NEW Secret Service CIO responsible for giving agents choice to delete Jan. 6th text messages, former officials say
Top IT officials and lawyers within the Secret Service are responsible for the major failures in collecting text messages within the agency related to the Jan. 6 Capitol attack because they left it up to individual agents to back up their data, multiple former federal government officials said.
Story on the FedScoop website here: Secret Service CIO responsible for giving agents choice to delete Jan. 6th text messages, former officials say
Top IT officials at the Secret Service including Chief Information Officer Kevin Nally are at fault for not following and executing the agency’s legal document retention policy and leaving it up to individual agents as to whether or not they preserved relevant text messages in regards to the Jan 6th attack or any other text records that are legally required to be archived, sources familiar with the agency’s policies told FedScoop.
The controversial deletion of Secret Service phone data around the time of the Jan. 6 Capitol riot has raised awareness of wider systemic problems with federal government digital records preservation.
Currently, the prevailing norm for preserving text message communications within federal agencies is that individual employees are expected to back up and share their work phone records manually.
Federal IT sources canvassed by FedScoop said this problem could be solved by requiring that all text messages about official business sent by any federal agency employee be automatically saved in an internal database and sent to the National Archives for archiving.
It remains unclear whether most federal agencies store and backup text message communications from work issued phones on an internal server or a government certified cloud service which would enable digital records to be retained even if an individual employee deletes those records on their own device.
While Secret Service Director James Murray and Department of Homeland Security Inspector General Joseph Cuffari are the top officials who are legally responsible for the preservation of agency records to be safeguarded and submitted to the National Archives, the day-to-day training and execution of data collection from agents occurs through the agency’s chief information officer (CIO) and the general counsel.
“It seems that individual agents made the call as to whether to delete their messages or not,” a former senior Secret Service official told FedScoop. “It’s not good governance to leave it up to individuals to do what they want. This needs to be fixed and tightened.”
The former official said that it was the responsibility of the Secret Service’s CIO and general counsel to ensure that digital records like text messages are correctly preserved.
“What thought was given to maintaining these records? Not much it seems. No one seems to be going through the trouble of archiving them as they should. Either way it’s not a good look,” the official added.
Although it’s unclear what motivated some individual Secret Service agents not to preserve their phone records around the time of the Capitol riot, government data privacy experts say that IT leaders within the agency are ultimately responsible.
“One of the key problems with this Secret Service episode is the reliance on the good faith of Service employees to back up federal government records – whether it be out of laziness, forgetfulness, bad judgement or something else,” said Nick Schwellenbach, senior investigator at the Project on Government Oversight (POGO), a prominent government watchdog.
“The Secret Service as an agency failed here, but leaders like the CIO and the general counsel have primary responsibility. These high level leaders dropped the ball,” Schwellenbach added.
The Secret Service says it is fully committed to the Jan. 6 investigation and the principle of preserving digital records for posterity.
“The United States Secret Services fully respects and supports the important role of the National Archives and Records Administration in ensuring preservation of historical and government records. The agency will have our full cooperation in this review and we will complete the internal review of our information as directed and promptly respond to their inquiry. The Secret Service has long standing established policies regarding the retention of Government Records,” a U.S. Secret Service spokesperson told FedScoop.
The inspector general of the Department of Homeland Security, under which the Secret Service operates, sent a letter to Congress in early July to inform lawmakers that text messages sent by agents around the Jan. 6 Capitol riot had been deleted.
The Secret Service claims the text message erasures were part of a long-planned “system migration,” but such actions have prompted a criminal investigation by DHS after agency investigators could only find one pertinent text message regarding Jan. 6 from over 20 agents that are subject to congressional subpeonas.
The text messages have become particularly significant after former Trump White House aide Cassidy Hutchinson highlighted during a House hearing that former President Donald Trump allegedly tried to wrestle control of a Secret Service vehicle in order to try and join his crowd of supporters at the U.S. Capitol on Jan. 6.
One former top Secret Service official speaking on the condition of anonymity reiterated that responsibility for the failure to preserve relevant text messages lies with agency leadership rather than with individual agents.
“The Secret Service and the director have to take responsibility for the lost texts and documents related to Jan 6th, but did the director even have knowledge of this occurring, I doubt it,” said Ralph Basham, former director of the Secret Service between 2003 to 2006 and former commissioner for U.S. Customs and Border Protection between 2006 to 2009.
“The CIO and the assistant director for technology would be really in charge of this data transition to ensure proper instructions and protocols were followed for text preservation,” said Basham.
Federal government IT experts say that although individual agents play some role in the preservation of relevant digital records, the system created by senior tech leaders in an agency is key to fully preserving records under federal law.
“The CIO should have caught this issue, its malfeasance at a very high level, they should be held accountable. They’re meant to monitor such records once a month or once a quarter,” said a former National Archives IT official.
“Ultimately there’s a chain of command from the agent who uses the device and then goes up to the agency IG to finally report the data to the National Archives but the agency CIO plays the most critical role in the middle to ensure the data is preserved and sent onwards,” they said.
The former official also said emphasized that although the National Archives has issued guidance on how text messages and other digital records must be preserved in some fashion for archiving purposes, each agency has to create its own set of rules or a “schedule” that outlines the specific mechanism by which digital records are preserved and sent to the National Archives.
Multiple federal agencies appear to have highly flawed practices when it comes to capturing and preserving digital records, a top former National Archives lawyer said.
“Many big major agencies like DHS or DOD haven’t put in place policies of automatically capturing such digital records, compliance is very problematic with thousands or millions of text messages,” said Jason R. Baron, the former director of litigation at the National Archives.
Baron added that part of the problem is that the law which requires government employee communications to be preserved, the Federal Records Act, requires that messages in regards to government business must be preserved but the law doesn’t specify exactly how to do so.
“If you leave the archiving to individuals like Secret Service agents or DOD officials that are extremely busy people with different priorities this is bound to happen,” said Baron. “Someone within an agency, like the CIO or the legal team need to make sure records are captured in a 21st century context.”