Recent reports from Forrester Research and Secure Computing, an enterprise security firm, find that e-mail security is lacking in organizations of all sizes. No company is immune to the risk workers present when they do not follow security protocols – or worse, when no such measures are in place. This issue is so pervasive it spreads all way to the U.S. government.
The House Oversight Committee currently is investigating what the White House has referred to as "an undefined number of [missing e-mail] messages [from] March through May of 2003," said e-mail expert David Gewirtz.
Gewirtz explores what he calls the government's "worse practice" IT processes in his book, Where Have All the Emails Gone? Earlier this year, however, the White House changed its story on the missing e-mails. In a Jan. 17 press briefing, Deputy Press Secretary Tony Fratto said, "[We] have no evidence that shows that anything at all is missing."
What's Wrong at the White House?
During the investigation of the White House e-mails, a number of its IT practices have come to light – and some people are worried. A March New York Times editorial stated, "The threat to the nation's historical record is severe."
Shortly before the U.S. invasion of Iraq in 2003, the White House decided to switch from Lotus Notes to Microsoft Exchange. It has pointed to this migration a possible source of confusion about the location of e-mails.
Another possible cause for misunderstanding is many of the White House staffers' messages go through an entirely different system in order to comply with the Hatch Act of 1939. That law prohibits partisan communications from taking up White House resources. So the current administration does much of its correspondence through the Republican National Committee (RNC) e-mail system.
"By sending messages outside the systems, you're sending messages outside the government security," said Gewirtz. Another concern with the Hatch Act involves record management, "and that is great because you send your messages through [the RNC] system, and those messages are no longer being archived or managed in any way."
Press Secretary Dana Perino tried to explain the RNC e-mail archiving system in April 2007: "You [government staffers] should figure out a way to preserve those [RNC] documents, either by printing them out or saving them in some way on your computer or CC-ing yourself."
Gewirtz said he finds this practice completely inappropriate. "The archiving system isn't an archiving system," he said. "It is a worse practice at this point."
To ensure security and archiving in the government's e-mail affairs, Gewirtz recommends revisiting the Hatch Act. "I strongly believe the Hatch Act needs to be modified to require both the full security resources of the United States government being used for things" such as senior staffers' e-mail correspondence.
He also recommends the creation of a special IT detail that spans administrations. Gewirtz proposed an "Electronic Communications Protection Detail" to protect and maintain vital governmental information.
The professionals in this detail would be in place indefinitely instead of changing with administrations, he said. "The new CIO who is at the White House now who is testifying about this stuff has only been there for a year and a half. So there is nobody who is currently testifying before Congress who has any firsthand information about what actually went on back in 2003."
Gewirtz said it is important to have permanent IT policies in place, and the CIO cannot change with each administration. "What we can't have is a new administration coming and yanking out all the command-and-control systems in the middle, for example, of a build-up to war, as happened this time."
Gewirtz feels archiving is vital to future administrations, and the White House needs a proper archiving procedure. "The issue is we need to archive these messages," he said. "A future administration may desperately need something out of them."