BE BREITBART: Update 8: DES Right To Know Update : DOIT and DES – living up to their own policies (#FAIL) - Granite Grok

BE BREITBART: Update 8: DES Right To Know Update : DOIT and DES – living up to their own policies (#FAIL)

The last post on this topic (GraniteGrok’s Right To Know to the State of NH on the non-State biz use of the State’s network: political commenting) effectively ended on these notes:

  • what did they know and when did they know it?
  • and “they did know it all and they knew it when the packets went through the system.”

Which leads up to the next important question:“…can the State live up to its own personnel policies in this area?”

This actually breaks down into two parts:

  • Can the State technically actually do what the policies say imply based on the results sent to us from our Right To Know request?
  • And if the State can technically support its policies – are they actually using those technical tools and if not, why not?

Now, I would be remiss to not point out that part of RTK for our calculus is still outstanding – Mr. Richard de Seve’s outbound (of the NH State domain) emails which the DES RTK guy has told me, multiple times now, is in process:

Request 5:

5. Any and all of Mr. de Seve’s emails that were outbound of the NH State’s domain and whose destination were other than for another NH State employee.

Response to 5:

All known emails have been collected and are currently being reviewed to determine 1) whether they are responsive to your request and 2) whether they are subject to any privilege or statutory exemption under RSA 91-4. Responsive, non-exempt emails will be provided upon completion of this review.

 So, this needs to be fit into the picture when they arrive.  In the mean time, there is more to review and our interim conclusion at the end…

To recap, here are the actual policies (emphasis mine) with comments (and yes, there are a lot of policies that apply from both DES and DoIT):

NH Department of Environmental Services:

  • 2. The electronic communications system shall not be used to solicit or promote any personal or commercial venture.

‘Grok: While there is no specter of a commercial venture in our sights, it certainly is a personal one, in our estimation.  No, not a traditional moneymaking business, which is what might be divined  from the above text.  However, it can be viewed that Mr. de Seve was pushing a personal agenda that benefited his political beliefs and what entities might benefit from that.

What will be the State’s reaction, given that we have brought a flashlight onto the issue?

 

  • 3. The electronic communications system shall not be used to create, store, download, forward or transmit in other fashion, any offensive and/or disruptive messages. Messages considered to be offensive include, but are not limited to, those which contain sexual implications, racial slurs, gender-specific comments, or any other comment that offensively addresses age, marital status, sex, sexual orientation, religious or political beliefs, national origin or disability. Messages considered to be disruptive include, but are not limited to, chain letters.

‘Grok: Political beliefs.  Certainly, this is the bulk of our request – as well as the time spent by him commenting on State’s dime.

What will be the State’s reaction, given that we have brought a flashlight onto the issue?

 

  • 7. The Internet is an unsecured network… Further, the electronic communications system provides for monitoring of Internet resource use and electronic mail. DES reserves and will exercise the right to monitor, review, access and disclose all messages and/or documents created, received or sent over the electronic communication system. Accordingly, employees should assume that Internet use is not private and may be monitored. Moreover, the communications are subject to release under RSA 91-A, the Right to Know Law, and are also potentially “discoverable” in any court action in which DES is a party…Even when a message is erased, it is still possible to retrieve and read that message.

‘Grok: Let’s see:

  • They are monitoring – the last post said that they can and are tracking outbound URLs which are only picked up by “sniffing” the data packets.  Thus, they do have the technology (and this has been confirmed by the RTK Dude today).  But they said that they cannot turn over the data packets as they are not warehoused – so how do they, forensically, use it if needed?  Sure, they can turn it on if they suspect malfeasance – but that is a “now and forward” technique and not “now and back in time” one.
  • They publicly turned over then Attorney General Kelly Ayotte’s emails under an earlier RTK – we will be receiving Mr. de Seve’s in the near future.  But “communications” are not just emails by any technical definition and in all cases, no matter the media type (audio, text, video), data packets play an integral role in ‘communicating the communications”.  And they have gone to that Big Bit Bucket in the Sky.
  • If the packets are not being warehoused, they cannot be, by definition “potentially “discoverable” in any court action in which DES is a party“.  This is, as we say in both blogging and technical terms, a problem.

What will be the State’s reaction, given that we have brought a flashlight onto the issue?

 

  • 10. Improper use of the electronic communications system may result in disciplinary action up to and including termination of employment.

‘Grok: What constitutes an “improper use” of the State’s system?  Is there a sliding scale of malfeasance with respect to usage?  And is there a sliding scale of punishment / remedies with respect to alleged (or in this case, admitted) malfeasance?  And how would the public know, and know the differences?  The problem with such imprecise terms is that honest leniency can be see as pandering at best and CYA at worst.

What will be the State’s reaction, given that we have brought a flashlight onto the issue?

 

NH Department of Information Technology:

  • 3.1.3     Information shall be used solely for the purpose of conducting official State business and all other use or access is strictly forbidden, including, but not limited to, personal or other private and non-state use.

‘Grok: I hardly think that what we have been looking at, Mr. Richard de Seve’s political commenting, could be construed as in support of “official State business” but would fall into that other category: strictly forbidden.

What will be the State’s reaction, given that we have brought a flashlight onto the issue?

  • If an Authorized User’s use of the network or computer system appears to be inappropriate or excessive, the appropriate technical support personnel will notify the appropriate immediate supervisor.

‘Grok: Once again, we see a policy that utterly depends on data packet sniffing for monitoring purposes.  While this policy is for the IT Department personnel, this cnnot be acomplished without the proper technical tools monitoring the data flows within the State network.  Are they doing this for the IT Department?  And if so, why not extend that out to the other Departments?

What will be the State’s reaction, given that we have brought a flashlight onto the issue?

There are a lot of other “bullet items” to the IT Department’s policy that both mimic and go into greater detail compared to the DES one.  I’m not going to specifically comment on each one (much), but I think you, the reader, can understand what that comment would be.  But it is illustrative to list them (emphasis mine):

  • 4  E-Mail Use

E-Mail and other electronic communication messaging systems are State of New Hampshire property and are to be used for business purposes only.

  • 4.3.6.     Creating or transmitting statements, messages, language, images, that might constitute intimidating, hostile or offensive material likely to be disparaging of others based on race, national origin, sex, sexual orientation, age, disability, religious beliefs, or political beliefs.

If an employee’s use of the E-Mail system appears to be inappropriate or excessive, the appropriate technical support personnel will notify the employee’s immediate supervisor.

Once again, in order to do this last item, monitoring tools have to be in place.  Thus far, however, we have not seen them used.  What will be the State’s reaction, given that we have brought a flashlight onto the issue?

  • 5     INTERNET/INTRANET USE

The Internet/Intranet is to be used for access to and distribution of Information in direct support of the business of the State of New Hampshire

  • 5.2     Internet/Intranet may be used for:

Software for browsing is provided to Authorized Users for state related business use only.

  • 5.3     Internet/Intranet shall not be used for:

The Authorized User understands and agrees that the Internet/Intranet shall not be used for:

1.     Chat rooms, interactive games, and personal message boards.

9.     Fund raising or public relations activities not specifically related to State business.

10.     Any purpose not directly related to the mission or intent of the agency.

If an employee’s use of the Internet/Intranet appears to be inappropriate or excessive, the appropriate technical support personnel will notify the employee’s immediate supervisor.

Once again, this policy cannot be enforced unless the proper tools are in place, being used in essentially real and near-real time, and past data being forensically captured for later policy usage and determinations.  And again, we’re back to relatively ambiguous terms for inappropriate and excessive as well.  What will be the State’s reaction, given that we have brought a flashlight onto the issue?

  • 7 ACCOUNTABILITY

It is the responsibility of each DoIT Division and Bureau to enforce all policies contained in this Computer Use Agreement. Employees who do not comply with this policy shall be subject to disciplinary action as outlined in the Administrative Rules of the Division of Personnel.

Oops! More of the same – to enforce data based policies, one has to have and be using data based tools to capture, examine, interpret, and flag usage to “restrict activity on the network as appropriate”. Living up to responsibility may be difficult at present.  Which brings up “what is the definition of appropriate?

And, what will be the State’s reaction, given that we have brought a flashlight onto the issue?

*****

I think, for now, this is enough.  Certainly, I think that while the ‘Grok jury is still out on the case of Mr. de Seve and awaiting the final pieces of evidence (URLs and emails), it is clear that they are itching to go out the door and render their decision.  However, this is only valid in the court of public opinion as we are, humbly stated and as the lofty, full of self-esteem mainstream media would agree, simply lowly bloggers.

Sidenote: I do ask the simple question: dudes, why didn’t YOU guys pick up on this guy’s activities??  Aren’t YOU ALL supposed to be the Watchdogs of Democracy?

As far as the State is concerned, both for DoIT and DES, they may decide to do something big, they may decide to do something little, or something in between.  In any of those cases, GraniteGrok will only be in the back seat – any decisions made are up to others.  Frankly, we see three areas of action that should be looked at:

  • Mr. Richard de Seve – does he get ignored, a tongue lashing, time in the stocks (yes, those would help bring back another missing element for social mores – shame – but that’s for a different post) or banishment from his version of heaven?
  • DES – see above, but will they also see that others are looking at their policies and asking “toothless or fangs”?  Will they have the management and political chops to “say what they mean and do what they say”?  Make no mistake – there will be political ramifications, as Mr. de Seve is an SEIU chapter VP – and the SEIU is the premier union at playing politics.

Speaking of the SEIU:

  • Will Diane Lacey, NH SEIU President,  go full on for Mr. de Seve (even with his admission of guilt)?  Or throw him under the bus?
  • More importantly, what will be the official flack words from her concerning this?
  • Will the SEIU voluntarily “out” others who have been doing the same thing – stealing time from NH taxpayers to lobby for SEIU advocacy, issues and candidates?
  • Or will they lash out at GraniteGrok simply because we used a flashlight and saw a ranking SEIU member in its beam?

There are also Legislators that have been watching this unfold – it will be interesting to listen to their take on this series.

And this series is not yet complete – again, we await the arrival of the URL list of the sites that Mr. Richard de Seve has been visiting since 2005 on State time as well as his emails.  As need be, we’ll update our conclusions.

Oh, by the way?  This is just Stage 1.  Guess what!  We have more upcoming….

 

>