Featured Post

Our Public Records Laws are Broken

I’ve seen a few conversations going back and forth on the Internet about “the Bush email scandal was old news and they got those emails back anyway”.  Also, “The Bush email scandal wasn’t anything like this Clinton one”.  See here, and here for examples (astonishing spoiler alert: Karl Rove tells untruths.)

I’ve followed the story somewhat thoroughly since it broke, so I can unpolish some of the rhetoric.

There are a couple incidences of Freedom of Information Act (FOIA) or Public Records Act (PRA) controversies in the George W. Bush Administration.

The most notable were this one (alternatively reported on as “Bush Administration loses 22 million emails“, or “Bush Administration loses 5 million emails“, among other titles), and in a different incident when Dick Cheney asserted (IMO ridiculously) that the Vice President’s office was not covered under the PRA.

But that’s a story worth rehashing all on its own.

Regarding this one, and whether or not it is analogous to Hillary Clinton’s use of a private email server:

This specific incident involved several members of the George W. Bush Administration allegedly using a non-governmental email service, specficially one run by the RNC.

This story came about when it was revealed that some members of the Administration were using this to (again allegedly) discuss the dismissal of several attorneys.  Originally the reports were “a few”, then “a handful” of Administration folks were using these accounts.

During the course of the investigation, it was revealed that a total of 88 accounts were given to members of the Administration, and it was also reported that at least one of those members (Karl Rove) used his RNC account almost exclusively, and finally that an unreported but possibly substantial amount of administration business had been done using those accounts rather than White House information systems (no, Karl, the RNC server was never “swept and copied” to the Administration).

The number “lost” has been alleged at various times to be between 5,000,000 and 22,000,000.

The “lost” definition is important. They were never really “lost” in the way most people understand the term.

It has been reported that, by policy, the RNC did not back up at least 51 of the 88 accounts given to Administration officials.

It has also been reported that until 2004, the RNC email policy was to delete anything older than 30 days.

You can square those two reports in lots of different technical ways, so I’m uncertain what the RNC policy actually was, at a programmatic level. There are lots of ways to schedule archives, backups, and auto-removal of data.


Two groups sued the RNC, under the understandable logic that even if the RNC *did* delete the mails on the server when the age of those individual emails hit a 30 day window, that backups running on schedule *inside* that window would have preserved some or all of those emails, during the snapshots of those backup windows.

To describe how this works, imagine your server is set to back up some or all of its data archive on the 15th of every month. You receive an email on the 10th. You read it, but you don’t delete it. On the 15th, the backup runs, and it makes an archive that includes that email. Fifteen days later, that email is deleted by the mail server, because it was 30 days old. However, the email server does not delete copy of the email in the backup.

Now, this gets very much more complicated, because your email backups can be scheduled to over-write previous backups, or you can keep a certain number of backups but not all of them (say, you keep the last three, but only the last three and throw older ones out, etc.)

But in practice, very often your official policy (delete emails every 30 days) is not actually what the technical policy encodes.

(Protip for the non-technical: it is very difficult to force the Internet to forget things.)

So, back to the story, the two groups sued and the RNC settled.

The settlement agreed upon was reported by CNN:

“Monday’s settlement allows for 94 days of e-mail traffic, scattered between January 2003 to April 2005, to be restored from backup tapes. Of those 94 days, 40 were picked by statistical sample; another 21 days were suggested by the White House; and the groups that filed suit picked 33 that seemed ‘historically significant,’ from the months before the invasion of Iraq to the period when the firings of U.S. attorneys were being planned.” [1]

It isn’t clear from the CNN reporting if the “94 days” are 94 discrete backups, or if they are restores of those particular days’ incoming and outgoing mail, or what.

I don’t have the text of the actual settlement, so I can’t assess the technical value of what they settled *for*. CNN reported, in that same story, that “22 million emails were recovered”, as did Wired and the Associated Press… but that’s not necessarily accurate at all (in fact, it’s very likely inaccurate).


If those “94 days” were “94 discrete backups”, there may or may not be a lot of overlap in the number of emails (the same email may be counted multiple times)… and there may be emails that weren’t in any of the individual backups… and of course the likelihood that the 22 million figure came out of the reporter’s head rather than the technical number of restored records is… pretty high. I doubt the tech guys actually reported that all of the emails were “found”, because they… wouldn’t know, for a while.

The two groups (Citizens for Responsibility and Ethics in Washington and some other group I can’t recall off the top of my head) then were reported to have handed all of that off to the National Archives, which would handle processing all of the mail.

This is actually appropriate, because it’s the job of the National Archives to archive the Executive Branch communications under the PRA, but not their job to archive or disseminate any *non* Presidential-office-related material… and it is certainly likely that the 94 days worth of archive files that the RNC provided included things like fundraising and RNC-specific communications, which would have to be removed from the record (probably explicitly by the terms of the settlement agreement).

It was reported that this would take “several years”, at least until 2014, but I haven’t seen any actual evidence of what the end result of the restore looked like, and as near as I’ve been able to determine it hasn’t been reported on in years.

The story went into the hole of things that are no longer reported upon by the national media.

Now, the $64,000 question, of course:”Is this like or not like what Hillary Clinton was doing with her email server?”

First, it is not credibly arguable that Alberto Gonzalez didn’t know that they were doing this, which was pretty clearly in violation of the Presidential Records Act (IMO). This was one of his (many in my opinion) clear breaches of ethical duty.  It also strains my credulity to the breaking point that every person involved knew that the RNC email server was set to delete everything older than thirty days (although they were undoubtedly all very surprised to find out that backups existed of some of that material).

Abramoff actually was reported to have said that the reason they were using the RNC server was that it wasn’t subject to the same legal process as the official White House communication network, so there’s a pretty obvious indicator that this wasn’t accidental.

The assertion that this was “an archive problem” is not at all currently supported by the record. Sorry, Darrell Issa.  I misbelieve you.

The actual record is that

  • The RNC had a specific policy of actually deleting information on a routine basis, and
  • There is more than some evidence to suggest (credibly) that this was the reason those 88 accounts were created in the first place, and finally
  • This was pretty clearly a direct attempt to circumvent the PRA and the FOIA.

It was, in my opinion, essentially, precisely the same thing Hillary Clinton did: use a non-governmental service rather than an administration one primarily to retain control over which pieces of information were accessible to the National Archives or via a PRA or FOIA request.

Plain and simple.

This is independent to the question of handling of classified information, certainly. One can regard the Clinton case as egregious because she was handling national security documents, but there is (at the present time) no reason to clear the GWB administration of the possibility that they were doing that, either. Karl Rove was kept from testifying before Congress on Executive Privilege grounds, so unless/until all of that email is made public, we have no idea what folks were sending on the RNC server, either.

The assertion that “they’ve all been restored”, which is currently going on in the right-o-sphere, is also not currently supported by evidence. The results of the settlement were reported, but not the results of the analysis of the data that was handed over by the RNC in accordance with the settlement.

On the other hand, it’s entirely possible that most of them have been restored, I just don’t know. But nobody who is claiming that they have been does, either.

On the other, other hand, it is very very likely that immediately following that settlement all other backups that weren’t in the agreed-to-be-handed-over list were immediately and securely destroyed, so if something is still missing, we will very likely never get it back.


What to do?

Well, what do we have?  We have a collection of bipartisan cases of elected and appointed officials using non-government communication services to bypass public records laws.

I will note that public records laws are not criminal statutes, so elected and appointed officials bypassing public records laws are a poster child for “relatively toothless legislation”.

A very large number of American citizens, interested in open and transparent government, would very likely roundly applaud Congress actually producing a bill that makes it explicitly illegal for any federal government official to engage in official communications using email or telephone services that are not owned and operated by the federal government.

I don’t know if Congress has just failed to notice this, but there has been no workable, explicit federal law to this effect, for a while now (!) and both parties have had multiple opportunities to initiate changes to the law.

There’s nothing stopping Congress from introducing a bill right now. Congress: You can originate legislation, remember?

As someone who holds elected office (albeit at the local level), I’m actually quite sympathetic to the idea that it is very difficult to *stop* folks from sending you requests regarding your office to your unofficial, non-governmental contact locations.

I’m also keenly aware of the deep and pervasive chilling effect it has upon elected and appointed officials to know that at just about any time, any old citizen can file a request that can cause some email that you authored in a moment of frustration or irritation to wind up being included in an archive, selectively plucked out, and splashed across some front page to show how nefarious you are.

Still, if you’re dedicated to completely aboveboard behavior, try to fix it!  Or at least have a conversation about the problem, honestly, without the bipartisan witch hunt overtones?

Forgive me if I think that current Congressional behavior is entirely driven by partisanship, not principle…

… given not only their deafening silence on the previous Administration’s data records shenanigans

… but *more importantly* their complete lack of legislative attention to suggesting any actual remedies to the alleged problem.

Congress’s primary job is to author legislation, not investigate the Executive Branch. We have several bipartisan (!) cases… actual empirical evidence that *the existing law is insufficient*, right?

Maybe if someone authored some explicit legislation, we’d have fewer cases?

Just a thought.

(image credit)

Home Page 

Patrick is a mid-40 year old geek with an undergraduate degree in mathematics and a master's degree in Information Systems. Nothing he says here has anything to do with the official position of his employer or any other institution. ...more →

Please do be so kind as to share this post.

41 thoughts on “Our Public Records Laws are Broken

  1. While it’d be a great thing for Congress to act on I think ruling class nihilism ensures it will never happen. The last thing anyone wants to do is write a law increasing government accountability. Any Rep or Senator with any ambition knows that it one day might be used against them.

      Quote  Link


        • Brexit is not, in my mind, a case against citizen initiatives. While the outcome is not ideal, the vote was a signal that elected officials were not listening well enough to all of their constituents.

            Quote  Link


          • That’s my opinion as well. The fact that a referendum may have disagreeable results sometimes doesn’t mean they have no place in how government works. It’s not like elected officials never craft bad laws or policies themselves.

              Quote  Link


            • Politicians are human, at least, most of them probably rise to that distinction, so they are certainly prone to all the foibles – confirmation bias, echo chambers, self-delusion, etc. One of the things our political system lacks is a concrete way to express public approval or displeasure beyond opinion polls. Ideally we should just simply vote the guy out, but that isn’t as clear a message as many like to believe. Sometimes, a referendum, even if it isn’t binding, is a way to send a clear message that something needs to happen, or that something should most decidedly NOT happen.

                Quote  Link


          • What I have found surprising is that national referenda on long-term and consequential changes to a society can pass on a simple majority (50% + 1). Examples include Brexit, Quebec withdrawing from Canada, or Scotland from the UK.

            I would think that for changes of this deep impact, a supermajority of, say, 60% or better would be required as a measure of national consensus…

              Quote  Link


            • There is something to that, although how to objectively determine what kind of referendum would pass on a simple versus a super majority would be a political furball. I mean, a citizen bill demanding government transparency isn’t something that should require a super majority, but I could see withdrawing from a treaty as something that should.

                Quote  Link


              • My problem is that the dynamic always seems to work like signing up for cell service or cable television or whatever.

                It always seems to only require 50%+1 to sign up for Comcast.
                Saying “I’d like to cancel Comcast service” always seems to require 60%, or 66.67%, plus a cancellation fee, oh, and you’re racist.

                  Quote  Link


              • The best way to handle that I think is to use multiple referenda. For example, had I been designing the Brexit referendum, I would have had a simple “in or out” vote first, followed by negotiating an agreement-in-principle to exit with the EU, and then putting that specific deal to the vote in another referendum.

                That gives the voters a concrete proposal to vote on, but the first vote ensures that you don’t go to the trouble of negotiating an exit unless there’s public support for doing so. It also ensures that there must be sustained public interest in exiting the EU, since two yes votes separated by a year or two would be required to actually exit.

                  Quote  Link


                  • The difficulty is getting the rest of the EU to go along. If the Commission sticks to its “we don’t do hypotheticals, if you want to negotiate exit terms send us an Article 50 notification and start the two-year timer” guns, the multiple-referendum strategy doesn’t work.

                    Having watched referendums and initiatives for most of my life, and being strongly in favor of them in general, I would note that the voters certainly don’t have a monopoly on making stupid choices. But super-majorities are probably an important thing for one-shot irreversible decisions.

                      Quote  Link


                • While you just described a reasonable process to leave the EU, there’s no any evidence the EU would actually play along with it. Right now, they’re refusing to do any negotiating until the button is pushed for the two-year window, it’s hard to see why they would have done any different if the UK had *scheduled* that.

                  The EU wants *all* the power in the negotiation to leave. That means they want a two-year ticking clock running the background the entire time.

                  Granted, if you don’t want the UK to leave the EU, it’s a plausible-sounding structure that would result in the UK staying, because the negotiations at the time of voting would be ‘We could not negotiate anything at all’.

                    Quote  Link


              • Honestly, I might just say “all referenda require a 55% percent majority to change the status quo”, on the assumption that anything that winds up on the ballot is important and 50%+1 is vulnerable to noise on close decisions.


                But that most things probably aren’t important enough to merit a 60% requirement. That is, we want a clear majority (obviously greater than 50%), but don’t need a genuine supermajority.

                  Quote  Link


    • There is more than something to this argument.

      And it isn’t entirely embedded in nihilism, either. There are principled arguments to be made that some constituents will be less forthcoming if their input is all on the record.

      But an actual conversation about this is probably loads better for our political discourse than the current default of shoddy law that gives partisans cover to have endless investigations into actions that are likely not going to be able to be meaningfully prosecuted.

      This is independent of the conversation about actual national security documents, which… we probably still want to be handled differently for politicians than career security or military personnel.

        Quote  Link


      • I don’t entirely disagree, and I tried to speak to that in my response below to Jaybird. I could live with delays in disclosures, or temporary secrecy provided there’s a regular system that promptly and reliably, if not immediately, brings things to light. Maybe it’s just my attorney ways but there are also times for in person conversations where certain thoughts aren’t put to writing. I’m sympathetic to off the record discussions when needed and a good leader should know how to distinguish that.

        That said my position is based on my view that our government is too opaque, not too transparent. I’m more worried about citizen ignorance of official activity than I am about a politician or bureaucrat having an embarrassing or sensitive email disclosed.

          Quote  Link


  2. Given what’s happening with Hillary Clinton at the moment, I am of the opinion that there isn’t really a way to give a law of this nature teeth. That is, it is highly unlikely that you can provide genuine consequences such that a member of the government will choose not to use an external service for official or semi-official communications. Probably the best you can do is make it literally impossible. Of course, the question then is, do you want to? Is it appropriate that members of the federal government not be allowed private email accounts? Probably, but I could see arguments against.

      Quote  Link


    • We all know that our leaders will need to discuss very, very unpleasant things and make very, very unpleasant compromises with very, very strange bedfellows in order to get things done.

      The thought that “hey, these deals will be recorded in some form” will keep some of those sausages from being made and that forces one of two reasonable outcomes:

      1. Let’s not make that deal
      2. Let’s make that deal in a place where nobody who doesn’t already know about very, very hard truths will be able to get their hands on the artifacts related to the sausages getting made

      And the people who do 1 tend to lose elections if they don’t lose the primaries. Why?

      Because people like the sausages.

        Quote  Link


      • I think that issue is something that can be addressed with statutes of limitations and normal sunsetting of classification protocol. To me it’s more the allergy to any type or accountability that prevents positive change. The government has just convinced us there’s something noble in its secrecy, and finding out what it does behind closed doors, even many years later, could jeopardize our safety because terrorism, etc.

          Quote  Link


      • Absolutely sausages will be made. I’m not trying to claim that we’ll lose any sorts of dried meat to proper records laws, just that Hillary Clinton is a human and presumably occasionally sends and recieves emails about, say, a friend’s child graduating from college, and I think it’s reasonable that that not automatically be recorded on the assumption that, Clinton being an officer of the government, every word she speaks is government business.

          Quote  Link


      • People like sausages, and there are also people who like being sausage-makers.

        And I’ll allow as how they genuinely believe that the world is a better place for sausage having been made and them having made it.

          Quote  Link


    • I think part of the answer to “do you want to?” is “Do you want them to be able to do their jobs?”

      There’s an argument to be made wrt to politicians, but if we are talking all federal employees, esp. those in State who may well find themselves in god-knows-where with limited access to internet communication, let alone secure US govt servers (and State’s are notoriously bad and out-of-date b/c congress has refused approving upgrades for almost 20 years), how do they transmit something that can’t go by phone? If it’s time sensitive they are faced with a choice between following protocol or doing their jobs.

      Hillary may have been the only one with a private server, but she was far from the only one using private e-mail, and in many cases that wasn’t to avoid FOIA or PRA but simply to be able to send e-mail at all.

      So if we make this rule that only govt servers can be used, we also need to provide the funds to make those servers *useable* where and when they are needed.

        Quote  Link


  3. “I’m also keenly aware of the deep and pervasive chilling effect it has upon elected and appointed officials to know that at just about any time, any old citizen can file a request that can cause some email that you authored in a moment of frustration or irritation to wind up being included in an archive, selectively plucked out, and splashed across some front page to show how nefarious you are.”

    Welcome to anyone who works for a corporation’s electronic life. You learn not to write stupid crap. But even if some law were passed mandating gov’t employees keep all this archived, they’d just get the stuff classified and put it out of the FOIA regs.

      Quote  Link


    • I’m pretty sure this is basically what happens. The banality of so many of the diplomatic wires that were leaked is pretty good evidence that the government is classifying information that isnt dangerous but is awkward or embarrassing.

        Quote  Link


      • It’s pretty standard security procedure to classify everything. That way, the actual important stuff doesn’t stand out.

        Email 1:
        “I talked to the French ambassador. Nothing of importance was discussed.”
        Email 2:
        “I talked to the French ambassador. Nothing of importance was discussed.”
        Email 3:
        “I talked to the French ambassador. Nothing of importance was discussed.”
        Email 4:
        TOP SECRET // KLF-ACDC-XTC // 99X1
        Email 5:
        “I talked to the French ambassador. Nothing of importance was discussed.”

        D’ya think there might be something of importance in Email 4? If they only classify the important stuff that makes it a lot easier to search through 4.2 million emails to find the good ones.

          Quote  Link


  4. Now, the $64,000 question, of course:”Is this like or not like what Hillary Clinton was doing with her email server?”

    Bush’s actions are the nose of the camel, Hillary’s are the entire camel. It’s what server is hiding that I find disturbing.

    Hillary is getting 700 emails a month from The Clinton Foundation (TCF).
    Ergo she’s actively taking part, presumably raising money…
    …from the people she’s dealing with as Secretary of State

    That would be over and above how Bill Clinton’s “speaking fees” skyrocketed after she became Secretary of State. http://www.theatlantic.com/politics/archive/2015/04/more-money-more-problems-a-guide-to-hillary-clintons-cash-scandals/391299/

    At it’s root we’re trying to compare the hiding of (assumed) dirty tricks getting Bush elected and what words do we want to use to describe this? Conflict of interest? Bribery? Clinton Cattle Futures 2?

      Quote  Link


  5. First, it is not credibly arguable that Alberto Gonzalez didn’t know that they were doing this, which was pretty clearly in violation of the Presidential Records Act (IMO).

    Albert Gonzales was subject to the e-mail policy, so every 30 days everything in his brain was deleted.

      Quote  Link


  6. Guy:
    Honestly, I might just say “all referenda require a 55% percent majority to change the status quo”, on the assumption that anything that winds up on the ballot is important and 50%+1 is vulnerable to noise on close decisions.

    I don’t know… the whole point of bypassing the politicians is to avoid the “agent” problem (where what’s good for the agent isn’t for the people). A 50%+1 vote is the legit will of the people, including the ability to be stupid.

    Do we really want to establish a principal where 55%(-1) can declare they despise the current situation and have them still be told, “not good enough to override your political masters”? The powers in charge already have lots of ways to put their thumb on the scales, and I have to assume they did (competently is a different question).

    I understand the attraction to wanting to override this one, but it seems like something which could and would be abused just as a matter of course.

      Quote  Link


  7. Never really understood where the whole “BOTH SIDES DID IT” argument was supposed to be going in this instance. It’s not actually an argument that Hillary Clinton didn’t break the law.

      Quote  Link


  8. I will note that public records laws are not criminal statutes, so elected and appointed officials bypassing public records laws are a poster child for “relatively toothless legislation”.

    I wasn’t aware of this. I understand that some states’ records laws are criminal statutes, though. If that isn’t the case nationally, that’s a surprise. (I’m not saying it’s wrong, just that I didn’t know it.)

      Quote  Link


Leave a Reply

Your email address will not be published. Required fields are marked *