As you may recall, Republican staffers were caught stealing Democrats’ files off the Senate server. A lot of this has been murky, as we have only had secondhand reports of what was going on, many of them coming from partisan sources. However, I just found a copy of the Pickle report, and here are some quotes that might help clear a few things up:

The clerk [Jason Lundell] first became aware that he could access the files of Democratic staff some time in October or November of 2001. He made this discovery after watching the Committee’s Systems Administrator perform some work on his computer. An admittedly curious person, the clerk attempted to duplicate what the System Administrator had done.

Now, that is kind of what we’ve heard so far–but it lacks in detail as to how it happened. From later in the report:

The forensic analysis indicated that a majority of the files and folders on the server were accessible to all users on the network. Any user on the network could read, create, modify, or delete any of the files or folders within these folders. The investigation revealed that users whose network profiles were established prior to August 2001- when a new System Administrator was hired by the Committee – were generally established correctly and had strict permissions; those established after the date were “open.” The investigators do not believe that the Committee’s System Administrator acted maliciously, or that he himself inappropriately accessed any user’s files. Rather, this significant security vulnerability appears to have been caused by the System Administrator’s inexperience, and a lack of training and oversight. This System Administrator left the Committee in July 2003, but permissions remained “open.”

And then we get to the details no one to my knowledge has reported here before:

According to Mr. Lundell, he accessed “My Network Places/Entire Network/Judak.” In so doing, he was able to observe all of the users’ home directories. He then clicked on different folders to see which ones he could access; he was able to access some folders, but not others. The folders that he could access, he stated, belonged to both Republican and Democratic staff.

Okay, at this point it seems pretty clear what had happened. The system admin, hired in 2001 right after he graduated from college, was reportedly “inexperienced” and “sloppy” in how he managed permissions. I work with a Windows NT 4.0 server at my school, the same system these files were on, and I have also worked with permissions (we don’t want students accessing teachers’ files). Each user has an account which is accessed by entering a user name and password. When you share a folder, you have the option of allowing whatever users you wish to access that folder. You can specify specific users, or classes/groups of users, or just “everyone.”

It is apparent that this green sysadmin somehow or other set most of the folders on the server to be shared by “everyone.” Pickle does not assume he was “malicious,” but frankly, I find it astounding that any sysadmin with even two day’s experience, working for the Senate, for crying out loud, would somehow “accidentally” allow all private folders to have “everyone” access. This guy should never again be allowed to manage a system–whether he intentionally set the permissions like that or not.

According to Mr. Lundell, all he saw was the sysadmin go to “My Network Places” and go to “Entire Network” at which point he could access the “Judak” server and see all the user account folders. At this point, it would not be evident that there was a security breach, because each and any of those folders could be protected and could refuse to open with the correct account login. One would actually have to attempt to get into the folders to know that security was not in place. So Lundell then went to work rifling through the Democrats’ files.

A few comments about this:

First, it does away with the claims by conservatives that the Democrats were at fault for the security breach or intentionally left files open for anyone to see. To their knowledge, each and every user folder was safeguarded so that only they and the admins could see the folders; they had every reason to believe that security was in place and their files were secure. A Republican legal counsel claims that a Republican tech, by his “firmest recollection,” says he “left a message” with his Democratic counterpart (conveniently unproveable, undocumented, and reeking of an after-the-fact attempt to avoid party culpability). This has been claimed by some to be proof of official notification to the Democrats, thus sloughing off the blame to them. However, if you read the report, the claim did not even state that the Democrats had been informed of the problem, but only that “What I can remember is leaving him a message to call me about a concern and he didn’t return my call.” In other words, he did not leave a message saying, “your files are wide open,” but just that he “had a concern,” and that when his counterpart did not call him back, he did not ever again attempt to notify him. Hardly exculpatory for the whole situation.

Second, what Lundell did was knowingly wrong. Despite his discovery of an easy access to private files, he was fully aware of the fact that these files were private and that he was not supposed to be accessing them. An honest person would have immediately contacted the sysadmin and informed him/her of the security flaw, so the admin could reset the permissions correctly. Lundell not only did not do this, he continued to access private files, and shared them with others.

The story continues:

Lundell tried to use his newfound access to the files to curry favor with a supervisor (he found documents pertaining to the Pickering appointment in late 2001), but when he showed her what he’d gotten, she admonished him and told him not to do that anymore and had the printouts shredded. It is not stated if said supervisor knew how the security was breached or if she directed Lundell to inform the sysadmin. But then:

In December of 2001 Mr. Miranda joined the Judiciary Committee as a counsel for the Nominations Unit. Mr. Lundell stated that a short time after Mr. Miranda was hired, he showed Mr. Miranda how to access Democratic staff files and explained that Mr._____ and Ms. ______ had instructed him not to use Democratic materials. Mr. Miranda’s response, according to Mr. Lundell, was that everyone knew about the open access and that he did not have to follow the directions given by Mr. _____ and Ms. _____. Furthermore, Mr. Lundell recalled that Mr. Miranda told him that Senator Hatch wanted the staff to use any means necessary to support President Bush’s nominees.

As a side note, the original file I have found has all names redacted, but I have filled in the obvious ones. I am 99% certain that the unfilled “Mr.” and “Ms.” are Alexander Dahl and Rena Comisac, higher-level Hatch staffers.

In any case, Lundell appears to be painting Miranda as the real black hat, as being the one who directed the continued access of the files over a period of 18 months, despite the fact that obvious ethics and the higher-level staffer’s admonishment clearly indicated that they were engaged in unethical and possibly illegal behavior. There are also emails recovered that proved that Republicans staffers knew this was all illegitimate; here are their email excerpts:

Can I ask you to undertake a discreet mission. Mr. _____ should get a complete relpcate [sic]of the Ame Ex binder. He needs to get up to speed with outr [sic] best info as he build [sic] relationships with the press.

Let me know how soon…assuming you accept, Mr.Phelps.

---

Of course I would be happy to assist in this covert action. The question is: exactly how much should I provide? You know, we have loads on [sic] information.

---

As is the usual practice, please don’t let anyone here know that I know all this.

The quotes also demostrate that they were making sure that their own files were not accessible to others, as they pilfered the files of the Democrats.

Mr. Miranda’s statement that “everybody” knew about the open files was either a fabrication, or referred only to the GOP staffers gossiping about it (though in the investigation, some GOP staffers claimed to be unaware of the fact). Had the Democrats known, it is obvious that they would not have left their files open like that. But if the statement were true to the extent of all the Republican staffers knowing about it, that would also open up questions about who else may have been accessing files.

The final analysis is that Republican staffers knowingly accessed Democrat’s files; they knew this was unethical, and took effort to conceal what they were doing and cover it up. In short, they stole private notes and used them politically. That violated several laws, and a criminal investigation is forthcoming. The report, under the section “Referral for Sanctions,” outlines what laws may have been violated; this is probably the section that spurred even Republican Orrin Hatch to indicate that a criminal investigation is likely.