FREE ELECTRONIC LIBRARY - Abstracts, books, theses

Pages:   || 2 |

«Testimony of The Honorable J. Russell George Treasury Inspector General for Tax Administration and Timothy P. Camus Deputy Inspector General for ...»

-- [ Page 1 ] --




“IRS E-mails: Part II”

Testimony of

The Honorable J. Russell George

Treasury Inspector General for Tax Administration


Timothy P. Camus

Deputy Inspector General for Investigations

Treasury Inspector General for Tax Administration

June 25, 2015

Washington, D.C.









before the



“IRS E-Mails: Part II” June 25, 2014 Chairman Chaffetz, Ranking Member Cummings, and members of the full committee, We appreciate the opportunity to come here today to provide testimony on my agency’s investigation of the Internal Revenue Service’s (IRS) production of the emails of the former Director of Exempt Organizations, Ms. Lois Lerner, as well as our efforts thus far in recovering the missing e-mails.


On June 13, 2014, in a letter to the Senate Finance Committee, the IRS reported that as it was completing its document production for Congress concerning allegations that the IRS targeted certain 501(c)(4) applicants, it realized that the production of the emails of Lois Lerner had gaps. IRS officials reported that in their attempts to find missing e-mails, they determined that Ms. Lerner’s IRS laptop computer suffered a hard drive crash in June 2011, and therefore some of her e-mails could not be recovered.

The following Monday, June 16, 2014, the Treasury Inspector General for Tax Administration’s (TIGTA) Office of Investigations initiated an investigation into the circumstances surrounding the hard drive crash and the missing e-mails. One week later, on June 23, 2014, TIGTA received a letter from then-Chairman Ron Wyden and then-Ranking Member Orrin Hatch of the Senate Finance Committee requesting TIGTA to formally investigate the matter, including to “perform its own analysis of whether any data can be salvaged and produced to the committee.” Throughout our investigation, when appropriate, we have updated the tax-writing and oversight committees of Congress, including this Committee, concerning our progress in recovering the e-mails. However, during those updates, we did not discuss the investigation itself. As we are at the end of the investigative process, we are now in a position to provide information about our investigation.

TIGTA’s investigation included the interview of over 113 witnesses, some witnesses on multiple occasions, extensive document reviews, and the processing and analysis of over 20 terabytes of data. As a point of comparison, one terabyte of data is the equivalent of one million standard books.

There are six possible sources that were examined in an effort to recover the missing e-mails: Ms. Lerner’s crashed hard drive, the backup (disaster recovery) tapes, a decommissioned IRS e-mail server, the backup tapes for the decommissioned e-mail server, Ms. Lerner’s BlackBerry, and loaner computers that may have been assigned to Ms. Lerner while her laptop was being repaired.

Following a logical sequence, we will first provide our investigative findings about Ms. Lerner’s hard drive crash and the probable final disposition of the hard drive. Our investigation determined that on Saturday, June 11, 2011, between 5:00 pm and 7:00 pm, Ms. Lerner’s IRS issued laptop computer stopped communicating with the IRS server system. The IRS server system sends messages out to all of the networkconnected computers every two hours. The last communication between Ms. Lerner’s laptop and the server system occurred around 5:00 pm, and at that time, based on consistent network reporting for more than a week, the laptop computer was likely located in Ms. Lerner’s office. The laptop failed to respond to the server at 7:00 pm.

Computer Hard Drive

On Monday, June 13, 2011, Ms. Lerner reported that she found her computer inoperable when she entered her office, and the malfunction was reported to the IRS Information Technology (IT) staff. The assigned IT specialist determined the hard drive had crashed, and following standard protocol, he placed a new hard drive in Ms.

Lerner’s laptop. In addition to the hard drive, a Hewlett Packard (HP) contractor replaced the laptop’s keyboard, track pad, heat sink, and fan. When interviewed, both the IRS IT technician and the HP technician reported that they did not note any visible damage to the laptop computer itself. When asked about the possible cause of the hard drive failure, the HP technician opined that heat-related failures are not seen often, and based on the information provided to him, the hard drive more than likely crashed due to an impact of some sort. However, because the HP technician did not examine the hard drive as part of his work on the laptop, it could not be determined why it crashed.

On July 19, 2011, Ms. Lerner requested IRS IT to attempt to recover data from her crashed hard drive because, according to her, she had “personal information” on the drive. The IRS IT management agreed and requested assistance from the Internal Revenue Service Criminal Investigation Division (IRS-CI). After receiving the hard drive from the IT technician, the IRS-CI technician attempted, but was unsuccessful in recovering data, so he returned the hard drive to the IT depot at the IRS headquarters building for its ultimate destruction. According to the IRS-CI technician, he noted some scoring on the top platter of the drive, and he believed there were additional steps that could have been taken to attempt to recover data. IRS IT management determined the extra effort to recover data from Ms. Lerner’s hard drive was not worth the expense. It is critically important to point out that we determined the IRS does not track individual hard drives by their serial number(s), nor was the serial number recorded by the IT technician or the IRS-CI technician when they handled and examined Ms. Lerner’s hard drive.

On August 8, 2011, the hard drive was received back at the IT depot, and placed into a box with other failed hard drives and electronic equipment that IRS IT was gathering, bundling and holding for destruction by an IRS vendor. After August 8, 2011, the next identified bulk shipment of materials to be destroyed was on April 13, 2012.

Following the timeline, Ms. Lerner’s hard drive would have been in the April 13, 2012 shipment of materials sent for destruction. TIGTA traced this bulk shipment to the Marianna Recycling Facility in Marianna, Florida. This facility is operated by the Federal Prison Industries, Incorporated, also known as UNICOR, a Federal Bureau of Prisons sponsored program. We determined by obtaining the certificate of destruction dated April 16, 2012, interviews with the facility manager, and a search of the facility, that this shipment of hard drives was destroyed using an AMERI-SHRED AMS-750HD shredder.

TIGTA agents observed the shredder in operation and noted that the shredder cut the inserted hard drives into quarter-sized pieces, and according to the facility manager, those pieces are then sold for scrap.

As the hard drive was likely destroyed at the UNICOR Recycling Facility in April 2012, it was not available for TIGTA’s e-mail recovery efforts or further examination of it to determine the cause of the hard drive failure. Attempts were made to determine if anyone entered Ms. Lerner’s office prior to the hard drive crash on June 11, 2011;

however, the entry logs that would have recorded any entry into the building were destroyed by the building security vendor after one year of retention, or sometime in

2012. The destruction of the logs after one year falls within the vendor’s standard operating procedures.

Backup (Disaster Recovery) Tapes

The IRS manages the e-mail for its approximate 91,000 employees by routing the e-mails through Microsoft Exchange Servers that are backed up periodically using backup tapes. These Microsoft Exchange Servers, save e-mail data to large data arrays, which consist of hundreds of hard drives that are placed into server racks. Until May 2011, the e-mail server that handled Lois Lerner’s e-mail traffic was located at the New Carrollton, Maryland, Federal Building. In May 2011, the IRS migrated its e-mail processing from the e-mail server at New Carrollton to a new e-mail server located at the IRS’s Martinsburg, West Virginia, Computing Center. After migrating its e-mail system to Martinsburg, the IRS turned off the e-mail server at New Carrollton, but left it in place. Early in the investigation, an interview with the IRS Director of Data Management Support and Services revealed that it was his team’s belief that the New Carrollton e-mail server hard drives and backup tapes had likely been destroyed.

On June 30, 2014, TIGTA demanded that the IRS provide all backup tapes used to back up Ms. Lerner’s IRS e-mail account, specifically all backup tapes used for emails during the time period of January 1, 2008 through December 31, 2011. These date ranges were selected to ensure that we obtained any overlapping e-mails or accounted for mid-year equipment changes. As a result of this demand, on July 1, 2014, the IRS identified 744 backup tapes that met this criterion and TIGTA took possession of all of them.

With regard to nine of the 744 backup tapes, based on how they were configured in the backup machine, the IRS was unable to determine the dates they were used. As a result, IRS technicians believed it was possible that the nine tapes had been untouched for years and thus could contain clear data relevant to the investigation. As TIGTA did not have the necessary unique hardware to examine the nine tapes, they were provided to the Federal Bureau of Investigation (FBI) for determination as to whether they contained any data and, if so, to retrieve it. After the FBI analyzed the nine tapes, they reported all nine contained no logical information. TIGTA then provided those same nine tapes to a recognized industry leader on electronic data recovery, and they confirmed the FBI’s findings.

After confirming the initial nine tapes contained no logical information, and fearing that the remaining 735 tapes were overwritten, TIGTA interviewed the IRS executive in charge of the IRS e-mail backup program, his staff identified the specific backup tapes that would contain the earliest copies of Lois Lerner’s e-mail box. The backup tapes consist of five sets of tapes. These five sets were created in sequential weeks from November 20, 2012 through December 25, 2012.

We hand carried the backup tapes to the recognized industry expert for data recovery and extraction. After their examination and extraction of data, they provided TIGTA with Exchange Database files from these tapes. On November 13, 2014, TIGTA searched the database files and identified the first Lois Lerner e-mail box. As expected, the backup sets contained one Lerner e-mail box per set for a total of five mailboxes. At the conclusion of the process, TIGTA identified 79,840 Lois Lerner e-mails, of which nearly 60 percent were duplicates. Our removing of the duplicates resulted in approximately 32,774 Lois Lerner unique e-mails.

In order to determine if any of the e-mails had not been previously produced to the Congress, and were therefore new information, TIGTA compared the recovered emails to the e-mails the IRS produced to Congress. This proved to be a significant technological challenge even using state-of-the-art software. When the IRS produced its e-mails to Congress, the process they used to prepare the e-mails modified some of the necessary data elements to an extent that made the possibility of a discreet comparison infeasible. TIGTA agents created a specialized programming script and initially identified as many as 6,400 e-mails that appeared to have not been provided to the Congress. We provided these 6,400 e-mails to the requesting Committees of Congress with authority to receive return information under section 6103 of Title 26, the Department of Justice (DOJ) for their review in their ongoing investigation, and the IRS.

We are currently reviewing them and redacting return information for production to the non-tax writing committees. In addition, we manually compared the 6,400 e-mails to the e-mails that were previously produced by the IRS to Congress and we removed the obvious spam e-mails. At the conclusion of this manual review process, we determined that over 1,000 e-mails that were recovered by TIGTA were not previously provided to Congress, DOJ, or TIGTA. A review of these new e-mails did not provide additional information for the purposes of our investigation.

Decommissioned E-mail Server

On July 11, 2014, TIGTA agents were informed by IRS management at the Martinsburg Computing Center that they had located the hard drives from the decommissioned New Carrollton e-mail server and that they were not destroyed as previously reported. On the same day, TIGTA secured the 760 hard drives that are believed to have been part of the old, decommissioned New Carrollton e-mail server.

We conducted a preliminary examination of a limited selection of the hard drives and determined, based on information that could be seen from these hard drives, that more than likely, these were from the e-mail server that processed Ms. Lerner’s e-mails from mid-2011 and prior.

The e-mail servers process and keep copies of e-mail traffic on the hundreds of drives that are specifically positioned in server racks; however, the IRS did not retain a record of the layout indicating where each of the specific hard drives was positioned in the racks. Without understanding the exact order in which the hard drives were placed in the server racks, finding any complete and relevant e-mails would be very difficult and labor-intensive. In addition, if any of the hard drives are damaged, it could potentially be near-impossible to recover any usable e-mails. We determined that due to the nature of the technological challenge and the sheer number of server drives to be examined, we needed to use a recognized industry expert on data recovery to examine and recover data from the server drives. The expert was able to recover a portion of the e-mail data from some of the hard drives. The expert did not find Lois Lerner e-mail boxes, but they did find e-mail boxes for four of the identified information custodians and one other individual who had a significant amount of e-mail traffic with Ms. Lerner. Examination of these mailboxes resulted in the identification of 58 new e-mails not previously produced to Congress.


On June 13, 2013, TIGTA took possession of Ms. Lerner’s BlackBerry and although the forensic recovery of the BlackBerry produced 2,972 e-mails. After performing a comparison to the e-mails the IRS previously produced to Congress, the examination of the BlackBerry produced 190 new e-mails, of which 169 are from after 8:30 am on May 16, 2013. Six of the 190 e-mails mentioned Exempt Organizations business matters, but they were not otherwise pertinent to the investigation. The investigation determined that Ms. Lerner was issued the BlackBerry on February 14,

2012. TIGTA’s records research and interviews indicate that the BlackBerrys issued to Ms. Lerner prior to February 14, 2012, were more than likely destroyed in conformance with IRS policy.

Loaner Computers

TIGTA forensic agents located and examined the 10 laptops that were used as loaners when IRS employees in the Washington, D.C., area suffered laptop failures.

Pages:   || 2 |

Similar works:

«FINAL MINUTES 12 December 2012 FINAL MINUTES WEDNESDAY 12 DECEMBER 2012 Table of Contents Folio Date Particulars 25256 12.12.2012 Ordinary Meeting Minutes 25346 31.11.2012 Community Services Highlights & Significant Issues Report for November 2012 25375 12.12.2012 Adoption of Pioneer River, Gooseponds/Vines Creek and Combined Gooseponds (including Pioneer River) Flood Study Reports 25378 12.12.2012 Mackay Regional Council Pest Management Plan 25448 20.08.2012 Minutes Local Disaster Management...»

«CLERKS REPORT OF THE ANNUAL MEETING OF THE NORTHPORT VILLAGE CORPORATION ANNUAL MEETING AUGUST 9, 2016 The Annual Meeting of the Northport Village Corporation was held on Tuesday, August 9, 2016, at 6:30 p.m. in the Bayside Community Hall with approximately 74 voters present. The Clerk opened the meeting by reading the Call and Return on the Warrant. The Annual Warrant had been posted in five locations within the Village, and in the newspapers. The Warrant and Clerk’s report of the Annual...»

«Texts and Practices Texts and Practices provides an essential introduction to the theory and practice of Critical Discourse Analysis. Using insights from this challenging new method of linguistic analysis, the contributors to this collection reveal the ways in which language can be used as a means of social control.The essays in Texts and Practices: • Demonstrate how Critical Discourse Analysis can be applied to a variety of written and spoken texts. • Deconstruct data from a range of...»

«Consumer Package Labeling Guide: Selling by Weight Kathryn M. Dresser National Institute of Standards and Technology Weights and Measures Division Gaithersburg, MD 20899-2600 U.S. Department of Commerce Carlos M. Gutierrez, Secretary Technology Administration Michelle O’Neill, Acting Under Secretary of Commerce for Technology National Institute of Standards and Technology William A. Jeffrey, Director 1020-1 NIST SP August 2005 Certain commercial entities, equipment, or materials may be...»

«No. 102,249 IN THE COURT OF APPEALS OF THE STATE OF KANSAS STATE OF KANSAS, Appellee, v. ROBERT SILHAN, Appellant. SYLLABUS BY THE COURT 1. A court may permit a defendant to withdraw a plea after sentencing and may set aside a judgment of conviction to correct manifest injustice. Manifest injustice has been defined as something obviously unfair or shocking to the conscience. 2. An appellate court reviews a district court's denial of a postsentencing motion to withdraw a plea under an abuse of...»

«Edward Chaney, R.B. Kitaj (1932-2007): Warburgian Artist EDWARD CHANEY R.B. Kitaj (1932-2007): Warburgian Artist ABSTRACT This essay examines the influence of Aby Warburg and the Warburg Institute, as mediated by Edgar Wind, on R.B. Kitaj from the late 1950s until his death in 2007. It is based on research in the National Portrait Gallery, the Warburg Institute Archive, the Wind archives in Oxford, Kitaj’s unpublished autobiography and correspondence between the author and the artist dating...»

«Thyroid Cancer Overview The information that follows is an overview of this type of cancer. It is based on the more detailed information in our document, Thyroid Cancer. This document and other information can be obtained by calling 1-800-227-2345 or visiting our website at www.cancer.org. What is thyroid cancer? Cancer starts when cells in the body begin to grow out of control. Cells in nearly any part of the body can become cancer, and can spread to other areas of the body. To learn more...»

«UK Renewable Energy Roadmap Update 2012 27 December 2012 UK Renewable Energy Roadmap Update 2012 UK Renewable Energy Roadmap Update 2012 Contents Ministerial Foreword Executive Summary Introduction Background: Renewables Roadmap Purpose of Roadmap Update Analysis on Progress and Changes Energy Demand Projections Deployment of Renewable Energy to 2020 Technology Cost Projections Jobs & Investment Renewable Electricity Solar PV Renewable Heat Renewable Transport Cross-border Energy Trading and...»

«Patuxent Wildlife Research Center North American Breeding Bird Survey 12100 Beech Forest Road Laurel, MD 20708-4038 www.pwrc.usgs.gov North American Breeding Bird Survey MEMORANDUM TO COOPERATORS SUMMER 2016 CONTENTS BY PAGE: 1 — NEW OBSERVERS WELCOME 4 — ROUTE PROBLEMS 2 — 2015 ROUTE COVERAGE 4 — PARTICIPANT MILESTONES 4 — COORDINATOR UPDATES 5 — NOTES FROM THE FIELD NEW OBSERVERS WELCOME If this is your first year, thank you for joining the flock of thousands who make the BBS a...»

«Dell PowerEdge C6145 Systems Hardware Owner’s Manual Regulatory Model B05S Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better user of your computer. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Information in this publication is subject to change without notice. © 2011 Dell Inc. All rights...»

«The Body Unmasked: The Uncanny and Masked Acting A THESIS SUBMITTED TO THE DEPARTMENT OF GRAPHIC DESIGN AND THE INSTITUTE OF FINE ARTS OF BİLKENT UNIVERSITY IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF FINE ARTS By Gülru Çakmak May 2001 I certify that I have read this thesis and that in my opinion it is fully adequate, in scope and in quality, as a thesis for the degree of Master of Fine Arts. _ Assist. Prof. Dr. Mahmut Mutman I certify that I have read this thesis...»

«GUILDFORD COAL LIMITED CHAIRMAN’S ADDRESS TO ANNUAL GENERAL MEETING 28 NOVEMBER 2013 A. INTRODUCTION Ladies and Gentlemen, Good morning. Welcome to the 2013 Annual General Meeting for Guildford Coal Limited. Let me introduce myself. I am Alan Griffiths, Acting Non-Executive Chairman of the company, Chairman of the Remuneration Committee and Chairman of the meeting. As we have a quorum, being a minimum of 5 shareholders, I declare this meeting open. After making my preliminary comments and...»

<<  HOME   |    CONTACTS
2017 www.sa.i-pdf.info - Abstracts, books, theses

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.