Learning Objectives
- You will describe issues related to security and preservation of records in this given case.
- You will explain how records management best practices failed in this given situation, and you will describe the severity of those failures.
- You will recommend appropriate future policies and systems to ensure that these failures will not occur.
Scenario
For this case study, you will be examining the events surrounding the deletion of the Georgia Election Server data at the Kennesaw State University Center for Election Systems (KSU). Several groups seeking to have the current electronic election system retired due to security concerns filed a civil a case on July 3 and requested to have access to server images as part of the discovery process. This suit was in response to a security research publicizing in June of 2017 a vulnerability in the election servers that he claims was not patched after KSU was made aware of the issue. Shortly after the case was filed was made, the server imaging occurred on July 7. The case made national headlines in late October 2017 when the Associated Press reported about the reformatting of the servers. Emails obtained by the Coalition for Good Governments through a Georgia Open Records request detailed the erasure procedures performed on the servers as well as attempts to fix the security issues. After the story appeared in the news, different groups began reacting to the story including the Secretary of State of Georgia, who was initially appalled at the deletion, but walked back those comments after an internal investigation was begun.
To accomplish this examination, you will need to read the items listed in the bibliography and possibly conduct further research into the policies and procedures at both the Secretary of States office and Kennesaw State University. The readings below are provided to give you context and the different perspectives on the case. Included is the Secretary of State’s internal investigation of the incident. Use the questions as a guide to help you think through the issues surrounding this case.
Questions
- Describe the records management issues at play in this situation? What were the normal operating procedures followed at KSU that allowed for to the deletion of the data?
- Describe where records management practices failed and succeeded in regards to the deletion of the election data hosted by KSU.
- Outline what policies and procedures should be in place to prevent an issue like this from occurring again. Also, consider.
- What sorts of authorization and documentation practices would need to be in place for disposing of electronic election data?
- What sorts of safeguards, auditing procedures and capturing systems would you create to stop this from occurring?
Sources
- Germany Report (KSU Deletion of CES Server Data)
- BAJAK, FRANK. “APNewsBreak: Georgia Election Server Wiped after Suit Filed.” Accessed November 8, 2017. https://www.apnews.com/877ee1015f1c43f1965f63538b035d3f/APNewsBreak:-Georgia-election-server-wiped-after-suit-filed.
- Croft, Holly. “Brian Kemp, Chris Carr, and a Records Management Perspective on That ‘Nothingburger’ Server Wipe.” GeorgiaPol, November 2, 2017. https://www.georgiapol.com/2017/11/02/kemp-carr-records-management-server-wipe/.
- Farivar, Cyrus. “Georgia Insists Server Deletion Was ‘Not Undertaken to Delete Evidence.’” Ars Technica, November 1, 2017. https://arstechnica.com/tech-policy/2017/11/georgia-insists-server-deletion-was-not-undertaken-to-delete-evidence/.
- “State Agency Specific Retention Schedules | Georgia Archives.” Accessed November 8, 2017. http://www.georgiaarchives.org/records/agencyview/114.