Yottabytes: Storage and Disaster Recovery

Jun 18 2014   8:27PM GMT

Hard Drive Crash Takes Out IRS Email — Or Does It?

Sharon Fisher Sharon Fisher Profile: Sharon Fisher


We’ve talked before about “Taking Out the Trash Day.” Well, the White House had a dilly of a trash day last Friday when it announced that the IRS had lost a lot of email associated with the investigation of whether the agency was targeting conservative groups for tax exemption audits.

Lois Lerner, director of exempt organizations for the IRS, has been the point person of the investigation because of its focus in tax-exempt organiztions. Consequently, the Congressional committee performing the investigation wanted to see her email. As it turned out, she had a hard drive crash in 2011 that took out much of the email for the period under investigation and which happened not long after the question of whether the IRS was targeting such organizations first came up.

Naturally, the right wing leapt on this as a deliberate attempt to obfuscate the truth, with a number of people equating it to Rosemary Woods and the Watergate 18-minute gap. But as more of the story came out, it appeared that this was more a case of never attributing to malice what can be explained by incompetence, especially as it developed on Tuesday that hard drive crashes that took out the email affected a number of employees, not just Lerner. (Not to mention other agencies, including the office of the President.)

So here’s an outline of the problem.

1. The IRS gave employees only 500 mb for their Microsoft Outlook mailboxes, which it says is enough to store about 6,000 messages. (Think this is bad? Before July 2011, it was 150 mb.) This works out to about 80,000 characters per message, which seems like a lot, but likely includes headers, copies of previous messages, and so on; perhaps the IRS should have invested in compression or dedupe technology? Incidentally, the IRS has 90,000 employees and a total of 170 terabytes of stored email. While employees could in theory ask for a larger mailbox, they were told that it was not the practice.

“Is this plausible? Unfortunately, yes. I have worked for organizations that used these sorts of restrictions on hard drive space,” writes Megan McArdle in Bloomberg View. “However, it’s also moronic IT policy.”

2. When employees archived their email to get the mailbox sizes below 500 mb, it was, first of all, saved only to their own computers and, second of all, no longer backed up. So the only copies of the archived email were on the employee computers.

3. While backups of mailboxes were performed, the IRS started recycling the tapes after six months. As of May 2013, however, the IRS stopped this.

The upshot is that when Lerner’s hard drive crashed in 2011 — for which the IRS provided contemperaneous documentation (which was really hysterical, by the way) — her archived email, which was the only copy, went with it. The IRS recovered some copies of messages that Lerner had sent to other IRS employees by using their mailboxes and their copies, but that didn’t help recover any messages she sent outside the IRS.

Observers are also pointing out that email messages considered to be official records were supposed to be printed out and placed in a file, and are asking why this wasn’t done in Lerner’s case.

The other interesting aspect of the IRS email system is that the IRS can’t search its entire email system for appropriate records — it has to examine each person’s mailbox and hard drive individually. Plus, even then, it can’t just search for the messages it needs; it has to collect all the email and then select relevant messages from it. This certainly made the whole process a lot more arduous and expensive.

“The only reason it has to waste thousands of man-hours manually searching the hard drives of other employees is that it first decided to waste thousands of man-hours manually deleting e-mails or storing them on local hard drives where they wouldn’t be backed up,” McArdle writes. 

And that’s just the start. House Oversight Committee Chairman Darrell Issa has subpoenaed a huge list of storage devices and messages as well as, essentially, anyone in the government who has ever emailed Lerner about anything.

One expects an RFP for a new email system for the IRS — not to mention a lot more storage — in the near future. “In 2014, every government agency should be storing every e-mail that goes in or out in an easily accessible format,” McArdle writes. “That they weren’t bothering suggests that the IRS does not expect to deliver the kind of accountability that it routinely demands of taxpayers. That’s potentially a much bigger problem than anything Lois Lerner stands accused of — and it should be rectified, government-wide, with all due speed.”

Ironically, the IRS noted that it would have cost $10 million to upgrade its computer systems to save all employee email messages forever. The cost of the investigation so far to track down the existing copies of Lerner’s email? $10 million. “At an agency with an annual IT budget of $1.8 billion,” McArdle writes.

3  Comments on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Tswirka
    Sounds like a cover up to me. It's pretty easy to blame the loss of important files (that might implicate the IRS) on a computer glitch. At worst, the IRS will have to acknowledge their incompetence at backing up files but they've sure thrown wrench into the investigation of the conservative group targeting. And about the hard drive "crash" How much effort was put into retrieving the data? Did they consult a data recovery specialist? Also, $10 million to track down existing copies of the e-mails? Seriously?
    165 pointsBadges:
  • craig1984
    What would happen if I told the IRS "oops, I lost the records" during an audit? I'm curious how this artical would read if everything was the same except the president was Gorge Bush.
    10 pointsBadges:
  • RouxTheDay
    I've been in an environment where no e-mail was ever to be deleted and one in which all e-mails that didn't meet certain criteria were supposed to be deleted at 90 days.  The latter also imposed a limit of 200 MB on server-side storage.  I ended up archiving to my PC (not backed up) or deleting messages almost daily just so I could send/receive e-mails normally.

    eDiscovery, enterprise search, e-mail archiving, and other ancillary systems aren't always cheap to procure, manage, or maintain; but they can really simplify life (and save your job) in the event of an investigation or litigation.

    Do I jump to the conclusion that the IRS is covering things up because e-mails have been "lost" in view of the bad IT policies they had in place?  No.  Do I think the IRS (and all auditable companies) need to do a better job and re-think their risk management strategies?  Oh, yes.
    110 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: