Whistleblower: Lives Lost, Billions Wasted Due to Government Records Management Failures By Ivan Pentchoukov February 13, 2020 Updated: February 13, 2020
The man who shot and killed 26 people at a church in Texas in 2017 used guns he wouldn’t have been able to purchase if the Air Force had properly managed its records.
On six occasions, military officials failed to send Devin Kelley’s records to the FBI while the Air Force investigated, court-martialed, and imprisoned him for abusing his wife and stepson. Had the FBI received the records, the killer would have been barred from buying the weapons used in the massacre.
While the Air Force case may appear unique, federal records management failures are behind some of the biggest national headlines in recent years. The largest breach of government systems in the history of the United States in 2015 was quantified specifically by the number of records stolen from the Office of Personnel Management (OPM)—21.5 million. Similar failures figured in the scandal of the Internal Revenue Service (IRS) selectively auditing conservative groups and then-Secretary of State Hillary Clinton’s use of an unauthorized private email server.
Rather than being an anomaly, the preventable failures that contributed to the Sutherland Springs, Texas, massacre are a symptom of a vast problem spanning the entire federal government, according to two experts with decades of experience with the electronic records management application standard that undergirds virtually all records management software deployed in agencies across the government.
A task force at the Pentagon’s Defense Information Systems Agency (DISA) created the standard, the 5015.2 Electronic Records Management Software Applications Design Criteria, in 1995. Three years later, the National Archives endorsed the standard for use by all government agencies. Over the more than two decades that followed, the government has spent billions of taxpayer dollars on records management applications certified under that standard.
But the money has largely been wasted, since the applications became unusable at the turn of the century as technological advances enabled a new era of interconnected digital workspaces bursting with records to manage. The 1990s-era applications require each government employee to declare every record manually. As both the amount and the types of records ballooned, the task became unmanageable.
Daryll Prescott led the DISA task force that drafted the records management application standard from 1993 to 1995. He became aware of the issues in the early 2000s.
“People are busy. They don’t have time to be dragging and dropping things,” Prescott said. “Billions have been spent on records management applications, which are not working and people are not using them. It’s a disservice to the citizens of the United States and a disservice to the people of this industry.”
Don Lueders, a former federal contractor for IBM and other software companies, spent two decades developing and selling records management applications based on the Department of Defense (DOD) standard. He was often in a position to witness firsthand whether the applications bought by the government were actually put to use.
And, according to Lueders, they never were, including at the Department of Justice, the Department of State, the Department of Treasury, the IRS, and multiple components of the DOD, such as the White House Communications Agency.
“I trained on it. I consulted on it. I made a great deal of money off of that thing,” Lueders said. “About seven or eight years ago, I came to the conclusion that I couldn’t support it anymore. And I couldn’t support it anymore because I knew that not only had I never seen one record in a production environment enter into a DOD-certified repository, I’ve never even seen any of those applications successfully deployed. So they’re empty.”
A former senior Pentagon official told The Epoch Times that he had never used a records management application during his decades long tenure at the DOD. The official’s records management practice consisted entirely of placing files in folders on drives on the government-issued computer, a far cry from the exacting declaration, storage, retention, and destruction processes built into the records management applications the Pentagon mandated each official to use.
“People are not rewarded for records management,” the official, who spoke on the condition of anonymity, said. “I’ve never seen a bonus for properly doing records management. You are rewarded for production on the hot topic for management. When I retired and left government service, my records probably didn’t get preserved.”
Marc Ruskin, a former FBI special agent, likewise confirmed to The Epoch Times that he had never used a dedicated application to manage any of the records he created or received over the course of his two decades at the bureau.
He recalled a failed attempt to bring on a records management application in 2004 and 2005 during the tenure of FBI Director Robert Mueller. After the software was scrapped, the FBI began working on deploying a new system. Ruskin never used the new software, despite being trained on it, right up until he left the bureau seven years later.
“There was a big paperless failure during Mueller’s tenure,” said Ruskin, who is also a contributor to The Epoch Times. “He was pushing aggressively to digitize everything. The FBI went ahead to transition to a system that was not fully developed, sort of a beta system, not ready for use. No one had the [courage] to tell the director they couldn’t meet his deadline.”
After developing the DOD 5015.2 standard, Prescott had largely walked away from the records management industry when he received a call from John Carlin, the archivist of the United States, in 2003. Under one of President George W. Bush’s initiatives, the National Archives was seeking to create and implement policies to regulate the maintenance of federal electronic records. Prescott interviewed for the job and began working as a detailee to the National Archives in 2004. He led an interagency effort to create a new standard for records management based on services, which would allow the government to catch up with the rapid advances in technology.
After 4 1/2 years, a collaborative effort between 19 cabinet-level agencies led by Prescott resulted in the creation of a new standard. It spelled out the requirements for records management services (RMS), which would handle the insurmountable burden of manual tasks imposed on end-users by the DOD-certified applications.
When the National Archives endorsed the DOD 5015.2 standard in 1998, big tech companies instantly had the business case to develop products to meet the government’s criteria since sales would be assured. Prescott knew this would also be the case if the National Archives endorsed the new RMS standard. Expecting an endorsement, two tech companies had approached his team with prototypes based on their services.
But before a working solution was built, the National Archives walked away from the new standard.
Lueders initially aired his concerns on his industry blog and social media several years ago. He then sounded the alarm at IBM, where he worked on a team selling records management software to the government.
Seeing that IBM wouldn’t budge, Lueders filed a formal whistleblower complaint with the DOD inspector general (IG) in May 2017. The DOD IG relayed the complaint to the DISA IG, which interviewed Lueders a month later. The DISA IG declined to investigate and forwarded the complaint to the Joint Interoperability Test Command as a business issue.
IBM didn’t respond to a request for comment.
In July 2017, Lueders submitted another whistleblower complaint to the Intelligence Community (IC) IG, but never heard back. Suspecting that the IC IG wouldn’t investigate the complaint, he initiated contact with the office of his congresswoman at the time, Rep. Barbara Comstock (R-Va.), and stayed in touch before Comstock’s staff abruptly cut ties. Comstock lost her seat in November 2018. Comstock didn’t respond to a request for comment.
Applications built to meet the Pentagon’s standard include crucial functionality for government transparency and accountability. They require every government employee to declare records into a certified system, where the record is secured so it can’t be deleted or altered.
Records that should be destroyed after a certain time are forensically deleted by the application so they can’t be recovered. This should have been the case for a significant portion of the 21.5 million records stolen from the OPM beginning in 2015, according to both Lueders and Prescott. If the records were in a DOD-certified records management repository or managed by the RMS standard, the software would have wiped out a significant portion in compliance with federal laws and regulations, long before a cyberattack, reported to have originated in China, breached the OPM systems.
Records that shouldn’t be destroyed or altered are secured and made immutable if they are declared in the application. This should have been the case with the emails of Lois Lerner, the IRS official at the center of the controversy surrounding the IRS’s targeting of conservative groups. Instead, the IRS claimed that the emails, which were under subpoena from Congress, were lost due to a computer crash. The IRS later claimed that the emails for five more officials were missing due to computer crashes. Those emails wouldn’t have been lost if Lerner and the other officials used a records management application.
The total cost to taxpayers after two decades of deploying the unviable records management software is hard to estimate, due in part to poor federal contract award record management. A non-exhaustive search for DOD-certified products turned up contracts worth tens of millions of dollars. According to Lueders, the tab easily could run into the billions.
“If you add up all the contracts that were awarded because the software included a DOD-certified repository and the services provided to support those contracts, you get into the billions pretty quickly,” Lueders said.