So how's EOP doing? From the looks of it, a pretty good job:
- Since 20 January 2009, it has been using EMC's EmailXtender (now EMC SourceOne E-mail Management for Microsoft Exchange) to capture copies of all messages sent or received via its unclassified e-mail network. The EmailExtender system, which is centrally managed and housed in a secure offsite location, captures messages from EOP's central Microsoft Exchange Journal Servers (EOP's using Microsoft 2000 and will soon upgrade to Exchange 2010) immediately after they are sent or received by an EOP desktop computer or BlackBerry.
- EOP network operations staff continuously monitor the status and storage capacity of the system via "health-check dashboard reports."
- The system produces full backups on the second Tuesday of each month and incremental backups on every Monday, Wednesday, Friday, and Sunday.
- Although some users of the e-mail network can search the EmailXtender system and view archived messages, they can search and view only those messages created by their own offices and do not have the ability to alter or delete messages.
- Only a select handful of people have the ability to delete messages from the system, and only those messages that were subsequently found to contain classified information are deleted. EOP seems quite serious about preventing inappropriate deletions: messages are deleted only after the Office of Security and Emergency Preparedness and the National Security Council have been consulted and EOP's Office of the CIO, Office of the General Counsel, and the Director of Office Administration have granted permission. Moreover, record copies of deleted messages and records documenting adherence to the deletion protocols are maintained separately
- The system produces weekly audit reports that identify individuals who conducted searches, the search terms they used, and whether they opened any messages in connection with their searches. The audit reports also document the deletion of messages, thus ensuring that unauthorized deletions will not go undetected.
- Mindful of some of the problems that confronted the previous administration, EOP has configured its e-mail network so that access to "all known Web based external e-mail systems" is blocked and neither the e-mail network nor EOP-issued BlackBerries can access "known instant messaging systems. Of course, secrecy-minded White House personnel could conduct official business via personal cell phones or PDA's -- and I would like to know how EOP is combating this practice -- but EOP seems to be doing whatever it can to ensure that its own hardware is locked down.
- The EmailXtender system somehow determines whether a given message is subject to the Presidential Records Act or the Federal Records Act, which ought to make it a lot easier for NARA staff to manage these records after transfer. I wouldn't mind knowing more about this neat trick, which is probably based on analysis of the message's content, the account holder's role within EOP, or some combination of the two.
- Although the EmailXtender system stores the messages and their attachments in their native formats, they can be extracted in .eml (Microsoft Outlook Express Electronic Mail) format for transfer to NARA. I would be happier if the messages could be exported in some sort of optimal preservation format, but the archival profession is just starting to figure out precisely what an optimal e-mail preservation format would look like. If, as EOP's letter implies, NARA can take in .eml files and convert them to a preservation format, .eml is okay.