"So Called "Lost" White House Emails Are NOT Lost (a note from your friendly, neighborhood IT Guy)"

From Daily Kos:



edit to add - Solo_in_MD disagrees with the Diarist.

I personally don't know diddle about this stuff but thought DU would want to see this Diary.

There are people in the thread of the original Diary at the link who also disagree with the Diarist.

"Solo_in_MD (1000+ posts) Wed Apr-11-07 10:03 PM
Response to Original message
7. I would call the author an idiot, but that would be unfair to idiots, most likely he is a MCSE
He if knew anywhere near what he thinks he knows, he would have realized what he said is just so much crap...the other jump along comments go the same way. Sheesh what fools.

I read but dont post on DKOS. Not sure if its worth the effort to correct the fool."

This is a distinct new scandal/crime, and these 5,000,000 e-mails may not have been kept in the first instance as required by law. This story is still breaking.

MORE: http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=389x649088

but you can't hide 'em.

Just give 'em up you're only making it worse, but hey it's not my image so waddya I care.

How idiotic it is for the WH to make these asinine claims.

knr

and its easy to do.

I am pretty ignorant when it comes to this sort of thing.

Are you saying that those emails are irretrievable?

Its easy enough to set up a server that would have nothing to find, even forensically.

They were conducting White House business with those e-mails. If I am not mistaken, such records are, by law, supposed to be kept in a manner that they might be retrieved if required, and not so that they can be "lost" or "deleted" if someone is trying to hide some information.

I'm waiting for the excuse of, "My computer crashed and I replaced it and all those records are gone, I dunno, in a landfill somewhere." That's my favorite that witnesses come up with.

I think a lot of people are going to look at this ploy as an excuse that sounds a lot like "the dog ate my homework."

I have a server set up like that and if I ever get asked why, my answer will be "sovereign election" (I may have to spell it for them).

If its not an offical server, its should not be used for official business. However, that is the responsibility of the user, not the server operator. The law simply does not apply to private servers.

These emails that are being sought are not private property.

private server to archive emails or keep transaction logs. None, nada, zip.

If a user misuses an email server, its the the fault of the server operator, and they have no requirement to archive, notify etc. Responsibility for misuse lies with the users (which has been admitted by the Whitehouse).

ifan email serveris set up to permanently delete emails, and the emails dubpoenaed by congress are gone it's NOT the fault of the server operator, I mostly agree with you. The problem here is, WH correspondance is required by law to be archived. If the users of this "private server" did so to AVOID complying with the law by sending emails pertaining to WH business, YES it is the fault of the user. The only way I see the server operator fuilty of a crime would be IF he/she knowingly set the server up to delete correspondance KNOWING the reason why, that it was illegal, and did it anyway.

If they purposely used a system that wiped them all out, that proves something about their intent, IMO.

But what about the point that there isn't just one server that email will have passed or bounced through? Couldn't the email be reconstructed from those servers?

From the OP:

"Not only the ISPs themselves but the many servers the emails bounce off of can be used to recover digital messages of any type."

If they purposely used a system that wiped them all out, that proves something about their intent, IMO.

Not necessarily. If it was part of the long term data retention approach for that system, its not destruction of evidence and technically no adverse inference should be drawn in a court.


But what about the point that there isn't just one server that email will have passed or bounced through? Couldn't the email be reconstructed from those servers?

From the OP:

"Not only the ISPs themselves but the many servers the emails bounce off of can be used to recover digital messages of any type."

The OP is clueless about how email actually moves across the internet.


In the Clinton administration, the WH staff was criticized for using Gov IT for political purposes. That is why the parallel system was set up. Official Gov stuff on one, political party stuff on the other. There clearly has been some bleed over. How much, by whom, what was the content is the crux of this matter.

Additionally there is no requirement for a non-Gov server operator to archive anything. Its is the responsibility of the users to use the correct system.

nobody really shot the gas station attendant, right?

No offense, but you are entirely full of horseshit. If it can be proven that the Bush Administration set up "black ops" e-mail servers for the sole purpose of shielding their communications from ever being recovered in the event of prosecution on other criminal charges, then they've engaged in obstruction of justice.

No adverse inference could be drawn in court? Only if the prosecutor is a drooling idiot.

And if it can not, then Solo is correct. There are plenty of legitimate reasons to NOT archive deleted private emails. The number one reason is actually to protect the right to privacy.

Republicans may claim there is no such right, but the courts have correctly disagreed with this absurd claim.

Old Saying: Two people can keep a secret, just so long as one of them is dead.

Those e-mails all went somewhere and to somebody. Lots of somebodies. There are literally hundreds, if not thousands, of recipients out there and somebody kept at least one e-mail. And I would not for a moment rule out a nervous technician who, knowing that he was facilitating a crime, kept a back-up disc as "insurance" against prosecution sometime down the road. And don't forget the Print Button and people who save their e-mails on their hard drive.

But beyond that, you waive the legal right to privacy when you're engaged in a criminal enterprise(that's why the Good Lord invented wiretaps). All a prosecutor has to do is prove that the White House was engaged in criminal activity, and their loving attempts to destroy all the evidence will simply result in a charge of obstruction of justice.

And that was good enough to impeach Nixon.

Apparently it was openly done and well known. The analogy being tossed around is that it is like having a work and personal cell phone.

We are all assuming the RNC workstations were misused, and there are a number of pointers that it was pretty egregious. . The focus is now on what can be recovered and documented in terms of this misuse. That would be at least a Title 44 violations, but its not clear what the penalties for that are. Erasure since the start of the investigation would clearly be obstruction.

There are a number of circumstances where juries are instructed where they can or can not draw adverse inferences from. An example is a defendant not testifying. That they are not supposed to and what they do can often be different things. Generically, if the defendant had a long term policy of not keeping records beyond a certain date, then not having those records is not supposed to be held against them.

But if the defendant is charged pursuant to an ongoing criminal conspiracy (let's say: awarding no-bid federal contracts to political contributors) then proof that they created an e-mail system for the specific purpose of shielding their illegal activity is obstruction of justice. And no matter how much a judge tells a jury to ignore damning evidence, we both know that juries simply don't come down with a case of selective amnesia once they start deliberating.

Private as in private sector, not government and not subject to open records act or Title 44 in this case
Private as in in-house (not and ISP)

My apologies for the confusion on the use of terms

Memories become hazy. Recent meetings and conversations on important topics cannot be recalled. Memos received a few weeks ago have been completely forgotten.

It all kind of fits with the electronic amnesia their servers seem to have suffered. Maybe we could get them one of those free bottles of Focus Factor.

likely you'll catch it.:)

However, you have to assume they had the good sense to do it in the first place. As stupid as Republicans in general and the White House in particular have proven to be over the past six years, I have a feeling we'll be hearing about some unsavory leftovers in a PST file on some poor schmuck's hard drive.

I've been doing IT for a very long time and there will always be folks who save every email. If Waxman can get his hands on the workstations, user's online storage, etc., nasty things shall belch forth.

However I wouldn't even start with the server. I am willing to bet that perhaps not all, but a lot of these emails, could be reconstructed simply by subpoenaing all client devices and using them to make the most complete picture possible. At the same time they can at least check the server or servers.

It is true that a concerted effort to wipe all those emails from both server and client would be obvious as hell. But copping to that would still be better than having all their dirty little secrets come out. Plus they can still spin it as incompetence. Their base seems to have no problem with that.

These guys give sleaze a bad name.

the in-house ones are easy, but beyond that it gets real hard, real fast

Surely all you need to do is find out which machines the RNC gave to administration individuals and take them all. Barring that, all personal laptops of all individuals mentioned in the e-mails released prior to today. If i understand correctly, it just takes one or two "clients" to reconstruct e-mail chains? There must be dozens of these things out there. What do you think it would look like if they had all had a DoD grade wipe recently?

:shrug:

Assuming there is nothing on the server side except a user/account list, you would have to confiscate every piece of IT gear those people had access too, work or personal. That is one helluva net

As for using security software, its quite common and its use is growing. Its also very cheap.

It is only a couple dozen people at the most we are talking about here. I imagine it wouldn't be to difficult to track down the hardware of anyone working for the government for someone with subpoena power.

Not only that but if they are involved in the destruction of evidence we then have individuals being charged. Someone would most likely take a deal. Something tells me that there is NO honor among thieves here.

Even the Blackberries of everyone involved should be taken and checked for evidence by forensic experts. Even the evidence of applications that overwrite individual sectors could be held against anyone who SHOULD have the data but doesn't. At least I would think so, I am no lawyer.

Whatever is done I believe it is not a good idea having the Whitehouse investigating itself.

Certainly all the RNC hardware would okay. All their personal H/W would be a stretch. All of the H/W in their home should be out of reach.

Remember that it is not illegal not to save something, not to keep records, or to keep a disk clean. It is illegal to do that once you have been notified an investigation is underway.

Blackberries really don't hold all that much data, but they are a place to start. From what I understand there won't be much.

There is nothing illegal about using overwriting software. However using it after you have been notified of an investigation would be.

They have admitted to doing a majority of official US Government business on unofficial RNC servers and hardware. So I would think it wouldn't take a lot to track down that hardware. I agree that personal machines are out, at least until we start recovering some of these 'deleted' emails if they exist at all. However I do believe that if we are able to get our hands on a lot of this stuff further investigation would be warranted.

To be fair I did read that there are over 20 principles and something like 50 staffers using RNC servers and hardware to conduct official business. It is getting harder and harder, particularly since they seem to be willing to take the rap for deleting the data rahter than let all those emails to go public.

This is the most unamerican administration in HISTORY. They really do consider the Constitution, the Bill of Rights, not to mention the rule of law, as obstacles. These SOBs really do believe *Bush has dictorial powers. Scary!

NSA records of blackberry transmissions hmmm...
MessageLabs archives.... ( they intercept a lot of e-mail )
The vacuuming/archiving of data at ATT's main hubs... hmmm... do they pre-aggregate the packets?

keywords, what are the keywords to scan for? oh yeah address fields as the first filter...
MTA caches.... Carnivore records...
Echelon... Maybe a brit or austrialian willl spill the beans...

If you had emails and such on a system deliberately rigged to wipe incriminating data, sure, it could be done, but it would be very, very obvious.

Waxman needs to seize the RNC servers and put computer forensics experts to work on them. Either they will recover the emails, or they will prove that the emails were wiped deliberately. Either way, they're fucked.

Let's say the scuttlebutt is true - that the RNC servers have a 30-day retention policy after which email is deleted. That would be legal, with exceptions...

If any particular emails may become of interest to a legal proceeding, then by law it MUST be retained. Very early in a lawsuit, the lawyers for a particular organization will be notifying sysadmins and users, telling them "Retain these emails." The moment you even slightly think an email might be subpoenaed, you legally CANNOT delete it, if you do, you could face criminal penalties. You have to take steps to ensure that email is saved - your hide is on the line.

autodeletion etc must stop. However prior to that, there is no requirement and technically no adverse inference can be drawn from following a data retention policy.

30 deletion is pretty standard, no idea where the gouge on that is coming from. However, that is normally for items on the server. If they were read most likely they were transferred to the workstation and removed from the server.

see, when you write things onto the hard drive, it leaves an image on that hard drive.
even if you delete the file or files incorporated with this imagine they will still remain physically on the hard drive. even if its been over written on the same exact spot.

the fbi has had software and techniques to find deleted things on hard drives for more than a decade(prolly even longer than that).

the only way to try and make sure that date is not recoverable from a HD is to A) physically destroy it or B) take a high power magnet to it .

i suggest the latter since its faster and can be done quicker if you have a magnet handy.

There are NSA approved overwrite techniques that prevent recovery. Software that does that is cheap and in some cases free. If it is running the background as part of disk management, there can be no forensic recovery.

It would seem very difficult to make sure that all the clients are correctly configured, and users trained to leave no trace.

If the access was only via RNC supplied workstations, it would be easy. If it wasn't, it becomes much more problematical.

but I don't think the RNC thought this all the way through in the beginning. Most likely they setup a vanilla server and handed out the laptops/workstations with commonly configured clients. They didn't think that this system would ever come to light so they didn't take that many precautions. And the fact that we do have some emails from the system, like the recovered Ralston email stating that she was using this to avoid WH security problems, indicates that they did not setup the system to make everything irrecoverable. I don't hold any hope out for the server(s) as the hardware is probably sitting at the bottom of a river somewhere, but I think there could be some juicy emails on some of the clients.

Second point, if they did setup a secure system, wouldn't that have to include a VPN? And wouldn't that require the assistance of WH IT to make it accessible on the LAN. I'm not sure, just asking.

I agree but I don't think the RNC thought this all the way through in the beginning. Most likely they setup a vanilla server and handed out the laptops/workstations with commonly configured clients.

You are most likely correct. A lot of this geek stuff I have been posting has been to refute that absolutely things were recoverable. We really don't know how things were set up by the RNC.

Second point, if they did setup a secure system, wouldn't that have to include a VPN?

VPN would just require the opening of ports in the firewall. Not really a big thing. However VPN and related encryption techniques are really aimed at hostile interception more so than deny forensic recovery. It would have been a good thing to do overall, but would have nothing to do with the recovery of deleted data.

if ports were opened, that would make WH IT staff accessories to the crime(s). That's who we really need to hear from and if there was evidence of that then I'm sure the committees would like to hear from them as well.

so I am not sure you can reasonable hold the IT staff accountable as accessories.

comply with other Federal rules? If so, please enlighten me.

It would seem to me that the WH IT staff would be the ones that would have to be trained into archiving for official, WH email, according to the requirements. I would also think that the IT staff would notice that each employee in the west wing had two workstations. I think there's someone on WH IT staff that could shed a lot of light on the situation and that's who I'm hoping gets subpoenaed next. :toast:

The parallel system was put in so that would not happen. Sort of like having a work and personal cell phone. Clearly there was some bleed over. What, how much, was it an intentional bypass of the required archiving and such are all key issues here. Hopefully there will be enough data left to settle them, but I am not hopeful. The older items are most likely lost forever.

I have read references here and elsewhere about multiple workstations at people desks. Its not like I have been in the west wing and checked personally. Saw some of that discussion today IIRC. Something to the effect of Rove doing 90% on his RNC machine and others sliding smoothly between the two.

to the West Wing. And now that you mention, I do remember reading about Clinton's party usage of the WH email ssytem.

But it appears a lot more details are coming out right now. I guess we'll have to wait and see what treasures are unearthed.

Thanks again for the dialogue.

computers and who knows where else in between. I asked a computer geek about erasing things on my computer and he said they can run a program that erases it 7 times but in the end the information can be retrieved. It is just more difficult.

sender and receivers workstations. The servers will most likely have deleted them long ago.

Current thinking is it is quite possible to make data not recoverable forensically.

Are you saying that those emails are irretrievable?

As a caveat I don't know anything about GWB43.com's email system other than what's available through whois and dig (*cough cough* and nmap *cough*)

That said, if they had a faulty backup strategy, and the originals were deleted, then, yes, the emails (or most of them) are probably irretrievable, particularly if they are old.

I doubt it.

If any were scrubbed since the investigation began, its a no brainer for contempt or obstruction. Prior its more dicey.

What security measures and data retention policies if any were being used have not been disclosed. There has been some speculation about 30 day auto delete.

serious Federal Regs by providing a non-monitored channel and would put preventive measures in place.

But..ya never know.

Will make for great theater.

and its existence was known and acknowledged. The key issue is the level of misuse, which is why all the noise about recovering the emails.

You are quite right about it leading to some great theater.

Be interesting to have the details filled in. As some one else pointed out, this is turning into grand theater

and you never really "delete" anything, eventhough the software you are using has that option.

Moral of the story: don't put anything on a computer you don't want hanging around for forever. :evilgrin:

There are also firms that specialize in recovering data from "destroyed" hard drives. So I don't tell me it can't be done.

A server can be set up to not keep logs or archives and delete files with nonrecoverable wiping including end of sector, swap, and free space. Similar configuration options are available for workstations. All off the shelf and at low cost. Its also quite legal and not cosidered evidence tampering or contempt.

We have to keep process documents, email, data center doors secure, etc., all from the Sarbanes Oxley Act. Now, if you are a private group like the RNC, I don't think any law applies on them keeping backups of servers.

If somebody can find that answer out you'll know if the emails are there or not.

It applies to financial data of publicly traded companies and only to the data required to support audits. Most commercial companies treat that as every email sent for ease of compliance. I do not see how it is applicable here.

Just wondering whether Sarbanes-Oxley applies to them.

If you did set up such a system, how would you recover data in case of failure? Are you seriously telling me that the White House e-mail system would be set up without any disaster recovery system in place?

The non-cognoscenti here (including yourself) have been claiming that it should easy to retrieve everything, which is utter nonsense.

If a system was set intentionally set up to resist forensic discovery, it would still be quite functional. Its seems clear to me that you do not understand some to the key principles on how this is done. However it is quite doable.

There is nothing substantiated about how the RNC servers were set up, so no one here knows what should be recoverable or not. However blanket pronouncements that everything is recoverable by you and others are specious.

and it shows obstruction of justice

K&R

He if knew anywhere near what he thinks he knows, he would have realized what he said is just so much crap...the other jump along comments go the same way. Sheesh what fools.

I read but dont post on DKOS. Not sure if its worth the effort to correct the fool.

stick in the OP to counter the Diary, let me know quick and I'll add it.

1) There is no legal requirement to keep backups,save copies of emails or even to do backups.

2) The posters technical terms used indicate a Window orientation. Only the lazy or fools use Microsoft products as a mail server. If what I read was correct, the RNC servers were *nix boxes.

3) The keeping of server logs or connection logs is totally optional.

4) Disk management software continuously packs and optimizes disk space. There are options to do EOS, swap, and free space security wipes as part of that activity.

5) The best backup for this kind of system is a RAID array with a system image without data in case of catastrophic failure

I have built and run servers that do all of the above. There are similar approaches for workstations. I'm old school, I am sure a young whiz kid could build one tighter. Check out the Jetico line of products and see what is available for low cost.

That it is easily possible does not mean that it was done, but to claim it is impossible is silly.

There’s a whole chapter in the Federal Code about this:

http://www.archives.gov/about/laws/presidential-records.html

(2) The term "Presidential records" means documentary materials, or any reasonably segregable portion thereof, created or received by the President, his immediate staff, or a unit or individual of the Executive Office of the President whose function is to advise and assist the President, in the course of conducting activities which relate to or have an effect upon the carrying out of the constitutional, statutory, or other official or ceremonial duties of the President. Such term--

(A) includes any documentary materials relating to the political activities of the President or members of his staff, but only if such activities relate to or have a direct effect upon the carrying out of constitutional, statutory, or other official or ceremonial duties of the President; but

(B) does not include any documentary materials that are (i) official records of an agency (as defined in section 552(e) of title 5, United States Code; (ii) personal records; (iii) stocks of publications and stationery; or (iv) extra copies of documents produced only for convenience of reference, when such copies are clearly so identified.

The RNC network (servers, workstations etc) have no requirement to preserve anything any more than Google or Comcast under Title 44. The onus is on users. They are the responsible party here, and it looks like the WH has admitted that the rules were not clearly understood by everyone (yeah, right).

Don't forget that there is other Federal rules that say you can't use Federal IT for political purposes. IIRC, the Clinton WH was accused of this, and this is why the parallel system was put it. Was it misused? Certainly. The key issue is how much and why, and its clear there will never be an uncontested answer on that.

This analogy was given to me earlier today and it makes some sense. Consider that you two have cell phones, one for work, one personal. There is going to be some bi-directional bleed over. Small amounts are tolerable and to be expected. Large amount require corrective action and maybe even punishment.

I am still looking for definitive penalties associated with violation of Title 44, whether its civil or legal, and what the grades of violation would be, and any requirements for intent. Right now it looks a lot like other areas where there is no real penalties other than being told not to do that again.

The full text of Title 44 is here: http://www.access.gpo.gov/uscode/title44/title44.html

If the White House gets into court or an impeachment trial, it most likely not be caused by their violation of the Presidential Records Act. But their willingness to knowingly violate the Act to the point where it is effectively useless should have legal ramifications on how ANY court would view their arguments on any other grounds, especially if executive privilege is the claim.

You must know this.

A number of posters clearly have a misunderstanding of the technology and the law.

On the technical side I am pointing out that is is quite possible to have intentionally secure a system against forensic recovery. However, its not known if this was done by the RNC. Even if it wasn't, the older the data, the less likely it can be recovered. Thats just the way it works.

On the legal side, some seem to think that official WH emails have some sort of magic flag that every computer can recognize that they fall under Title 44 and must be preserved, which is not true. The law and implementation instructions are clear. The user is supposed to do official WH business on the WH system which has all the archiving stuff implemented. If official stuff was done outside of the official systems it is the users responsibility, not the systems they used. Any punitive actions can only be taken against the user.

My personal opinion is that the parallel system was set up to comply with other Federal rules and that there was clearly some bleed over. How much, by whom, and intent are yet to be determined. However finding those answers is far from assured. We need to get competent independent pros in there to make and assessment, and that clearly is not happening.

Redacted versions of these emails were just recently delivered to the committee. Now they can't find any unredacted copies and all of them are inadvertently lost?

Are you sure you want go this route? Is this the story now?

First you said there was nothing in the law that says they had to keep this stuff.

Then you said that there was no criminal penalty for breaking the law that says they must keep this stuff.

Now you say it is an accident that this stuff is lost.

Pick a story and try to stick to it.

They are OBSTRUCTING JUSTICE, and it can be easily shown that they had to willfully and intentionally break the law to do it, and this can carry some jail time in some circumstances.

RIGHT?????

Do you have a misunderstanding of the facts here, or you trying to fool people?

I said that there was nothing that required the RNC to archive emails that flowed through their system.

I have said it is the responsibility of the users to use the correct system. Clearly this was not happening.

I have pointed out the the people claiming that all the old emails were recoverable are wrong.

I have said that I have not found any penalties associated with violation of Title 44, asked if anyone else had found them. There may well not be any. It may also be a civil not criminal matter. I really don't know.

I don't recall having said anything was accidentally lost. What I said was that I believe there was bleed over between the parallel, but that it is not clear we will every know how much, by whom, and its content.


I am fairly confident there is obstruction going on. Whether it reaches the level of contempt of Congress or is otherwise punishable is unclear. Right now there is insufficient data available to the public to say.

That has always been my position on this.

Not the Patriot Act as I stated above(Sorry, the law that passed to make Exec's accountable)(I can't remember ARGH!)

(on edit) I remember now, the Sarbanes Oxley Act....dur...

It has all kinds of provisions about document retention (private and public companies). People don't realize this, but a lot of requirements were thrown at companies; small, medium and large. For example, we must be CALEA compliant by April 18th. (If you don't know what Calea means, just understand that now all phone providers must be able to no only provide accounting records but content (I.E. your live VoIP conversation)). If you are not also aware, the majority of VoIP Voicemail systems store messages as yes, email. (.wav file)

Also companies are required to save email, process documents, procedures, all kinds of bullshit. (Guy came out to make sure our Data Center was Secure because of Sarbanes Oxley :eyes: )

So, the question posed is the RNC some kind of non-profit organization/company that these provisions in the act apply to? I don't know...

its one of the things I first considered

I'm not a Sarbanes Oxley person (we have a small crew who's only job is SOX compliance)

I went the the Sarbanes Oxley forums trying to dig for more info, I'm not sure what if any parts apply to the RNC..

and then only to the data required to support audits. Most commercial companies treat that as every email sent for ease of compliance. I do not see how it is applicable here.

Sarbanes-Oxley Act (SOA, Sox)

Enacted by the U.S. government in 2002 in response to corporate financial scandals, Sarbanes-Oxley Act (SOA, Sox) applies to all publicly held companies in the United States that have more than $75 million equity market capitalization and that report quarterly to the Securities and Exchange Commission (SEC).

It covers financial reporting to the SEC, auditing practices and associated document retention. By holding CEOs and CFOs directly responsible for the accuracy of financial reports, this act has had a major effect on U.S. corporations and has already sent one executive to jail. The intent is to preserve all records of business dealings and financial audits for long enough to allow detailed investigations of questionable business activities.

The company must save all documentation used to create financial reports and audits.

Sarbanes-Oxley defines documentation as:

* relevant records such as workpapers;
* documents that form the basis of an audit or review;
* memoranda;
* correspondence;
* communications;
* other documents and records (including electronic records) that are created, sent, or received in connection with an audit or review and contain conclusions, opinions, analyses, or financial data relating to such an audit or review.

The law requires risk assessment, either across the entire company, or by a summation of narrower risk assessments on individual transactions and operations within the company. Storage risk assessment is part of the overall requirement.

The document retention period is seven years and recovery time is limited to a very few days following a federal request. Because of the legal importance of these documents, Write-Once-Read-Many (WORM) magnetic disk storage should be considered. Security is vital to protect against malicious use of this gold mine of company information.

Lets face it Abrahamhoff was all about Money and companies and the RNC is all about MONEy from Corporations
Cunningham was all about dummy corps funneling MONEY

Money is traceable if the emails went to Corporations with Sarbanes Oxly and I'm sure they know which ones then that RNC server might be involved

Everything is connected in the Network
and I find it hard to believe a Terrorist could have it so easy to hide damaging emails

Homeland Security and the Defense have their ways

Unless Solo you work at the highest security check points in our nation you have to admit you don't know what technology is available to the US maybe Leahy knows better

... he's in never-never-land. It'd be a bit like reassembling a coral reef from the sand on a beach. (Maybe not quite that extreme.) OTOH, if some MX administrator has a warehouse full of streaming backup tapes for some bizarre reason, it'd be verrrry interesting. (I wonder whether the NSA might have a skunk works.)

All this time and effort they've spent insiting that they must record and tape everything everybody's doing, prying into our private lives .... it would be just too delicious if NSA recorded the WH too!

:rofl:

Never ran across an IT guy more useless than an MCSE

They're so used to saying & doing what ever they please & no one (media or congress) calls their hand on it.

Well, in the words of Nancy, "there's a new sheriff in town!"

Let the accountability begin! Along w/the data recovery!
:woohoo:

And sent to Keith :evilgrin:

I want criminals tracked and their emails read,
dammit!

DHS finds your email and loses Bushcos.

I posted the same thing in KPete's thread just 2 minutes before you posted this one. We are on it dude! There's an interesting discussion in the comments of the DKos thread...some of the IT people are saying emails could easily disappear...others are saying, nope, not so. It'll be interesting to see what happens. Personally, I think Schumer & Leahy already have them. :D

with IT experts to prove that? Any ideas on how they get it? I believe you. How can it be spread it and educate non-IT people? It's one lie that can be fought - easily? First of all, have to find out if they said lost, but meant destroyed - the expensive way? Maybe they'll tell us that those laptops were the ones reported stolen?

The * that couldn't figure out that internet has no plural. The even better thing could be that the reconstruction will have dates to show how much contempt there really was.

This group has been so good at setting up "outs" in advance of situations I'm ready to believe they had someone capable of truly deleting this info in their pocket.

the Judiciary Committee and Congress immediately issue subpoenas for all the WH and RNC servers. I mentioned that I used to work for a large software company that was being investigated by the Justice Dept. and it would have been considered a crime to destroy any evidence requested and also that it was nearly impossible to actually eliminate all copies and that with proper investigation, they could not only be located, but any effort to delete or eliminate them would be able to be detected.

leave records. It has to be done upfront and by design. Using such a system is not considered destruction of evidence or contempt since the records are never kept.

Such systems tend to annoy the subpeona holders, but like a TOR node, are perfectly legal

And in psycho-paranoid mode I do all my DNS lookups through it. I think the performance is too slow to be practical for an office full of naive users, though.

Another really cool trick is private wireless cutouts. Its a trick some of my students told me about. Data comes in from one ISP, it goes through a wireless access point to another computer and then out via another bandwidth provider. Absolutely untraceable depending on type and antenna, surprisingly long range as well.

I'm thinking they they were not planning too carefully. I'm thinking they were not thinking of getting caught. I'm thinking hubris. I'm thinking its going to bite them squarely on the ass.

Unless they zeroed out all of their drives.

clean domain registrations make sense

Who is to say that hasn't already happened? This guy is assuming that these Whitehouse emails are travelling over they same network servers ours do and in an unencrypted form. He also assumes that there was NOT a concerted effort to destroy those emails.

He assumes much.

"It's all part of a growing ongoing investigation into corruption in defense and intelligence contracts, which already has sent former Rep. Randy “Duke” Cunningham to prison and, legal sources say, may threaten others in Congress and the CIA."

http://www.msnbc.msn.com/id/12634250/

...in CIA and Congress, eh ? It's STILL obstruction of justice and the trail is still hot.

The careerists versus the political hacks, for example. Gues which bunch has the greater technical expertise...

already have the damning emails. They're baiting these thugs big time and are on the verge of pouncing. A girl can dream, right? :D

And I think you might be right. There are no doubt a lot of people lining up to leak, for a variety of reasons ranging from patriotism to revenge, and a lot of stuff to be leaked.

Interesting times. This is probly what Watergate would have been like if we had had the net back then.

Ptech (wikipedia)
http://en.wikipedia.org/wiki/Ptech

Dollars of terror (I know, the source is a conservative link, but the info is damning to Bushco !)
http://www.frontpagemag.com/Articles/ReadArticle.asp?ID=17730

"Ptech is used primarily to develop enterprise blueprints at the highest level of US government and corporate infrastructure. These blueprints hold every important functional, operational, and technical detail of the enterprise. A secondary use of this powerful tool is to build other smart tools in a short period of time. Ptech’s clients in 2001 included the Department of Justice, the Department of Energy, Customs, Air Force, the White House, the FAA, IBM, Sysco, Aetna, and Motorola, to name just a few. "

Ptech, now GoAgile, is STILL inside the WH et al. This is the smoking gun.

...and they are holding on to them for political leverage. You don't just give stuff like that away to whomever wants it.

http://wipe.sourceforge.net/
http://www.jetico.com/
http://sourceforge.net/projects/srm/

Don't know if any of those work on Windows; NTFS itself in my experience is pretty good at wiping files away (d'oh!)

But at the risk of beating a dead horse, if they were actually concerned about security and not just incompetent boobs, they would have encrypted their damn emails, something it still astounds me that nobody does.

Ive heard claims by some here that using wiping software or not keeping everything is proof of criminal intent...if that so I am going to be in jail for a very long time.

he's giving us another view from where Republicans are coming from and thats good to know

I bet NSA has copies of them. Perhaps all of this surveillance network might have some use after all.

Any involvement in this ? Whatcha think ? There's one connection the GOP doesn't want anyone to find out about.

Sweet mysteries of life in the fast lane. Some times things just get away from you and all you see is the World spinning round and round and now way to stop.

""Ptech is used primarily to develop enterprise blueprints at the highest level of US government and corporate infrastructure. These blueprints hold every important functional, operational, and technical detail of the enterprise. A secondary use of this powerful tool is to build other smart tools in a short period of time. Ptech’s clients in 2001 included the Department of Justice, the Department of Energy, Customs, Air Force, the White House, the FAA, IBM, Sysco, Aetna, and Motorola, to name just a few.""

from Rachel Ehrenfeld's Dollars of Terror (article on the web)

What do you make of this Saudi company's access in DOJ, DOE (nuk-u-lar), AF, WH, FAA (9-11, anyone ?).

I guess few were listening.


ARE WE HAVING FUN YET?

a conservative website ! The info is enough to impeach. The CIA/GOP moneylines are the key to this whole obstruction of justice thing. Why else would CIA and GOP be soooo desperate right now ? Lots to cover up and too little time. Leads to even more clumsy efforts to obstruct and more trails to follow.

may I have some more butter on my popcorn, please?

not very nefarious....

Sorry, I can't quit this, it has always cracked me up!

It was specifically a system not managed by WH IT. That's why they used it. Because it wasn't spec'd out for the level of retention required by law for WH communications, it's not designed to archive transported messages. And if archives and backups weren't made to those specs, then you might as well be reading from /dev/null

It's common in certain types of businesses to make things disappear on purpose. The reason why this happens is so there is nothing that can be subpoenaed. These company's will encourage deleting messages. They will also not keep tape backups older than a month. You can't hand over something that doesn't exist.

that could be subpeonaed. There are similar approaches for the workstations as well. Literally no backups requried. See post #37 for a more technical description. Easy, legal, off the shelf, and immune to forensic reconstruction

I used to admin an Exchange server that deleted messages after 90 days to conserve disk space. Unless someone deliberately archived the messages onto their own computer, they would be lost at that time. Some people have pointed out that files never really get deleted, which is true, but it ignores the reality that email servers are high-transaction systems (especially if they receive a lot of spam). A deleted block will get overwritten fairly quickly, and numerous overwrites will happen over a period of months.

Despite the mythology, data clusters can only be recovered if they've been overwritten once or twice. Complete files can be reconstructed if they're overwritten a few more than that, but I haven't seen an email server in 10+ years that stores messages as discreet files on the server. When a message is "deleted", it's simply the clusters being released from within a larger mail database file. Those clusters will be reassigned to a new entry once a new message comes in, and the old message data will be overwritten.

And the info about intermediary servers on the Internet storing the messages is just garbage. Unless an upstream provider has SPECIFICALLY configured their network to capture email traffic, nothing is logged. What he's claiming might have been true in 1993, but nowadays there is too much email on the Internet for anyone to even think about logging all of it. Unless the connections are being specifically monitored (which is typically only done during anactive criminal investigation), the only way to read an email is to pull it from either the transmitting or destination servers. If the email server was set up as a secure system, with certificate authentication, even a deliberate intercept won't work. You'll capture the messages, but they'll be undecryptable garbage.

but I haven't seen an email server in 10+ years that stores messages as discreet files on the server.

Funny, I seem to run across a lot of them. :)

But then again if you want those to deliver the performance they're capable of, you'll use a lazy-writing filesystem like JFS or XFS, or for that matter keep the spool in memory explicitly and trust your swap manager to be faster than your filesystem (that sounds counterintuitive but with good disks it works well).

That's odd. I was just talking to a guy a couple months ago, and he admins a Sendmail cluster with a MySQL based message storage system. I haven't touched SendMail in about 7 years, so I just assumed that the program had finally gone in that direction. Does it still store the messages in the users home directory?

As for the other two, those are old programs that aren't widely installed anymore. There may still be quite a few legacy installations out there, but no sysadmin who deserves his job would suggest either Courier-MTA or Postfix for any kind of serious business email server today.

Postfix is newer and for most purposes "better" than sendmail (it's billed as "Sendmail's replacement"). Courier is a groupware suite; closer in capabilities to Exchange (which the exception that it actually works as advertised).

I have a cluster that transports about 4 million emails in a given day; it uses postfix to filter and transport, and goes to courier.

"holes" in the data.

Wouldn't/couldn't he have initiated legal pursuits of email systems data? I'd find it hard to believe he was unaware of the RNC parallel system, given the numbers of persons in the WH he interviewed.

Lots and lots of stuff is lost forever. Our data systems are like our financial systems: we have a lot more floating around in electrons than we have physical capacity to instantiate if need be.

I deal with lots of mail servers. Lots and lots of them. I don't know a single one that actually logs the contents of a transported email, only the routing information. So, it probably is possible to find who sent an email to whom when (those logs can be and generally are retained for a while), but recovering the body of a year-old deleted email off of a large groupware cluster (particularly if it is configured *not* to retain mail) is a non-starter.

If they're using a real mail transport agent (say, Postfix) the message never even made it on to disk unless there was very heavy queuing going on (and if they're using a real file system (say, JFS) and a real disk (say, one with a gig or so of write-ahead cache) stuff gets physically written to disk only rarely.

This image people have that everything you say and do on a computer getting recorded is just a CSI plot twist; a computer generates orders of magnitude more data than it can store in an hour of use.

Public-key encryption is easy to use. There are free software suites available that implement it. Before anybody would go to the expense of zeroing out hard drives, I think they would have just downloaded GPG or OpenPGP; it would take longer for a supercomputer to crack than *co still has in office.

During which time the press and Congress don't know what's in the email. It's a very good way to delay and a very very good way at preventing unauthorized leaks. And if I were running a criminal enterprise out of the White House on a secondary mail system the first thing I would say is, "everyone generates a PGP key right this second, and nobody uses the RNC email system without encryption".

That said there is no reason not to be using it. There are plugins for every significant client out there.

its been proven so many times
look at the page scandal how he used messenger

I thought they had a desperate and 'reasonable' need to keep a record of all our emails?

Actually storing the bodies of all the emails transported just through the MAE routers would require literally terabytes of storage per minute (not to mention a faster TCP parsing suite than is currently known to exist). That's not only billions of dollars per month in disk space needing to be added, it's more energy to spin the drives than is produced on earth and probably enough heat to boil our atmosphere away (though it would explain global warming, I suppose). At a national level, conceivably one could log routing and protocol information for all traffic, but even that is a big stretch.

Remember, a snoop on a gateway won't see "email" or "web request" or "streaming video"; he'll see either fragmented IP datagrams or datalink frames (depending on at what point in the stack he inserts his snooping device). These datagrams or frames will have to be assembled into TCP or UDP streams in real time (or the storage problem mentioned above hits you), somehow sorted and parsed, and stored. And all it takes to foil him is a free encryption plugin to your mail client or web browser.

It just doesn't seem like something the NSA would waste a whole lot of time trying.

Under Bush/Cheney their snooping powers have greatly expanded. Is it possible to hold a super secret organization even remotely accountable? Me thinks not.

There simply isn't enough disk storage in the world to store even a fraction of all the data that passes through routers, and even if there were there isn't enough energy inthe world to spin all the hard drives it would take.

The impracticality of storing and searching the ming-bogglingly huge amount of data that is transported over the Internet every day is still one of the best guards against random snooping.

that are directly related to this criminal conspiracy.

If any DUer or visitor wants to invest their time to go over what these folks took their time and effort to compile here are the links:

L Coyote "Email-Gate Facts:..."
http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=389x523978

Fridays Child "...Karls girls"
http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=389x548152

Usually, email is not high priority on the Internet and it often gets spooled(delayed) due to other higher priority traffic. It could theoretically be found if the data hadn't been deleted and overwritten.

few of the emails in question were sent to Abramoff. I'm willing to accept that emails amoung the people only using the RNC servers could be wiped clean because you have both the sender and the receiver on the same server, but the emails to Jack Abramoff would HAVE to go outside that small world. I don't know about ALL ISP'S and what their retention programs are, but I recently readthat Googlefor instance hasevery bit of datathey've ever handled retained. The article I read was actually talking about snooping and identity theft and many other servers retain data for 2, 3, 4, and 5 years.

I'm sure no expert in IT, as far as I know, once data of any kindgoes out of ONE network(the RNC), the information is retained somewhere and most likely many places. Since Abramoff is "helping" in order to lessen his sentence, I can see HIS computer just might be a great place to start!

Rove and company are just trying to make Waxman's work difficult, hoping to delay the process.

They will be caught eventually.

The good part is that their communications system is at least partially paralyzed, which limits their ability to coordinate.

In War, one of the first targets is the enemy commo.

Why do republicons hate the truth?

How could they be? They used laptops, blackberry's, home computers, cell phones, work stations, servers and so on. They can't delete them all. They can't have wiped or destroyed every hard drive.

I know all our servers get backed up. The Full back up's are kept for years and the incremental back ups are re-used every two weeks or so.

I would consider it bull crap if they stand by this "oops". Time to subpoena the tapes!

Dapper

Emails are constantly coming and going.

You can run a backup and an hour later there were hundreds of emails sent and recieved and the backup is now not up to date anymore.

form. Each server it has to travel through simply makes a copy, so there are as many copies as there are servers involved in the transportation of these little boogers.

Thank you, Al Gore!

You can be sure that this unsecured "back channel" has already been exploited by foreign intelligence.

With the proper request, these agencies could provide us with a complete collection.

Now tell me again what Sandy Berger did that was so terrible?

Late night reading for Putin!

I'm not an expert but I worked somewhere where the email system's backups were put under subpoena and a bunch of backup tapes were taken so the emails could be read.

Its easy to insure that the emails are purged from the server when its moved to the workstation. From there the disk space is reused. To "backup" that kind of server you use a raid array. You have a system image (without data) in case of a catastrophic failure. Its really not that hard to make it impossible to recover things.

yahoo or myspace.

which part do you think is a 'myth'? That it is difficult to completely destroy data from a server? Or that the Whitehouse 'owns' the server and therefore can 'do what they want'?

Your post makes little sense.

who can set them up any way they want. They can not destroy data once they know an investigation is underway, and that includes stopping anything preplanned destruction of archives.

Its easy to make electronic data disappear from a server and have it not be retrievable, even with computer forensics.

Well, partially wrong about one. Yes the RNC can legally do what they want with their servers, however any official emails are still ruled by the Presidential Records Act and if they've been destroyed that is a clear violation.

Second, it is NOT 'easy' to completely destroy computer data - a person would have to make a very deliberate effort to do so.

The onus on preservation falls on the users not the non-government server operators. Substitute Comcast, Cox, etc. for RNC If items that should be preserved were sent via their servers would they would not have to keep them. Same with the RNC. Its the users responsibility, not the carriers.

Its is quite easy to insure non recovery of removed data on a routine basis with little to no user interaction on either server or workstations. Its off the shelf, inexpensive, and easy to implement. Yes it would be deliberate part of the system design, but its quite legal.

You'd think they know this but perhaps they don't. As someone who works in the tech industry too, I mistakingly assume that stuff like this is common knowledge.

On the other hand maybe subpoenaing entire WH servers isn't politically feasible at this point?

Which is why I'm not getting too excited about it.

I would prefer that an outside source should take responsibility for recovering lost data and that the contracter be responsible to either Congress or the FBI.

The White House should be treated as a crime scene.

People talking tech from the outside might as well be holding a megaphone out their asses

Recovering deleted e-mails is no big deal at all.

Because if it was, you would know better than to make statements like that

Recovering "deleted" e-mails is not a huge undertaking. I know because I've had to do it. There's an entire industry of vendors that does just this kind of work, and I get calls from the every day and use them every day.

So, please do not insult me with your high and mighty IT references. Thank you very much.

Yes people use recovery services and tools. However, they only work under restricted circumstances. In an environment designed to prevent recovery, they are useless.

You would do well to understand the concepts and implementations in your "career field" before you make such blanket declarations about the ease of recovering deleted data.

"There are no absolutes in the IT world."

Follow your own advice, Solo is correct.. Recovering emails is not necessarily trivial, and in most cases isnt, it largely depends on the email system in place. In truly secure setups they are encrypted on the server store (if one exists) and cant be read without the correct keys..

Keep believing what you write at your own peril.

Most server systems have some sort of backups somewhere. Data is written to multiple server simultaneously in order to prevent loss. Also, data is backed up to tape. It's never going to be one single server without any sort of backup.

reconstruction and subpoena, something I have already done. Short summary:

- Level 5 RAID Array on the server
- System Image without data in case of catastrophe
- Disk management software running continuous doing EOS, Swap/Temp, and Free space overwriting.

Very high integrity, all off the shelf, low cost.


There is no evidence that this is how the RNC servers are configured. However to do the above is legal and achievable even by lesser skilled admins.

If you tell your clients that their data can be safely destroyed without it being recovered, even partially, then you are giving advice to your clients which may result in them losing a major case or even face imprisonment.

There are no absolutes in the IT world.

newbies with think they know it all and will offer grand pronouncements which many of us find amusing.

Look, if this is your career field, you need to buckle down and start learning the fundamentals of your craft, because the only thing you have shown so far is that you really don't know much at all. Learn the basics of the technology, including H/W. That includes cooling, physical interconnection, cooling, and pinouts. Learn how the different OSes work. There are some very different paradigms. Understand how file systems work both logically and physically. Otherwise you too can and will be replaced by a very small shell script (http://www.thinkgeek.com/tshirts/frustrations/374d/)

Message removed by moderator. Click here to review the message board rules.

all he did was give you advice and in a non-condesending tone, if you ask me. Solo has stated nothing but facts upstream and simply contradicted you with true statements...and then even offered you advice as to how to NOT sound like a newbie. I am sorry, but Solo didn't do a damned thing wrong here. There are things you obviously don't know about...and speaking about them makes you seem like you aren't really very knowledgeable about anything (which you very well may be).

Calm down...

sP

He directly challenged me and my intelligence. He didn't have to do that, and I responded to him with a "Fuck You". Deal with it.

looked to me like he was trying to help you not sound like a newb by telling you not to make such grand statements about something that isn't true...I guess we all see things through the lenses we wear...

sP

Again, you begin your post with an insult, and then get mad at me when I fire back at you. Also, I work and manage people in the data recovery field for legal purposes. I cannot get into more detail on this board since I am typing from work.

Let me assure you, data, or even fragments of data, can be recovered from most if not all e-mail systems in some form or another.

I told you what I thought I read. I don't know why you are so angry. There are ways to prevent data from being recovered. It is neither expensive nor difficult to achieve that end. Solo contradicted a statement of yours about that and suggested some things to help you sound more like you knew what you were talking about by not making absolute statements. I pointed that out. But once again, you make an absolute statement that you cannot back up. Most if not all? I think not (if precautions are taken).

And no, you cannot get any data that I do not want you to have access to. Legal or no...I can stop that very simply...and I bet Solo_in_MD could as well.

sP

"Is that ink dry on your MCSE?"

That wasn't condescending?

As for your statement, "And no, you cannot get any data that I do not want you to have access to. Legal or no...I can stop that very simply...and I bet Solo_in_MD could as well."

Okay, would you risk having Child porn on your server? If you say yes, then I won't argue with you any more. I will conceed.

and porn on the servers in our environment is not a problem...but if I wanted to get rid of it I could with little or no problem...I would need a LITTLE notice though ...

sP

Ahhh, and therein begins your problems, advanced notice.

to manage this sort of thing as we really don't have retention issues here. However, there are, as stated before, means by which data can be continuously purged off of systems in such a way that it is not recoverable. Without methods like these security of certain data could NEVER be guaranteed by anyone...gov't or no.

sP

and there are clearly readily available tools and methods to block that.

The hiding/locking of current/operational files is another matter. The concept of the computer erasing itself while the cops breakdown the door is pure Hollywood fantasy. There are ways to hide stuff from a raid (variations of offsite storage) but those are only a delaying action and could easily lead to charges of obstruction. Encryption is not a magic bullet there either since you have to turn over the key when subpoenaed, even in a criminal case.

because none of what you are talking about here was even remotely mentioned by me...perhaps somewhere else?

sP

Don't confuse what you run into as being what skilled pros can do. 99% of users and close to that of sysadmins take the easy road, and that is why we have spam problems, botnets, and things left behind for others to find.

Message removed by moderator. Click here to review the message board rules.

I'm glad you said that. That guy was being VERY condescending. They sounded like they were trying a little too hard to sound knowledgeable to the point of insecurity. Props to you for calling them out on it. :applause:

www.frontpagemag.com/Articles/ReadArticle.asp?ID=17730

Leads to obstruction of justice but also elsewhere. Is there foreign access to the emails etc ? Then start asking more serious questions of a national security nature.

problem is the Attorney general isn't going to do it

The onus is on the President.

The "Decider" doesn't have a choice on this one ! And as my post #118 above shows, even trying to hide emails via the Ptech system in the WhiteHouse and DOJ (and elsewhere...?) doesn't let him off the hook

servers will it leave a legacy out side the main servers?

although I find it EXTREMELY difficult to believe the RNC didn't back up their data regularly and store it off site (as most large organizations do)

:applause:

You have kept your head the entire time in this thread whilst dealing with people who have little concept of what it means to manage a server and the transmission of data across a network. Some folks here that most likely have no idea how a hard drive even operates are making statements that do nothing more than show their ignorance. I applaud your efforts and your desire to communicate facts while maintaining your calm demeanor. I work in a world that understands the efforts (IT efforts, that is) you make...thank you for your level-headed discourse. You're a better man than I, Charlie Brown!

sP

I'm not an IT guy so I have to defer to others. But, like with all conspiracies, the more people involved, the more likely (exponentially likely) that somebody will have a laptop or work station somewhere with all of this shit sitting on its hard drive and forgot about it. Or, maybe somebody who didn't get the plum job they expected from Bushco will turn state's evidence.

brings down the house of cards. . .

OR I could see a Deepthroat II presenting the incriminating emails as part of his/her covert sting of the Bush criminal enterprise. . .in that case, duty, honor, and country are the motives.

Let's hope for either or both scenarios. . .wait and watch. . .


:popcorn: :popcorn: :popcorn: :popcorn: :popcorn:

I won't bother anyone with my credentials, but everything I've seen from Solo_in_MD reads true from my experiences. There certainly are cases where data is still retrievable when all hope was lost, but that's common knowledge and easily exploitable. Those who understand the how and why of this can easily get around that with a little planning and creativity.

Yavin4z: Please, just chill. Have a cookie. If you have can point to specifics we're all interested to read it. But now you're just inviting condescension.

And I won't argue any more. I will be polite and respectful when it's shown to me. When it's not, I will respond in my own way even if that means cursing.

Let me just say this, if you believe that no incriminating evidence/data can ever be recovered from certain server configurations, then you are playing with fire my friend. But, if I'm a newbie, if I am dumbass MCSE, if I'm wrong, and you all are genius ITers, then go right ahead and put whatever you want on your servers legal or not.

I won't argue with you.

I agree with you on this 100%. If you don't know what you are doing just about anything can be recovered from your system in the correct timeframe. But, as pointed out upthread...data can be well destroyed and irrecoverable (or the DOD/NSA/CIA would not have a hard drive in existence).

sP

What matters is that the opposition has to sweat it out, thinking they may not have covered their tracks as well as they might. And the fright could cause them to slip up.

1st:
read solo_in_md's postings he's technically absolutely correct

it's absolutely possible to "loose" emails (or any data) in a way that's forensically un suspicious
If you have an MX record in the DNS system your mails are not stored on any other computer on the net.
For example none of the server i sat up leaves any evidence behind.

BUT:
I've set up a lot of mail servers. (Weather in Solaris or Linux
or even Exchange(to solo: no, i don't have a MCSE) i always added protection against DAUs (Dümmster annzunehmender user, or in english:
DIU: dumbest imaginable user.(or 12 o'clock flashers if you prefer this expression)).
So all my data is always saved regularly. Depending on the amount of users or traffic it's saved
4 times 2 times 1, times an hour, 4 times 2 times 1 times a day , 4,times 2 times one time a week ... (you get the impression). So , if let's say 13 days of emails or an email here and a email there are lost, it's definitely deliberate. While this may not be enough to prosecute * in a court, it should be suspicious enough to have a vote of no confidence like we say here or like you say: "Impeach the bastard".

To solo_in_md: Shouldn't we fire up hydra and install bofu on the RNC servers ? :-,
(ok I'm a coward, all pptp and ipsec connections i have are to client computers, and i don't want my clients to get in trouble, but maybe you have a bot network ?)

PS: skip the welcome messages, i'm here for several years, i just don't post very often.

The email files would come onto the Email server and when the user checked his email, the files would be downloaded to the users PC email software(Outlook) and the email is not kept on the server.

However, there are log files but log files only say where what came from and when, it does not record the contents of the emails.

As far as emails kept on ISPs on the internet in the route from point A to point B, that is pure rubbish. Anyone who knows TCP/IP knows that emails are broken up into packets and the packets take different routes to arrive at the destination.

So in summary, it is not a stretch to conclude that emails are lost.

Dec. 1 (2006) : The Supreme Court ruled Friday that companies must keep all employee e-mails, instant messages and other electronic documents as possible evidence to present in court if necessary. NBC’s Michelle Franzen reports.


New rules make firms track e-mails, IMs
Rules benefit some companies that help businesses track and search

AP Associated Press
Updated: 7:07 p.m. ET Dec 1, 2006

Snip--

Companies and other parties involved in federal litigation must now produce “electronically stored information” as part of discovery, the process by which both sides share evidence before a trial. Federal and state courts have increasingly been requiring the production of such evidence in individual cases, and the new rules clarify that the data will be required in federal lawsuits.

Under the new rules, an information technology employee who routinely copies over a backup computer tape could be committing “virtual shredding” once a lawsuit has been filed, said Alvin F. Lindsay, a partner at Hogan & Hartson LLP and expert on technology and litigation.
Companies still could routinely purge their archives if the data aren’t relevant to cases companies have pending or expect to face, though specific sectors such as financial services remain governed by other data-retention rules.

Company lawyers and information-technology staff will have to work more closely together to ensure that routine erasing of backup data doesn’t pose legal problems, Lindsay said, while also ensuring that lawyers know where their company’s data are stored.

Snip--

http://www.msnbc.msn.com/id/15984058/

So, I think this means that IT departments had to save emails since 12/1/06

Sarbanes-Oxley adds to that for financial data for certain companies.

who works in SOX audit & compliance for a major bank. When I asked him about RNC and SOX he laughed. He says, and he is a guy who people listen to, that SOX applies to financial records for audit purposes. It does NOT apply to emails. He says that banks keep emails for 7 years, but that's under Bank Act (in Canada) and its American analogue.

He says the emails are gone from any competently configured server, but to pay close attention to what is found on workstations, especially laptops.

And yes, he's a lefty, I can hear him learning Pink's Dear Mr. President on the guitar as I type.

and you can delete all of the bits from some of the servers.

But you can't delete all of the bits from all of the servers.


These guys are so fucked.

He's been watching too much TV it sounds like to me. There are lots of other self proclaimed "IT Guys" on that thread that also have no clue what the heck they are talking about. There's just too much bullshit to counter.

Edit: This guy sums it up better than I could: http://www.dailykos.com/comments/2007/4/11/22220/7274/272#c272