Rove's Hadley Email

by emptywheel

This is a follow-up post to this monster with more weedy details for the geeks. I'd like to talk about what recent revelations on email deletions suggest about Karl Rove. I think that--at least with respect to the Plame investigation, the scandal is at least partly about what Rove saved, not what he deleted. I'll show you what I mean by laying out my foundation--all based on the assumption that both the CREW revelations and the Waxman revelations are true (with all responsible caveats about RNC lawyers being liars by their very nature, though if this guy was the same guy who attended the Plame hearing, he doesn't look too tricky).

Here's one important detail from Hubris that helps up pinpoint how Rove came to have that email.

A hard copy of the Hadley-Rove e-mail turned over to Fitzgerald (which was independently obtained by the authors) showed that it had been printed out of Rove's White House computer on November 25, 2003. One of Rove's assistant's, B.J. Goergen, had searched the computer that day at the request of Rove's attorney, Robert Luskin. (377-8)

That tells us that an email dated July 11, 2003, was printed out on November 25, 2003.* This means that the email couldn't have been printed off of the RNC server.

The Rove-Hadley Email Wasn't on the RNC Server
We know that because Rob Kelner just explained to Henry Waxman that:

the RNC has apparently destroyed all e-mail records from the White House
from 2001, 2002, and 2003.

Well, but what if they deleted the emails after Rove printed it out, say, around the time that Ashcroft recused himself? Nope, this email still couldn't have resided on the RNC server.

According to Mr. Kelner, the RNC had a policy, which the RNC called a "document retention" policy, that purged all e-mails from RNC e-mail accounts and the RNC server that was more than 30 days old.

Rove's assistant printed this email out four months after he wrote it. And the RNC had not yet implemented its practice of saving White House emails more than those 30 days (which wouldn't have worked anyway, because Rove would have been deleting them himself). So if this email was printed out in November, then there is no way it came from the RNC server.

The Rove-Hadley Email Wasn't on Normal WH Servers
But neither could the email have been on the normal WH servers. That's because, if it had been on the normal WH server, just about any search they would have used (including Cooper, or Niger) would have returned the email when they did the search at the beginning of October. So we know they weren't on the regular WH server.

Which means this email must be among the 5 million emails destroyed. That tells us two things. First, as CREW described,

The OA undertook a detailed analysis of the issue, which revealed that between March 2003 and October 2005, there were hundreds of days in which emails were missing for one or more of the EOP components subject to the PRA. The OA estimated that roughly over five million email messages were missing.

If I were CREW, I'd be FOIAing that report. But the report seems to outline how the deletions took place: someone deleted entire days for entire departments. Something like:

Command: Delete ALL OPA July 6 to July 14, inclusive
Command: Delete ALL OVP July 6 to July 14, inclusive

That is, the CREW sources seem to suggest that if something is missing, then an entire day of emails would be missing. (Which is why it might have been important that Adam Levine's email, about with Zeidenberg interviewed him in October 2005, was sent on the same day as the Rove-Hadley email.)

If I'm right (though I'd caution that the OA report language is ambiguous), it means someone went in and deleted--at a minimum--all of Rove's emails from July 11, 2003, the day he leaked to Cooper and--potentially--a number of other people.

But there's one more thing:

The WH Email Deletions Happened before October 7, 2003
This is fairly self-evident. If the emails were deleted, and if the email was no longer on the server when the White House did the search before October 7, then that means the deletions happened before the search of the computers. Which is probably why Dana Peroxide was so vague about what day the deletions happened--at least for Rove, it appears to have happened before October 7.

You know. Like maybe on September 30, during the 11 hour gap?

The Rove-Hadley Email Had to Have Been Saved on Rove's Computer
Hopefully, if I'm wrong on this count, William Ockham will correct me. But if the email could not have been on the RNC server and was no longer on the White House server, then presumably it means it was saved onto Rove's hard drive.

Not all that crazy really. But consider the consequences:

• While Rove claimed to have totally forgotten the meeting with Cooper, he had gone through the trouble of saving the email
• Rove had a bunch of Wilson-related emails resident on his computer, again making it much more unlikely that he would forget his involvement in the smear

Kind of makes Rove's story even more unbelievable, huh?

Update

From my previous post, mainsailset alerts me to something that suggests my assumptions are wrong:

Mr. Rove uses several e-mail accounts, including one with the Republican National Committee, one with the White House and a private domain account that is registered to the political consulting company he once owned.

In other words--we can't be sure he saved the email onto his computer, since it may have been resident on his consulting company's server.

---

*Btw, speaking of unbelievable, I've got a wildarsed guess-explanation for the date on which the email was printed off, November 25, 2003. You see, the FBI seem to have worked in a pattern, repeating interviews with the same kind of people around the same time difference from each other and so on.

Libby was interviewed a second time on November 26, 2003. At that interview, he was asked (for the first time) to sign a waiver freeing journalists he had spoken to of confidentiality. What if Rove had a similar second interview in late November, too? Again, it's a big speculation. But it certainly would explain why Luskin would want to know which journalists might be subpoenaed if Rove did waive his confidentiality.

Comments

This post leads me to ask a question. Wouldn't a megalomaniac like Rove want to keep a secret record of all his machinations so that some future historian could actually experience his brilliance? All the emails sent to and from Rove may lie cached in some hidden location, perhaps because the Minister of Propaganda is loath to destroy them forever.

Posted by: notjonathon | April 13, 2007 at 18:41

Outstanding post, Marcy. In the comments for Glenn Greenwald's recent post about "missing" White House documents, I suggested this one. Of course, you were already on top of it.

Posted by: Dover Bitch | April 13, 2007 at 18:45

RE: Rove keeping his e-mails so that future generations will worship his genius. Well, gee, seems that was the same thing (hubris?) that sank the S.S. RM Nixon. He was so determined to document his presidency for posterity that he had the White House taping system installed -- and we all know how that turned out. Wouldn't it just be delicious if Rove had (in saving all his e-mails) similarly screwed himself?

Posted by: dalloway | April 13, 2007 at 18:49

if Fitz had a forensic image made of Rove's computer it is under lock and key.
Fitz would have examined a duplicate for evidence in the Plame case.
If Congress initiates a judicial action re missing emails, could Walton release the forensic evidence and get another duplicate of Rove's computer for the purpose of searching for missing emails? or can the evidence gathered re Plame be used only re Plame?

Posted by: njr | April 13, 2007 at 19:01

I can understand deleting the mail from the servers (hold tight). A place like the WH probably does a ton of emailing every single day. You can't store all of that on the servers forever...but...

If the emails are removed from the servers (and a lot of IT types would archive a megasystem like the WH monthly if not weekly), wouldn't the PRA law sorta say that they had to have all that stuff on a backup somewhere? Is it possible the retrieved email came from a backup, and the WH dragged its feet getting to it until they could get their stories straight/spin in place? Or that backups weren't well organized, same result?

With this outfit, sometimes Occam's razor indicates that incompetence is the most likely explanation for anything.

Of course, this is operating under the presumption of innocent mistakes (no megalithic organization is without them), but these people are anything but innocent.

I'm trying to be fair here, although I'm inclined to believe the mail was wiped for a reason. I'm wondering if they thought they could get by with saying the dog ate the backup, then discovered they couldn't.

Now if they aren't archiving everything properly (likely)... Something is definitely wrong.

Posted by: LJ/Aquaria | April 13, 2007 at 19:02

ew,

This indicates to me that Rove kept his email in a local file. For Outlook/Exchange users, that means a local pst file. This would mean that his computers could have copies of emails that are no longer on the server.

It would help to know which email account he used.

Posted by: William Ockham | April 13, 2007 at 19:10

WO

Even with the info from the update from mainsailset? That is, there is one server we don't know about, Rove's private server.

Posted by: emptywheel | April 13, 2007 at 19:12

Nice posts (and still catching up on all posts from earlier this week).

Have Rove's computers been seized?
Did Rove have to hand over his computer to stave off an indictment from Fitzgerald way back when?

WRT Rove's Hadley email, a long time ago, EW wondered aloud whether the Hadley email was faked to cover Rove's tracks. If this line of thinking has not been ruled out, I wonder whether privately owned servers could have helped to fake time stamps: Connect laptop directly to the server (is this possible?), send the email to server, erase the email from server. Keep on the personal laptop. Message never travels through an internet node. No other copies exist.

Posted by: pdaly | April 13, 2007 at 19:32

An interesting question would be, "Mr Rove, just how many accounts do you have access to and use?"

As I learned in college in my first rental house, if there is one mouse, there are 2 and if there are 2, chances are pretty fair you have a family.

Posted by: mainsailset | April 13, 2007 at 19:43

My gut feeling is that the RNC accounts (operated out of TN) use the most rudimentary tech for email: SMTP servers to receive mail and POP servers to send them.

Here's why: gwb43.com and georgewbush.com use mailscan[1|2].smarttechcorp.net to receive mail. There's a SMTP server running on port 25 of these hosts. There is no IP attached to gwb43.com. So to receive mail, you're going to be using another address. One potential (obvious) address is mail.smartechcorp.net, and that's running a POP3 server on port 110. There's no sign of an IMAP server on port 143, or any other appropriate port for that server.

I'm with William here: Rove's sent mail was stored on his own machine in a local PST file.

If he were using webmail, it wouldn't have turned up in that way. The docdumps also make it look like the kr@georgewbush.com address is the only address he uses on a regular basis, and thus Occam's razor applies. He's been sucking down his email from a box on the Tennessee POP3 server, with Outlook set to store sent mail locally, delete fetched mail automatically from the server, and with the ability to delete both from his local machine at will.

(mail.smartechcorp.net does have a webmail interface, which does suggests a potential webmail outlet for other GOPeratives using backchannel email. But in this case, I don't think it applies, because the Rove-Hadley email wouldn't have showed up in a local search. Unless I'm missing something.)

The basic tech infrastructure of the White House comes across as staggeringly slapdash, even if the WH non-archiving turns out to be cock-up rather than conspiracy. Outbound mail going to insecure, unaudited SMTP servers? You can't do that in a bloody Starbucks.

On preview, pdaly: interesting thought. Cross-checking server logs and email headers would make it harder to do, though.

Posted by: pseudonymous in nc | April 13, 2007 at 19:46

ew,

Yes. The explanation is a bit complicated. I'll start with what we (think) we know. First, Rove as a govt. issue computer that uses Microsoft Outlook connected to Microsoft Exchange server. I'm going to assume that he doesn't use that machine for any of his other email accounts. Second, Rove has a RNC issued laptop that connects to a hosted Microsoft Exchange Server. Third, Rove has an RNC issued Blackberry that connects (probably via a RIM Blackberry Enterprise Server but it could be via SMTP/POP3) to the same Exchange Server as the laptop.

It's quite likely the govt issue computer only delivers mail to the mailbox on the server (and not a pst file). If I was setting things up for the WH, that's how I would do it. However, if Rove really uses his private domain account from the RNC laptop, he has to be using SMTP/POP3 to access and he has to have a local pst file. That's the only way Outlook works. Can somebody ask Matt Cooper what email address he uses to communicate with Rove (I'm betting on kr@georgewbush.com).

Posted by: William Ockham | April 13, 2007 at 19:58

truely amazing posts. I am going to reread again, it is too much to take in at once. thanks for all your work.

Posted by: eyesonthestreet | April 13, 2007 at 20:04

Cooper wasn't communicating to Rove, Hadley was. AFAIK, Cooper never talked to ROve via email. Cathie Martin, yes. But not Rove.

Posted by: emptywheel | April 13, 2007 at 20:12

Lets' also not forget that Comey's tasking to Fitzgerald (the 2-6-04 letter) specifically authorized him to investigate "destruction of evidence."

I've been waiting a long time for that shoe to drop. I'm still waiting on the "intimidation of witnesses" tasking.

Posted by: DCgaffer | April 13, 2007 at 20:23

There are many, many interal ("whitehouse.gov") email servers at EOP, and thousands of email accounts. The PRA doesn't require that email be kept permanently on those servers. The design of the ARMS system was to collect each email, as soon as it was sent from whitehouse.gov, or received to whitehouse.gov, and to create a permanent central archive, in compliance with PRA. This is a totally different issue from whether the email is on a client PC, or on a server. Clients and servers were designed to be able to get purged. That's irrelevant. The ARMS system would preserve everything, from all the many "whitehouse.gov" servers. The ARMS system was outside of the email clients and servers.

Now lets make this really, really simple: They switched the ARMS system off. They disabled it. No more archiving. This is a violation of the Sarbanes-Oxley Act, which doesn't apply only to corporations, but also to any federally mandated record-keeping.

And Sarb-Ox violations are much easier to prove than is obstruction of justice. Sarb-Ox prosecutions don't require criminal intent, and don't require the existence of an active or pending "official proceeding".

Harriet Miers, very very probably, and Alberto Gonzales, quite likely, were informed that the PRA and the Sarbanes-Oxley laws were being violated, and they failed to take action.

The penalty is up to 20 years.

Posted by: anonymous | April 13, 2007 at 21:00

Eh, anonymous, they've already said they "didn't know" what the laws were regarding document retention. No doubt they'll plead the same ignorance about Sarbanes-Oxley.

The Bush Admin finds new ways to amaze everyone. First, they have the devil's own time hanging onto documents and files, always losing them - and, oddly enough, losing them just when those documents and files are being requested by an investigation. Now they seem to have an equally difficult time knowing routine business requirements - and again, their lacunae of knowledge coincides with subjects under investigation.

Looks like "ignorance of the law is no excuse" isn't true anymore. At least, not for the highest offices in the land.

Posted by: CaseyL | April 13, 2007 at 21:06

Thank you Marcy for yet again making the complicated understandable.

Posted by: maunga | April 13, 2007 at 21:10

thank you, ew, for laying out your thoughts on the possibilities. as i read this post i felt like i was back in grade school with my favorite kind of maddening problem in front of me.

remember these? 6 people are playing poker. one is wearing a red hat. the man eating an egg salad sandwich is sitting next to the person holding a pair of twos. the man in the green vest has a sister who lives in seattle. the one who has a straight flush is sitting opposite the man in the orange shirt. from that you have to figure out who's sitting next to whom, everyone's gender, what color they're wearing, what they're eating, what cards they're holding, and in which cities their siblings live. :-)

ew, something tells me you were really, really good at those kinds of problems.

Posted by: irene | April 13, 2007 at 21:54

Who is our Alexander Butterfield going to be? The msm meme - that there is no crime to justify what is being portrayed as a partisan witchhunt - must be destroy such that none can deny the facts. A patriot inside the administration must come forward. The more desperate the Bushies become, the more dangerous they are.

Was it Mark Twain that said...I support my country all the time, ... and the goverment when it deserves it?

Thanks to all at FDL and commenters for providing a path for the truth to reach all of us.

Posted by: Rick | April 13, 2007 at 22:22

Looking at this from a layman' s pov, and maybe just repeating the obvious or something said before, I can't help get the feeling that something really stupid will unravel all. I'm thinking along the lines of an unrelated throw away email in the account of someone corresponding with those involved in the USA scandal . Maybe an email with an ambiguous header, causing 'a conspirator' to delete thinking you can never be too cautious, and another 'innocent person' keeping it because it had a link to that youtube video where the dog steals a Ferarri and outruns the cops.

The snowball effect and other emails, from unacknowledged addresses start to turn up, and pretty soon that web gets tangled. I suppose that is the way this, and the earlier Plame investigation made headway, so it's probably nothing new, just a gut feeling. My bet in the pool, at 1000 to 1 odds, has the unacknowledged Rove email address that ultimately unravels it being the one he used to communicate, through intermediaries, with Jeff Gannon. This prediction is based on nothing more than the thought of hours of entertainment provided by such a turn of events.

Posted by: Alex (D - No) | April 13, 2007 at 22:22

EW,

I am pursuing the "little people" logic. (Not any actual info.)

But check my guesswork for me.

1. RNC. Little people are safe. Purges done in regular order. Direction from executives; little people following orders.

2. WH. Little people have a tale to tell. Too big for an amateur to get in and monkey around. Orders must have come from on high, at particular dates. But I am very murky as to what happened when. Little people could tell us.

3. Personal computers. Rove and other individuals act directly; no little people.

Posted by: jwp | April 13, 2007 at 23:44

Egads. So we've got destroyed e-mails, but somehow Rove managed to print out a copy of a key e-mail AFTER it was destroyed? Looks bad. Looks like Rove didn't erase his e-mails when everyone else did, and then he went back and printed out the ones on his computer that made him look innocent, just in case, and then he deleted those. Then he turns over a key e-mail just in time to save himself from a perjury indictment. Except that neither he nor Hadley had turned over the e-mail previously, so that makes both of them look bad, and now Fitz goes back to look at the e-mails. And there are BIG gaps. I'll bet it looked awful then, but Fitz couldn't nail anyone for it. It's going to look even worse when Congress gets it all out in the open. You know, if I were Hadley, I'd be REALLY pissed at Rove. And I'll bet a lot of other people were, too. And now I'm REALLY curious about who took away Rove's delete priviledges. And whether or not they told him about it.

Posted by: Frank Probst | April 14, 2007 at 00:02

"Thank you Marcy for yet again making the complicated understandable."

Seconded.

OT, I cannot put a high enough value on these emails. IMHO, they offer the best chance (short of tapes) for the American people to see the Bush WH, talking to itself, without the talking points varnish supplied by professionals like McMuffin and Snowblower.

Posted by: John Casper | April 14, 2007 at 00:06

Dammitall, of all times to be on vacation and chugging along on dial-up only sporadically...

There are two things that I think need to be examined more closely:
-- there was a mention of a migration from Lotus Notes to Microsoft Outlook somewhere in the several hundred pages I just read in the last 2 hours, cannot recall where. Did this actually happen? This would make a serious difference.
-- not entirely familiar with Blackberry server operation, but it could be possible to see traffic that has been sent/received by a Blackberry device on a Blackberry server/network traffic log; a log would confirm for investigators whether Rove was less than forthcoming about any particular email even if the log didn't actually provide the email itself. Did the Blackberry server(s) get audited for traffic to/from WH or RNC?

Keep up the great work, EW.

Posted by: Rayne | April 14, 2007 at 00:15

Any bets on how long it'll take the WaPo to write an editorial entitled "A Good Deletion"?

Posted by: Frank Probst | April 14, 2007 at 00:32

Next »