Today I was reading Sonasoft’s blog post denying that they have the IRS’s email archives and I noticed a few nuances that I wanted to point out. Their main point that is repeated several times is as follows:
“Sonasoft does NOT have IRS email. Sonasoft NEVER had access to IRS email.”
This is interesting because they stress that Sonasoft does not currently have IRS email (which is true) and that they never had ACCESS to IRS email. They do not say that they “never had” IRS email or that the email wasn’t archived – only that they did not have access. Presumably because the IRS was using a Sonasoft product (SonaVault) and not the Sonasoft arching service.
I believe that this is just another instance of performative language that is “legally accurate”, but purposely deceiving. They never deny that data was deleted or archived on their servers.
The “access” language is interesting to me because I believe Sonasoft is attempting to tell everyone what likely happened.
Sonasoft has safeguards and special algorithms to protect the SonaVault Email Archive from mischievous IT administrators who might be tempted to delete or tamper with the archived email. Any attempt to delete or modify the SonaVault email archive will capture the altered text, date stamp the attempt, and send out various alerts to IT personnel and management that an attempted breach occurred; the original email will not be changed in any way. The only way that email can be deleted from the archive is through SonaVault’s expiration policies. The Administrator can set retention policies to purge the archive of emails that have reached an expiration date, which is often set to be a seven-year period.
Basically, as I read it, Sonasoft is saying that they did not have access (i.e., did not have admin access to change the policy settings), but it is probable that an IRS admin did. Which is what I think happened. Someone inside the IRS was probably told to change the configurations to dump email archives.
Sonasoft also gives us the key to finding out who deleted the files right in the blog post:
There are many options to safeguard expired email, and purging the email requires several steps so that email cannot be ‘accidentally’ deleted. In addition, all purge policies are recorded and become part of the permanent log that cannot be tampered with.
They key to understanding who deleted the IRS emails and by extension who ordered the files to be deleted is in the administrative logs. A savvy lawyer should subpoena the administrative logs, determine which administrator changed the configuration settings to delete the archived emails, and determine who made the decision to do so.