Iowa Department of Social Services can’t read thousands of its own emails
DES MOINES – Thousands of state files dealing with child abuse investigations and other matters have been rendered unreadable due to a change in computer software at the Iowa Department of Social Services.
Recordings are emails that have been encrypted to protect their privacy. When Human Services switched computer software in 2018, it reportedly lost the ability to decrypt almost all of the encrypted messages sent in the previous two years.
âIt’s blatant,â said Roxanne Conlin, a Des Moines lawyer who seeks access to emails related to a 2017 child abuse investigation. âThere’s a huge gang – if I am right Understood, that’s worth two years – of emails that no one can access now. My god, this is a pretty horrible situation. And, of course, we’ll never know what’s in all those encrypted emails.
Conlin said the loss of the information has profound implications for agencies investigating the handling of child abuse complaints by social services, as well as for Iowans suspected of abuse. Without access to internal written communications on cases prior to 2019, it will be more difficult for the department to spot patterns involving people currently under investigation, she said.
“It matters, for example, in whether a person can be considered a sexual predator against children, for shouting out loud,” Conlin said.
Social services officials declined to comment on the case.
Last Thursday, a lawyer in Conlin’s office filed an information technology worker for social services in an attempt to find out why the emails the agency delivered during the litigation were still encrypted, showing only seemingly random lines of characters.
According to Conlin, the technician said agency emails were encrypted from 2017 to 2018 using software called Virtru. The software automatically encrypted all emails, throughout the social service system, which included one of some 120,000 predefined words suggesting that the content dealt with confidential matters, such as child abuse. The recipients of these emails have been given a code to decrypt the emails and make them readable.
In 2018, the department replaced Virtru’s encryption programs with a product made by Microsoft. Microsoft software was unable to decrypt emails already processed by Virtru. Moreover, when Human Services decided to abandon Virtru, it did so without retaining the possibility of decrypting emails already sent and received with the software.
As a result, the department is now unable to read thousands of emails dealing with some of the most sensitive and controversial aspects of its work. Inter-departmental emails are often among the most sought-after documents for lawyers and state investigators who are called upon to review social services’ response to child abuse complaints. In addition to these internal emails, the department also shared public documents with reporters using the Virtru encrypted messaging system.
According to a 2017-18 training manual for Iowans who work as court-appointed lawyers in child abuse cases, the Virtru encryption system relied on “a private key” or code that Email recipients used to read each email after being forwarded. to a website. All of these keys have since been lost or have expired, according to Human Services Technology testimony, meaning emails cannot be decrypted now, even though the state had access to the Virtru software.
With the help of IT technicians, Human Services would have been able to decrypt around 10% of emails processed by Virtru, but less than half of this subset of emails can be decrypted without errors that could alter the direction of communications. .
The Iowa Capital Dispatch asked department spokesperson Alex Carfrae how many of the agency’s emails were lost due to the encryption issue; what impact has this had on the ministry’s case management; whether this has resulted in the loss of documents that the agency is required to keep; and what impact the loss had on the ministry’s ability to respond to open case law requests, subpoenas, and information and discovery requests made in civil court.
Carfrae said answering these questions would require data recovery from the agency’s IT team and take several days. He declined to comment on why Human Services did not retain the ability to read its own emails once it decided to sever ties with Virtru.
The lawsuit that led to the disclosure of the encryption problem involves Marshalltown’s Alyson Rasmussen. She alleges that in 2017, she ran a home child care service and was wrongly blamed by the state for injuries sustained by one of the children in her care. She alleges that the child’s mother has repeatedly told state investigators that the child appeared to have been injured at home by the family’s dog, but that social service investigators said they were pressured by their superiors to find someone to blame.
The department ultimately issued a formal finding of abuse by Rasmussen through the denial of intensive care. After Rasmussen appealed that finding, the department reportedly offered to change her findings if she signed a form agreeing not to sue the state.
Rasmussen refused. A day before the appeal hearing, Human Services changed its findings to âauthor unknownâ. But by then, says Conlin, Rasmussen had lost his daycare business.
âShe loved taking care of the children,â she said. “They just ruined his life.”
Conlin said she believes Human Services has an obligation to keep its records and prevent their destruction by encryption.
âIf we can’t access the emails of the investigator communicating with his supervisor – and obviously the supervisor communicating with his supervisor – how the hell do we prove what we have to prove? Conlin asked. “By encrypting these emails and then being unable to decrypt them, they have prevented us from having a fair chance in the courts.”
She noted that under Iowa law litigants are prohibited from spoliation – the destruction of evidence – and said she intended to pursue this matter as well.
This article first appeared in the Iowa Capital Dispatch.