|
Page 4 of 9
Five weeks after the January 20, 2001, inauguration of President George W. Bush, Attorney General Alberto Gonzales informed the White House staff they must preserve their email. "Any email relating to official business … qualifies as a Presidential record" even if received on a personal email account, Gonzales said
Three months later the White House announced a plan to name a White House chief information officer - there had been none during the entire Clinton Presidency - and hired Carlos Solari. A former army officer, Solari had spent the previous six-plus years as a senior executive with the FBI's Criminal IT Investigative Division.
At the White House, Solari's mission was to transform the EOP email system and IT infrastructure into a modern, survivable enterprise serving the White House and its component offices, which include the Council of Economic Advisors and the President's Foreign Intelligence Advisory Board . This overall two-year strategy involved $60 million in federal funds, the reengineering of major business processes and consolidation of systems. Solari also created a system survivability plan for high assurance in crisis conditions.
As part of this major infrastructure upgrade, one of the early challenges was to consolidate many disparate emails systems that were still being used despite the earlier conversion to Lotus Notes, according to a former White House IT manager, who wished to remain anonymous. Then, in 2002, the White House decided to switch from the Lotus Notes email system to a Microsoft Exchange email system. The Bush people had used Exchange during the campaign. "This was where the White House hit a real speed bump," says Bill Tolson, co-author of "Email Archiving for Dummies" book.
The timing of this transition struck some people as strange, however. "There was an email migration during wartime that makes no sense," says David Gewirtz, author of the book "Where Have All the Emails Gone?" and publisher and editor-in-chief of OutlookPower Magazine and DominoPower Magazine. "The White House moved from IBM Lotus Notes to Microsoft Exchange right in the middle of a build-up and prosecution of an invasion. Why would you yank out such a critical command and control system at such a busy time?"
The White House did not respond to CIOZone's requests for interviews to interview staff members familiar with its email system.
Concurrent with the switch to Exchange, Solari first began modifying and then moving off ARMS to a new email archiving system called the Electronic Communications Records Management System (ECRMS). EOP gave Booz Allen Hamilton a contract to begin designing ECRMS in 2002 and awarded Unisys a task order under an existing contract to test and implement the system. In a Feb. 7, 2008, interview of Solari by staff members of the Oversight Committee, the former White House CIO characterized ECRMS as of "high importance."
This migration, started in 2002, was completed in 2004.
In the interim, EOP began an ad hoc process called "journaling" whereby either a White House staffer or a contractor would collect a journal email folder in the Exchange system containing copies of e-mails sent and received by White House employees from the president and vice president on down. After retrieving these copies the staffer or contractor would then manually name them and save them as Personal Storage Tables (PST) files -- which are typically created by users as a secondary data store -- on various White House servers. In the Feb. 7, 2008, interview by Oversight Committee staff, Solari said this was "a short term solution" that was not considered by the White House as a good long-term solution.
It was also a solution fraught with numerous risks, some of which Steven McDevitt spelled out to the Oversight Committee. Among them:
- Incomplete data. The process by which email was being collected and retained was primitive and the risk that the data would be lost was high.
- Data reconciliation. There was no way to guarantee that all records were retained in their complete and unmodified state. (PST files have known tendencies to corrupt when they near their maximum size which is 2 gigabytes for Outlook XP and earlier editions).
- Public Perception. Given the problems missing emails had caused the previous administration, EOP should exert extra caution before making any changes to the email retention process.
- User Accountability. The approach of simply storing email massages in PST files provides no mechanism or audit trail that tracks changes to data files or the activities performed by users or systems administrators.
Under questioning from the Oversight Committee, McDevitt also offered up this remarkable revelation. "The file servers and the file directories used to store the retained email PST files were accessible by everyone on the EOP network."
He explained that this security breach, which was identified and corrected in 2005, would have allowed any White House official to review or tamper with the emails of any other White House official without being detected. Moreover, there was no way to determine if a particular email had been tampered with by anyone on the EOP system, McDevitt said.
In the post 9/11 world, then, when National Security was supposedly at its highest level ever, any of the 2,000 or so users of the EOP network could access any email in the PST files including those to and from the president and vice president at will without leaving behind fingerprints, according to McDevitt.
|
