Forgot your password?
typodupeerror
The Courts Government Security United States News

Alabama IT Whistleblower Fired For Spyware 751

Posted by timothy
from the insult-injury-and-all-that-jazz dept.
chalker writes "Vernon Blake, an IT sysadmin for the Alabama Department Of Transportation, wanted to get evidence that his boss spent the majority of his time playing solitaire on his computer. Since emails to higher up supervisors were ignored, he installed Win-Spy, which grabbed screenshots several times per day over a period of 7 months. 70% of the resulting screenshots showed an active game of solitaire, and another 20% showed his boss checking the stock market. When he reported this to superiors, he was fired, even though he had 21 years of service in the position. His boss got a reprimand to 'stop playing games'. He is appealing his termination in court since he claims it was part of his job description to 'confirm and document' computer misuse for ALDOT. His complete story is here."
This discussion has been archived. No new comments can be posted.

Alabama IT Whistleblower Fired For Spyware

Comments Filter:
  • Re:Rule #1 (Score:1, Informative)

    by Anonymous Coward on Saturday July 31, 2004 @10:25PM (#9855669)
    I just disagree. Two years ago, I found that my boss was defrauding. False checks, stealing, and so on. Made a report (and strong one) to be valid for legal charge. Was rewarded.
  • Re:Use? (Score:3, Informative)

    by bizpile (758055) * on Saturday July 31, 2004 @10:26PM (#9855674) Homepage
    The article said the program took in to account idle times and took no screenshots during periods of inactivity.
  • Re:That's 90% (Score:5, Informative)

    by fuctape (618618) on Saturday July 31, 2004 @10:27PM (#9855679)
    According to the article:

    10. An analysis of the screenshots yielded the following results:

    • 293 (approx. 71%) of the screenshots documented active, on-going games of solitaire.
    • 87 (approx. 21%) of the screenshots documented web site visits, email subscriptions, and other miscellaneous non-job related activities consisting mostly of personal financial and stock market research.
    • 29 (approx. 7%) of the screenshots indicated some job related activities, mostly consisting of an "I concur" in an email response. However, solitaire was minimized (hidden) for quick retrieval on most of these screens.
    • 1 % or less of the screenshots were inconclusive as far as the type of activity.
    • No screenshots (0%) documented any job-related activities such as word processing, spreadsheets, databases, job related websites, electronic document management, right-of-way plans standards, etc.
    Additionally,

    5. A screen capture utility was used to automate this process. The utility behaves like a camera by capturing photographs of the computer screen. The utility did not target any specific activity or application usage by the user.

    6. Screenshots were automatically recorded at times randomly selected by the screen capture utility. The installer of said utility had no control over the randomly selected times.

    7. Periods of computer inactivity on the part of the user de-activated the utility until such time that user input was detected. This feature prevented generation of redundant screenshots at night, weekends, holidays, days off, etc.

    8. Also, A minimum time interval of approximately 30 minutes transpired between screenshots to prevent a large volume of redundant images. The purpose of the utility was to take a representative sample of computer activity. The pattern of computer usage on the part of the user ultimately governed the interval between screenshots. When no activity was detected, screenshots were halted.

    I really hope this guy gets vindicated in the end. He did his job, documented his case very well, and got screwed.

  • Credit Card Risk! (Score:1, Informative)

    by Anonymous Coward on Saturday July 31, 2004 @10:29PM (#9855686)
    I once helped a customer who had his credit card stollen by his employers keylogger.

    Seems the company had a policy of spying on its employees with a key-logger. Unfortunatelly the cocmpany didn't keep these key-logs securely and someone stole them and extracted credit card info from people who made online purchases.

    This kind of spyware is dangerous regardless of who is using it.

  • by Anonymous Coward on Saturday July 31, 2004 @10:41PM (#9855738)
    you need to delete it from three different places, c:\winnt, c:\winnt\system32\ and c:\winnt\system32\dllcache (or something like that)
    a search for sol.exe on the entire c drive will give you all three copies and then you can delete them.
  • by lifebouy (115193) on Saturday July 31, 2004 @10:48PM (#9855768) Journal
    Any government computers I have ever heard of require you to give consent to be monitored BEFORE you are authorized to use them. It's usually part of the IT policy which must be signed as part of employee indoctrination. Under normal circumstances, I would agree with you, but not for a government position.
  • by m1kesm1th (305697) on Saturday July 31, 2004 @11:06PM (#9855850)
    I'd just like to point out the other position was a Civil Engineering Administrators position and requires a number of years of Civil Engineering experience. So he really couldn't be given that position.

    This is not to try and pick fault at what you are saying I agree with it (just not that little part). Plus by drawing attention to it, I'm hoping to quell peoples ideas that "employee just wanted boss's job" type threads.
  • RTFA (Score:3, Informative)

    by rd_syringe (793064) on Saturday July 31, 2004 @11:25PM (#9855927) Journal
    The utility only captured input during periods of user activity. If there was none, the utility would remain inactive. So you posters saying "I leave Freecell open during meetings" are missing the point.

    It also only captured during randomly set intervals at 30 minutes a minimum. Basically, it was set up so that it was a completely random sample that the sysadmin was unable to knowingly control in order to make the guy look bad.
  • by Anonymous Coward on Saturday July 31, 2004 @11:27PM (#9855939)
    how about.... VNC with the controls disabled? there's an option for it when you are connecting
  • by Tassach (137772) on Sunday August 01, 2004 @12:08AM (#9856091)
    Any government computers I have ever heard of require you to give consent to be monitored BEFORE you are authorized to use them
    That's been my experience as well. Here's the login notice on the machines where I work (A US Gvt. agency):
    Warning Notice!
    This is a U.S. Government computer system, which may be accessed and used
    only for authorized Government business by authorized personnel.
    Unauthorized access or use of this computer system may subject violators to
    criminal, civil, and/or administrative action.

    All information on this computer system may be intercepted, recorded, read,
    copied, and disclosed by and to authorized personnel for official purposes,
    including criminal investigations. Such information includes sensitive data
    encrypted to comply with confidentiality and privacy requirements. Access
    or use of this computer system by any person, whether authorized or
    unauthorized, constitutes consent to these terms. There is no right of
    privacy in this system.
    [emphesis added]
    We had a similar disclaimer on all our system when I worked in State government.
  • Re:Everyone knows (Score:5, Informative)

    by kzinti (9651) on Sunday August 01, 2004 @12:10AM (#9856102) Homepage Journal
    It's also got some good e-mail addresses:

    dobbsg@dot.state.al.us - George Dobbs, the Solitaire King

    bowlinp@dot.state.al.us - Paul Bowlin, the head of the ROW Bureau, who thinks George's work ethic is above reproach.

    aldotinfo@dot.state.al.us - E-mail address for ALDOT, apparently the only published address through which ALDOT director Joe McInnes (who signed the termination letter) can be reached.

    governorbobriley@governor.state.al.us - "In Birmingham, they love the gov'nor - Hoo Hoo..."

    Drop these folks a line, let 'em know what you think. "Now we all did what we could do..."
  • by Maestro4k (707634) on Sunday August 01, 2004 @12:12AM (#9856112) Journal
    • Being the sysadmin does not grant you the right to spy on another employee even if that employee is your boss. There is a certain amount of trust that an employer has to grant a sysadmin but when that trust is taken advantage of as in this case it becomes abuse.
    Actually most workplace computer policies permit exactly what this guy did. Perhaps you should read yours more thoroughly, I know I haven't worked anywhere that doesn't in fact include a clause similar to this one, take from the ALDOT's Computer Usage Policy (posted on the guy's site[emphasis added by him]):
    • Any individual who utilizes any ALDOT computer resource consents by that use to the potential monitoring of such use.

      Because the Internet services are to be used only for government business, all records in these systems are hereby considered government records. As such, these records are subject to the provisions of state laws regarding their maintenance, access, and disposition. Employees using these services do not enjoy any right of personal privacy.

      A user who utilizes ALDOT computer resources for any purposes other than for official ALDOT purposes, is guilty of theft or misuse of state resources and may be subject to both ALDOT personnel action and appropriate criminal prosecution.

    I won't post it all here but you should look at the documents on his site, the same one contains the definitions of System Administrator. He didn't break any rules. Also I should note that this is standard for non-classified government work. Because of open secrets laws every detail of what a government employee does, including their personnel files, are public records. Government employees effectively have no privacy at their jobs, it's something fairly unique to the job sector.
    • Proper channels should have been followed. If his employer was unwilling to take action he should have left it alone. We all work with people who are lazy and unjustly promoted. But that doesn't give us the right to spy on them.
    Proper channels were followed, he documents it all on his site, shows the policies, tells each step he took. There's even this statement: "On my part, no laws were broken, ALDOT's own policies and procedures were followed in letter and spirit, and actions taken were in ALDOT's and the taxpayer's best interest."

    He explains he took the action he did because the boss's game playing was causing problems within the division of employee moral and supervision. Another quote: "Not only was this behavior wasteful, it impeded my ability to effectively supervise subordinates, including my ability to discipline employees for wasteful behavior of any type. The situation deteriorated to the point where cartoons were being distributed that mocked my supervisor's behavior." He includes two examples of those cartoons.

    So I have to ask you, how much did you read about this issue before you passed judgement? And while I understand you aversion to "spying" on users (having done sysadmin work for quite a while myself) I find it odd that you don't realize that sometimes it is not only necessary but required. If someone if using company resources to violate laws the company will require proof before they can act to protect themselves from future prosecution (and defend themselves if such prosecution occurs). Even if they're not breaking laws but violating company computer usage policy often monitoring to gather proof will be required before they can be disciplined and/or fired.

    • As a sysadmin I find this guy's behavior pathetic. It's an abuse of his position. I would have fired him, too.
    Well frankly I must say I'm glad you don't work for my organization. Protecting user privacy is important but also is understanding that monitoring must occur sometimes, no matter how much we find it distasteful. Also he didn't abuse his position, if you read all the info presented you'll find he followed their polices and procedures properly and did his job. If that's a fireable offense, well I suppose we'd all better start playing card games at work all day instead of working.
  • Re:No it wasn't (Score:5, Informative)

    by Maestro4k (707634) on Sunday August 01, 2004 @12:14AM (#9856117) Journal
    • Playing Solitaire is not misuse. It's not the best use of time, but it is not misuse. He sent the emails to the higher-ups, they obviously weren't that interested. In other words, he must still have been getting his work done. (Or his job wasn't so consequential, but it's not a syadmin's job to trim the fat.)
    Actually if you look at the excerts from ALDOT's computer usage policy he has up any non-work related usage of the computer is defined as misuse/abuse. So in this case it was in fact misuse.
  • by Maestro4k (707634) on Sunday August 01, 2004 @12:16AM (#9856125) Journal
    You are indeed correct, he has the policy info on his site and it is as follows:
    • Any individual who utilizes any ALDOT computer resource consents by that use to the potential monitoring of such use.

      Because the Internet services are to be used only for government business, all records in these systems are hereby considered government records. As such, these records are subject to the provisions of state laws regarding their maintenance, access, and disposition. Employees using these services do not enjoy any right of personal privacy.

      A user who utilizes ALDOT computer resources for any purposes other than for official ALDOT purposes, is guilty of theft or misuse of state resources and may be subject to both ALDOT personnel action and appropriate criminal prosecution.

  • by reboot246 (623534) on Sunday August 01, 2004 @12:18AM (#9856127) Homepage
    As a citizen of Alabama, I can tell you that we do deserve better AND as a reader of /. we deserve news that really IS news. This is an old story. Very old.
  • Re:Everyone knows (Score:1, Informative)

    by Anonymous Coward on Sunday August 01, 2004 @12:23AM (#9856146)
    hey doofus, did you notice that the employer is the state of Alabama and not a private company? But hey, who am I to suggest reading the blurb before you go off on some stupid story about your shitty job?
  • Re:No it wasn't (Score:4, Informative)

    by dnahelix (598670) <slashdotispieceofshit@shithome.com> on Sunday August 01, 2004 @05:01AM (#9856840)
    So, what do you think misuse is and how would you go about discovering it?

    If it were a private company, you might be right, upper management would have the say, but this is a government agency, that is using taxpayer money. I think of this guy as a hero of the people. This kind of wasteful behavior needs to stop. If all this so called 'boss' has to do is play solitare all day, then his position needs to be ELIMINATED!
    The salaries of most government positions is public knowledge, btw.
  • by cpghost (719344) on Sunday August 01, 2004 @05:59AM (#9856940) Homepage

    No, I beg to disagree. A sysadmin is in a position of trust. He is not like any other normal whistleblower.

    Being able to access every account in a system bears special responsibilities, esp. the ability to keep your mouth shut. Imagine your bank clerk would disclose your _true_ income to the IRS, just because she felt you were trying to circumvent taxes? Or what about your attorney going to the prosecutor, because he discovered that you were really guilty in a case?

    Whatever, a whistleblower is a good guy, but sysadmins should refrain from _actively_ spying on their users, no matter what axe they have to grind with them. It is blatantly unethical.

  • by hugesmile (587771) on Sunday August 01, 2004 @07:53AM (#9857135)
    I think the link mentioned [acesoft.net] in the slashdot story is wrong - that software does NOT do screen captures.

    Maybe they meant to mention this link to another product called Win-spy? [win-spy.com]

  • by Pahalial (580781) on Sunday August 01, 2004 @10:04AM (#9857470)

    Right, it seems this link [decaturdaily.com] (an actual news story on the issue rather than just the one guy's point of view) has already been posted here more than once.

    It stuns me that despite ~50 +5 replies, no one has bothered to point out that the program this guy installed HAD A BACKDOOR.

    Yes, that's right people. That's why they're calling this spyware. Because it is.


    Read this:

    Bobby Mitchell, an employee contracted to DOT to do computer network support and computer programming, told the hearing officer that DOT's computer firewall crashed in January 2003 and had to be rebuilt.
    ....
    Mitchell said he found WinSpy on Dobbs' computer when transferring material and programs in his computer to a new one and at that time saw that the program had an "imbedded address" that allowed someone outside the department to have access to DOT's computer system. The imbedded address was traced to Australia.

    So, who still actually believes he should get his job back? He was so focused on proving his boss was in the wrong that he compromised the security of the network he was a sysadmin for.
  • Re:Everyone knows (Score:2, Informative)

    by zipoff (62601) <sd@NOSPAM.zipoff.com> on Sunday August 01, 2004 @10:36AM (#9857618) Homepage
    Although it was clearly my responsibility as a computer system administrator "to confirm and document" such misuse

    wrong! here, you are so off the marker it's pathetic.

    I would normally agree, except in the case where the former system administrator shows the job description from the employee manual that states that as part of his job function.

    ALDOT Policy Excerpts [knology.net]
  • Good old boys system (Score:1, Informative)

    by Anonymous Coward on Sunday August 01, 2004 @10:53AM (#9857691)
    Well, I work at a DOT that, let's just say is the next state over from Alabama. Here politics are more important than job performance. We call it the "good old boys system". Many of the IT managers are corrupt and/or incompetent.

    Being a government agency it is usually rather hard to fire someone. It is impossible to get a bad manager fired because there other manager friends will cover their butts for them.

    Of course it is easy to fire us peons, all they have to do is trump up some fake charge like having porn on our computer or some form of insubordination. Actually the computer usage policies are so strict that there are things that *everyone* is in violation of. So it is not that hard to find something.

    They don't like to fire people to often though because it makes the managers looks bad, so what they usually do is run off their employees. They will pass out reprimands left and right for all kinds of bogus or stupid little things (like forgetting your daily status report or being late a few days). Using these they can also reduce your pay or otherwise demote you. Mixed in with all of this they will play "musical projects" and give you some project you don't know how to do. Are you a java programmer with 10 years experience? Well, your new project is in Visual Basic! Lets watch as you fail to meet your deadline and then it is reprimand time again! Oh, and you are not allowed to ask other coworkers for help as that would be "cheating". In the end it gets so bad they just quit to save their sanity.

    So chances are this boss in the article was involved in a similar "good old boys system" and they just decided it would be easier to get rid of the peon causing trouble.
  • Re:Everyone knows (Score:3, Informative)

    by astar (203020) <max.stalnaker@gmail.com> on Sunday August 01, 2004 @12:46PM (#9858138) Homepage
    I have a little story, without URLs, from my local area, Tacoma, WA. Tacoma city government has the usual draconian rules on misuse of government equipment. There is an elected city council which holds public meetings. The council critters have government issued laptops which they take to public meetings. One was observed to be checking his stock positions during city council. This was publicized by the press as misuse of government computer facilies, and it is generally agreed that it was against policy.

    The politican made excuses and the civil servant who was responsible for enforcing the computer policy said something like "I am not going to touch it". It all blew over.

    I conclude, as in the military, you cannot hold people above you accountable. It is the way of the world.

    In this cases, Dobbs could have been held accountable by his superiors, who instead chose to shot the messenger. Dobbs did not do much harm by his inactivity, but his superiors seem to me to have done a lot of harm by causing outrage about their actions to response to the situation.

    But the real problem is that the citizen's of the state in question have an at-will employment policy, instead of civil service protections. So the imperative is probably to protect the political connected job holders, and thus this result occurs.

    Note that we now have civil service reform regarding security agencies at the Federal level. This reform has been compared to the equivalent civil service reforms pushed through by Hitler. Perhaps the results at the Federal level will be even more outrageous than in Dobb's state.

  • Re:Everyone knows (Score:3, Informative)

    by kzinti (9651) on Sunday August 01, 2004 @01:51PM (#9858444) Homepage Journal
    OT, but the actauly lyric is "In Birmingham, they love the Gov'ner - Blue, Blue..." Which was the nickname of the govener of Burmingham at the time. It caused quite a stir at the time as people also heard "Boo Boo" and were confused as Lynyrd Skynyrd was a supporter of said Gov.

    Where to begin? Here are the facts:

    Actually, it is "boo, boo, boo", as many written accounts of Ronnie Van Zant and the song have long established. I misquoted it the way I hear it - I guess my ears just don't register the "b", and although I "know" better, I still sing "hoo, hoo, hoo" when I hear it.

    The line refers to George Wallace, who was governor of the state of Alabama, not of Birmingham. Birmingham is a city in Jefferson County, AL, and has a mayor not a governor.

    George Wallace never had the nickname "Blue". I've read that early in his career he was called the Fighting Judge, or the Little Fighter, but never Blue.

    Now my interpretation of the line about Birmingham loving the Gov'nor:

    It was a sarcastic remark. Wallace was a racist and avowed segregationist. Birmingham had the largest black population in the state. Hence the sarcasm: in Birmingham they love the governor? Not damn likely. The "Boo! Boo! Boo!" part is Van Zant jeering the governor. Zan Zant and the band never supported George Wallace.

    At the time Sweet Home Alabama was written, Wallace had never carried Jefferson County in an election. It was rumored that he punished Birmingham by, among other things, withholding federal highway money from the county, and sending it elsewhere in the state. As governor, Wallace got to direct how federal highway funds were spent, and it is a fact that I-65 through Birmingham was the last stretch of interstate highway to be built in Alabama, long after the rest of the state's interstates had been finished.

    Wallace's cronies in Montgomery, the state capitol, might have loved him, but not the people of Birmingham. At least not until the "new and improved" George Wallace came along, but that's another story...

What this country needs is a dime that will buy a good five-cent bagel.

Working...