Cloud

IRS Emails Wouldn’t Have Vanished in the Cloud

Archived emails belonging to Lois Lerner, the now retired chief of IRS’ Exempt Organizations Division, as well as six other employees, disappeared as a result of crashed hard drives and overwritten backup tapes, the agency has said.

Archived emails belonging to Lois Lerner, the now retired chief of IRS’ Exempt Organizations Division, as well as six other employees, disappeared as a result of crashed hard drives and overwritten backup tapes, the agency has said. // Lauren Victoria Burke/AP

The Internal Revenue Service likely would not have lost years’ worth of emails critical to ongoing investigations if the agency had been using a cloud-based email system, industry officials say.

Archived emails belonging to Lois Lerner, the now-retired chief of IRS’ Exempt Organizations Division, as well as six other employees, disappeared as a result of crashed hard drives and overwritten backup tapes, the agency has said.

“Clearly, the overall system was not as modern as it should have been,” said Michael Hettinger, senior vice president at TechAmerica, an industry group.

The Obama administration launched its Cloud First Policy in 2011, encouraging agencies to migrate much of their information technology -- including email -- to the cloud. While many agencies have adopted cloud email systems, the tax regulator is not among them.

IRS uses Microsoft Outlook for email, with hundreds of millions of messages stored on servers at three data centers, Leonard Oursler, IRS’ national director for legislative action, said in a letter to the Senate finance committee.

The email servers are backed up daily onto tapes that until May 2013 were stored for six months before rewritten with new data. When investigators last year started asking about the agency giving extra scrutiny to conservative groups seeking tax-exempt status, officials began holding the daily backup tapes indefinitely, at an estimated cost of $200,000 a year, the letter said.

The average IRS employee’s email storage is limited to 500 megabytes, or approximately 6,000 emails. Before 2011, typical IRS accounts only held 1,800 emails. Employees whose inboxes approached the limit were notified to prioritize their emails, either by deleting them or storing them to their own hard drives. No other digital copies were preserved.

The agency said last week Lerner’s hard drive crashed in 2011, resulting in the loss of her archived emails.

Michael Hall, chief information security officer at DriveSavers, a data retrieval company that often works with federal agencies but didn’t work with IRS on this case, isn’t so sure the data is irretrievable. He’d like to see the hard drive, as would Rep. Darrell Issa, R-Calif., chairman of the House Oversight and Government Reform Committee, who Tuesday subpoenaed Lerner’s hard drive and all her storage and mobile devices.

Although it could happen, losing emails in the cloud is “much less likely than data loss due to the overwrite of a tape,” Hall said. “Cloud service providers have serious redundancy in their cloud. A single point of failure will not cause a data loss. It’s still possible, but it’s much less likely. That’s just the reality of that.”

Critics charge the Obama administration is lying, using the antiquated technology as an excuse to avoid turning over damaging records, while Democrats argue that sometimes, a hard drive crash is just a hard drive crash.

“Every equipment failure is not a conspiracy,” said Sen. Sander Levin, D-Mich., after Sen. Mitch McConnell, R-Ky., described the crashed hard drives as “the ‘dog ate my homework’ excuses.”

Whether or not it’s the truth, experts agree the data loss is plausible, and that points to continued reliance on outdated systems, and not just at IRS.

"Obviously, there are agencies in the federal government that still run fairly antiquated email systems and other IT systems," Hettinger said. “It’s an interesting window into how far we still have to go despite all the progress we have made in implementing new technology."

Threatwatch Alert

Network intrusion / Stolen credentials

Catch of the Day comes clean on 2011 breach of customer data

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
// July 23