanely long. In order for you to understand the issues completely, I had to make it long. But I'm not cruel. Here's a short summary of the main points:

  • Magistrate Judge Facciola is asking questions about what happened from people who weren't there when whatever happened, happened.
  • The White House claims there are no PCs at the White House older than three years.
  • Old hard drives were destroyed somewhere, but the White House doesn't say where.
  • Portable data storage, available in sizes up to a terabyte, are completely unaccounted for at the White House, and there is no process in place for managing what happens to all that portable data.
  • Lack of management for portable data storage presents a tremendous security risk.
  • We can't be sure exactly what data was preserved when computers were upgraded.
  • The White House claims there's no record of what computer is where.
  • If they don't know where their computers are, how do they know that the ones from 2003-2005 have been destroyed?
  • Not knowing where computers are poses another severe security risk at the White House.

We can easily overcome White House objections:

  • Making forensic copies does take time, but it's not hard at all.
  • Avoid disturbing workers by doing forensic backup work at night.
  • They can probably create forensic copies for well less than Payton claims.

Oh, and after all is said and done, the plaintiffs are probably looking in the wrong place for missing email messages. Go grab yourself a cup of coffee. It's a long read, but it's worth it.