Alabama IT Whistleblower Fired For Spyware 751
chalker writes "Vernon Blake, an IT sysadmin for the Alabama Department Of Transportation, wanted to get evidence that his boss spent the majority of his time playing solitaire on his computer. Since emails to higher up supervisors were ignored, he installed Win-Spy, which grabbed screenshots several times per day over a period of 7 months. 70% of the resulting screenshots showed an active game of solitaire, and another 20% showed his boss checking the stock market. When he reported this to superiors, he was fired, even though he had 21 years of service in the position. His boss got a reprimand to 'stop playing games'. He is appealing his termination in court since he claims it was part of his job description to 'confirm and document' computer misuse for ALDOT. His complete story is here."
Wow... (Score:1, Interesting)
2 wrongs didn't make a right. (Score:2, Interesting)
2 wrongs made a CLE (Career Limiting Event)
Fire them both? (Score:2, Interesting)
The more interesting question (Score:5, Interesting)
Should it matter if you're spending half your time playing Solitare if you still manage to do the job you're supposed to do?
This boss's managers don't seem to want to get rid of him. One conclusion you could draw from that is that perhaps the boss actually is getting what he's supposed to be doing done. (Maybe most of his work isn't even done on the computer?)
In that case, who cares if he's playing solitare? Perhaps he's thinking things through and making decisions while doing it?
Personally, I've got a job where nobody tells me what to do with my time, as long as I get the job done.
And that's the way it should be, if you ask me.
By my definition, a job is performing a task for money.
He has a hit counter... (Score:4, Interesting)
He has a toolbarcounter on his whine page [aldotwaste.com]
This should be fun to watch... [toolbarcounter.com]
Counter Hits Summary
Total Months Counter Hits / 12200
Average Number Of Counter Hits Per Day / 394
Oh, and I imagine this will look different in a few hours as well
Top 5 Browsers by Visits
(Browsers / Visits)
Microsoft Internet Explorer 6.x / 6498
FireFox / 1447
Unknown / 922
Safari / 598
Netscape 7 / 437
Re:couldn't he just.... (Score:2, Interesting)
This is part of that windows thing that doesn't allow you to delete system essential files (idiot proffing windows). I know this because i tried to delete solitare from my new win2k computer (just to keep out temptation) and it wouldn't go away. It was like the terminator.
Re:maybe he was fired... (Score:5, Interesting)
but friends and i have dealt with situations like this before (the tech side, not stuffed suit side).
here's what happened: we had a dumbfuck COO making life absolutely miserable for everyone. he did absolutely nothing for the company and his net contribution to the company was ZERO. yet his fellow stuffed suits excused his bad behavior, even though the fucktwit COO was single handedly decimating moral through out the ranks.
well amongst the techies, we already had one guy leaving for a better job, so he volunteered (with help from unknown sources) to gather some dirt. he put it all together in a report of our COOs activities and in the middle of the night, placed hard copies on nearly 300 desks, and emailed over 1000 employees. this shit was gravy...we had evidence(photos/screen caps/receipts) of: an affair w/underling, porn surfing, game playing, almost zero actual work, frivilous purchases on company credit card, 3 hour lunches, sleeping frequently on the job, etc.
shit hit the fan, they accused the entire IT dept in complicity, but the single IT guy leaving, while not admitting it directly, intimated that he acted alone.
needless to say, the uproar amongst rank and file quickly drowned out the investigation.
The COO, CFO and a vice president all left.
Apparently they believed that their similar activities had been documented as well....as an anonymous message (not from us) stated "more was coming". we actually had nothing more, but the threat alone was enough.
karma rolled some fucking heads that month.
little guys: 3
fucktwit suits: 0
oh, those tricky statistics (Score:2, Interesting)
True, but it also doesn't say *how often* the boss was using his computer. If he spent six hours at his computer every day that was 70% solitaire/20% stock checking, then it looks pretty bad. On the other hand, if every day he spent 7 minutes playing solitaire, 2 minutes checking his stocks, and 1 minute switching between the two, then it would be pretty trivial.
Wronged righteousness (Score:5, Interesting)
It really surprises me that after 21 years of supposed service, this guy gets canned for the expose, which leads me to believe there is something(s) we're all not being told. 21 years and this guy still doesn't have a sensible grasp of the environment that would can him as sooner than praise him? 21 years and this guy is worth less than a solitair playing spider monkey? Normally that only happens when they're just dying for an excuse to get rid of you, normally after you've done something to piss them off.
Sorry, but thing aren't adding up here for the righteous IT guy here. I'm betting he screwed the pooch way before this incident.
Why do folks say he was doing his job? (Score:5, Interesting)
No, misuse of the computer, if you ask me, would involve installing spyware and trojans on other people's computer, looking at their files, flooding the network, running a porn site.
This sysadmin scares me, if he doesn't think you are doing your job properly, then even after he has told your boss about it he thinks he can install spyware on your computer and watch you. What other thing that bothers him would make him feel justified in doing crap like this?
I would fire him on the spot, possibly consider pressing charges. While employers do own their computers and thus you don't have as much privacy from your employer as you should have, this guy was not authorized by the employer, and what he did is possibly illegal.
He was also spying on his wife... (Score:3, Interesting)
Testimony alleged that as a result of Blake downloading the software, a computer hacker at an unknown location in Australia breached the Alabama Department of Transportation's computer firewall in 2003.
also,
Blake also testified Monday that he installed the program on two other computers in the department, that of the state Right of Way Engineer Paul Bowlin, who heads the division, and Right of Way Secretary Jana Trafford Blake. Jana Blake is married to Vernon Blake.
So he spies on his wife, his boss, and HIS boss. It's also possible that his actions led to a breach in the firewall at the office as well (that's disputed and may not be the case). With those facts in play, that changes my view of events.
Re:Everyone knows (Score:5, Interesting)
Re:maybe he was fired... (Score:3, Interesting)
I've lived from Colorado to Georgia in various places since reaching voting age (and have a significant interest in California
Go to Mississippi and you're pretty well limited to a very religious government workforce. Go to Louisiana and corruption is rampant. Go to Georgia and you'll see alot of laziness. Apparently Alabama is the "melting pot of the South" since if you end up there you will never know WHAT to expect, only that you probably won't like it.
It's too bad, I enjoyed my time there and have friends there, but I'll not live there again. I feel bad for those who have to deal with it, especially the more moderate northern Alabama areas that have to constantly deal with being in too much of a minority to vote out the dipsticks.
Re:The more interesting question (Score:1, Interesting)
A company where employees are judged by how busy they look instead of by the results that are achieved is a company that is being criminally mis-managed.
I used to have to manage student workers in just such an environment. My bosses wanted me to "keep them busy" whereas I was more concerned that they got the work done. My opinion was that if they were on top of things and there was nothing that needed to be done then the freedom to take a break was their well-earned reward. This difference of opinion is part of the reason why I don't work for that department anymore. The environment itself was neurotic. The task of our group was to run the open-access computer labs. This meant keeping the computers running, the workspace clean and straight, and helping students who needed help. Yet because the boss felt the need to aggrandize our role, we were all having to pretend that what we were doing was sooooo hard and soooo time-consuming. Where I am now things are much better, and I get paid more.
The boss has a lot to do with the work environment. When that boss creates an unpleasant environment by trying to keep everyone busy all he does is breed resentment. The employees learn to never finish tasks but instead to drag them out as long as possible, or at least never to finish tasks that are not unpleasant. The result is that things don't get done, the workers are constantly trying to keep up the appearance that they are busy, and everyone hates working there.
If I'm ever in charge of a department or running my own company, I'm going to make it the fundamental policy of working there that results are what matter, not how busy someone appears to be, or even is for that matter. If someone can accomplish everything that needs to be done in six hours instead of eight, I'm hardly going to begrudge such a productive employee for loafing at the end of the day. Besides, anyone who keeps their nose to the grindstone for 8 hours straight is going to crack eventually. Everyone needs to take a break now and then just to be able to do their job. Anyone who doesn't understand that has no business supervising anyone. Of course there is a difference between taking a break and avoiding work, but then that is why you fire some people.
The truth is that the world is full of assholes, idiots, and control freaks. If you're none of the above then consider yourself both blessed and cursed. Blessed with the wisdom not to be one of the above, and cursed with having to go through life without the sweet satisfaction of being able to kill everyone who is one of the above.
Re:That's 90% (Score:3, Interesting)
"I don't see how you think hackers are such a problem. I mean, how much harm could they do."
The next day, hand him a piece of paper, listing every password he entered and every username he used. Tell him he should probably change them--and if he doesn't, well, the next time the keylogger might not be an employee pointing out a security hole.
IMO the end not only justifies the means, but it's entirely in his duty--and he certainly shouldn't have been fired for it.
Re:Everyone knows (Score:2, Interesting)
hhmm -
DOBBS, George = dobbsg
BOWLIN, Paul = bowlinp
want to bet that:
MCINNES, Joe = mcinnesj
worst case it will just bounce anyway.
Re:That was appropriate (Score:3, Interesting)
Get it. Because the sysadmin didn't work within the system and went off to install spyware on his own he completely fubared what could be done to discipline his supervisor.
And how could you discipline the supervisor anyway besides a written warning for the first offense? How did the sysadmin know that nothing had been done? What? Did he install spyware in the HR office so he could see the supervisor's personel file? This guy dropped a nuke when he should have been using a flyswatter.
And why did he have to install spyware in the first place? What? Can't poll the PC and find out that sol.exe is up all day? Again, why did he need screenshots of everything the guy was doing and why wasn't someone from HR making sure that data wasn't misused. Hell he shouldn't have those screenshots to begin with! Wow, his boss spends 80% of his time playing solitaire and he spends 50% of his time going over screenshots.
No. Just because this is "gubbermint" doesn't mean what this guy did was right technically or ethically.
What about the boss? (Score:3, Interesting)
grib.
Re:maybe he was fired... (Score:5, Interesting)
At my last job, we had a few dumb-fuck executives that eventually drove our company out of business, hence it's my previous job. Anyhow, there was one such guy that was spending company money for himself, sexually harassing the ladies (one quit after her superior wouldn't take serious action against this guy), and basically did everything to screw the company and nothing to help it.
We had plenty of mud to dig up, actually, we didn't need to dig any up because it was well known throughout the entire company. The CEO etc. wouldn't do jack, because (although not as bad) he had done similar things to a certain extent.
It was obvious that making a stink would only get the person making the stink have a miserable life, or get fired for some technicality. So, instead of a legitimate confrontation, we used a more shaddy approach. Most of it was illegal, but hard to prove, but wouldn't get anyone fired. So long as we weren't caught in the process of doing it.
We basically harassed the fucking hell out of the executive in question. Some very childish pranks like using a high strength epoxy putty to seal all the key holes on his Mercedes (keyless entry still worked, but he did notice this), took the air out of his car tires, and ripped off the emblem. Next came the dog shit on his door steps, uprooted flowers in his garden, and other general vandalism. To make sure he understood it was an internal effort, we glued his books closed, and chopped a few cables on his office computer. (I still can't believe that this was done by the sysadmin himself... BOFH or what!?) There was loads more, but we finally drove the thought home by sending a piece of mail from a spoofed acount that generally said "Either your life could continue being hell, or you can leave the company. You choose." He was gone in 2 weeks.
Was this legal? No! Was it ethical? Probably not. But it was the lesser of 2 evils, where the other evil was making a stink and getting fired in return. Sometimes doing it the "right way" isn't really the right way at all if you end up losing. It's not worth it. I suppose we could have hired someone to break his legs (there were more than a few ladies in the office that would have been very happy to contribute to the "hit tip" if we had collected!) but we certainly got more entertainment and satisfaction out of doing it ourselves. Best of all, it wasn't even a coordinated plan, it was completely autonomous. As soon as people caught on that someone was raising hell, everyone else followed.
So Patrick, if you're reading this, now you know. By the way, I have your Mercede's emblem.
Re:That was appropriate (Score:3, Interesting)
Hah.
You really think those things take up a significant part of the budget?
They are a drop in a $2 trillion sea of cash.
I'd love it if that were all the government did.
Total budget 2003, $2158 billion.
Defense: $365.3 billion
Homeland security: $22 billion
Justice: $19 billion
Transportation: $13.5 billion
Judicial: $14.6 billion
Thats about 26% of the budget.
Social Security/medicare/medicare/etc. takes about 55%.
The rest goes to things like Agriculture or Health and human services.
All those things you spoke of barely make up 26% of the budget.
And even then, are you sure we're not being made to pay too much for these services?
An organization that has time to spend play solitair all day is a waste of our money and we aren't getting anything in return for that money.
Re:YOU CALL THAT (Score:5, Interesting)
You want one command? Done. Run this as a local admin: Or perhaps you'd like to nuke all the games at once? You could of course run the Uninstall section for each game. But since we're so fixed on the "one command" notion, we'll need a file c:\nogames.txt with the following contents (disregard the spaces added by slashcode): Once we have that, run this command to blow away all the games at once. (Add
Just because YOU don't know how to administer a Windows network doesn't mean it's not possible.
Everyone on here misses the point... (Score:4, Interesting)
Re:couldn't he just.... (Score:2, Interesting)
- which package installed particular file (dpkg -S file)
- all files for particlar package (dpkg -L file)
- for official debian packages: in which package a particular file is (apt-file search file, even if the package is not installed).
erik
Sour Grapes Are Real (Score:2, Interesting)
My boss makes twice as much as me, yet he needs help using the insert key. God forbid he should try to make a new folder on the network.
Re:I hope he has a good lawyer. (Score:2, Interesting)
Two words, Jury Trial.
The state will bring up the issue that he wasn't authorized to install the software.
Two words, Jury Trial.
If the state has a privacy law that will be brought up.
Two words, Jury Trial.
The final nail will be the state getting an expert on the stand detailing the alternatives to grabbing screen captures and how what he did was the antithesis of industry best practice.
Two words, Jury Trial.
The point that I'm making is that once a jury hears this, none of that other stuff will matter. It will look like the state tried to silence him instead of fixing the problem of a freeloading employee. The "average person" that sits on a jury will be more likely to side with the person who was "doing the right thing" as oppposed to the person who was doing the legal but unethical thing.
The only reason that this "was the antithesis of industry best practice" is because usually it's management spying on lower level employees. A jury will LOVE the story about some regular guy who was wathing a watcher. The state is going to do any and everything it can to keep this out of the hands of a jury because it's a foregon conclusion that the state has lost this case if a jury hears it.
LK
Re:What he should have done... (Score:4, Interesting)
Dunno how it is in BC, but the job market down in the USA (especially Alabama) is really shitty (especially for the 45+ age group) and he was probably making a very nice bundle of money after 20 years of raises in a government job.
I also like how everyone apparantly knows all about the computer policies at the guy's place of work (and are able to comment on them.)
Re:How you could make it look really bad. (Score:2, Interesting)
If his boss really played solitare all day, a log of applications would show it and the percentage time it was active. Even still, it would be difficult for him to prove as he could manipulate the logs manually.
Although I don`t think admins do smart in playing big brother and having others know they do I can help bofh`s around the world avaid at least this particulair problem. With the new big brother task forced uppon fellow bofh`s we can get problems and various new work related illneses [theregister.co.uk]. But if we really do want to document someones solitaire highscore, pornographical preferences over time or maybe even a serious brakein attempt then stamper [itconsult.co.uk] will help prove the time and date of our evidence... Just email secure hash (md5sum log* or md5sum screenshot*.png) of the stuff and you get it back dated and signed. Now anyone with gpg or pgp can verify the at least the earliest time/date the evidence excisted thus proving it wasn manufactured say after a big conflict. Now if the evidence includes like in this example screenshots of stock moves noone predicted or a news site you know at least the earlyest time time this part of evidence could have been created.Ofcourse if you do this to document others browsing and then confront people/brag about it you deserve what you get. However if you document a brakein (firewal log, found altered/unexplained binaries etc) then maybe the one behind it gets what he/she deserves...
Re:Everyone knows (Score:3, Interesting)
Sadly, you are mistaken. You've obviously never worked for the Government, Military or even some major corporate environments...
When I worked for Earthlink, I had a boss that would download pr0n all the time and management was told about it but never did anything about it. Sadly, one of his employees that had homemade pr0n on his webspace was canned.
This boss also had some interesting pictures of fellow employees, employees wives, etc on his computer and he some how managed to kiss ass enough to stay till the end. Did he do his job right? Nope...
This supervisor decided that he was not going to give me a raise because I was not at 100% production for the department, even though I was a full time employee, pseudo supervisor and DB admin for a major CMR platform. I mouthed off and it got around to him - he redid my whole 1 year review in 1 hour - he copied another employees review and change the name. Needless to say, while reading through it, some sections would say "Justin has been an extreme help to the team. She has been...."
Oh, and one last thing - its almost impossible to lose your job when working for the government, which is why people normally fight for even the low positions. Apparently, he didn't kiss enough ass to the main boss - which is also why they ignored him. I refuse to kiss ass in any environment and while I may get left behind on some positions, I also refuse to keep workplace friendships with those that kiss ass - can't stand people that do that.
Re:No whistleblower here... (Score:4, Interesting)
RTFA [decaturdaily.com].
So the "lazy boss" received commendations for production. Seems that the "lazy boss" gets a lot done while still playing solitaire. Even when his supervisors had full knowledge of his alleged "slacking off" they chose to keep the "lazy boss" on the payroll. They even commented that his production is "above reproach". Seems to me the sysadmin was grinding his axe in error.
He was also a doofus for taking the situation into his own hands. He installed a pirated version of WinSpy without authorisation from a superior officer. He also monitored other staff (two other people) for 7 months, without authorisation. He claims he was doing it to catch slackers at work. But that behaviour is too easily miscontrued. He was begging for trouble and he got it.
Re:That was appropriate (Score:3, Interesting)
According to what policy? What type of monitoring wouldn't be excessively invasive? Monitoring typically means remote viewing of the screen of the user, in addition to HTTP logs and other resources. Most netadmins I know use Dameware NT Utilities, which allows for remote viewing without user notification if you roll your own INI file and force it on the user when you silently remotely install.
Re:Everyone knows (Score:3, Interesting)
Sir, as a United States citizen and resident of the neighboring state of Florida, I have recently read of what I feel compelled to draw your attention to. It would appear that we have another occurance in your state, of that abhorrent "act of nature" called the Peter Principle. Where a person attempting to engage in a reasonable, and rational response to obvious government waste, and attempted to document such waste, with the means at his disposal, is dismissed. And here is where the Peter Principle comes into play, the supervisor conducting themselves inappropriately is given essentially a slap on the wrist.
I don't know about yourself, and I don't wish to judge on your behalf, but in the state of Florida, I'd call a government worker who spent a considerable amount of his or her time either playing solitaire or checking their stock portfolios, wasting tax payer dollars. And believe you me, this Floridian, and many others, would certainly be calling or writing our esteemed governor, Mr. Jeb Bush, to ask you to take a proactive part in the process of getting to the bottom of the matter.
I believe you yourself, are concerned with government waste, and have made mention of this in your own platform in running for Governor. I draw you attention to just two paragraphs from your "Historic Opportunity for Change" speech:
Paragraph 6 of that speech states: "We've begun the long journey of restoring the people's trust in their government. By telling the truth, by conducting an open administration, by making decisions based on merit and by driving out waste."
Furthermore, Paragraph 8 states, "Because of the budget reductions we enacted, Alabama now has the most cost-conscious and efficient government we've had in decades. The disclosures and accountability reforms we've already put in place have given us the most open and transparent government we've had in decades."
I'm certain that others may very well have quoted similar passages, as your own statements, and obvious strong feelings towards the matter are quite appropo to Mr Blake's case before the Alabama Department of Transportation.
I must say, that after reading some of what's written up surrounding this case, I'm going to write ( and tell my friends and family to do likewise ) to our own Governor, and remind him that he better NOT be letting OUR department of transportation be running like this. As while he himself is in office, WE will be voting for bigger fish this November, and beyond.
Twenty-One years of unblemished service, and an honest attempt to ferret out waste which you yourself have made the call to eliminate ; being met with dismissal, do not, in this simple citizens eyes, constitute fair justice. And I'm sure MANY other's, including thousands of Alabama's good citizens would feel that there is merit in correcting this unjust action. I enjoin you to take a personal and proactive part in bringing this matter to a more judicious and even-handed resolution.
With Warmest Regards from the Sunshine State,
Strongly disagree with something? Really!? (Score:4, Interesting)
And in the end, all you have is your integrity.
I have mine, and I was a consultant (which is saying something). Heheh. I never AFIAK told a client something they wanted to hear in order to get a job. I never failed to mention an existing or potential problem. I told them, "You can disagree with what I recommend, but you DO pay me for my knowledge, expertise, and experience."
Anything less than that is negligence, which may not be what you are suggesting, but pragmatism is akin to being practical. So is letting your boss get away with making bad decisions practical? What if that decision causes a few people to lose "these periodic paychecks"?
My boss is human. I argue with him every day. It's part of the job. They watch you so you don't make mistakes, and you watch then to do the same. As long as you act as a team, then things work well. As soon as people start worrying about looking good, then things get messy. I constantly argue with my boss about that point exactly. I tell him that I am interested in making the company run well from an IT standpoint, and that the company makes money to pay me. If everyone worries about looking good, then they make decisions that they think will be popular rather than decisions that are right for the business.