recommended reading

Think Managing Federal Email Records Is Tough? Wait for Records on Snapchat

Andrew McLaughlin, a former deputy U.S. chief technology officer

Andrew McLaughlin, a former deputy U.S. chief technology officer // Flickr user rsepulveda

Once upon a time when federal employees used personal email for government communication, it was easy to call evasion, subterfuge or plain old trickery aimed at avoiding federal records preservation requirements.

When some of President Bush’s political advisers used Republican National Committee accounts -- designated for political-only emails -- to communicate about the firing of U.S. attorneys in 2007, the White House was quick to admit fault, launch an internal investigation and beef up its own email retention policy.

As email and other forms of digital communication have become ubiquitous in Washington and elsewhere, though, it’s become increasingly difficult to stanch the flow of emails leaking between professional and personal accounts.

At the same time, new third party sites and services such as Facebook and Twitter have proliferated, making it difficult and confusing for federal officials to properly store information that should be available for Freedom of Information Act requesters and future historians.

How, for instance, should a federal official handle a text message to a personal cellphone from a friend and coworker that contains mostly personal information but one piece of important business? These questions become harder when it comes to new applications such as SnapChat that are specifically designed to make it difficult to preserve information, said Andrew McLaughlin, a former deputy U.S. chief technology officer .

McLaughlin raised such issues on Tuesday during a House Oversight and Government Reform Committee hearing focused on preventing federal transparency law violations.

Officials at the White House and most federal agencies are allowed to conduct some business on personal email accounts if their work accounts are unavailable but are instructed to forward those emails to a work account so they’re discoverable during FOIA requests. The oversight committee’s ranking member Rep. Elijah Cummings, D-Md., has introduced legislation that would make copying such emails within five days a legal requirement.   

McLaughlin was reprimanded in 2010 when the response to a Freedom of Information Act request revealed he had conducted some White House business on his Gmail account and not forwarded the messages, violating the 1978 Presidential Records Act.

On Tuesday McLaughlin called himself “a poster child for the typical mid-level official who tries to be conscientious [about maintaining federal records] but misses some things.”

He suggested that agencies or lawmakers should create a standard method such as using screenshots for federal employees to transfer information from third party services such as text messages and Facebook posts to FOIA-able government email accounts.

McLaughlin also suggested that during records management training, federal employees should be urged to put language in the signature lines of their personal email and social media accounts urging people to contact them via government email for official business.

If employees are wary of their government accounts being spammed, they could use automated forms that forward information to those accounts but hide the addresses, he said. Many media companies use similar forms.

House Oversight Chairman Darrell Issa, R-Calif., has been pressing for more accountability and traceability of federal workers’ emails since soon after he took over the chairmanship in 2011. Witnesses at Tuesday’s hearing were all Obama administration officials who had also failed to forward records from personal to government email accounts that were later discovered by FOIA requesters or congressional investigators.

In most cases, the officials attributed the failure to poor oversight, long work hours and a deluge of email that sometimes blurs the lines between personal and professional.

Republican committee members lashed out at former Environmental Protection Agency administrator Lisa Jackson over an email exchange with a friend who was also a registered lobbyist and had requested an official meeting with Jackson within the email chain.

Jackson, who asked the friend to send future emails to a personal account, told lawmakers she believed the friend had completed her official business and that the remainder of the email chain would just be old friends chatting. Issa shot back that, by moving the conversation to a personal account, Jackson was effectively giving herself authority, rather than a FOIA officer, to decide where the line lay between a public official talking with a lobbyist and two friends catching up. 

Threatwatch Alert

Network intrusion / Spear-phishing

Researchers: Bank-Targeting Malware Sales Rise in Dark Web Markets

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.