CNET también está disponible en español.

Ir a español

Don't show this again

Security

GOP clerks nabbed Democratic data, says probe

An investigation finds that two Republican Senate staffers accessed thousands of Democratic files without authorization, but leaves open the question of criminal charges.

Two Republican Senate staffers accessed and leaked information from thousands of Democratic files over an 18-month period, an investigation by the U.S. Senate Sergeant at Arms has concluded.

The report, released Thursday, describes the forensics investigation in detail. It found that a Republican clerk for Sen. Orrin Hatch, R-Utah, accessed at least 4,670 files in the home directories of Democratic members of the Judiciary Committee. A senior Republican aide to the Judiciary Committee helped the clerk to target files that might help the Republicans win their judicial nominations, the report stated.


Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.


The administrative investigation fell short, however, of proving that the two Republican staffers had given 18 of the documents to a third party with instructions to leak them to the press.

"This investigation depended entirely on the voluntary cooperation of those who were asked to be interviewed," the report stated. "While investigators followed leads and interviewed many individuals as a result of learning their names during interviews, it remains possible that there are other current or former members of the Senate community who have knowledge of the open nature of the Judiciary Committee computer system who have not come forward or been identified."

The probe began after memos authored by Democratic members of the Judiciary Committee were leaked to several newspapers and published in early November 2003. The documents, which indicated that Democrats consulted with free-speech advocates and other lobbying groups on judicial strategy, were said by conservatives to show that the Democratic Party followed the agenda of special interests.

"The memos repeatedly make clear that a small collection of extreme-left groups--abortion groups, race organizations and leftist groups specifically focused on judges--are driving the Democrats' agenda and vision," stated a November editorial by the Coalition for a Fair Judiciary, a pro-Republican lobbying group. The group--whose Web site is hosted by Campaign Solutions, a self-described "Republican voter contact and communications firm"--posted all 18 memos to the Web in November 2003.

Investigation begins
On Nov. 15, the chief counsel for Sen. Ted Kennedy, D-Mass., reported to the Senate Office of the Sergeant at Arms that the publication of the memos might have been the result of a security problem with the Judiciary Committee's Computer system. The Office of the Senate Sergeant at Arms, four members of the Secret Service and an outside contractor began an investigation. This is the first time that the Senate's security office has conducted such a probe.

After more than 160 interviews and forensics analysis of back-up tapes and several computer systems, the investigators concluded that many accounts on the Judicial Committee's server had been improperly set up by a novice system administrator. The committee had only one server for both parties, and some home directories for both Republican and Democrat staff members had been generally accessible, the report stated. A later system administrator was more knowledgeable and created directories with the proper permissions, but did not catch the error of his predecessor.

"One system administrator had very strict account policies in place, and the other did not," stated the report, adding that the security knowledge of the Senate's administrators varies widely. "There is no minimum level of proficiency required to obtain a system administrator position, and there was a considerable variance in the proficiency levels of the committee's different system administrators."

Between November 2001 and April 2003, a Republican clerk for the Judicial Committee discovered how to access home directories that had their permissions incorrectly set, the report stated. Despite an initial reprimand from two senior staff members for the unauthorized access, the clerk continued to access the documents when he found that another senior aide was interested in the information, the report concluded. Investigators found more than 4,670 files from Democratic committee members and their staff in an encrypted file on the clerk's computer.

The report concluded that the case could be prosecuted as a crime under several laws, including the Computer Fraud and Abuse Act of 1986, and for false statements made to investigators.

The Democrats called for immediate actions on the findings.

"There is much in this report that is new, incriminating and revealing about the stealing of these computer files," Sen. Patrick Leahy, D-Vt., said in a statement. "The evidence unequivocally confirms that some Republican staff conspired to spy on and steal from their Democratic colleagues. This report indisputably shows that this secret surveillance was calculated, systematic and sweeping in its scope."

The publication of the investigators' report had its own security slip-up on Thursday, when an administrative error resulted in an unredacted version of the report being sent to the press.