Is the Secret Service’s Claim About Erased Text Messages Plausible? (Updated)
zetter.substack.com
The Secret Service says data erased from the phones of some of its personnel — that may shed light on the agency's handling of the Jan. 6 insurrection — can’t be recovered. Is it telling the truth?
I find it odd that when I watch shows like Dateline which looks into murder cases rely heavily on the cell phone the perceived suspects use on a daily basis.
If I am understanding these investigations from both state and federal officials all text messages, no matter whose phone it is is, picked up on many communication towers, cell phone towers…..
When it comes to catching a killer. The only way you can go into these cell phone towers is through a court order and approved by a federal judge. The technology is so advanced now that they no where you are who your talking to and can also get facial recognition.
How does one, scrub, wipe clean, or any other terminology of a cell phone when the information has already been sent and received to numerous cell towers in any location a person is standing?
I wonder why no one is talking about the agency's records officer, their legal hold policy, and Sarbannes-Oxley section 1102 which criminalizes the destruction of documents in anticipation of a government investigation.
Once again Kim delivers essential careful reporting!
One thing seems clear. The Secret Service document retention practices are likely to turn out to be as horrifying as the White House, or for that matter the State Dept, if you want a trip down memory lane. Placing the responsibility on individuals without automated tools is a recipe for disaster, even without any potentially nefarious motives.
I do wonder if the OIG and the J6 Cmte are asking the wrong questions. To have only a single work-related text from J5-6 on a phone of one of the identified agents, with the rest of the texts all personal, seems unlikely. Did agents communicate with each other through a chat app rather than SMS? IIRC one of the slides displayed in the last hearing was a chat group of NSC staffers that was not SMS.
Jul 21, 2022·edited Jul 21, 2022Liked by Kim Zetter
Your excellent article states that the USSS was migrating to Microsoft Intune; what I haven't heard is what, if any, MDM platform they were using prior to the migration? I would find it astonishing if Intune was their first ever MDM platform, especially given the sensitivity of their work and their statutory record preservation requirements.
Any MDM platform worth using will automatically copy cellphone data, including texts, to a central server, and if best practices are adhered to that server will be backed up elsewhere.
Simply put, unless the USSS is utterly inept (which seems unlikely given one of it's core functions is cyber security), or several people in very senior positions have actively, purposely scrubbed data from multiple locations, it should be impossible for texts to have simply 'been lost'. I say this as someone who has been involved in IT management for over 30 years.
Something else that ought to be investigated is what other communication apps, if any, were installed on the USSS cellphones. Did they have WhatsApp, Signal, Telegraph, Facebook Messenger, etc? I have yet to hear whether agents actively avoided sending SMS texts by using alternative apps. Given that we already know that many people at the highest levels in the administration had specifically done that, it seems an important question to ask.
I can't remember the exact release but full-disk encryption (FDE) was introduced long before Android 6.0 Marshmallow - it was made mandatory (with certain exceptions for low-performance devices etc) in Marshmallow. File-based encryption (FBE) debuted on the first Pixel phone with Nougat 7.0, but it didn't become mandatory for new devices to use it instead of FDE until Android 10. The broad point is correct - recovering data after factory reset varies from hard to extremely hard, eg on Pixel devices from 2 on a key stored in tamper resistant hardware is erased.
“ Remarkably, CBS also reports that one of the ways that Secret Service personnel were told to back up their text messages was to take screen shots of them and upload these to a dedicated web site the agency had set up for this purpose.”
Isn’t this also the method used to preserve White House email, or am I misremembering that anachronistic detail?
Osgood's statement that “By killing the keys you scramble the data and make it unrecoverable” is not quite correct. The data was always scrambled, it was written scrambled by the encryption. Without the keys you are just unable to descramble it.
I find it odd that when I watch shows like Dateline which looks into murder cases rely heavily on the cell phone the perceived suspects use on a daily basis.
If I am understanding these investigations from both state and federal officials all text messages, no matter whose phone it is is, picked up on many communication towers, cell phone towers…..
When it comes to catching a killer. The only way you can go into these cell phone towers is through a court order and approved by a federal judge. The technology is so advanced now that they no where you are who your talking to and can also get facial recognition.
How does one, scrub, wipe clean, or any other terminology of a cell phone when the information has already been sent and received to numerous cell towers in any location a person is standing?
And the Obama and Hillary Clinton destruction om subpoenaed e-mails and texts, not a whisper from the DOJ or MSM.
I discovered that the National Archives and Records Administation recently sent a letter to Damian Kokinda, the Records Officer for th Secret Service. This document may be viewed at https://www.archives.gov/files/records-mgmt/resources/ud-2022-0054-dhs-usss-open.pdf
I wonder why no one is talking about the agency's records officer, their legal hold policy, and Sarbannes-Oxley section 1102 which criminalizes the destruction of documents in anticipation of a government investigation.
Once again Kim delivers essential careful reporting!
One thing seems clear. The Secret Service document retention practices are likely to turn out to be as horrifying as the White House, or for that matter the State Dept, if you want a trip down memory lane. Placing the responsibility on individuals without automated tools is a recipe for disaster, even without any potentially nefarious motives.
I do wonder if the OIG and the J6 Cmte are asking the wrong questions. To have only a single work-related text from J5-6 on a phone of one of the identified agents, with the rest of the texts all personal, seems unlikely. Did agents communicate with each other through a chat app rather than SMS? IIRC one of the slides displayed in the last hearing was a chat group of NSC staffers that was not SMS.
Your excellent article states that the USSS was migrating to Microsoft Intune; what I haven't heard is what, if any, MDM platform they were using prior to the migration? I would find it astonishing if Intune was their first ever MDM platform, especially given the sensitivity of their work and their statutory record preservation requirements.
Any MDM platform worth using will automatically copy cellphone data, including texts, to a central server, and if best practices are adhered to that server will be backed up elsewhere.
Simply put, unless the USSS is utterly inept (which seems unlikely given one of it's core functions is cyber security), or several people in very senior positions have actively, purposely scrubbed data from multiple locations, it should be impossible for texts to have simply 'been lost'. I say this as someone who has been involved in IT management for over 30 years.
Something else that ought to be investigated is what other communication apps, if any, were installed on the USSS cellphones. Did they have WhatsApp, Signal, Telegraph, Facebook Messenger, etc? I have yet to hear whether agents actively avoided sending SMS texts by using alternative apps. Given that we already know that many people at the highest levels in the administration had specifically done that, it seems an important question to ask.
I can't remember the exact release but full-disk encryption (FDE) was introduced long before Android 6.0 Marshmallow - it was made mandatory (with certain exceptions for low-performance devices etc) in Marshmallow. File-based encryption (FBE) debuted on the first Pixel phone with Nougat 7.0, but it didn't become mandatory for new devices to use it instead of FDE until Android 10. The broad point is correct - recovering data after factory reset varies from hard to extremely hard, eg on Pixel devices from 2 on a key stored in tamper resistant hardware is erased.
“ Remarkably, CBS also reports that one of the ways that Secret Service personnel were told to back up their text messages was to take screen shots of them and upload these to a dedicated web site the agency had set up for this purpose.”
Isn’t this also the method used to preserve White House email, or am I misremembering that anachronistic detail?
Osgood's statement that “By killing the keys you scramble the data and make it unrecoverable” is not quite correct. The data was always scrambled, it was written scrambled by the encryption. Without the keys you are just unable to descramble it.