I decided to make this a sticky top post for a day or two – it needs wide circulation. New posts will appear below this one. – Anthony
Playing email hidey-ho in Hansenland to circumvent FOI laws
Guest post by Chris Horner
That political appointees and career activists in government would use private computers is in keeping with tactics I have uncovered as being epidemic in government, and particularly the current administration, and which I detail in The Liberal War on Transparency: Confessions of a Freedom of Information “Criminal” released this week.
These tactics range from the widespread use of private emails, hiding meetings with lobbyists, using “handles” and lobby groups as “cutouts” or go-betweens with pressure groups with whom the administration doesn’t want a paper trail. I even detail the White House arranging for a digital equivalent of a “safe house”, a privately owned and managed computer server on which to quietly conduct discussions about the IPCC presumably away from the taxpayers’ prying eyes.
But I also have an affidavit admitting to an elaborate system established by one activist agency — NASA’s Goddard Institute for Space Studies (GISS) — to view its emails remotely on a non-official computer, purchased with taxpayer money and used for the taxpayer’s business but access to which is being denied the government for inspection, whose use erases any trace of the records back on government servers.
This was provided me by NASA in an ongoing FOIA lawsuit we filed at the Competitive Enterprise Institute to obtain records of Gavin Schmidt, a GISS scientist who was running a third-party activist website promoting an ideological agenda on taxpayer time — at least if you believe the time-stamps, which were then “disappeared” after we pointed this out to NASA. But which we captured nonetheless.
The administration attested to this in federal court in order to defend their failure to provide certain emails to and from Schmidt’s email accounts relating to this activity. Their claim is that, because the emails were written or accessed on this unofficial computer, their system is such that the official emails are beyond the administration’s reach. In fact, the government’s copies are destroyed.
This is their defense.
The affidavit, by GISS’s Associate Chief Larry D. Travis, attests in pertinent part (emphasis added):
Dr. Schmidt uses two separate computers on which he conducts his work for NASA. . . . One computer Dr. Schmidt uses is a laptop computer that is owned by NASA. . . . The other computer is a desktop computer owned by Columbia University. Dr. Schmidt purchased this computer with National Science Foundation grant monies he received while he was an employee of Columbia University, prior to his becoming a civil servant with [NASA]; . . . [T]he [Space Station Program or SSP] contract providing IT support to GISS covers service for this computer. Nevertheless, Dr. Schmidt maintains this computer; SSP does not regularly service Dr. Schmidt’s computer and no SSP contractor has administrative privileges on the computer. Dr. Schmidt’s email correspondence is stored on his Columbia desktop computer [NB: that’s the private one, paid for not by Schmidt but by the taxpayer, to which he does not allow NASA access]. Dr. Schmidt accesses his Columbia University email via an Internet browser on the computer. Dr. Schmidt does not download his Columbia email messages to his computer; rather, they are located on a remote Columbia mail server.
NASA’s boast is that official records can be and are accessed by private computers, which not only corrupts the agency’s ability to properly comply with FOIA, it erodes the agency’s record retention and preservation. Elsewhere in the affidavit NASA states that the computer Schmidt uses is (emphases added):
a desktop . . . which Dr. Schmidt uses to send and receive all of his email from the @giss.nasa.gov, @nasa.gov, @columbia.edu, and @ realclimate.org domains. See Travis Decl. ¶ 18. Dr. Schmidt has never given administrative information technology (“IT”) privileges for either computer to the IT support services contractor that serves Agency personnel. See id. Thus, the email sought here is relayed to and resides on a computer that the Agency does not own, to which the Agency has no right of access, and for which no Agency official or contractor has administrative privileges. Moreover, there is no central mechanism by which GISS IT personnel can obtain access remotely to email sent to or received by a GISS email user; instead, the only way to reach such email would be via directly accessing the hard drive of the computer on which the user accessed his or her GISS email. See id. at ¶ 12b.
Which hard drive, you will note, is on a computer to which the government (taxpayer) has no access but for which the government (taxpayer paid). And pays to service. Even if it isn’t permitted to. Had this been the government computer, well, then email traces — in the event a record is destroyed, which we know that would never happen, there are laws….stay tuned — could be reconstructed.
But GISS is using private computers, it seems, for this public service, denying the public access to the legally required record of its activities.
NASA might explain how it is not hereby knowingly sanctioning a corruption of responsibilities to create, retain, and preserve documents, both for the Federal Records Act and for FOIA. This ain’t rocket science. But we do know it is with NASA’s sanction.
However, as Dr. Travis explains, even with respect to the emails from the @giss.nasa.gov and @nasa.gov domains, these have not been integrated into an agency record system or file.
Once a[n agency] employee accesses his or her [agency] email via his or her personal computer, those emails are no longer located on any server at [the agency]; in other words, the act of accessing a specific email deletes that email from the ‘spool’ on the server. [The agency] does not currently have (nor has it had in the past) a centralized backup of [agency] email traffic.” Id. at ¶ 12b. Moreover, even if the Agency did have a centralized backup of emails from the @giss.nasa. gov or @nasa.gov domains, emails sent or received by Dr. Schmidt pertaining to his work on the RealClimate blog would not be integrated into an Agency records system or file. . . .
Traces of the records are only on the computer the employee uses to access them. Which, at great pains, is not a government computer or one to which the government is being permitted access.
In this affidavit, NASA’s point was that its own system has gotten so far out of their control that an entire class of records cannot possibly be deemed “agency records” and so they have no obligation to search for or release them because the truth is while they may relate to official business, well, their employee won’t let them see them. And as is inherent in the system, the approved process destroys the government’s copies.
One could not hope to find a more explicit acknowledgment—or, more accurately, series of admissions, enthusiastically volunteered in an effort to get out of one frying pan (producing emails the employee wants to keep to himself) into an apparently bigger fire—that employees use unofficial computers for official duties and keep the records accessed on these computers away from the prying taxpayer eyes, skirting FOIA and, it seems other laws. They even use them to access official email accounts in a way that destroys the record.
As we have already been forced to argue to the Obama White House regarding the IPCC “safe house”, and have already filed an action to argue in court, conducting public business on private accounts or computers doesn’t make the business, and therefore the records, any less public. This particular example is simply an extreme case of flaunting disregard for this principle, particularly given NASA’s brazenness of sanctioning it and invoking the abusive practices as an expedient excuse to not turn over records produced on taxpayer time and resources.
Christopher C. Horner is a Washington, DC attorney and author of the newly released The Liberal War on Transparency: Confessions of a Freedom of Information “Criminal” (Threshold Editions).
You need to get Inhofe or Issa on this ASAP. Congressional subpoenas need to be issued.
This flaunting of the intent of the law cannot be allowed to stand. I have long felt that all personnel correspondence (alternate email addresses etc.) should be a firing offense for all Federal Employees if they conflate any of their work with their private correspondence. This is something that should be lobbied for and pushed ASAP. gmail, yahoo mail etc. should be cut off by the IT administrators at the firewall. No access via any government VPN should be allowed.
Gavin should be fired for flaunting FOI laws and most likely other legal policies.
NASA has almost no credibility left. What happened to that once admirable organization? Sadly, it seems to totally corrupt.
So any chance that this info could get to the Romney campaign for the next debate – or would this be part of what would be on topic . . ?
Aside from that, though, this just is continuation of the attitudes and actions of certain GISS employees, and by association, the current administration, that just disgusts the hell out of us.
Fire ’em all or remove ’em all from their positions.
The fact that the NASA email servers are not configured to retain mails has to be a violation of policy, and perhaps Federal Law.
@Jeez
This flaunting of the intent of the law …
flouting. flouting.
To flaunt is to show off. To flout is to show contempt for.
(Chris uses it correctly in “flaunting disregard” because he means that not only are they disregarding the law, but that they do so openly – which is where the flaunting comes in.)
@chris
One could not hope to find a more explicit acknowledgment—or, more accurately, series of admissions, enthusiastically volunteered in an effort to get out of one frying pan
I doubt that they are doing this to “get out of the fire”. They are merely reporting the facts, as they see them, regarding Schmidt’s refusal to hand over his e-mails.
Their lawyers, in the end, just have to tell the truth, knowing that it is pretty painful. What other option do they actually have.
My bet is that there are some angry people behind the scenes at NASA. Let’s hope one them does an “FOIA” of his own.
Inhoffe is my Senator. Would it help for me to send this to him?
National Aeronautics and Space Administration
Office of Inspector General
Washington, DC 20546-0001
February 28, 2008
TO: Chief Information Officer
FROM: Assistant Inspector General for Auditing
SUBJECT: Final Memorandum on Audit of Retention of NASA’s Official Electronic Mail (Report No. IG-08-010; Assignment No. A-07-007-00)
The Office of Inspector General (OIG) conducted an audit of NASA’s retention of official electronic mail (e-mail). Our overall objective was to determine whether NASA was effectively and efficiently managing its official e-mail records in accordance with applicable statutory and regulatory requirements. Specifically, we determined whether NASA had (1) established and implemented adequate policies and procedures to ensure that e-mail users identified, designated, stored, and retained official e-mail communication in accordance with National Archives and Records Administration (NARA) regulations and (2) developed and implemented training to ensure that all Agency e-mail users were aware of and understood the process by which to identify, designate, store, and retain official e-mail communication in accordance with NARA regulations and NASA’s requirements. We also reviewed internal controls as they related to the overall objective. (See Enclosure 1 for details on the audit’s scope and methodology.)
Executive Summary
We found that NASA was not effectively and efficiently managing its official e-mail records in accordance with applicable statutory and regulatory requirements. Although NASA had established records management policies and procedures in accordance with NARA regulations, NASA’s e-mail retention guidance does not adequately address NARA’s requirements for electronic records management. …..
Source
This was 2008. See doc for more info.
From the NARA regulations.
It isn’t at all unusual for organisations not to run their own email servers these days. Many institutions now use Gmail. That means that the email itself isn’t located on a local server. It is off in the cloud. The only thing the organisation supplies in this kind of arrangement is user authentication.
There are quite legitimate reasons for doing this and it is viewed as the way of the future by many people. Managing email properly is very expensive and time consuming. It makes sense to subcontract it to a specialist. Also having the email on the cloud means you can access it and manage it from multiple devices – at home – at work – laptops – smartphones – etc – without difficulty. And it is archived off site, hence safe from local disasters.
I guess what I’m saying is that the article seems to view the fact that GISS no longer runs its own email servers in an unduly sinister light. The implication is made that the only reason anyone could have for doing this kind of thing is to be able to hide from FOI requests. But the shift to cloud based computing is actually a global phenomenon backed up by very sound reasons which have nothing to do with a desire to hide or conceal anything.
Just wanted to point that out to y’all before we get too carried away here.
http://www.archives.gov/records-mgmt/grs/grs20.html
National Archives and Records Administration
General Records Schedules
Transmittal No. 22
April 2010
GENERAL RECORDS SCHEDULE 20
Electronic Records
……………………………………………….
14. Electronic Mail Records.
Senders’ and recipients’ versions of electronic mail messages that meet the definition of Federal records, and any attachments to the record messages after they have been copied to an electronic recordkeeping system, paper, or microform for recordkeeping purposes.
Delete from the e-mail system after copying to a recordkeeping system. (N1-GRS-95-2 item 14)
………………………………………………..
Ian H,
Not a Federal Agency, nope. Not legally anyway.
The intent behind the hiding of emails is so absurdly transparent that one wonders how they ever thought they would get away with it.
It’s a bit like burning records and claiming that it was cold!
Ian H says:
October 4, 2012 at 9:36 pm
Did you actually read the article by Mr. Horner?
The situation you refer to is in no way comparable to the actions of a government agency and/or a government employee in an apparent effort to avoid FOIA.
Warning: this is a political comment.
Liberals love to pass laws to constrain and regulate their political opponents and ideological enemies, but when it comes to enforcing the spirit and the letter of the law against other like-minded liberal individuals, special dispensations are often accorded.
There is no area of law that is more violated in this manner than the so-called “sunshine laws.”
Mr. Horner, perhaps a request for the waivers giving Gavin permission to run his little walled garden while on the government payroll would be in order.
http://www.nasa.gov/pdf/322720main_N_ITR_2830_1A_.pdf
Appendix C Information Technology (IT) Waiver Process.
Waivers to Information Technology (IT) Policies, Procedures, Standards, or Federal
Requirements
I. Waivers to IT policies, procedures, standards or requirements standards, shall be granted by the NASA CIO.
2. The NASA CIO may delegate authority and responsibility to Center CIOs for a specific type ofIT waiver or for a specific program or issue.
2.1.
The NASA CIO delegation ofwaiver authority and responsibility shall be in writing for the specific delegated authority or be as specified in NASA policy directives, e.g. in an NPR.
3.
The individual/office preparing the waiver request shall submit the waiver request to the cognizant Center CIO for Center CIO concurrence and action. Example: The Sounding Rocket Program at the Wallops Flight Facility would submit the waiver to the GFSC CIO for review and concurrence/non-concun·ence.
4.
The waiver request shall include:
a.
The NASA IT policy, procedure, standard, and/or Federal requirement to be waived.
b.
The reason and justification for the waiver is required including:
(I)
Risk Assessment;
(2)
Cost-Benefit Analysis;
(3)
Business Impact Assessment;
(4)
Identification of compensating controls/actions;
(5)
Proposed period oftime for the waiver;
(6)
The proposed date by which the Center will be compliant with the NASA IT standard, security control, and/or Federal requirement; and
(7)
For an IT security control waiver or for any waiver that results in an unmitigated security weakness or deficiency, an Authorization Official (AO) approved Program of Action and Milestone (POA&M) shall be included with the waiver request.
………………………………………………………….
IanH, it failed its audit, which appears quite explicitly to be in contravention of the law.
Are you being disingenuous? The problem here is not that records are being kept offsite for data recovery, but that they are automatically DELETED! I don’t know if you have them where you are, but you need a trip to Specsavers!!
The NASA email accounts should be configured to be IMAP. The emails should be retained on the server as per US Law that such emails be retained. In no way, shape, or form should the employee be responsible for the retaining of emails that are subject to FOIA requests – this should be done at the server, beyond the reach of any employee action, up to and including the deletion of email. That is to say, deleted emails are removed from the inbox and placed in a deleted email folder – but everything should be retained (and backed up), server side, in order to comply with the law. This is BASIC system administration, period. Whoever is in charge of their email system should at minimum be fired for incompetence, and more ideally, charged with aiding and abetting the circumvention of applicable federal law.
So a system has been set up that allows unknown parties acting against the interests of the United States to directly communicate with US government employees without traceability and record retention accessible by US government security agencies without subpoena, while simultaneously allowing US government employees to communicate with unknown parties acting against the interests of the US without traceability and record retention accessible by US government security agencies without subpoena, and it is installed in and operating from a US government installation, thus allowing US government employees to transfer US government documents directly from a US government installation to parties acting against the interests of the US without traceability and record retention accessible by US government security agencies without subpoena, which includes controlled documents of a sensitive nature.
Considering that the Obama administration is borrowing money from China to send to renewable energy projects in Afghanistan and Pakistan where it’s diverted to Taliban and Al-Qaeda interests (poppy stalks are a biofuel), I guess it’s just par for the course these days. And it’s possible GISS employees are using their covert system for purely innocuous purposes. Like advance releases of temperature data to investors and gambling interests.
Ok, I’ve spammed up this thread enough quoting regulations. Here’s one more link with general email retention policies.
http://www.archives.gov/about/regulations/part-1236.html#partc
Let’s hope we can pin some serious prison time and fines on these lawbreakers.
Gee, perhaps it’s time to call in the Norfolk Constabulary – and their associates – so that they can seize Gavin’s computer(s) to determine if there is anything that might help them solve the mystery of the Climategate leaks.
After all, they had no compunctions whatsoever about seizing Tallbloke’s computers last December, did they?! And Gavin has certainly never presented any evidence in support of his Nov. 23 claim of an alleged “hack” of RC on Nov. 17/09 – part of his ever-changing story.
Ooops. Sorry, I forgot … Norfolk’s finest very conveniently closed the case, in a carefully screened cloud of fog) circa July 18/12.
Should the proverbial bus come along and hit any of these people using their own PCs, inaccessible to their departments IT personnel, how much important info would be lost?
charles the moderator says:
October 4, 2012 at 10:35 pm
======================
I don’t feel that you have spammed the thread at all. Your contribution is very much relevant. I hope Anthony can do a leading post on the issue. This is a very serious breach of the law and what’s left of any trust in government.
Thank you for bringing this to our attention.
@Chris Horner, thank you for your dogged efforts! I’ve long thought that this one, Gavin’s possible misconduct, will be one key to fixing NASA. Hansen being another. And what a strange coincidence that they are connected at the hip.
@Anthony, perhaps you can invite Gavin to reply here and assure us he follows regulations strictly to the letter of the law with no excursions or slip-ups whatsoever. Sure, he might decline, but then you get to update the article with ‘Gavin refused to answer questions here’. 😉
Ian H says:
October 4, 2012 at 9:36 pm
====================
I will not steer this thread off topic to discuss the contents of your comment, but there is no justification or legitimate reasons for Schmidt’s actions. It appears to be unlawful and if not then that needs to be addressed.