One of the enduring myths of computing — at least among IT novices — is you can never completely erase what’s on a hard drive.
There are forensic experts armed with super secret software, goes this belief, who can find what ever you want to destroy – if it’s not on the hard drives, its on the servers, or the routers or the backups or somewhere.
Troll the Internet and you’ll find experienced forensic experts who boast they can find the smoking gun within the most complex matters.
But Ontario’s privacy commissioner discovered that wasn’t true in a case of destroyed email now being investigated by the provincial police.
The criminal investigation was opened Friday after privacy commissioner Ann Cavoukian issued an incendiary report about the deletion of email by Craig MacLennan, the former chief of staff to the energy minister, which she said violated provincial law.
(To read Cavoukian’s report click here)
In an interview Friday Cavoukian was openly skeptical of the explanation that it was merely an attempt to keep email inboxes clean at the end of every day.
“Give me a break,” she said. “It’s unbelievable. It strains credulity.”
“I think everyone knows you’re not allowed to delete every single email. If you work in the public sector, everyone has been informed of their obligation to keep some records.”
Alex Ferworn, computer science professor and academic co-ordinator for the certificate course in computer security and digital forensics at Toronto’s Ryerson University, said in an interview he is “shocked and outraged” at the incident.
“It’s so slipshod. You would expect a smooth running machine, but it’s not.”
The deletions are politically charged because the opposition alleges the moves were an attempt by the former government of Liberal Dalton McGinty to cover up the true cost of cancelling two proposed unpopular urban power plants in the Toronto area.
A legislative committee had demanded the government produce relevant documents and became suspicious when it learned MacLennan – who was involved in negotiating the with the power plant builders — had a policy of routinely emptying his email inbox daily.
In fact he had a policy of not keeping anything on paper, either.
In her report, Cavoukian said MacLennan told her his actions were not an attempt to evade handing over records to the legislature committee, nor to evade access to information requests. In fact, he believed all email was backed up and could be accessed.
Not so.
The ministry of government services –which oversees the provincial IT departments –didn’t archive mail on its Microsoft Exchange servers, Cavoukian found. Backup tapes of email were made at the end of each day – but only of mail not deleted, and the tapes were held only for one day before they are recorded over. Essentially it was a 24 hour disaster recovery process.
The only exception was for email in the Premier’s office, where backup tapes were held for 10 days.
“That surprised me,” Cavoukian said in the interview. “I thought it’s impossible to delete an email.”
But with 90,000 email accounts across the entire government, she was told, it’s impossible to backup everything. And trying to reconstruct data held on the RAID servers was next to impossible, which was verified by an independent forensic consultant she hire.
Bureaucrat and political staff are expected to use their judgment on whether electronic or paper should be deleted. The rules on complying with the provincial Archives and Record Keeping Act and the Freedom of Information and Privacy Protection Act (FIPPA) are clearly covered under material available from the ministry of government services.
But, Cavoukian said in her report, there is no obligation to make the government’s political staff – like the chiefs of staff – to take document retention training.
So, as Cavoukian discovered, when email is deleted in Ontario government offices, it’s gone — unless backup policies have recently changed.in light of her report.
Her report only dealt with provincial policies on email backup. It didn’t go into IT policies covering digital files. Regardless, provincial legislation puts an obligation on employees to keep necessary documents.
The controversy touches on a number of IT-related issues including record keeping policies, backup policies and how staff organization are informed of their legal and regulatory document retention obligations.
In some ways, Cavoukain, said, the email deletion incident was similar to the loss by Elections Ontario staff last year of USB keys with personal information on some 4 million voters. In that case, as the email deletions, there was a government policy that was supposed to be followed — encrypt data on mobile devices.
Elections Ontario lashed for missing data fiasco
The difference, Cavoukian said, was the Elections Canada mess was an accident. “In this case (involving the deletion of email) I can’t make that conclusion… There seemed to be a culture of avoiding the creation of written or electronic records.”
But she added, the Secretary of the Cabinet – who in effect runs the bureaucracy — told her that the deputy minister of energy’s staff offered their assistance to MacLennan and his staff to help comply with the government’s records retention policy.
For his part MacLennan told Cavoukian he was unaware of the policy.
“It would appear that a large part of the problem in this investigation is that MacLennan claimed not to have understood that email is a form of communication that must be managed no differently than any other record,.” Cavoukian wrote in her report.
In the interview with IT World Canada she agreed with a suggestion that when people take over a sensitive job they should sign a document that they understand the organization’s document retention policy.
But policies aren’t enough. Cavoukian noted last fall she issued a report on how organizations can ensure privacy policies in public and private sectors have teeth.
Privacy policies need more than words: Cavoukian
In her report last week Cavoukian recommended the ministry of government services make sure all provincial staff understand their responsibility for keeping business records.
She also urged current Premier Kathleen Wynne – who has called the email deletions unacceptable — develop policies and procedures to ensure that ministers’ staff are fully trained on their records management obligations.
She also recommends provincial and municipal freedom of information legislation make it an offence for any person to willfully destroy records the acts cover.
For his part, Ryerson’s Ferworn said best practices for document retention include codifying corporate practices, then translating it into action.
“If you don’t do that it’s like having a piece of paper you might as well throw away.”