Search for e-mails may be fruitless
When questioning the White House claim that some sensitive e-mails from officials there might have disappeared for good, Democrats can cite any number of high-profile computer users who once thought the same -- from Oliver North to Bill Gates.
“You can’t erase e-mails, not today,” said Sen. Patrick J. Leahy (D-Vermont).
But security experts interviewed Friday disagreed. As the number of e-mails sent has soared, they said, companies have become more rigorous in wiping out old records. As a result of the increased hassle and storage costs, electronic messages that used to last on computer servers indefinitely can now vanish after a month.
“You cannot make the assumption that all e-mails today are kept somewhere,” said James Butterworth of Guidance Software Inc., which makes computer forensic tools. “You never know how the infrastructure is going to handle it.”
Still, Democratic and Republican leaders have found themselves in a highly charged technological debate, stemming from their dispute over the propriety of the dismissal of eight U.S. attorneys.
Congressional Democrats sought evidence about the firings contained in e-mails from presidential advisor Karl Rove and others. But the investigators learned that some messages had been sent from a system run by the Republican National Committee, instead of the official White House system that automatically saves copies.
The White House and the RNC said they were looking for versions of the messages but made no promises of success.
In previous scandals, damaging e-mails regularly resurfaced.
While a White House aide in the 1980s, North deleted e-mails that revealed his role in the Iran-Contra affair, only to see them discovered and used by congressional investigators.
Microsoft founder Gates felt secure enough to entertain competition-bashing e-mails that later haunted the company in its antitrust trial.
The history of embarrassing e-mail is so rich, in fact, that when companies say they can’t find old e-mails, many juries and judges assume they are lying.
Brokerage Morgan Stanley & Co., for example, paid $15 million last year to settle regulators’ claims that it repeatedly failed to turn over messages needed for conflict-of-interest inquiries.
Yet the technology is changing with the times.
Many companies now make it a policy to get rid of all deleted e-mails after 30 or 90 days.
For consumers wondering how long their correspondence lives on, the Internet service providers that control the routes through which e-mail travels may expunge sent and deleted messages in less than a week.
Network Solutions purges deleted e-mails after just a few hours, said Pete Fox, senior vice president of engineering. Then it’s really, really gone.
“We do it very consciously, because we didn’t want to get in a situation where government entities come asking for people’s deleted e-mails,” Fox said.
When an AOL user hits the delete key, the message is sent to a file called “Recently Deleted E-Mail.”
It sits there for three days, then vanishes, AOL spokesman Andrew Weinstein said.
Microsoft said purged Hotmail messages disappear from servers immediately.
Financial services companies and others may have more stringent rules on retaining data. Businesses facing lawsuits are now required to act quickly to preserve e-mail, but most other firms have wide latitude to set their own retention policies.
“Companies are getting more sophisticated about not holding onto things forever, so they’re not spending millions of dollars on storage,” said James M. Aquilina, a former federal cyber-crime prosecutor now at Stroz Friedberg, a digital evidence consulting firm in Los Angeles.
On the other hand, sometimes even company officials do not know where, how and for how long their e-mail is stored.
The company might have a strict 30-day e-mail deletion policy and still keep backup tapes for years, said technology lawyer Michael R. Overly of the Los Angeles office of Foley & Lardner.
The only certainties are that there are many places to look for missing e-mails and that only a very sophisticated probe will show whether a given scrap can be found, regardless of how recently it was sent.
“There’s been expectations that we could find it, when only 30 days had gone by, and we couldn’t,” said Butterworth, the computer forensics expert. “Conversely, I’ve done an investigation of e-mail from 2 1/2 years earlier and said I didn’t think it was going to be there, and lo and behold, it was.”
Scott Shinn, a private forensic expert who recovered deleted e-mail from the Clinton White House, said investigators would have to be talented and lucky to find mail from as far back as Congress wants to go.
Shinn said the proper first steps would be to make copies of the computer hard drives of Rove, the other aides and anyone they might have e-mailed, along with the servers that processed that mail.
Investigators should do that “right now, immediately,” Shinn said. “Today, not tomorrow or Monday.”
After that, the places to look include backup tapes and the computers used to install improvements throughout the involved office networks. Those machines sometimes contain a snapshot of what was being stored at the time of the last upgrade.
Even after looking everywhere, Butterworth said, the odds of recovering old mail are much lower than previously.
“Mail from 2004, 2005, even in the beginning of 2006, I would not expect to find,” he said.
michelle.quinn@latimes.com
