• mdm,  politics,  security

    About the Deleted Secret Service Text Messages from Jan. 5 and 6

    I was reading some of the coverage of the recently reported deleted text messages from US Secret Service smartphones from January 5 and 6, 2021.

    According to a Washington Post article:

    “The Department notified us that many U.S. Secret Service (USSS) text messages, from January 5 and 6, 2021 were erased as part of a device-replacement program,” he wrote in a letter dated Wednesday and obtained by The Washington Post. The letter was earlier reported on by the Intercept and CNN.

    There are a couple of details that are interesting about this situation.

    The first is the that the messages are reported as having been deleted as part of a “device-replacement” program being run by the Secret Service.

    If you think about how we switch from and old iPhone to a new iPhone, we do a backup to iCloud, switch over to the new iPhone, and then restore the iCloud backup to your new iPhone. But a large organization like US Secret Service, will be using a mobile device management (MDM) solution.

    MDM solutions allow IT departments to remotely manage a fleet of mobile devices. They don’t necessarily backup devices. They are used to enforce security features, automate software deployments, and, in the case of a lost or stolen device, securely erase devices that still have Internet access.

    In my opinion, having managed a corporate fleet of smartphones, the most probable answer is the most likely answer. New smartphones are purchased and activated, given to their new owners, and the owner signs into the MDM tool on the new smartphone to deploy the default configuration.

    While corporate email is stored on the server to be downloaded by the new device, plain old text messages, the ones that use the cellular network, are not.

    Specifically, what is and what is not backed up and restored during a smartphone refresh effort depends, obviously, on the migration software and procedures used by technicians during the cutover.

    In this first case, there is likely a contract IT staff member who is having a very bad day today if they made a mistake that prevented text message data from being migrated.

    The second detail, and the one that can land someone in legal trouble, is if someone in the Secret Service or their IT management firm, willfully instructed someone to erase smartphones, or by omission, leave out a migration step to transfer or archive text messages.

    This case is clearly supercharged by the US House Select Committee’s January 6th Attack on the United States Capitol and your position on The Big Lie. Deleted text messages, whether by mistake, or intentionally to obstruct justice, is only going to add more fuel to the debate.

    Colossal IT screw up or nefarious coup plot cover up?

    In my nearly three decades of IT experience, this feels like a poor IT staffer somewhere had a very bad, no good, rotten day.

    Let’s get all of the facts about what happened before blaming IT staff.