Questions on the CRU email backup server.

lEIF,
UEA has a “Records Retention Schedule (RRS)” requirement. See:
http://www.uea.ac.uk/is/strategies/infregs/Records+management/RRS
I don’t know what the RRS is for CRU or the particular information being sought.

Yes, FOI requests should always delineate between “backups” and “archiving” systems. The processes and procedures are significantly different with completely different aims. A “backup system” is intended to allow the restoration of a server or service after a failure. An “archiving system” is intended to allow going back in time to examine data from the past. The two should not be conflated when making FOI requests.

Backups are like underpants.
Everybody expects you to have them. But few would be willing to check how or if you wear them, how often they are washed and their state of repair.
A good backup policy is one that is tuned to the needs to the organization that is tested on a regular basis. A bad one is one off the rack; standard software that somebody comes in to install and you forget about it.

There is a very useful reference here
https://www.watsonhall.com/resources/downloads/paper-uk-data-retention-requirements.pdf
Note that some requirements will be contract specific and depend on ‘vesting’ or ownership clauses in the contract. Typically, for government contracts ownership of _everything_ is vested in the Government (be it UK or US). By everything it means everything including laboratory logs, emails, pens, desks etc etc. If some derogation from that vesting was desired it would need to be requested and would be shown in the contract with the Government department. In most cases no derogation is possible.
Also note that the extreme cases are ‘indefinite storage’ and ‘100 years’ – this is a little ambitious for data storage so it is usual to have a requirement to maintain the data in useable form. So the government isn’t given an 8 inch floppy disk, an 8 track cartridge or a stack of punched/magnetic cards; or even a stack of floppy drives with the data in an unknown format. (I have been there!)

1. Is it a server that acts as a failover for the main mail server?
…or…
2. Is it an archiving server?
>>>>>>>>>>>>>>>>>>>>
Question 2 should actually be two questions.
2. Is it a server that backs up data from other servers?
3. Is it a server that archives data from the mail and backup servers?
Archive differs from backup but serves some of the same purposes. In a backup system, copies of data from the production server are made on a regular basis, most often weekly, and retained for some period of time, often years. So consider an email that comes into the system. Once it is in the system, it never changes (or shouldn’t). So, after one year of weekly backups, the backup system now has 52 copies of that email. Just how many copies of the same email does one actually need? Particularly since it takes time to do the backup, and it costs money to store each copy on disk or tape.
So an archive is actually an extenstion of the backup system. An archive functions not be deleting data from either the production server or the backup server, but by simply making a copy of that same email, and then telling the backup system not to make anymore backup copies of it. The result is that we now have the potential to recover any given email from one of three places in the overall system, depending on what the data retention policies are for each part of the system. A typical implementation might be:
Production system => retain for 3 months
Backup system => retain for 1 year
Archive system => retain for 7 years
In the case of both the backup and archive systems though, there still needs to be a retention policy of some sort, and anything older than that retention policy should be deleted by one process or another. As an example, a brokerage firm in the US was nailed with a $1.3 billion summary judment a few years ago when it came to light that they had inadvertantly preserved emails that were beyond their retention policy. They were essentially guilty not because of what was in the emails, but because they had emails that were supposed to have been destroyed. For that reason, having a retention policy that automatically deletes copies of data older than the retention policy is not only common, it is often by deliberate design driven by legal requirements (differences between UK and US may alter this for the CRU, I don’t know).

I believe I have read elsewhere that these people used the Eudora mail client and retrieved their mail by pop3 from the server. This means the mail was stored on their local PC and unless they actively deleted it from the server, it would usually be stored on the server for a period of time, too. I keep many old emails on my laptop. If I back up my computer right now, there will be emails going back to 2008 included in that backup as I have my inbox and other mailboxes to which I filter messages stored on my computer.
There is also the question if the backups were server backups, workstation backups, or a combination of both. Even if an older backup is deleted, on the next “full” backup cycle, all of those older emails that are still in the user’s mailboxes will be backed up again. I believe I read in at least one of the emails a complaint by someone that full backups were being done and it was taking a long time to finish (this would keep their mailbox folder locked so they couldn’t use email).
So if a full backup is done you have old emails included. Then you have “incremental” backups made. It is regular practice at some point to make a new “full” backup and delete the old one and all of its incrementals in order to save space. When that new full backup is made, any old email that is still in the user’s mailbox folders will again be backed up.

The comments above seem competent (and I speak as a 26 year sysadmin who has trained many sysadmins). There is a difference between “backup” for local files on a local computer and policy driven backup and archival storage for a department level server. There is also a fairly wide range of both the driving archiving policies and the competence of those implementing them. Finally, there are constraints from both economics and hardware.
A current/typical department-level archival/backup scheme for a mail server or file server would be to maintain a running “hot” backup — a twinned filesystem or RAID — plus archival and incremental backups on a weekly or monthly full backup schedule with incrementals in between that could range from daily to several times a day. For a corporate site with a high cost to lost data, the backups would be regularly rotated into offsite storage so that a fire in the server room that destroyed both the primary server and any redundancy systems would not be a complete disaster. In the old days that was accomplished by literally carrying tapes offsite and storing them in a fire safe in a different building; nowadays it would be more common to store the offsite archivals in a suitably secured cloud or on an institutional server provided for that purpose.
One thing that has altered the character of backups over the last decade or so is the sheer volume of material being backed up and the capacity of media that can hold it. At one point in time it was fairly easy to have a tape robot that could backup a department-sized server, but as data storage has skyrocketed into the tens to hundreds of terabytes of capacity, a serious mismatch between total data and non-disk media capacity has developed. Hence the increasing tendency to back disks up to other disks — nothing but hard disk farms in some sort of RAID has the capacity or reliability to store a full image of the contents of a large disk RAID used in a server. Time has also become an issue — it takes a long time to write very large amounts of data by ANY mechanism to synchronize two images on separate systems. Many of the hot backup schemes avoid enormously long backup times (times so long that the image being backed up can change significantly during the backup itself) by constantly writing only the deltas from one image over to another.
With all of that said, mail servers usually DON’T carry terabytes of data — I’m probably one of the most egregious of email users on the planet and have anywhere from 2000 to 20000 messages saved in my mail spool at any given time (at the moment, just short of 4000, but I cleaned up and saved a full copy of my 24000+ message spool file six months ago and have kept something of a lid on it in the meantime). Even allowing for attachments, I probably have less than a gigabyte of mail spooled, and probably had at most a few gigabytes when I backed it off and started over. The entire physics department at Duke has around 200 GB of current active mail spooled, and runs a backup scheme like those described above — servers on RAID, running backup to failover server, nightly incrementals on top of periodic fulls (onto tape, frequency determined by when an incremental starts to take too long), offsite archival backups every six months or so. The University sets policy as to how long archivals must be maintained and I don’t know offhand what the current policy is but I’m guessing at least 2 years simply on the basis of CYA on liability issues. We had all sorts of “interesting” subpoenas seeking mail spool content floating around during the infamous Duke Lacrosse case a few years ago, and if anything they increased the longevity of the backups in its wake.
Beyond that, everything stated in the CRU response makes sense. If their policy is to keep full archival images for 2 years, those images might contain mail messages dating back a DECADE more more — before I restarted my own mail directory I had messages dating back to 2007, and I have personal archives dating back into the 90’s.
I also do have to say that as much as I found the climategate emails interesting, I do think that their publication violated any number of excellent and well-founded privacy laws. I’m not a big fan of the FOIA. I am a strong proponent of open data and methods and public ownership of all results obtained with government grant support except in very limited, very specific exceptions granted for e.g. military research or contracted corporate research, but think that the place to establish the rules and enforce them is in the granting agencies (which is where it is currently happening). Either publish your data and methods and make your results freely available for open and public comment and use, or no grant money for you, end of story. Even there, I don’t care for the idea that my or anybody else’s email spools can be opened up to any damn fool who asks for them just because I might participate in government funded research. That’s not part of the results OR data I might be working with, and most of what is there is nobody’s business but my own.
I think it is an established fact that free and open communication is a fundamental aspect of modern science. At the same time, humans need a reasonable expectation of privacy or they are unable to speak freely — they have to weigh every word of every communication as if it might be made completely public. How can I write frankly to a Dean about some student having problems if that communication can be published on the internet or in a tell-all book at the whim of somebody who thinks that they have a “right” to the information? Do I need to resort to automatic encryption of every single message I send so that at the very least it won’t be revealed unless a court order that I have a chance to defend against compels me to give it up, where there is a good chance that the court order will place strict limits on what somebody might go “fishing” for and impose severe consequences on overstepping those bounds?
There are some cures that are worse than the disease, and the current tendency to wield the FOIA as a political weapon or instrument of a kind of harassment is one of them. Email is often an unguarded forum where we state things that we would never say, after sober reflection, in a public arena. It is also a “flat” medium, where it is impossible to easily tell when somebody is kidding or being sarcastic, where “smileys” (emoticons) were invented to convey some small fraction of the missing affect and emotion essential to sense, where critical remarks sound far more critical than they perhaps really are, where insults are more insulting, where flame wars cause us to overstate a case in the heat of battle, where we are more inclined to voice private doubts or analyze a competing point of view we don’t really agree with. If we’re going to just make it all public at anybody’s whim, we may as well just start posting all of our email messages straight to facebook…
rgb

rgbatduke says:
October 7, 2012 at 10:53 am
– – – – – – –
rgb,
A US gov’t grant receiving scientist’s emails discussing the government funded research he is formally and legally contracted to perform are not private emails.
For the present controversial ‘team’ research (of CG1 & CG2 fame), if no FOI laws existed, with the fact that those publically funded climate scientists refuse to provide all publically funded research data, programming, communications and methodology THEN there would be virtually no recourse for getting that publically funded info. I disagree with your apparent suggestion that FOI is being inappropriately used with respect to those non-open and non-transparent climate scientists.
Your idea that the requirement for openness and transparency should be strictly enforced by the granting institution seems reasonable, except those are virtually all government and therefore political bodies which can be ‘political’. I think FOI is a reasonable independent line of inquiry that is reasonably outside of politics and should be continued and strengthened.
John

Such an odd set of questions to see… since most scientists keep everything and freak out if anything is lost.
It would surprise me if there wasn’t an archived copy of everything not subject to loss-by-failure.
These kinds of people I commonly dealt with in storage concerns because they REFUSED to lose even one e-mail.

Oh, another important thing to remember, is this:
Today, 2012, if an IT Manager did not ensure very strong and resilient backup/archive/retention policies (and test them) they would be fired on the spot.
Back in 2006, and even 2009, that same IT Manager, in the same situation would just get a slap on the hand and told to do better next time.
We cannot apply today’s thinking and standards, on the past.

A US gov’t grant receiving scientist’s emails discussing the government funded research he is formally and legally contracted to perform are not private emails.
That is simply not true, and indeed, it is absurd. What a scientist who receives a grant is morally obligated to provide is an end product, not every single step of the process through which that product is obtained, including video recordings of every discussion with a thesis advisor, some sort of reality TV taping of every day’s work in a lab, every single bug introduced or resolved while writing the code, every single concept considered and accepted or rejected along the way. For one thing, there isn’t enough bandwidth even in the modern world to provide that kind of trail. For another, it would utterly squelch the freedom to be wrong, especially in intermediate steps of research, if every half-baked idea one has but might end up rejecting becomes part of a public record that can be trotted out by political enemies of your conclusion seeking to prove that some ideas you have had, some things you have said, some statements you might have made in an utterly unguarded venue as part of the search process that is real science turned out — surprise — to be wrong.
I have a fair number of papers to my name, although nothing like the number a truly prolific researcher might produce, as I tended to work more or less on my own or with just one or two colleagues. I was, and am, perfectly happy for my work to be judged on the basis of what I published, but not on the basis of every single thought I had along the way and discussed with somebody. Lots of those ideas were wrong, and one of the ways I learned they were wrong was in those private discussions. Some of the actual published results turned out to be wrong as well. Other parts I’m still quite proud of; they turned out to be right, or close to right.
A grant is given to conduct a particular piece of proposed research and publish the result. It is quite reasonable oversight for the granting agency to be able to verify that the research it contracted for actually occurred (so money wasn’t taken under false pretenses). It is certainly reasonable to write into the contract that the researcher openly publish their results, their methods, and provide open access to their data as reproducibility is a key aspect of the “product” in all sorts of actual science research. It is utterly unreasonable to require that they document every vagrant thought or conversation they have with any or every other worker in or out of the field over the period of the grant and to make them openly available to anyone who asks. It is utterly unreasonable to require them to document or provide any access to letters, emails, private phone calls, discussions held at private dinner tables or in bars, or on a daily basis in the laboratory or office, beyond the minimum needed to ensure that they were in fact present and performing the research and not basking on a beach in Jamaica and making it all up. And the latter is already S.O.P. for all Universities and other agencies that are authorized to administer grant funded research in the first place.
Even this latter is done, as it should be, with a light touch. A grant usually doesn’t require one to spend X hours a week working on project Y; it requires that at the end of the grant period the proposed work be completed. Usually, the consequence of failure is simple — you lose your funding and have a hard time getting new funding. End of career, end of story.
In the meantime, hands off my email spool! I try to keep all my money laundering and cocaine transactions out of my email spool because we all know it isn’t REALLY private (ask Oliver North). But I do, sometimes, express personal opinions or speculations that I would rather not trumpet to the world.
rgb