Shepherd: Flint water crisis a lesson for Colorado government email retention

By Todd Shepherd
Independence Institute

Imagine you live in Flint, Michigan, and it’s been your home for years.

You’ve just learned the drinking water the town has supplied for the past couple of years has been contaminated with lead.

Yes, the water you used to shower and wash your dishes, the water your children drank and used to brush their teeth, tainted.

ToddShepherdsmall

Todd Shepherd

You want answers. Frankly, you deserve answers. Everyone deserves answers.

Now it’s January 2016. Imagine as your local paper and TV news stations try to dig deep to find out what and how things went wrong by filing open records requests, the government comes back to those outlets and essentially says, “Sorry! Any emails before Sept. 1, 2015, were automatically deleted.”

You may still get answers, but likely they’ll always be incomplete.

That didn’t happen in Flint, but could unfortunately happen all too easily at Colorado’s state agencies.

Whether it’s a sign of the times, or whether it’s already outdated, the fact remains today that emails represent the largest “document” used to conduct the business of the people by our local, state, and federal governments. When we want to know how our elected officials and their staff conducted themselves, what they thought, why they did what they did, we most often turn to email in hopes the documents will fill in most of the puzzle.

Recent reports out of Michigan revealed emails and memos from January 2015 that show some government departments provided themselves with water filtration systems, while at the same time telling citizens the water was safe to drink as long as they didn’t have compromised immune systems.

But what’s significant about this find is the open records request used in this example appears to have come roughly a year after the emails and memos were sent. That means one of two things: 1) Either the state was using its own servers to house email traffic, which likely meant data was retained for several months before being overwritten, or 2) If the state was using a “cloud”-based server, it was purchasing archive services that would guarantee most or all email data would be preserved for a certain length of time.

This stands in stark contrast to the data archiving capabilities of the various agencies under state control, like the Department of Regulatory Agencies, Department of Transportation or the Colorado Division of Homeland Security.

Recently, all of these state agencies have migrated away from using their own servers and have begun using “cloud” hosting services through Google.

You might think having Google run your email is a great thing, because if you’re familiar with the email services they give away for free, you have more storage than you could possibly want. But unfortunately, that’s not how it works with Google’s government email.

In lengthy research conducted in conjunction with the Colorado Freedom of Information Coalition, we learned there’s only one way for state agencies to have an automatic, reliable method of archiving emails that are older than 30 days, and that requires the state to purchase an additional service called Google Vault.

At the time of our research in March of last year, only the Department of Corrections had Google Vault.

Additionally, from all available information we could glean from the Colorado Office of Information Technology (OIT), once a user “double-deletes” an email (i.e. deletes it to the email trash can, then empties the trash can), an email is lost forever. If the email was still recoverable using data reconstruction methods on the Google servers now being employed by the state, officials at OIT were loathe to admit that was the case, lest it be employed to obtain double-deleted emails in the future.

Asking you to imagine yourself as a victim of the water crisis in Flint, Michigan, was for more than just stirring your emotion. Democracies responsive to the public must learn from others’ mistakes. If we don’t take steps to start requiring logical, smart, and efficient archiving methods of government electronic data soon, the next time the citizens of Colorado are victims of government negligence or incompetence, we may have more than government to blame. We may have to point the finger at ourselves.

Todd Shepherd is an investigative reporter for the Independence Institute, a free-market think tank and CFOIC member organization, and founder of The Complete Colorado.)

Follow the Colorado Freedom of Information Coalition on Twitter @CoFOIC. Like CFOIC’s Facebook page. Do you appreciate the information and resources provided by CFOIC? Please consider making a tax-deductible donation.

Subscribe to Our Blog