After months of inaction, North Dakota tech agency hires private firm to help recover deleted AG emails

An investigation released by State Auditor Josh Gallion and follow-up reporting by Forum News Service reveal the North Dakota Information Technology Department did not bring in any outside firm to help recoup former Attorney General Wayne Stenehjem’s deleted emails until Thursday.

Troy Becker / The Forum
We are part of The Trust Project.

BISMARCK — Six months after the January deletion of former Attorney General Wayne Stenehjem’s email account, North Dakota information technology officials assured state leaders there was no way the erased messages could be recovered.

But an investigation released this week by State Auditor Josh Gallion and follow-up reporting by Forum News Service reveal the North Dakota Information Technology Department (ITD) did not bring in any outside firms to help recoup Stenehjem’s emails despite public pressure.

That changed Thursday, Sept. 29, when ITD Chief Technology Officer Duane Schell said the department has begun the process of hiring private consulting firm Planet Technologies to help with email salvage efforts.

Schell said miscommunication with the attorney general’s office caused ITD to delay in contracting with an outside company, but critics suspect the state’s sluggish search for the lost emails suggests a deliberate attempt to conceal information.

ITD officials remain firm in their belief that the deleted data cannot be reclaimed, Schell said.


Communication breakdown

Three days after Stenehjem’s death in January, ITD officials deleted his state email account at the direction of Liz Brocker, a longtime assistant to the Republican attorney general. Brocker also instructed ITD to eliminate former Deputy Attorney General Troy Seibel’s email account after he resigned in May.

Brocker stepped down from her post in July after new Attorney General Drew Wrigley discovered while fulfilling a records request that she had orchestrated the deletion of the accounts.

Wrigley, who was appointed in February, denounced Brocker’s actions and said he wanted to exhaust all options for retrieving the emails, which could shine light on a $1.7 million cost overrun racked up by the office under Stenehjem.

ITD officials repeatedly told Wrigley over the summer that the emails are “really gone,” the attorney general said.

Wrigley told Forum News Service he asked ITD Deputy Chief Information Officer Greg Hoffman during a July phone conversation to hire an outside technology company to help with email recovery.

Hoffman thought Wrigley wanted him only to look into the possibility of hiring a private firm and did not interpret Wrigley’s comments as a request to sign a contract, Schell said.

Wrigley said he’s “at a loss on how I could’ve been clearer” about the request in the call with Hoffman.

North Dakota Attorney General Drew Wrigley speaks at a press conference in Fargo in September 2022.
David Samson/The Forum

Schell said he solicited a bid in early August from Planet Technologies to assist in email recovery efforts. The consulting firm replied with a quote for $9,240, but Schell said he did not go through with the offer because ITD did not think it had received a request from Wrigley or the legislature to contract with an outside company.


ITD could have hired Planet Technologies without prodding from another arm of state government, Schell confirmed.

Wrigley said he didn’t hear back from ITD after the conversation with Hoffman and he assumed the agency had hired Planet Technologies. The Republican attorney general told a panel of lawmakers this week it irked him to learn that ITD had not gone through with the plan.

“I’ve been made aware that… maybe ITD took a different course from what was being represented to me,” Wrigley said. “That troubles me, too. Don’t tell me that you’re going to go look into something… and then not.”

Schell said after speaking with the attorney general’s office on Thursday it was a case of miscommunication between the two agencies.

The report Gallion presented to legislators on Tuesday mainly focused on the cost overrun incurred by Stenehjem’s office in 2020, but several of the Republican auditor’s findings indicate that ITD did not take every opportunity to recover the deleted emails.

When Gallion requested emails from Stenehjem and Seibel’s accounts, NDIT Chief Information Officer Shawn Riley said, “I can attest that we have exhausted all our efforts to retrieve the email in those two mailboxes and have determined it is no longer retrievable.”

However, Gallion found that ITD had not opened a support case with email service provider Microsoft to help retrieve data from Stenehjem’s account.

Schell said ITD knows the ins and outs of the state’s email system, and they believed the emails would not be recoverable more than 30 days after the account was deleted.


Email records published in the report reveal Schell asked a Microsoft support employee in late July for a formal document explaining that the deleted accounts are no longer available.

In a response to Schell, Microsoft employee Michael Anderson said, “I want to make sure we are crystal clear on one point… Just because an account is deleted does not mean that the data is gone.”

Anderson explained that retention policies or legal holds applied to the accounts may preserve the email data after they are deleted. Even once any existing holds are lifted from an account, Microsoft’s system retains the associated data for six months unless the mailbox is “hard-deleted,” Anderson said in the email.

Attorneys for horse-betting businesswoman Susan Bala placed a legal hold last year on Stenehjem’s records, including emails, while Bala was locked in a longstanding court battle with the state. It’s unclear whether the legal hold affected the retention of Stenehjem’s deleted emails.

Democratic-NPL Chairman Patrick Hart said he thinks there are state employees who don’t want the erased emails to be recovered, noting that the budget overrun combined with the deletion of the accounts “smells of cover-up.”

“I don’t even want to say ‘when there’s smoke, there’s fire’ because I think we’re past smoke,” Hart said. “I think the bonfire is starting to flicker in the night.”

Stenehjem’s state email account could contain as much as 20 years of critical records, and the suspicious deletion of the paper trail speaks to a culture of lacking accountability at the Capitol, Hart said.

North Dakota Democratic-NPL Chairman Patrick Hart speaks at the party's state convention in Minot on March 26, 2022.
Kyle Martin / The Forum

Schell rejected any notion that ITD is part of a scheme to hide information tied to the deleted email accounts.

“I can say with 100% confidence that there’s no cover-up happening within the North Dakota Information Technology Department,” Schell said. “We take an extreme amount of care and pride in caring for and being the custodian of the data on behalf of state government, and we absolutely would never do anything to anybody’s data without their expressed authorized consent.”

After Gallion presented his report, lawmakers referred the findings for further investigation to Wrigley, who said he will hire an outside law enforcement agency to look into any possible wrongdoing. It’s not yet clear whether investigators will dig into the deletion of the email accounts.

Schell said ITD plans to finalize an agreement to hire Planet Technologies either Thursday or Friday. He expects the company’s work won’t take much time once it begins.

Jeremy Turley is a Bismarck-based reporter for Forum News Service, which provides news coverage to publications owned by Forum Communications Company.
What To Read Next
She will be on electronic home monitoring for 300 days and on supervised probation until 2026.
Members Only
Five law enforcement officers were injured and another was traumatized by the horrors of the 1983 Medina shootout. Surviving officers and family members share their pain.
A $5,000 dollar reward is being offered for information that helps the investigation.
Several bills seek to make the fund solvent but diverge on whether to preserve the defined-benefit public pension plan or transition to a defined-contribution plan for future employees.