Bishop Hill Speechless
Dec 20, 2011 Climate: CRU Steve McIntyre points us to email 3939, which frankly leaves me speechless:
cc: Keith
date: Mon Oct 12 12:07:03 2009
from: Tom Melvin
subject: Keith Email
to: Mike
Mike,
For Keith's Email :
1. Copied the full C:\Eudora directory to my portable.
2. Deleted the 12000 temporay .gif files from C:\Eudora\Embedded.
3. Copied 3.5 gig of attachments (1 year or older) from C:\Eudora\Attach to C:\OldAttach - this will need to be copied back to his PC
4. He is left with a 1.5 gig C:\Eudora directory on my portable which can be copied back to his PC and readily be moved from PC to portable etc.
5. When using my portable (via yellow cable (in office) or various WiFi networks) Keith logs in to VPN.
Tom
PS. I need to take my portable to a conference w/c 26th Oct
Strangely, the identity of "Mike" is not clear from the email in question. This message is dated just one month before Climategate.
Reader Comments (72)
There could be an innocent explanation -- PC upgrade, perhaps?
Let's not get over-excited at Keith logging on to a VPN, either.
I do the same when I'm on the move.
(And at other times for various reasons — none of them sinister!)
1st likely recipient = Mike Salmon. IT Manager for CRU (poor bastard).
The reference to a 'yellow cable' wouldn't help anyone who couldn't actually be present to see it, so seems to rule out another obvious possibility. And the discussion of taking his portable offsite.
2. Mike Hulme...might just have wanted to know how to do this
Based on 4 and 5, it reads to me like Tom is lending Keith his laptop to access email, but that he will need it back for a week later in October
Discussing this email, Steve M. points out that
This does seem very plausible when you consider the sheer volume of emails being transferred from PC to portable - another user's portable at that - in the form of a directory which could subsequently be copied backwards and forwards from PC to portable etc.
Was this the last straw for the UEA whistleblower?
It makes you wonder if the CG1 and CG2 emails were actually taken off the alleged CRU backup server or did they leak from one of the portables that this e-mail is discussing.
Maybe someone left a portable on a train...
Anonemouse is asking the right question.
These guys carelessly spread their junk around, and then the police visits Tallbloke, they decry oil companies etc etc.
1254230232 28th September 2009
"which may also shed some light on the provenance of the Climategate dossier itself"
Dont think so. There are emails relating to 4 different researchers released not just those for Briffa.
We also have at least 2 separate reports from UEA staff stating that the release was compiled by the person who released it.
Shub
These guys carelessly spread their junk around/
Absolutely, but it has been my experience that academics aren't too well clued into the world. While I suspect that nobody left a laptop on a train, there is an excellent chance that they left a memory stick somewhere.
No wonder the Norfolk police are clueless.
Maybe one of them left a memory stick in a beach bar in Tahiti?
Two technical issues:
First, years ago Eudora was very nice for those who needed to move around a lot and was designed for the pre-laptop days when people still used floppies. You could keep all your correspondence on the floppy with the actual Eudora program and merely move the floppy from computer to computer as needed. While obsolete, it may explain part of what is going on.
Second, were the email headers preserved? Access to that information would tell us a good deal more about who, whom and when.
Was this the last straw for the UEA whistleblower?
Who knows?
But there is nothing sinister in what is described described in the e-mail. I have used Eudora for over ten years and perform all the routines described at intervals. Not at frequent intervals but at intervals nonetheless.
"1. Copied the full C:\Eudora directory to my portable."
To move a Eudora install from one machine to another, you need (not quite but close) only to move the parent folder as the e-mail describes. It's all described in the Eudora help files.
"2. Deleted the 12000 temporay .gif files from C:\Eudora\Embedded."
This refers to all those little logos, pictures etc that come inside e-mails: they are discrete files embedded in the e-mail code. They're not all gifs but they are temp files and Eudora does dump them in the directory named. On checking, I see I had about 1200 files in mine but that's possibly because I clear the folder out more often than Keith. (It's clear that Keith never clears his out. Most people don't.)
"3. Copied 3.5 gig of attachments (1 year or older) from C:\Eudora\Attach to C:\OldAttach."
See above - the Attachments folder hasn't been purged for years either. With that many files, I'd do the same as Tom who, I assume, has no ambition to be Keith's filing clerk.
"4. He is left with a 1.5 gig C:\Eudora directory on my portable which can be copied back to his PC and readily be moved from PC to portable etc."
Of the 1.5 GB, 1.45 GB will be unfiled, unsorted, unread and never-to-be-read attachments less than a year old that Tom is b******d if he's going to sort. Again, who can blame him?
"5. When using my portable (via yellow cable (in office) or various WiFi networks) Keith logs in to VPN."
As noted, a common procedure.
"PS. I need to take my portable to a conference w/c 26th Oct."
IOW, I'm fed up with sharing my machine for other folks' e-mails. Now trot off and get sorted 'cos I'm away at a jolly soon and I want to take this one. Or something.
Climategate was a scandal, Climategate2 suggests that many of us underestimated how scandalous it was but, whoever did what and when and for what reason, I don't see this snippet as evidence of anything scurrilous. It might be thoroughly devious but it is not possible to say so on a report of a routine piece of housekeeping, no more.
Strangely, the identity of "Mike" is not clear from the email in question.
Perhaps because both the sender and the recipient knew who Mike was.
This message is dated just one month before Climategate.
And fifty-four years after the end of the Second World War. Hmmmmm. Unless I'm missing something and am very much mistaken (which, I confess, has been known to happen though not, you understand, very often), this is Much Ado About Nothing.
Dave
Anoneumouse
That's right. Once the data has become portable - who knows where it can end up... unsecured wireless... another member of staff booking out the laptop, laptop repair by UEA IT servicing... reconditioning laptop... leaving laptop around whilst still vpn'd into server... naughty studes borrowing it... moving just a few gigs to memsticks... forgetting it's also on the laptop! The truth could be that they simply lost track of where the duplicates of the CG files were:
"oops, we lost it!"
I agree with you DaveB -- you must be a road warrior (or ex) as well. :-}
I wonder if they all borrowed the same person's USB key to transfer the data ...
A miracle just happened - All these emails that Phil Jones was deleting came back out of thin air for a directory prepared one month before Climategate.and which was then then topped up with new emails throughout early November.
I still dont think so.
Mike? Not Mike Mann surely?!
Square peg - meet round hole
Slow news day on this blog then?
Mike is almost certainly Mike Salmon, the IT manager.
DaveB
1228922050
Remember children "for example Keith Briffa took home emails that were subject to FOI to ensure their safekeeping".
Now we know how Briffa did take home his emails.
And if police in Norfolk doesn't have a look at Briffa's laptop pronto, Tallbloke's solicitor might have yet another powerful argument about the victimisation of his client.
http://www.telegraph.co.uk/news/worldnews/antarctica/8968247/New-Zealand-airforce-drops-equipment-to-stricken-ship-in-Antarctica.html
I thought they said the ice caps were supposed to be melting
Nor do I see anything "sinister" in the operations described here. Quite the contrary. It seems to me that Melvin was simply trying to make Briffa's email archive more accessible to him while he was at home recuperating. Nor am I suggesting that this one archive is the provenance of Climategate since more than Briffa's emails are involved.
My point is first that this sheds light on the structure of the CRU email directories.
Second, it indicates to me that CRU was trying to give Briffa access to emails on the CRU server while Briffa was at home recuperating. (I'm not familiar enough with system issues to be sure of this , but others with more familiarity can probably comment.)
Third, there were a couple of pre-Climate incidents in which people accessing the CRU website stumbled into directories. David Holland had one such incident in 2008 - reported in a thread at the time of the Mole incident. Roman Mureika mentioned something like this once as well. Neither David nor Holland peered into the directories but someone else might have stumbled into a directory post-Mile incident and a "miracle" occurred.
In Fred Pearce's Guardian series in 2010, Fred articulated the possibility that CRU inadvertently exposed the dossier and that no crime occurred. The Melvin email indicates to me that they were handling their archives shall-we-say casually.
Some mails are copied for whatever purpose. Why should that leave you speechless? Sorry for being so dense, it seems there are some implicit implications which elude me.
Dec 20, 2011 at 4:07 PM | Steve McIntyre
"The Melvin email indicates to me that they were handling their archives shall-we-say casually."
I think you have made your point. Entire email directories were copied to a portable computer that was shared among several people. That qualifies as casual.
Steve McIntyre - based on a combination of what is contained in the UEA reports plus what some of the IT forensically inclined people have come up with I think there is a reasonably clear picture of was on the CRU backup server. I know many people are inclined to discount anything in the UEA reports and enquiries but my view is what is contained is probably factually ok. The issues (whitewash) largely result from what they didn't address and the way the enquiries were designed to achieve a desired result.
We know that 4 researchers backed up their inboxes on the CRU backup. The backups were configured (unknown to the researchers) not to delete emails they deleted on their PCs. RC/FOIA somehow got access to that server. The extraction method appears to be by running a utility or script against the inboxes. We still dont know the mode of access and the method of transport off the server.
Some of the researchers used themed inboxes which probably allowed RC/FOIA to easily identify information that would be of interest and explains how they were able to so easily exclude unimportant details for the first release.
We know that RC/FOIA had access to at least 8GB of emails and this far exceeds the 220,000 available in the encrypted file. We dont know if the 220,000 is all they took or is a selected subset.
Prior to Climategate 1, how many UEA staff could take emails off-site from the back-up server. Have Norfolk plod been wasting time and money looking for a "theft" when they should have been interviewing UEA staff?
Speechless is the right description for this sort of cavalier copying.
So if such casual copying between laptops and PCs and who-knows-what else is apparently normal practice amongst that lot, then where are the secure procedures which would prevent anybody getting easy access to these data?
IAW, CG1 and 2 aren't hacks or theft, they are probably due to nearly criminal disregard for data security by the CRU scientists.
I wonder what all those entities, whose data were 'confidential', have to say about this practice.
If Mike was Mike the IT manager he was a bit lax for 2009. By that time we were changing passwords every 4 weeks and getting regular messages about not leaving stuff lying around which would compromise security. You got a ticking off for not locking the machine before leaving your desk, either from colleagues or the boss.
I guess academia works on different rules.
SandyS
You are right there. Academia doesn't seem to have any procedures at all. ISO9001 probably doesn't mean anything to CRU.
Did the "to destroy, conceal or amend " culture at CRU extend much further than first thought?
# 2298
I don't know much about the systems involved but it looks to me that we are seeing possible evidence that the very emails in the CG leaks were being shoveled around pretty damn casually just a month before the cut off date of the leak-hack-alien abduction.
So we have had two years of suffering the elaborate conspiracy theories - David Kings Russian fancies, US big oil paid hackers etc, etc and it could all boil down to a few seconds burning a DVD in the UEA canteen.
Whenever I think of the Norfolk police "investigation" the Roman army Search scene from Life Of Brian comes to mind ;)
Mac
Let me lend a helping hand
I agree with those saying it looks like someone lending Keith a computer for some work outside the office. He was having health problems around that time, wasn't he?
TLITB Looking under the street light.
The Melvin email indicates to me that they were handling their archives shall-we-say casually.
I'd suggest it depends on who you mean by "they".
Eudora is an e-mail client, not a server. In a campus situation, it would be used by an individual to access (send and receive messages from) a central server maintained by competent IT staff. That staff would authorise accounts, maintain passwords and security (configuring firewalls and spam filters, perhaps pointing out to folk in, say, the Creative Writing Dept that "password" is not very secure as a password), sort out techie problems and configure remote access when staff needed it (travelling or working from home due to illness). Doing so is a trivial chore.
As FoI legislation is generally recognised as mandating accountable bodies to archive e-mails, responsibility for so doing must surely fall on the IT staff, not on individual staff members. (That's not to say that requests under FoI cannot be met quickly and easily by asking staff to pass on data they hold privately though that does assume a modicum of good faith not evident in the CRU case.)
Staff members have, of course, generally to look after their own client stations. If two were sharing a station but, for whatever reason, could no longer do so, the operation described is exactly what one would do to move a Eudora install from one client to another. It has nothing to do with a properly archived e-mail server.
Members of 'The Team' can delete what they like when they like and may even do so in an attempt to evade FoI rules but the idea that a university relies on users archiving data to ensure legal conformance stretches credulity. The file structure on a client station has nothing to do with that on central servers.
The IT dept at UEA may be thoroughly incompetent, it may be a "centre of excellence" (aka a covey of management toadies) or it might just be generally well run by folk who know what they're about but make occassional howlers (as we all do). Whatever, no insight into that is provided by eavesdropping on low-level discussions on how this or that user has organised (or not) his or her data or, indeed, someone else's data.
Don't get me wrong - I have no ethical issues with the Climategate "leaks". Jones and others IMHO abused a position of privilege and so put themselves at risk of a justified invasion of privacy. I'm suggesting only that this thread seems to me to be a bit of red herring.
Confidentiality should not be an issue in this case. It seems that there is no patentable work here, so there is no propriatery interest to protect. The actual data of physical phenomena obviously cannot be confidential. The procesing of data was going to be published one way or another. So why this frantic drive to hide the data?
Confidentialy is usually expressed with the stock phrase "need to know basis". Who is deemd to have no need to know about the climate and what it is doing, when it will (as the Team says) adversely affect every person on earth?
This secrecy angle is puzzling.
DaveB
What you say is true. CRU may just be like the rest of us, (in terms of client behaviour). I have my files all over the place, three flash drives, an ipod, an ipod touch, a portable hard disk, a kindle, a laptop, a netbook, two hundred dozen CDs and DVDs, and,...printed stuff.
Putting everything together,the impression I get, is that these guys deleted their client stuff, moved it off their work computers and then claimed they don't have anything in hand. I just can't fathom how these secret sausagemakers are the world's top scientists.
IMO, it is looking more and more that the disclosure of these emails is down to an internal leak at the UEA, or some incredibly sloppy IT behaviour by its employees. The fact remains that on 15th December, an unnamed source at UEA apparently told Hickman that this was theft. If it does turn out that the disclosure was due to a screw-up within UEA, will Norfolk plod take action against them or wasting police time or whatever?
The same with Thunderbird, another mail client mentioned to be used.
@ Dec 20, 2011 at 3:49 PM | Scots Ruinables
Slow news day on this blog then?
No half as slow as the reduction in global temperatures from your eyewateringly expensive and ineffective "energy" projects.
"SandyS, you are right there. Academia doesn't seem to have any procedures at all. ISO9001 probably doesn't mean anything to CRU."--Phillip Bratby
They have higher priorities. Hiding declines. Redefining what constitutes peer-reviewed literature. Shutting down journals that have the gall to print dissenting views. That sort of thing.
It does indicate that Melvin logged onto Briffa's account. Now that would constitute a breach of IT policy, unless it was a shared account.
We know Briffa was off ill at home during October. That however would not prevent Briffa being able to access his email from home.
This appears to me is an attempt by CRU staff and possibly IT staff to take immediate action with regard Briffa emails and to report back on that line by line fashion.
That indicates intent, a concerted effort "to destroy, conceal or amend" correspondence and information that was not only subject to FOI requests but possible future FOI requests.
It highlights once again the growing number of people who were involved with or knew of what CRU staff were up to.
Re Mac
Or it was with the authority of Briffa, or Mike. I think you are reading too much into that. This part:
interests me more.
What VPN? VPNs are usually used where you want some kind of secure connectivity over an untrusted network. I can understand why a VPN client may be needed over WiFi, or whilst Briffa was at home recovering but not via the yellow cable, unless the normal office LAN was insecure. If so, a VPN problem may have lead to a hack, especially if Melvin's portable had a trojan already, or ended up with one prior to the release.
Or they lost the laptop. Briffa's email was copied onto it, but did it end up with a C:/TomsEudora directory as well? That may explain why the leak contains more than just Briffa's emails, and may also explain the timestamp shift in the filenames from the original leak.
I still think the leak originated from the CRU backup server which had been configured to automatically copy all incoming and outgoing emails.
Josualdo
While Thunderbird is less of a hassle to move from system to system than the MS mail browsers, Eudora is designed for the old MS DOS environment. You can literally run it from a floppy or a memory stick.
It sorta speaks loudly about just how accomplish these "scientific" wonders who were protecting mankind from imagined disaster really were -- needing a system administrator to move Eudora from system to system and not being able to use Excel to do regressions.
I wonder if they wore Wellingtons so they didn't need to tie their shoe laces.
Atomic Hairdryer
And to continue to store them regardless what those receiving the emails did with regard to deletions.
I agree with your take, particularly on "why a VPN?".
These guys were like little children playing games and they appeared to have less on the ball than the average 5-year-old.