The disappearance of the Secret Service’s text messages from January 6, 2021 is a data preservation issue, so I’m briefly reviving this blog from its long sleep to analyze it the best I can.
What we know
“Text messages” sent between Secret Service phones on January 6, 2021, during the unrest in Washington, DC, became unavailable within the bureau. News reporting has gotten so bad that it’s hard to find out just what this means; this CNN article contains more detail than most of the reports I’ve found.
The DHS Inspector General requested text records from the phones of 24 individuals in the Secret Service. These people included the heads of the details for the president and vice president. Only one record was given in response, and the bureau said no additional records were available. Ten phones had metadata indicating the transfer of text messages but didn’t have the messages’ content. On July 20, 2022, the Inspector General announced a criminal investigation into the lost messages.
Secret Service has stated that it lost messages as the result of a “system migration,” which occurred sometime between January 6 and February 26. It further claims that “none of the texts it [the Office of Inspector General] was seeking had been lost in the migration.” In other words, it’s saying there were no lost messages within the investigation’s scope.
Messaging and data retention
That’s not a lot to go on. Depending on whom you believe, we could be looking at anything from inconsequential sloppiness to a deliberate cover-up. But let’s see what we can get out of it.
“Text messages” usually means SMS messaging, but I haven’t found anything that explicitly says so. SMS messages are encrypted, but not end-to-end; they’re vulnerable to man-in-the-middle and spoofing attacks. If Secret Service values the “secret” in its name and it’s guarding against tech-savvy terrorists, I’d think it should use something more secure. But in the absence of other information, I’ll assume SMS. (But see below; iMessage may also have been used.)
A government agency dealing with sensitive data needs a data retention policy. It needs to make sure information doesn’t get lost and doesn’t get into unauthorized hands. The Federal Records Act requires such policies in many cases. SMS messages are normally retained only on the sender’s and recipient’s devices, so a data retention policy needs to focus there. If both the sender’s and recipient’s phones were destroyed and their text messages were never backed up, the data could be gone for good. However, it appears this isn’t what happened.
Data backup prior to migration was left up to individual Secret Service agents. This amounts to no retention policy. Even if everyone made a good-faith effort to do a backup, the saved messages would be all over the place, some of them stored on insecure servers, some irrecoverably lost.
A Washington Post article comments: “Cybersecurity professionals said that policy was ‘highly unusual,’ ‘ludicrous,’ a ‘failure of management’ and ‘not something any other organization would ever do.'” The article suggests some agents may have used iMessage on iPhones rather than SMS. It includes this extremely interesting bit:
In a letter to the House select committee investigating the insurrection, Secret Service officials said they began planning in the fall of 2020 to move all devices onto Microsoft Intune, a “mobile device management” service, known as an MDM, that companies and other organizations can use to centrally manage their computers and phones.
That sounds as if it wasn’t a matter of tossing old phones on the fire but merely installing some new software. A software installation isn’t supposed to wipe out existing data by default. It certainly shouldn’t delete it so thoroughly that forensic software can’t find at least some of the lost data.
The situation invites comparison to Hillary Clinton’s unauthorized use of a private email server for her office as Secretary of State in 2016. Some people overreacted to it, even calling for her execution, but the situations are similar in their failure to handle sensitive government records properly. The present situation is much more likely to involve the actual and possibly deliberate loss of vital information.
There’s a saying: “Never attribute to malice what can be explained by stupidity.” Is the Secret Service message black hole the result of a cover-up or gross negligence? Hopefully we’ll find out soon.
Mad File Format Science 