Let's not forget about that other White House e-mail scandal -- the five million lost e-mails

Submitted by crew on 21 June 2007 - 1:59pm.

The media has been buzzing lately about the 140,000+ emails Karl Rove sent and recieved from non-White House accounts.  And, that scandal definitely warrants attention.  But, let's not forget the other White House e-mail scandal -- the one involving FIVE MILLION missing e-mails, which CREW documented in Without A Trace.  In today's Legal Times, two experts take a look at this scandal -- and how such failures to preserve records can be avoided -- particularly when the law requires preservation:

Separately, according to a report by the watchdog group Citizens for Responsibility and Ethics in Washington, 5 million e-mails created between March 2003 and October 2005 were “lost” from White House servers, a claim that has conspicuously not been disputed. CREW attributes the missing e-mails to the Bush administration’s decision to discontinue use of the Clinton administration’s automated archiving system and the subsequent failure to replace it with an adequate substitute. (Last week, Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) said the White House had told him some lost e-mails had been recovered.)

These two White House failures — the failure to control staffers’ modes of communicating and the failure to archive important correspondence — are mirrored in countless organizations across the country. Though the White House e-mail debacle’s providence was governmental, the technologies, policies, and practices that allowed it to happen are prevalent in the private sector. Over time, many organizations will eventually pay for records management laxity in courts of law, the court of public opinion, and business relations.

The loss of White House e-mail can be attributed to three essential factors: the lack of a clear computer usage policy, a weak records retention policy, and a failure to comply with and enforce those policies that were in place. These mistakes are particularly instructive for organizations attempting to regulate employee communication and preserve valuable business records and electronically stored assets.

» crew's blog add new comment printer friendly version

All the records needed to be retained period.

Submitted by Anonymous on 21 June 2007 - 6:14pm.

Failure to comply was breaching the law.

And now its time to enforce that law, and make certain it is upheld whether it be the Clintons or virtually ***anybody***

Sidney Helder and other firms in Austin need to be shut down and replaced.

Every record, that is supposed to be preserved, has got to be in the archives.

» reply

Wrong....and wrong again.

Submitted by Anonymous on 21 June 2007 - 5:25pm.

"The loss of the white House e-mail can be attributed to three essential factors:"

Wrong- there is only one factor: people who disregard the Law.

The article speaks only of shortcomings in information management procedures, as if it were all a bumbling accident...

Wrong again.

Due thanks to the Legal Times and the Authors for an excellent article showing how law-breaking can be soft-peddled and muted into questions of data management procedures.

» reply

Legal and Auditing Oversight Issues in re WH-OVP Records

Submitted by Anonymous on 21 June 2007 - 4:56pm.

These explanations sound like the excuses Enron used. I do not agree that these "explanations" are defenses, nor do the following explanations credibly explain why something was "lost":

"The loss of White House e-mail can be attributed to three essential factors: the lack of a clear computer usage policy, a weak records retention policy, and a failure to comply with and enforce those policies that were in place."

These words sound like gobbly-goop excuses for three reasons:

1. People, Not Policies

A "lack of a policy", despite clear requirements, is not a defense, but an admission: "We should have had a policy to meet the legal requirements, but didn't have one; or the one we had did not meet the standard that we should have detected had we permitted credible management, oversight, and audits." When the standard is, or should be known, but entities ignore the requirement, this supports a finding of "recklessness." How that finding translates into give backs to the US treasury for defective legal/auditing services remains to be understood.

Indeed, there is the basis to review, and if warranted, sanction professional negligence by so called experts in the IT, auditing, and legal services areas. The problem isn't the policy, but the people refusing to enact policies that ensure conduct meets or exceeds the minimal requirements of the statute. Talking about a "policy" shifts attention from the people who legally failed to ensure conduct met the standards.

- Where are the internal audits and peer reviews done on personnel in the IT area that shows the policies, procedures, rules, and daily operating instructions did or did not meet the minimum standards of that profession's professional standards?

2. Law enforcement, not excuses

A "weak" retention policy is meaningless when the standards are clear, and the "policy" is required to implement the law is not on the table. the issue isn't that the policy was weak, but that the leadership failed to solve this problem, as reasonably expected.

3. Meeting standards, not making excuses

Whether the policy was or was not enforced or complied with is meaningless when [a] that policy is weak; and [b] when the leadership determines that all actions -- regardless their legality -- will not be punished as long as they hide evidence of illegal activity. Enforcing and complying with a weak/meaningless policy -- which does not meet the legal requirements -- isn't a problem, but a symptom of the larger issue: Leadership refusal to comply with the law.

Arthur Anderson and Enron provided this "lesson learned" to no avail:

"These mistakes are particularly instructive for organizations attempting to regulate employee communication and preserve valuable business records and electronically stored assets."

Congressional Hearing, Subpoenas

We don't need more "lessons learned," we need a straight story from the legal and auditing communities. Time for congress to identify by name the personnel, firms, and entities involved with this WH records retention review, oversight, advisory positions, and other assistance:

  • Where Is Legal Counsel's Hatch Act Compliance Plan

    - Why despite the requirement under the statute to comply with the Hatch requirement, was there no enforcement, auditing, and legal compliance review to ensure the laws were met?

  • Where Is Legal Counsel's Compliance Plan in re Atty Standards of Conduct, Peer Reviews, and Supervisory Counsel

    - When legal counsel knew that the legal requirements under Hatch were not being met, why did Counsel not resign as required under DC Bar rule 1.16?

  • Where is the IT Audit Discrepancy Reporting, Followup

    - When Government auditors working for OMB and others doing audits on the US Government compliance with Hatch act discovered that these records were not being met, what evidence do the auditors have to show they ensured under Generally Accepted Auditing Standards/Generally Accepted Government accounting Standards that the legal requirements were not met?

  • Where is the GAAS/GAGAS Compliance Program for WH IT Audits?

    - What is the explanation of the Auditors conducting these reviews in re Statement on Accounting Standards 99, which compels audit scope increase when there are indicators of fraud [management turnover, reports of illegal activity, resignations, problems with record]: What got in the way of the auditors conducting the reviews of the IT systems?

  • What are the names of lead auditors/reviewers

    - What role did former and current WH Counsel have in conducting, reviewing, not reviewing, blocking, or doing cursory audits on the WH IT Areas?

  • Who had responsibility to plan the audit, conduct it, and identify the disconnect between standards, published information, and client results

    - Why is Sidley Austin promoting itself as an expert on records retention, and its personnel using Sidley Austin computers to discuss the WH IT area, but the WH IT does not appear to be meeting the standards that Sidley Supposedly said it is an expert on: Did the WH Staff not pay attention to the standards that Sidley Austin publicly discussed it was an expert?

    - What is the plan of the Congress to collect fees paid to legal counsel and auditors who did the IT audits of the WH, but who appear to have recklessly not fully met their legal requirements?

    - What is the plan of the Congress to forward evidence of legal counsel alleged malpractice in re conducting legal oversight/compliance?

    - What is the plan of Congress to forward evidence of auditor malpractice in re WH IT department compliance with hatch Act; and apparent problems with audits in not reporting to Congress that the WH did not have a system in place to detect, report, or identify these material weaknesses in statutory compliance?

    - What will be done to ensure legal counsel and auditors responsible for doing thee legal reviews and audits of the WH IT area are appropriately disciplined; or were they blocked from conducting their reviews with unlawful threats, intimidation, and other threats of loss of contracts if they fully met their legal and professional obligations in re legal and auditing reviews?

  • Who did the OMB Contract Review of WH IT [A-76]

    - Which law firm conducted a reckless audit of the WH IT area, and failed to detect, report, and ensure -- as required by contractor o professional responsibilities -- that the WH-EOP-OVP client fully met its legal obligations; or had a pan in place that counsel could fully support, audit, and oversee to ensure compliance with the Hatch Act?

  • WH Non Compliance As Indicator For Auditor Reviews of Other Entities Allegedly Related to Rendition

    - Given Sidley Austin's review of Boeing, and the apparent connection between Sidley-WH-IT on records retention, what can we say about the prospects of missing material information in the Boeing contract given the apparent problems with detection in the WH it area?

  • Legal and Auditor Oversight Plan of Congress

    - Given the apparent problems with DoJ and WH in complying with legal and auditing standards, what is the plan of Congress to ensure the GAO lessons related to auditing and legal compliance have special emphasis by personnel knowledgeable of AICPA and DC Bar rules as they relate to IT retention, auditing, and legal compliance reviews in the EOP and OVP?

    - Does Congress require additional training, assistance, oversight, manning, and of independent fraud examiners [Certified Fraud Examiners], accountants [Certified Public Accountants], ad auditors [AICPA knowledgeable, working knowledge of Statement on Accounting Standards for performance audits]?

    The public has been asked to believe that the "invisible hand of the market" -- as the auditors and legal experts provide assistance to ensure -- will ensure effectiveness in capital formation. Surely, if these auditors and legal experts who appeared before the Securities and Exchange Commission to plead their case that they are above questioning, they should be able to demonstrate that their competence translated into effective public service in the WH IT department. Or is the public being asked to believe that the auditors can do their job to avoid oversight; but are unable to do their job when it comes to ensuring the public interests are protected?

    Show you are supporting the public with credible contract services; or make a case that you should not be required to return funds for arguably defective, reckless IT audits in re legal compliance. If you cannot make the case that you're doing your job for the WH, why should the investing public have any confidence you're providing marginal service to the "lesser" corporate boards of the securities industries?

    If the President can't get the right services required to ensure statutory compliance, there's little reason to believe that a "lowly" partner at a smaller law firm can get others to listen, much less ensure legal requirements are fully met. There President has large budgets; a law firm has far fewer people and less resources. If Sidley Austin -- as it appears -- can't get the WH to respond to records retention requirements, why should anyone believe that the Sidley Austin financial audit of Boeing -- allegedly linked with rendition -- was conducted correctly to detect evidence of fraud and illegal activity?

    This is not looking good for either the WH, OVP, or Sidley Austin on issues of statutory compliance, auditing oversight, or legal services compliance.

    • » reply

    Stepped around

    Submitted by Anonymous on 21 June 2007 - 5:46pm.

    The above excellent analysis left unspoken the issue that will be raised herein: That Sidley Austin, the "records retention" expert, knew all too well what their client sought from their services and responded, not to the nation's best interest, but to the particular needs of those in the White House who had determined beforehand a policy of withholding, losing, or otherwise preventing the inspection of certain records and communications.
    In other words, Sidley Austin has something at risk besides its reputation.

    » reply

    Subpoena For EOP/OVP Data "Retention" Policy

    Submitted by Anonymous on 21 June 2007 - 7:07pm.

    Likely, WH and OVP had a similar "data retention" policy as Enron: When a signal was sent to "review compliance" with the policy, this was a direct order to destroy records, as was the case with Eron-Arthur Anderson.

    Excellent point:

    "knew all too well what their client sought from their services and responded, not to the nation's best interest, but to the particular needs of those in the White House who had determined beforehand a policy of withholding, losing, or otherwise preventing the inspection of certain records and communications."

    A. What is the contract, agreement, and arrangement between the WH and outside counsel;

    B. What legal and auditing standards did counsel know, or should have known were applicable;

    C. When was it known, or should have been known to senior partners and supervisory counsel that there was a difference between [a] what the Law required; [b] what the contract terms agreed to (hence, and unlawful unenforceable contract); and [c] what was going on.

    D. When the parties agreed to the arrangement, was it with the understanding that the services provided were for advisory; if so, did counsel, upon learning of the illegal violations of Hatch appropriately remove themselves; or did they attempt to mitigate the legal problems through some sort of oversight plan per the original contract terms;

    E. When did counsel and supervisory counsel at law firm become aware that the [a] performance of the contract was not [b] consistent with the hatch act; and did they [c] exercise their responsibilities as supervisory counsel to adequately guide junior associates to resolve the non-compliance issues?

    F. When did counsel learn, realize, or should they have realized that the intent of the advisory contract to the WH on data retention was not to comply with Hatch, but as it appears, counsel was allegedly complicit with an official or unofficial policy of "withholding, losing, or otherwise preventing the inspection of certain records and communications"

    G. In the context of the Waxman letter to the VP, how was the above policy of "withholding, losing, or otherwise preventing the inspection of certain records and communications" promulgated, documented, briefed, understood, communicated, enacted?

    H. Can Counsel show that their supervisory counsel are in full compliance with

    DC Bar rules related to supervisory counsel? [See Rules 5.1, 5.2]

    "requires lawyers with managerial authority within a firm to make reasonable efforts to establish internal policies and procedures designed to provide reasonable assurance that all lawyers in the firm will conform to the Rules of Professional Conduct"

    http://www.law.cornell.edu/ethics/aba/current/CRule_5.1.htm

    1. Where is the evidence supervisory counsel in the WH, DoJ and outside counsel had "reasonably" established internal policies and procedures to comply with the Hatch Act?

    2. To what extent were subordinate WH, EOP, OVP, GOP, and outside counsel reckless in not complying with DC Bar rule 5.2 applicable to subordinate attorneys, and failed to ensure the Hatch Act were fully met?

    3. Did Management "authority letters" clearly promulgate who was in charge; or were they, as we have seen with DoJ US attys, vague and unclear on who was or was not capable of exercising supervision based on selective memory?

    4. Did the policies, or lack thereoff, meet or not meet the reasonable standard expect of DC Counsel affiliated with WH, EOP, OVP, DoJ and outside counsel?

    5. Where are the memoranda showing that counsel in OVP, EOP, GOP, DoJ, and outside counsel did meet this requirement under DC Bar rule 5.1?

    6. Where are the training and documentation within Sidley Austin showing that partners knew or did not know the status of all contracts, programs, and other review procedures related to WH training, oversight, and WH IT Department compliance or non-compliance with the Hatch Act?

    7. Where within Sidley Austin was it tracked the status of junior associates their ability or inability to independently oversee a training program for the WH and Sidley Austin personnel to fully comply and meet these requirements under 5.1?

    8. How was it demonstrated to whom that "all" counsel related to the WH Hatch Act compliance procedures were in full compliance with these legal standards?

    Recommendation

    Read letter for other questions Waxman sent to VP which apply in this case: [See page 6 of 8 for relevant questions which could be adjusted to focus on this specific situation with outside counsel, auditors, and WH apparent policy of not retaining data as required]:
    http://oversight.house.gov/documents/20070621093952.pdf
    From:
    http://oversight.house.gov/story.asp?ID=1371

    » reply

    say it without room to interput

    Submitted by Anonymous on 22 June 2007 - 3:54pm.

    Leadership refusal to comply with the law.

    Leadership refusal to respect the law.

    Leadership being above the law.

    Or just plain leadership BREAKING THE LAW! And destroying the evidence. And their refusal to understand why people can't just take their word that nothing illegal happened.

    (see signing statements)

    >>3. Meeting standards, not making excuses

    Whether the policy was or was not enforced or complied with is meaningless when [a] that policy is weak; and [b] when the leadership determines that all actions -- regardless their legality -- will not be punished as long as they hide evidence of illegal activity. Enforcing and complying with a weak/meaningless policy -- which does not meet the legal requirements -- isn't a problem, but a symptom of the larger issue: Leadership refusal to comply with the law.<<

    » reply

    reads like an indictment

    Submitted by Anonymous on 22 June 2007 - 11:31am.

    The letter sent yesterday from Henry Waxman to Dick Cheney
    reads in part like an indictment and in part like an interrogatory.
    This may lead somewhere.

    » reply

    Sidley Austin

    Submitted by Anonymous on 22 June 2007 - 10:21am.

    One the giant law firms with offices around the world.
    The breaking of the law by WH staff and others of the administration in such matters as document retention under the counsel and purview of it's Washington office must be of some concern to Sidley Austin's top management, understandably, as the seeds of ruin may be found in such affairs. A concerned management would likely have asked for reports from those of their staff who are most closely invoved, and failure to do this is irresponsible and culpable.

    Here is an avenue of investigation for Congress, if it has not already been noted.

    » reply

    Brad Berenson, Sidley Austin, Susan Ralston

    Submitted by Anonymous on 21 June 2007 - 8:07pm.

    is not Brad Berenson a member of the firm Sidley Austin?
    He is Ralston's attorney. How is it determined that there may be a conflict of interest in these matters? For example, Sidley Austin may be called on to give testimony as per above, and Brad Berenson, as well. Seems like a potential mess.
    As it looks now, WH staff, Sidley Austin, and maybe others could all have their heads together. If Sidley Austin has possible liabilities, should not this be determined and the sooner the better? Can anything be done to head this off?
    This tangling could work to the advantage of the guilty.

    » reply

    5 million e-mails created between March 2003 and October 2005 we

    Submitted by Anonymous on 21 June 2007 - 4:32pm.

    Yeah how about the subpoena for Clinton's eMails. He never produced them. What about Kery's military records and his discharge papers - never seen them either.

    » reply