To see whether something is amiss statistically, we'd have to also check whether data of no consequence goes missing at the same frequency.

If organizations are really bad at storing data, but it only gets tested with important queries, incompetence is going to look a lot like malice (I make no case for which this particular incident is).

Of course, I've painted somewhat of a false dichotomy. If you are required by policy to retain email, doing so is unlikely to give you any benefit and may well cause severe political problems.

The most logical thing to do is severely understaff and underbudget the sysadmins responsible. Then, when the backups are needed, there's a significant chance they'll be nowhere to be found, and you've saved money in the process too.

That would be malicious incompetence, so to speak.

Seems like an application of Hanlon's Razor[1], with an important extension:

> Never attribute to malice that which is adequately explained by stupidity, unless that stupidity is adequately explained by malice.

I'd like to coin this extension Hanlon's Exception.

[1]: http://en.wikipedia.org/wiki/Hanlon's_razor

I'm a fan of Gray's Law: "Sufficiently advanced stupidity is indistinguishable from malice"

That is to say, if you "fuck up" bad enough, why should society give a shit that you did not have malicious intent? Much like drunk driving, I think that this is a fine case for strict liability.

What is the good you hope to accomplish by this? The reason we have the idea of intent encoded in the law is not because intentional acts are more harmful, but because inflicting severe penalties on people for things they can't even have known they were doing wrong or didn't mean to do is both contrary to the idea of justice and ineffective as a deterrent. The idea of throwing out the principle of mens rea just because the results of something were bad is both anti-utilitarian and contrary to the idea of justice. (Especially since the bar for "bad enough" is apparently low enough to include "not fastidiously keeping manually generated email archives". Jaywalkers beware!)

> ...and you've saved money in the process too.

This discussion hearkens back to the current investigation into John Swallow, the former Attorney General of Utah who resigned less than a year into his term and is currently the subject of multiple investigations.

Swallow 'lost' over 1,700 emails from his time in office on his home computer. The state of Utah has spent over $100,000 to recover them (some successfully), see: http://www.sltrib.com/sltrib/news/57648883-78/swallow-sltrib...

I have pretty extensive experience with government email systems and you can bet "poorly". So I would not be surprised if their entire email infrastructure is horribly out of date (think Exchange 2000). That said, government organizations tend to have good backups, retention, offsite storage of tapes via some service like Iron Mountain, etc. So yea, I agree, I am not buying it either.

Their resources are managed, it seems to me, to maximize the number of employees required.

I had to give them money once and they literally have different people to record a payment and another to look up your balance.

But they do give you the phone number that will get you to that other employee. You just go through the phone tree and you eventually get the person who can look up your balance.

Its the dumbest way to do things I've ever seen for an organization in the US.

Well if their IT department is anything like the Healthcare.gov initial team, or other government agencies. What I've heard from Code For America. This is totally realistic.

Have no back-ups whatsoever over a 2 year span is believable?

Most corporations have policies requiring emails be deleted after 3-12 months. I'd be more surprised if you told me they had backups from 3 years ago.

All the email at the IRS appears to live only on people's workstations in any permanent sense.

For those downvoting, see here: https://news.ycombinator.com/item?id=7891622

So IRS don't back up directors workstation data?

Apparently not. But they're also not bothering to archive email data at the server.

Maybe it's the time I've spent in corporate environments, but losing data due to shitty IT management seems very plausible to me.

It doesn't seem _im_plausible for backups to have failed, or for recovery not to work or whatever. But, the other day I was working in a pottery studio with a ~8yo laptop as the only computer and they have offsite, encrypted, incremental backups of user data ... now it may not work correctly when it's needed (though it's been tested) ... but I'd kinda expect the USA's IRS to be slightly ahead of a micro-business working in arts-and-crafts as far as data security/recovery goes.

If you told the IRS you couldn't file your reports because you'd lost user data they'd consider it criminal negligence, I imagine, that you'd not secured the data through backup. Sauce for the goose ...

Data loss where there's no backup system even in place sounds like reason to fire all the IT managers in systems like the IRS where the preservation/security of data is vital to proper function.

A Convenient "Truth"?