IRS email woes could have roots in creaky technology
- By Adam Mazmanian
- Jun 18, 2014
Emails from former director of the IRS Exempt Organizations Unit Lois Lerner, shown here testifying before the House Oversight and Government Reform Committee, are at the root of a search that has now cost more than $10 million. (Image from C-SPAN hearing coverage)
On the surface it seems improbable: the IRS spends $2.4 billion a year on IT, yet it can't dig up missing emails from a senior employee to the White House, Justice Department and other government agencies.
Republicans in Congress are having a hard time believing that a hard-drive crash destroyed all copies of the messages. The House Ways and Means and Oversight and Government Reform committees have been after a trove of emails from Lois Lerner, former director of the IRS Exempt Organizations Unit. Lerner has declined to testify to Congress about her role in directing IRS scrutiny toward requests from Tea Party-affiliated groups to obtain tax-exempt status, and Republicans investigating the case are keen to probe for links between Lerner's activities at IRS and wider coordination in the Obama administration.
The IRS says it has spent $10 million and 120,000 hours working on recovering Lerner's emails, and the emails of other officials with involvement in the alleged harassment. The effort has necessitated another $6 million to $8 million in associated costs, according to a letter from Leonard Orsler, IRS National Director for Legislative Affairs. Overall, the IRS says it will produce 67,000 emails listing Lerner and others as a sender or recipient, but that emails from January 2009 to April 2011 are unrecoverable.
Rep. Darrell Issa (R-Calif.), chairman of the Oversight and Government Reform Committee, has issued a subpoena for any backups or other archival material for Lerner's emails, Microsoft Outlook .pst files that might contain stored emails, and any emails and documents Lerner printed and stored to comply with the Federal Records Act.
"Plot lines in Hollywood are more believable than what we are getting from this White House and the IRS," said Rep. Dave Camp (R-Mich.), the Ways and Means chairman.
Politics aside, the IRS has had longstanding problems with both its enterprise and public-facing IT systems over the years. The Government Accountability Office took the IRS Business Systems Modernization program off its high risk list only in 2013. It had been on the list since 1995. And in April, the IRS missed a deadline to upgrade from the retired Windows XP operating system, and is paying Microsoft for out-of-lifecycle support for the aging system.
The IRS is in the midst of migrating employees to Windows 7, but currently only about half the agency's machines have been upgraded, and they are looking to Congress for $30 million to finish the switch.
"We are very concerned that if we don't complete that work, we're going to have an unstable environment in terms of security," IRS Commissioner John Koskinen told an Appropriations subcommittee in April.
The IRS practice during the time of the missing emails had been to allow employees 150 megabytes of email in their active in-boxes -- about 1,800 emails. That has since been upped to 500MB. Employees were required to archive or delete emails once maximum storage was reached. Backups of email servers to tape were done daily, for disaster recovery purposes, but those tapes were destroyed every six months. Last May, the IRS decided to stop destroying backup tapes.
According to the IRS, the hunt for emails is so painstaking and time-consuming because there is no means to search across multiple accounts for emails on the same topic. Once relevant emails are identified, they need to be decrypted and reviewed for taxpayer information and potentially redacted.
Koskinen will be back to testify before Ways and Means on June 20 about the missing emails, and to answer questions about how long the tax agency knew that they were unable to produce materials sought by Congress.
Adam Mazmanian is FCW's senior staff writer, and covers Congress, health IT and governmentwide IT policy. Connect with him on Twitter: @thisismaz.