TIGTA: Lerner hard-drive crash likely due to "an impact of some sort"

What could happen in an IRS office on a Saturday evening to create “an impact of some sort” on a laptop hard drive? According to Lois Lerner, the computer mysteriously failed to operate when she returned to the office on Monday, June 13, 2011, but server data shows that the computer had been in communication with the office systems continuously until Saturday, June 11th, at least until 5 pm. The House Oversight Committee discovered this sequence of events from the Treasury’s Inspector General, whose testimony raises new questions about the hard drive failure that kept Congress from retrieving Lerner’s e-mails (via ATR):

Our investigation determined that on Saturday, June 11, 2011, between 5:00 pm and 7:00 pm, Ms. Lerner’s IRS issued laptop computer stopped communicating with the IRS server system. The IRS server system sends messages out to all of the network-connected computers every two hours. The last communication between Ms. Lerner’s laptop and the server system occurred around 5:00 pm, and at that time, based on consistent network reporting for more than a week, the laptop computer was likely located in Ms. Lerner’s office. The laptop failed to respond to the server at 7:00 pm.

On Monday, June 13, 2011, Ms. Lerner reported that she found her computer inoperable when she entered her office, and the malfunction was reported to the IRS Information Technology (IT) staff. The assigned IT specialist determined the hard drive had crashed, and following standard protocol, he placed a new hard drive in Ms. Lerner’s laptop. In addition to the hard drive, a Hewlett Packard (HP) contractor replaced the laptop’s keyboard, track pad, heat sink, and fan. When interviewed, both the IRS IT technician and the HP technician reported that they did not note any visible damage to the laptop computer itself. When asked about the possible cause of the hard drive failure, the HP technician opined that heat-related failures are not seen often, and based on the information provided to him, the hard drive more than likely crashed due to an impact of some sort. However, because the HP technician did not examine the hard drive as part of his work on the laptop, it could not be determined why it crashed.

On July 19, 2011, Ms. Lerner requested IRS IT to attempt to recover data from her crashed hard drive because, according to her, she had “personal information” on the drive. The IRS IT management agreed and requested assistance from the Internal Revenue Service Criminal Investigation Division (IRS-CI). After receiving the hard drive from the IT technician, the IRS-CI technician attempted, but was unsuccessful in recovering data, so he returned the hard drive to the IT depot at the IRS headquarters building for its ultimate destruction. According to the IRS-CI technician, he noted some scoring on the top platter of the drive, and he believed there were additional steps that could have been taken to attempt to recover data.

What a coincidence, Oversight chair Jason Chaffetz exclaims! If the time of the event is so narrowly deducible, why not take a look through the security data to see who came into the office that weekend? Well … not exactly, Deputy Inspector General for Investigations Tim Camus explains:

Attempts were made to determine if anyone entered Ms. Lerner’s office prior to the hard drive crash on June 11, 2011; however, the entry logs that would have recorded any entry into the building were destroyed by the building security vendor after one year of retention, or sometime in 2012. The destruction of the logs after one year falls within the vendor’s standard operating procedures.

Emphases mine in both excerpts. This may be SOP for the vendor, but if so, it makes little sense. Those systems would not have kept the entry/exit data on printouts but in digital storage, and there would be no good reason to have a retention policy of one year — at least, no reason in terms of storage issues. I left the retail security industry eight years ago, and we had stopped applying a one-year retention policy on records a few years prior to that, when our systems developed enough to keep all files in digital form (mostly when UL approved the use of non-hardcopy retention).

So, if this is true, and if the IRS initially said that the backup tapes were supposedly destroyed, then how did they eventually find the e-mails?  Camus said they employed an unusual procedure — they looked for them. While IRS Commissioner John Koskinen assured Congress that his organization was moving heaven and earth to find Lois Lerner’s work products, they actually didn’t start looking for more than a year after the scandal emerged. It only took them 15 days to locate the tapes after that (via Katie Pavlich):


On the lighter side, IRS officials still make pretty easy targets in this investigation. Newly-restored subcommittee chair Rep. Mark Meadows interrogated Camus about the confusion over the backup tapes, and determined that IRS officials may not be smarter than an average 5th-grader: