Whatever you do online, you leave your digital fingerprints smeared over everything. With highly-secure email systems like those at the Prime Minister’s Office and Treasury, it’s massively harder to make things “disappear”, not easier. If this alleged email exists, or if any other emails about car dealer John Grant exist, they can be found. The real questions, then, are “How hard will they look?” and “Where did this leaked (or perhaps faked) email come from in the first place?”
To recap, the smoking-gun email was supposedly sent from Kevin Rudd’s advisor Andrew Charlton to Treasury’s Godwin Grech. There was supposedly direct communication between Treasurer Wayne Swan’s office and Grant, and Swan was supposedly kept up to date via email.
Ah, email…!
Enter the Archives Act 1983 and the Australian Government ICT Security Manual (ISM).
They’re not much fun to read, but the short version is that all government communications must be archived, including email. The ISM (G#162) recommends logging “all email sent to an external system,” which would include email to another department.
A similar requirement led to concerns in the US about Barack Obama using his BlackBerry because suddenly his emails would become Official Presidential Communication. He ended up with a special NSA-approved Presidential BlackBerry.
“Everything goes into the central vault, essentially forever,” says My Mate Who Cannot Be Identified Because He Does Sekrit Government IT Stuff. It stays there even if both the sender and recipient subsequently delete them from all their computers.
“It’s searchable by keyword, content, date. The full text is immediately available to anyone with the appropriate authority,” says MMWCBNBHDSGITS.
On top of that, all email events are separately logged by the firewalls, which protect departmental networks against hackers. Those logs record the sender, recipient, subject line, exact size and timestamp, amongst other things. In turn, ISM requires (G#164) that “systems are configured to save event logs to a separate secure log server” and “event log data be archived in a manner that maintains its integrity.”
In other words, a lot of effort goes into preventing anyone tampering with the evidence.
All this is bog standard stuff for any enterprise-scale email system. The difference is that at the highest level of government it’s all taken very seriously indeed.
Now MMWCBNBHDSGITS mentioned “appropriate authority”. Obviously things can’t be pulled out of the vault by some random schmuck. But here we’re talking about a Federal Police investigation authorised by the PM into email which, at the time, wouldn’t exactly have been seen as a national security issue. If the email exists, it’ll be found.
For all those same reasons, it’s also straightforward enough to see who the email might have been forwarded to.
Now, donning the tinfoil hat for a moment… What if the email does exist but Rudd makes it “disappear”?
To remove all evidence of the email from both departments’ email archives, and the secure firewall logs, and anywhere else there might be traces — and to remove the evidence of you tampering with all the evidence — you’d need the cooperation of systems administrators all along the chain. That’s tricky, because they’re all hired precisely because they’re the kind of ultra-honest and incorruptible people who’d never tamper with evidence to begin with.
It’d be a lot easier to mock up some emails which, when bandied about as “evidence”, made Malcolm Turnbull look like a goose. But who’d want to do that?
From the outside looking in, it may seem difficult to make the email go away.
But basically this is a puny email…it seems like a trifle to make it go away from where i am sitting.
But any IT administrator will know, that a leader can manipulate the system however they wish and this is the prime minister…it would be easy to get the administrators to do what he wishes..in fact what choice do they have…in fact they may actually just do it for him…without him asking.
Its possible that the prime ministers office could easily employ a whole team of people from ASIO to make the email dissapear, including every log that ever existed.
Logs can ‘dissapear’ information can accidently go ‘missing’ computers and servers can go down, hard drives can break and data can be corrupted.
Its all pretty strait forward really.
What about stuff that’s a bit slipperier, like my comments here, or my Twittering, through an iGoogle App? I’ve often wondered what sort of details that leaves around the place, or if most of them get wiped off on their passage through sundry servers.
According to sworn testimony in Court, during the preparation of the reports, the alleged leakingof which led to the Customs’ airport whistleblower case, a couple of blokes strolled into the “dedicated secure” floor where the hardware whirred away and, over aperiod of two-three hours, happily diconnected and trundled out of the door, helpfully (and in contravention of protocols) permanently wedged open because of overheating, at least six servers. Lock, stock & passwords.
The thing is, though, there isn’t “a system”, but multiple systems. Systems designed from the outset to prevent infiltration and tampering, run by people whose job is to prevent infiltration and tampering.
As AR points out, there can be cock-ups when the rules aren’t followed. But there’s a real difference between hardware being stolen from one physical location — yes, Customs did have some servers stolen the other year — and data being removed from multiple systems across multiple locations.
While perhaps “possible”, I certainly wouldn’t characterise it as “easy”.
Meanwhile, Evan Beaver asks, what traces do we ordinary folk leave when we go about our business? Well, lots.
Twitter may not keep your tweets for very long, but they transit international boundaries and are therefore logged and recorded by the various signals intelligence agencies. The Wikipedia article on ECHELON is as good a place as any to start reading. Whether those messages are retrieved and examined will depend on how naughty a boy you’ve been.
It’s also pretty easy to hot desk an email send from someone else’s work station, not that I’ve ever done it. I had a temp job in a big city law firm and they have log off protocol while away from your desk in the support staff area. But that email was a pretty short one, and an opportunistic email could have been sent to Godwin home address, with malice aforethought directed at ‘Doogie Howser Charlton’, Rudd, Turnbull or any of the above.
Indeed GG could have been set up or be the perp (?). Stay tuned ….