I’m livid about FBI Director James Comey’s handling of the Huma Abdein e-mails. “Reckless” doesn’t begin to describe Comey’s self-indulgent decision to release information about a situation he clearly does not yet grasp, in a manner that elevates Jim Comey above longstanding Justice Department policy and the integrity of a Presidential election.  Mr. Comey’s justification is couched entirely in his personal predilections, not those of the Bureau or Justice.  It is all “I, I, I” and none of  “we the Bureau” or “we the Justice Department.”  Mine is a procedural objection, not a political one. Whatever my glee at seeing Trump exposed for the weasel I know him to be, I would be every bit as critical had Comey’s half-baked announcement concerned Trump’s e-mail as Clinton’s.  But, Comey’s folly is an opportunity to glean some e-discovery insight.  This post will not be a political screed, so while I always welcome critical and substantive comments on anything I write, please hew to the e-discovery aspects of same.  Please.

Let’s start with a few facts on which even the most partisan among us can likely agree:

  1. Huma Abedin is a trusted senior aide for Hillary Clinton and has served in that role for decades.  She started working for the First Lady as an intern in the 1990’s and was Secretary Clinton’s deputy chief of staff at the State Department.  Abedin serves as vice-chairwoman to Secretary Clinton’s presidential campaign.  Reportedly, the relationship between the two women is more like mother and daughter.
  2. Until two months ago, Huma Abedin lived with her husband, disgraced congressman Antony Weiner, with whom she has a four-year-old son.  Fed up with, and humiliated by yet another instance of Weiner texting his weiner, Abedin announced the couple were separating on August 29.
  3. Four weeks later, on October 3, FBI agents seized a laptop, iPad, iPhone and router from Weiner, presumably from the home Weiner had lately shared with Abedin.
  4. Almost four more weeks later, in a letter dated October 28, 2016, Comey advised eight Congressional Committee Chairs and several other members of Congress:
    • “of the existence of e-mails that appear to be pertinent” to the completed investigation of the Clinton e-mail server; and
    • “that the FBI cannot yet assess whether or not this material may be significant” or how long it will take the FBI to determine whether the e-mails contain classified information or assess their importance.

There’s a lot the voting public doesn’t know about this material and may need to know. Paramount among the unknowns are those very things that Comey admits he is clueless about:  Is the material pertinent and significant?   What all of us want to know is whether we are dealing with new information, i.e., pertinent, significant e-mail that the FBI hasn’t seen before, or are these copies of communications that mirror what the Bureau has already seen and assessed in the Clinton inquiry?

“How much of this is new?”  That’s the threshold question, and one that should have been answered before going public.  It’s an issue frequently encountered in rolling e-discovery productions.

We are once more confronted with the challenge of cross-collection correlation of e-mail messages.  I wrote quite a bit about that last month.  Coincidentally, it was just a few days later that Director Comey and I were at the same table, speaking at the same program in San Juan.  I lacked the foresight and testicular fortitude to lean over and say, “Hey, Yonkers Boy, bend your freakishly tall head down here and read this before you do something even more stupid than you did in your last press conference.”  That would have been unforgivably ungracious, and there were a lot of guys with guns and curly earpieces around to discourage such a frank exchange, even between kids from adjoining villages (I grew up in Bronxville; Comey’s from Yonkers next door).

So you don’t think I’m dumping on Comey unfairly, I admire the renegade courage and sense he once showed by spilling the beans about another kid from my distant past, a Rice University ’79 Poli-Sci classmate named Alberto Gonzales, who became White House Counsel and did some pretty unsavory stuff at the bedside of ailing Attorney General John Ashcroft.  I note the coincidental connections because they went on to power and fame. Neither one of these gentlemen would know me from Adam.

So, back to, “how much of this is new?”   Here, I have to make some assumptions.  I assume that the Abedin e-mails resided in one or more container files on the devices seized.  I don’t know if the laptop was a PC or a Mac, and I don’t know if Abedin used Microsoft Outlook, an Apple mail app or something else.  I further assume that the FBI didn’t simply use the devices to access webmail because, at this stage of the investigation, that would be illegal and it would horrifically corrupt the evidence.  Bureau personnel understand digital forensics well enough to know that.  So, let’s assume they used sound forensic practice and imaged the devices before undertaking triage of the data.

I say they’ve triaged the data because surely someone looked at the content at least long enough for Director Comey to report the messages “appear” to be pertinent.  They have to know something more than that Abedin had e-mail exchanges with Clinton because Abedin had long ago testified to that fact (old news), and Abedin stated that she didn’t routinely delete e-mails (more old news).  So, unless this is more nakedly political than imaginable, someone has accessed the messages using a forensic review tool affording a look at the data seized and allowing the messages to be processed and hashed. As well, they would have the unique message IDs and other useful intelligence from the headers of the messages to support quick, cross-collection de-duplication.

The Bureau has already painstakingly vetted tens of thousands of Clinton e-mails, permitting the Justice Department to conclude that no crime had been committed or, as Mr. Comey put it on July 5, “we cannot find a case that would support bringing criminal charges on these facts” and “no reasonable prosecutor would bring such a case.”

Assuming the Bureau had the same metavalues (like Message IDs) from the tens of thousands of messages they’ve had for months and which they have scrutinized with excruciating exactitude, why have they not made a hash-based comparison of the comparable components of the messages to assess how much is new and how much is yesterday’s news?   If they failed to do so because they lacked the legal authority to proceed (i.e., a more specific warrant than that used to seize the devices), then Mr. Comey should have followed Justice Department guidelines and not selectively released incomplete and potentially misleading information about a ‘concluded’ investigation impacting a presidential contest.

It’s not like they wouldn’t get the warrant, for heaven’s sake!  After nearly four weeks with the devices, Mr. Comey might have waited for the results of a mechanized analysis that would typically take minutes against a single custodian’s locally-stored e-mail.

Would cross-collection deduplication tell the FBI whether laws have been broken? It’s unlikely.  But, would it have supplied some insight into the content and whether it’s new stuff or old?  It would, and it’s sound practice.

Why should we expect sound, cautious practice from the Director of the FBI while early voting is proceeding?  Because that’s what Justice Department policy requires.  Doing the necessary groundwork before going off half-cocked is also good e-discovery and good forensics.

In my work as a forensic examiner, the decisions I’ve rued the most were those where I unwisely shared incomplete information with parties crazed to know something that would advance their position.  No amount of cautionary disclaimers stopped them from making reckless claims before all the facts were in.  That’s on me.

This mess is on Comey.