Whatever you do online, you leave your digital fingerprints smeared over everything. With highly-secure email systems like those at the Prime Minister’s Office and Treasury, it’s massively harder to make things “disappear”, not easier. If this alleged email exists, or if any other emails about car dealer John Grant exist, they can be found. The real questions, then, are “How hard will they look?” and “Where did this leaked (or perhaps faked) email come from in the first place?”

To recap, the smoking-gun email was supposedly sent from Kevin Rudd’s advisor Andrew Charlton to Treasury’s Godwin Grech. There was supposedly direct communication between Treasurer Wayne Swan’s office and Grant, and Swan was supposedly kept up to date via email.
Ah, email…!

Enter the Archives Act 1983 and the Australian Government ICT Security Manual (ISM).

They’re not much fun to read, but the short version is that all government communications must be archived, including email. The ISM (G#162) recommends logging “all email sent to an external system,” which would include email to another department.

A similar requirement led to concerns in the US about Barack Obama using his BlackBerry because suddenly his emails would become Official Presidential Communication. He ended up with a special NSA-approved Presidential BlackBerry.

“Everything goes into the central vault, essentially forever,” says My Mate Who Cannot Be Identified Because He Does Sekrit Government IT Stuff. It stays there even if both the sender and recipient subsequently delete them from all their computers.

“It’s searchable by keyword, content, date. The full text is immediately available to anyone with the appropriate authority,” says MMWCBNBHDSGITS.

On top of that, all email events are separately logged by the firewalls, which protect departmental networks against hackers. Those logs record the sender, recipient, subject line, exact size and timestamp, amongst other things. In turn, ISM requires (G#164) that “systems are configured to save event logs to a separate secure log server” and “event log data be archived in a manner that maintains its integrity.”

In other words, a lot of effort goes into preventing anyone tampering with the evidence.

All this is bog standard stuff for any enterprise-scale email system. The difference is that at the highest level of government it’s all taken very seriously indeed.

Now MMWCBNBHDSGITS mentioned “appropriate authority”. Obviously things can’t be pulled out of the vault by some random schmuck. But here we’re talking about a Federal Police investigation authorised by the PM into email which, at the time, wouldn’t exactly have been seen as a national security issue. If the email exists, it’ll be found.

For all those same reasons, it’s also straightforward enough to see who the email might have been forwarded to.

Now, donning the tinfoil hat for a moment… What if the email does exist but Rudd makes it “disappear”?

To remove all evidence of the email from both departments’ email archives, and the secure firewall logs, and anywhere else there might be traces — and to remove the evidence of you tampering with all the evidence — you’d need the cooperation of systems administrators all along the chain. That’s tricky, because they’re all hired precisely because they’re the kind of ultra-honest and incorruptible people who’d never tamper with evidence to begin with.

It’d be a lot easier to mock up some emails which, when bandied about as “evidence”, made Malcolm Turnbull look like a goose. But who’d want to do that?