#1 2009-06-29 05:40:33
It is close to one month since the computer audit began. I keep hearing that it is going to show great and terrible things about the employees of town. How long does it take? Has anyone heard anything?
Offline
#2 2009-06-29 07:04:19
WHAT HAPPENS WITH THESE SELECTMAN AS I HAVE SEEN THINGS IN THE PAST , IF THERE IS BAD STUFF YOU WILL HERE ABOUT IT, IF NOT THEY WONT MENTION IT AND TRY TO LET IT FADE AWAY.
Offline
#3 2009-06-29 08:13:29
When we have had computer suspitions of an employee we;
Contacted Human Resources, they in turn brought in an IT tech. We went to the employees desk, looked at the hard drive an history. Depending on what was found the employee continuedb working was suspended or fired.
The whole process took no more than one hour.
We did it with the employee present no copying of the har drives etc.
The BOS has created a scam process, they obviously don't know which employee has done wrong if any.
By taking copies and reloading data they have broken the chain of evidence rules. Even if they did find something a smart lawyer can convince someone that it was timkered with after the copy was made.that's why you do this stuff on the spot with the employee present.
Even they admit on tape thay they are HOPING to find something
In the end we have spent a bunch of money for nothing.
Offline
#4 2009-06-29 09:17:53
I am not sure how many hard drives they copied, but the process is key to the audit.
First, they should have a scope of what they are looking for (that should be decided BEFORE the audit). If that is the case, they should have announced what the scope is.
Second, they should prepare a game plan to ensure the confidentiality of the "other" information. This is critical as MASS has one of the strictest privacy laws!
Third, as long as the information does not fall under the scope of the investigation, it should be destroyed.
What I find peculiar is that if step 1 is not defined, it is already in violation of the MASS privacy laws. At least the Seclectmen could announce the scope of the audit and what they are looking for. If it is a legitimate audit, then we would have some idea of the basis!
Searay, we also performed an audit of an employees computer and it was conducted in the same fashion as yours. The HR of our company states, that first time offenders would be warned in writing and would be subject to additional penalties if found in violation of company policy again.
Offline
#5 2009-06-29 22:16:16
Quick clarification, Maple - assuming you're talking about 201 CMR 17.00 (the commonly-cited "MA Data Privacy Law"), there's nothing in there that would make an unscoped audit illegal. I absolutely agree with your three keys to the process, but the law is very specific to the types of data it covers (first name and last name or f. initial/last name, combined with either a SSN, driver's license #, or financial account number). It also doesn't say that you can't hold it, just that you have to do certain things if you do hold it. The rest of your post is all right on, just wanted to make sure everybody's clear about what the MA law actually states
Offline
#6 2009-06-30 08:28:15
Thanks for the clarification Acasual! You are correct, it isn't illegal if it isn't clearing defined, but there are procedures that have to be followed. If those procedures are not followed to the letter of the law, it is in violation.
I am curious though, doesn't the actual collecting and inspection of the data need to be observed by an outside source that has no connection to either the Selectmen or the Town? (The lawyer doesn't count as he is a paid rep for the Town). If so, would that be the police that was "hired" to observe the audit?
Offline
#7 2009-06-30 08:32:29
I was recently told by a computer forensics expert that it shouldn't take all that long to do a computer search when you know exactly what parameters are being searched. So, to see if people visited this site? That would not take long at all.
But say, an audio clip of an illegal exec. session revealed that, in fact, you were looking for bloggers, and that meant you had better come up with something else--a valid reason for the seizure of the hard drives, it could take longer.
For example, if the bos and ita want to look through each town employee's personal emails, there would be millions of them total and that would take forever and cost a fortune. However, recall this:
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated." -- Fourth Amendment of the U.S. Constitution
Employees have an expectation of privacy even while at work. I certainly hope that this witch hunt will not violate any constitutional rights of the town's employees. I heard of no warrants being taken prior to the seizure so to search personal documents or emails would cause major problems. I see huge legal fees in our future.
My original comment remains--what's taking so long? We are now close to 100 computers and $50,000 or so in the hole. Enough already. Let's get beyond this.
P.S. I await the latest outrageous connection to the computer audit in the rag. Have you noticed that everything that has happened in town since the audit began has been connected to the audit? The humor has lost its effect and it is getting boring.
Offline
#8 2009-06-30 09:38:51
I don't mean to keep being a buzzkill, but I want to make sure that everybody understands the technology and legal environment that we're in:
Maple wrote:
You are correct, it isn't illegal if it isn't clearing defined, but there are procedures that have to be followed. If those procedures are not followed to the letter of the law, it is in violation.
There are procedures that need to be followed for data from the audit to be admissible in court (chain of custody, primarily), but 201 CMR 17.00 does not prohibit an audit like this, nor does it define procedures that must be performed in such an audit - it is much more general, and defines things like an overall security program and control processes that must be followed by companies in general, as opposed to in specific situations like this. Also, there's no *requirement* that such data collection is observed by a third party. I worked for a number of years as a consultant performing this type of work, and most of the time it was just us and the client (the company performing the investigation). In a highly-politically-charged situation like this, it might have made sense as a CYA measure, but when have we known these folks to do things that make sense? :)
Molly wrote:
I was recently told by a computer forensics expert that it shouldn't take all that long to do a computer search when you know exactly what parameters are being searched. So, to see if people visited this site? That would not take long at all.
As I've mentioned before, if there are specific search criteria defined, the search itself should take a couple of hours per drive. There's also a significant amount of overhead around interpretation, reporting, project management, approvals, etc. Remember, this company is being paid by the hour :). My guess (and this is a complete guess, based on my experience in performing similar work in the past) is that preliminary results have been communicated, but a final report has not been delivered.
Molly wrote:
For example, if the bos and ita want to look through each town employee's personal emails, there would be millions of them total and that would take forever and cost a fortune
Accessing personal emails (such as gmail, yahoo, etc...) is most definitely illegal and should be out of the scope of this review. However, any "personal" emails sent using town email addresses absolutely fair game for this effort. Depending on what software they're using to do the analysis (most of my experience is with EnCase), it should be fairly trivial to search any of the "corporate" emails.
Molly wrote:
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated." -- Fourth Amendment of the U.S. Constitution
I'm not a lawyer, but I'm not sure the scope of the Fourth Amendment covers town government - definitely covers federal (because it's the Constitution, after all) and state (based on Mapp v Ohio), definitely does NOT cover private citizens or organizations or, more importantly in this case, civil cases (Murray v Hoboken Land). This would seem to be a civil case that doesn't involve the state or federal govt, so the fourth amendment appears to not cover the situation.
Molly wrote:
Employees have an expectation of privacy even while at work.
nonononono. I don't work for the town, but everywhere I have worked I had to sign an agreement giving up said rights to privacy. It's not *your* work computer - it's your employer's. It's not *your* Microsoft Outlook email account - it's your employer's. Heck, it's not even *your* voicemail - even that is your employer's, and they generally reserve the right to monitor it. I don't know that the town has a similar policy/document, but I'd be shocked if they didn't - it's standard practice and it allows employers to protect themselves where needed.
Offline
#9 2009-06-30 10:25:53
Casual--Thanks for your clarification. When I mentioned the expectation of privacy, I meant on personal emails etc, which you said was illegal for them to do. I would imagine then that the auditors could see you were on your personal email, but not have the right to access to those emails. So, say you worked for town and used the town's email site. Of course, that would be fair game.
But even if you should not look at personal email accounts at work if the policy says such, do I understand you correctly when you say they could not go into those emails? That was my point.
By the way, I was told that employees have an expectation of privacy by a lawyer who is familiar with such cases referring to my comments above about personal emails. I should have been more clear about that but I thought I covered it in the same sentence. I'll also check with my lawyer about the fourth amendment. I meant that regarding personal emails etc. also.
Of course, any business or business related work can be accessed by your employer as long as there is a policy that states such. Several town employees have told me there is one. No one can argue with that.
Your opinion?
Offline
#10 2009-06-30 16:52:46
Molly wrote:
I would imagine then that the auditors could see you were on your personal email
They can definitely see that you were using your personal email, and there are a couple of ways that the auditor could theoretically see the content of the email - some are more legally (and morally) ambiguous than others. Assuming the person being audited was using webmail (gmail, yahoo mail, etc), the content of the messages may be stored in the web browser's "cache", which is a bit of storage on the computer used by the browser to store temporary copies of pages that have been retrieved. The technical reason for having this cache is to speed up retrievals of the same content again in the future - it's much faster to pull something off your hard drive than across the Internet. Secondly, if the user was logged in at the time - such as if they had checked the "Remember Me" checkbox - then the auditor would have the session information and could "replay" that information to access the account. Finally, if the user stored the username/password on the hard drive that was audited, that information could be used to access the account.
Offline
#11 2010-06-02 19:11:16
I searched long and hard for this thread as a reminder that it has been one year since the Town Hall was invaded by a bunch of techies to copy the hard drives of employees who the former BOS felt could not be trusted. The audit was caused by information Bobo passed on the to BOS (wish he had archives so I could find when he said that).
This audit has cost the taxpayers over $60,000.00, that is 3 summer police officers. So BOBO, before you go getting yourself an erection over the Super Chief not hiring back 3 seasonal employees for the dock, let's consider how your fucking lunacy has cost the community shall we?
1. Bobo instigated the IG investigation which has forever tarnished the reputations of some of our most beloved citizens, regardless of the outcome, the state has been forced to waste countless man hours investigating something that doesn't even make mathmatical sense.
2. Bobo instigated the Computer Audit, so far this has cost the tax payers over $60,000.00 and counting, that is 3 summer officers folks, count 'em THREE!
3. Bobo has repeatedly slandered and defamed anyone who speaks out against the former dictatorship, and who is the victim of being SLAPPed Bobo?
4. Bobo has relentlesly persued and published lies. Here is a more recent lie, as many of you know he printed that people should start hiring lawyers. I sent that little tid bit of advice on to our newest Selectwoman, figuring he really would want her to know and we all know she doesn't read his paper (that is why he hates her I'd assume). I didn't really expect a response but lo and behold I got one, she said she never received a $400.00 donation from Barbara Dighton Haupt. She received a $100.00 donation from BD Realty Trust that she ASSUMED is Ms. Dighton Haupt. She also said he knows this because he has copies of the reports. Liar Slager, you are a liar and you should publicly apologize for your lies.
5. Probably the most offensive thing Bobo has ever done was try to incite racial tension with his little Cape Verdian protest last summer. He recently blogged about how no one understands why they Ca[e Verdian community felt strongly against the community meeting. Funny thing was, Bobo was the one who said they weren't invited. He assumed that all CV's supported the current BOS. I still get the hebe jebee's when I think of how disgusting it is to lump all CV's into a similar political view. Slager truly is distasteful.
Here you have it folks, a little blast from the past! Now, off to fill my glass, wouldn't want to ruin my alcoholic reputation. Go ahead Slager, JEER ME I DOUBLE DOG DARE YOU TOO!
Offline
#12 2010-06-02 21:48:17
I still get the hebe jebee's when I think of how disgusting it is to lump all CV's into a similar political view. Slager truly is distasteful.
Nothing more racist than that in my opinion....
Offline
