« previous | MUCK HOME | next »
ABC: White House RNC Emails Should Be Recoverable
OK, so maybe Karl Rove and his aides deleted their emails twice. But did they scrub hard enough?
From Justin over at ABC:
...But “deleted” doesn’t mean what it used to, according to computer forensic experts. Indeed, deleted emails and files, even years-old ones, are recovered all the time.“We do it every day of the week,” said Beryl Howell of Stroz Freidburg LLC, a Washington, D.C.-based firm that specializes in recovering lost data for businesses complying with court orders, criminal investigators and others....
“They look at their backup systems and backup tapes,” Howell said, adding that “with any electronic storage media, you can do forensic recovery and find deleted data.”
Advertisement
Comments (21)
Punchy wrote on April 12, 2007 2:49 PM:Ah...yes. Until we find out next week that "employees were confused about the WH policy on hard drives, and a vast majority of them smashed theirs with hammers and then burned them and then buried them. Therefore, but by no means is this malfeasance, we have no hard drives to look on. So unfortunate."
just wait. Wait until we hear what other additional "steps" were "mistakenly utilized" due to "confusion" that ended up buring this correspondence.
bobh wrote on April 12, 2007 2:50 PM:Something tells me that Karl Rove went to Tennessee to pick up those hard drives.
Would someone put this fucker in jail so he can't help the Repuplicans continue in their criminal ways.
Anonymous wrote on April 12, 2007 2:55 PM:"White House Says It May Be Missing Attorney E-Mails" http://www.nytimes.com/2007/04/12/washington/12cnd-emails.html?hp
WASHINGTON, April 12 —The White House said today that it might be missing e-mails relating to the firing of eight United States attorneys, as lawmakers on Capitol Hill gave themselves the authority to subpoena more government documents and testimony linked to the controversy.
“It can’t be ruled out,” Scott Stanzel, the deputy White House press secretary, told reporters this morning when asked if some of the missing e-mails included those related to the dismissals. (NY Times)
Anonymous wrote on April 12, 2007 2:58 PM:CREW just out with a new report:
http://www.citizensforethics.org/node/27607
WHITE HOUSE ALSO LOST NEARLY 5 MILLION EMAILS FROM EOP.GOV SERVER (the ones that are supposed to automatically archive) FROM THE CRITICAL PERIOD OF 2003-2005.
White House was notified in 2005 about the problem and did nothing.
Haiku Man wrote on April 12, 2007 3:00 PM:Punchy's comment funny
Mike wrote on April 12, 2007 3:04 PM:Makes Haiku Man LOL
That means laugh out loud
It is amazing to me that it has taken this long for everyone to come around to realizing that just "deleting" the data does not make it actually make it go away for good. System servers are always, always, always backed up on a periodic basis. The likelihood that these e-mails are permanently gone is, in my opinion, very low. Unless, of course, they were "accidentally" run through the compactor or "unintentionally" smashed with sledge hammers. You know, "accidents" seem to happen a lot with this bunch.
daCascadian wrote on April 12, 2007 3:06 PM:Punchy >"...a vast majority of them smashed theirs with hammers and then burned them and then buried them..."
Sorry but much of the data would most likely still be recoverable. Magnetic traces in the metal etc.
It all depends on how much one actually wants the data.
code = door (as in to freedom from corruption)
"There are three kinds of men:
Anonymous wrote on April 12, 2007 3:07 PM:1. The ones that learn by reading.
2. The few who learn by observation.
3. The rest of them have to pee on the electric fence for themselves." - Will Rogers
All WH and RNC computers/servers, wires, printers, etc... were probably updated in the MZM contract.
Django wrote on April 12, 2007 3:09 PM:ABC is right. I recently attended a seminar on this topic. "Deleted" doesn't necessarily mean forever. It just makes the space on the hard drive occupied by the document available to be overwritten. So eventually, yes, if one waits long enough a deleted document may disappear from the hard drive, but it's just as likely that it's still there waiting to be recovered.
anon wrote on April 12, 2007 3:10 PM:Yeah, accidents happen. I'm sure all those e-mails that CREW mentioned just happened to be on servers in New Orleans and, gosh, stuff happened to them.
I do think this is going to lead to a bunch of resignations. They're going to need off-site talent to manage this mess and they just can't survive getting hounded about the e-mails on a daily basis. I wonder how long before Fielding floats a deal where Rove resigns in exchange for the investigation into the e-mails moving behind closed doors.
Hey, do you think Lieberman has a GOP Blackberry?
Anonymous wrote on April 12, 2007 3:10 PM:Lets assume that Punchy is right, the go through the scenario. Is that enough evidence of a criminal consiracy under RICO?
Why isn't Congress directing the recovery operations at the WH? Although we all know that there is nothing to recover at this point.
Republican Talking Point: Waxman never said to preserve the actual hardware.
Sholom wrote on April 12, 2007 3:25 PM:Yes, there is deletion and there is deletion. Now that the press is noticing . . . it's also easy to delete files beyond recognition -- i.e., by writing each bit over with "zeroes". (At least that's the way it used to be. Any experts disagree?)
jon wrote on April 12, 2007 3:31 PM:1. Who are those lucky 50 who used RNC supplied equipment?
2. When did the WH/RNC learn about the deletion of emails?
2a. Who made that grievous error
3. What did they do about it?
4. Perhaps the Hon. Mssrs Leahy & Waxman might want to send a friendly reminder letter not to tamper with, destroy or alter potential evidence
5. Send over some friendly gentlemen from the FBI tophysically remove said hard drives, blackberries, servers, et al., and keep them safe until they can be inspected
6. Put in a nice word to ATT and the NSA to see what was peeled off during data transmission and review the tapes
7. Is it too early to reserve a seat in the hearing room? Do they have cupholders?
Rusty wrote on April 12, 2007 3:35 PM:Email does stay in a lot of places for a long time - however, given the fact that these "official" emails were missing since 2005, they could be gone for ever. You can overwrite data in several ways.
As much as I'd like to think these guys total morons, they are. They took control of our government. Congress had better get these servers quick. For every data savy tech on these boards, there's one with lose morals who knows how to destroy... really destroy this material.
davis¹³ wrote on April 12, 2007 3:36 PM:Any bets that John Poindexter, computer and cover up expert specifically informed Republicans exactly what needed to be done to erase and dissapear every trace of those emails?
Long Memory wrote on April 12, 2007 3:48 PM:It's possible we might yet get to see Karl Rove frog-marched out of the White House in handcuffs. Be still my heart!
Kevinho wrote on April 12, 2007 3:52 PM:If they can recover the deleted emails, it'll be interesting to see if they can determine when they were deleted.
TN wrote on April 12, 2007 3:54 PM:Few comments:
1. There should be some kind of backup tapes at RNC, possible going back months or years. Any info on these?
2. Even if actual emails are deleted, email servers usually keep logs of traffic that's gone through them. At least times and senders/recipients should be available (like: 06-11-24 11:45:22 from Rove_K@abc to AG@doj). These take very little disk space, so there's not that excuse to wipe them.
3. Even if some WH workers had RNC equipment like laptops, did they also have separate "RNC network" inside WH? If not, the use of government network sounds like violation of Hatch Act (I know, red herring.)
4. More importantly, how was WH network firewall configured? As an admin I'd block all attempts to send mail except through actual WH mail server. If it was possible to send mail directly to RNC server, bypassing WH firewall, that would be so conscious decision by sysadmin people there that I'd expect some kind of reasoning for that to exist on the record. (Unless RNC mail was web-based system like hotmail, but that would sound like horribly cumbersome arrangement for serious work.)
Derffie wrote on April 12, 2007 3:55 PM:for whats its worth even overwritten files can be recovered.. there are magnetic variations up to 16 levels deep that can be detected and recovered.. thats why DOD standards require multiple overwrites with varying characters to securely delete a file... and of course in the real world this kind of secure deleting never happens by accident.. so if the emails were DOD securely deleted.. then it was on purpose..
JT wrote on April 12, 2007 4:14 PM:Derffie is absolutely right.
There are plenty of forensics companies that can do this kind of work. It's going to be very hard for RoveCo to delete this stuff without being caught obstructing the investigation.
Of course, Waxman and crew should not lose a single moment. Even if their right to subpoena is challenged, a court could easily order impounding the actual hardware to prevent deliberate destruction of data.
TheraP wrote on April 12, 2007 4:24 PM:Well, we can only hope that there are some people, disgruntled "yes people" who have saved things, printed them out or saved them to little hard drives, whatever - and feel a patriotic duty to come forward.
You never know.
But - if you are reading this - please go straight to the Senate Judiciary Chair.
We need a witness-protection program for patriots.