I Call Shenanigans!
GorT has been in the IT business as a full-time career for over 20 years and in and around computers since 1980. The whole “IRS lost Lerner’s emails” is such a crock of shit that I’m not sure where to start – there are so many avenues that one can take.
Issue 1: FISMA Compliance. Ok, this is where GorT, and the IT industry, starts creeping towards the legal sounding side of things so bear with me. I’m not as sage as ‘Puter is when it comes to citing material but take a gander at this document. It is the Federal Information Security Management Act (FISMA) report that each federal agency is required to complete annually by law. They pay contractors to come in and do external audits based on a wide set of criteria. Because of the sensitivity of the IRS, it is conducted slightly differently but with the same criteria. On page 97, the report includes the following:
Based on our FY 2012 FISMA evaluation, we determined that the IRS’s information security program was compliant with the FISMA requirements and met the level of performance for eight of the 11 program areas as specified by the DHS’s FY 2012 Inspector General FISMA Reporting Metrics. However, we also noted that improvements were needed in the remaining three program areas. We determined that these three program areas did not meet the level of performance specified by the DHS’s FY 2012 Inspector General FISMA Reporting Metrics as a result of specific program attributes that were missing or other conditions that we identified which reduced program effectiveness. The three areas needing improvement are as follows:
Configuration management.
Identity and access management.
Security training.
There is an entire section that is focused on “Contingency Planning” to include things like “Development and documentation of division, component, and IT infrastructure
recovery strategies, plans, and procedures (NIST SP 800‐34)” and “Testing of system‐specific contingency plans” and “The documented business continuity and disaster recovery plans are in place
and can be implemented when necessary (FCD1, NIST SP 800‐34)”. Not one deficiency was identified in that section. This is the area that should have identified a failure to backup email. Something that is required to be backed up and kept as they are official documents (per the IRS Manual section 1.10.3.2):
- Email messages are official documents and should reflect this perspective. Email communications can be offered as evidence in court and can be legally binding. Before sending an email, you must consider how it reflects on the Service’s image and take into account privacy, records management, and security factors.
- The privacy of email cannot be assured and is easily compromised. Messages can be forwarded to unintended recipients (sometimes outside the agency or even outside the government). The public we serve, or the Congress, who may have occasion to see an email message, do not differentiate between employees as individuals and our agency. We are the IRS.
and section 1.10.3.2.3 “Emails as Possible Federal Records” and 1.10.3.2.4 “Emails are subject to FOIA”.
Issue 2: Incompetence. Let’s assume for a second that the emails are truly lost. This means that the IRS is incapable of backing up and storing emails. It also means that the FISMA oversight portion of the IRS has failed to do its job and is incompetent as well. Extending this, one could argue that the government is incompetent at some pretty basic tasks and therefore we should question why we would trust them with Health Care information and probably should worry about the security of our financial records since the FISMA report can’t be accurate.
Having said that, maybe this starts questioning whether the claims of the lost emails are really true. If that is the case then….
Issue 3: Cover up and Collusion. To “lose” these emails would take a fair amount of work involving a number of people. The easiest way is to immediate send in a white hat security team to do some forensics on the systems involved. I’ve been a part of a company that did this. These guys are good and can find a lot of stuff.
I suspect that reality is somewhere between issue 2 and 3 and the government – in particular – the GOP would be well-served to scour this agency hard advocating that the people need to trust their government and we cannot stand for incompetence or corruption within these agencies.
Ask any IT person what they seriously think about this issue, and even if they are a hard and fast democrat, they’ll concede on IT street cred that it’s fishy.
GorT is an eight-foot-tall robot from the 51ˢᵗ Century who routinely time-travels to steal expensive technology from the future and return it to the past for retroinvention. The profits from this pay all the Gormogons’ bills, including subsidizing this website. Some of the products he has introduced from the future include oven mitts, the Guinness widget, Oxy-Clean, and Dr. Pepper. Due to his immense cybernetic brain, GorT is able to produce a post in 0.023 seconds and research it in even less time. Only ’Puter spends less time on research. GorT speaks entirely in zeros and ones, but occasionally throws in a ڭ to annoy the Volgi. He is a massive proponent of science, technology, and energy development, and enjoys nothing more than taking the Czar’s more interesting scientific theories, going into the past, publishing them as his own, and then returning to take credit for them. He is the only Gormogon who is capable of doing math. Possessed of incredible strength, he understands the awesome responsibility that follows and only uses it to hurt people.