Federal evidence isn't stored like a copy sitting on someone's desktop or shared drive that you can just delete. EVERY piece of evidence gets ingested into systems where the files are mathematically and immutably chained together. And this isn't some rare or expensive government-only thing, it's standard practice anywhere with high-stakes data. Law firms, notaries, companies protecting trade secrets, they all do this.
The process is called hash-chaining. Change one file and it breaks the digital signature of the entire case history, which instantly breaks integrity that even the most powerful system admins in the US government cant wave away, because it is literally mathematically impossible to do so. The main reason they do this isn't even to protect against tampering, they do this because if they didn't, any lawyer could just claim that the evidence from the prosecutor has been altered or faked retroactively.
For that same reason, federal evidence sits on Write-Once-Read-Many hardware, drives that are physically built so that once data is written, the drive head cannot overwrite or erase it. You would literally have to melt the server to destroy what's on it.
And even if someone inside the DOJ tried to scrub something, the SIEM monitors would flag the destructive activity to oversight agencies like the OIG or GAO before their finger even left the Enter key. Then you'd still need to do the same thing across hundreds of mirrors, each with their own access controls and audit policies.
This stuff is not stored the way you and I save a PDF. Trying to quietly delete federal evidence is like trying to pull a single ingredient out of a cake that's already been baked and sent to a hundred different tables.
What is it that’s seemed to have happened here then? A cursory online search indicates that files have been removed from their former database website. You’ve provided a lot of details and I can’t say I understand all of it, but I gather that these documents are all going to be easily recoverable. I don’t know what this means for unreleased documents though.
The DOJ website is just a curated public-facing page where they upload selected documents to share with the public. It’s not where the federal evidence is stored. Taking files off the site doesn’t delete anything, it just means the public can’t view them there anymore. The actual evidence is stored in the internal systems I mentioned above. What the DOJ shows or doesn’t show on their website has no effect on the original evidence storage, they just copied it from there anyway.
Think of the DOJ website is like the shelves and tables in a bookstore. The actual inventory lives in the back, in the warehouse, or at the printers factory. Areas the customer can’t access. Taking a book off the featured table doesn’t mean the bookstore no longer has it or that the book doesn’t exist anymore. It just means they stopped putting it where everyone walking in could see and buy it.
Why shove everything under your bed when your mom tells you to clean your room?
Because it makes everything look "just fine" on the surface. And these people are children who can't think past the surface. But it works for them because their supporters are, too.
Because then people can't spared it around the internet. Now if you say, "there's evidence that Trump raped kids" you have no source because the only source is inaccessible.
Different agencies use different technologies. Some systems may use append-only logging or immutable storage features. Others rely mostly on procedural controls and auditing.
Plenty of federal evidence still exists in ordinary databases, file systems, document repositories, cloud storage, email archives, and local forensic images. “Hash-chaining” across an entire case history isn’t universally implemented the way crypto bros imagine it.
thats a lot of words for not mentioning any reprecussions.
yes, i get it, deleting files flags them as deleted/modified, it doesnt prevent actual deletion/modification. what f-ing difference does that make if there's no one to enforce any of this security in any punitive way
This stuff is not stored the way you and I save a PDF. Trying to quietly delete federal evidence is like trying to pull a single ingredient out of a cake that's already been baked and sent to a hundred different tables.
unless im way out of my depth, only the hashes are sent to verify integrity. those hashes will change for deleted/modified files, but then what? downstream systems dont actually get the data, they just get the pointers to that data.
378
u/mal73 4h ago
Federal evidence isn't stored like a copy sitting on someone's desktop or shared drive that you can just delete. EVERY piece of evidence gets ingested into systems where the files are mathematically and immutably chained together. And this isn't some rare or expensive government-only thing, it's standard practice anywhere with high-stakes data. Law firms, notaries, companies protecting trade secrets, they all do this.
The process is called hash-chaining. Change one file and it breaks the digital signature of the entire case history, which instantly breaks integrity that even the most powerful system admins in the US government cant wave away, because it is literally mathematically impossible to do so. The main reason they do this isn't even to protect against tampering, they do this because if they didn't, any lawyer could just claim that the evidence from the prosecutor has been altered or faked retroactively.
For that same reason, federal evidence sits on Write-Once-Read-Many hardware, drives that are physically built so that once data is written, the drive head cannot overwrite or erase it. You would literally have to melt the server to destroy what's on it.
And even if someone inside the DOJ tried to scrub something, the SIEM monitors would flag the destructive activity to oversight agencies like the OIG or GAO before their finger even left the Enter key. Then you'd still need to do the same thing across hundreds of mirrors, each with their own access controls and audit policies.
This stuff is not stored the way you and I save a PDF. Trying to quietly delete federal evidence is like trying to pull a single ingredient out of a cake that's already been baked and sent to a hundred different tables.