BE BREITBART: Update 8: DES Right To Know Update : IT data requests and response - network traffic (#FAIL) - Granite Grok

BE BREITBART: Update 8: DES Right To Know Update : IT data requests and response – network traffic (#FAIL)

All of the posts in our DES Right To Know request concerning Mr. Richard de Seve massive blogging activities during work hours as he was allegedly working (while on the taxpayer dime) prior to this have been “preliminary”.  We set the table, ordered from the menu, and enjoyed the appetizers. Now, it is time for the main courses -the IT (Information Technology) network data and what actions should have been triggered.

With our tech background, we wanted to be able to establish linkages and definitely prove:

  • Linkages from Mr. de Seve’s logins to a particular computer
  • Getting that computer’s  DHCP lease information so as to get the MAC addresses / IP address(es) for tracking network data packet traffic
  • Thus, being able to track outbound packets from Mr. de Seve  to observe:
    • seeing the destination sites outside of the State of NH domain(s)
    • see how long his “time on site” were at those sites
    • examining those data packets so as to see what he was doing on those non-NH State sites

Thus, we requested:

Request 7:

7. Any and all electronic records that show outbound traffic to any and all non-State related websites from the IT- department’s proxy servers, outbound routers / designated Internet gateways emanating from the use of Mr. de Seve’s computer usage based on his Authorized User ID / assigned computer). At a minimum, we are looking for such packet level records that will contain:

  • a.      Mr. de Seve’s ID (or that can be traced hack to such)
  • b.     Mr. de Seve’s assigned IP address þr his assigned computer(s). If however, that address (or set of addresses) are dynamically assigned, a key / foreign key that can be used to link such records together along with the logs that show the connection between the MAC address(es) of Mn de Seve’s computers by the designated DHCP server(s).
  • c.     The destination IP address of such traffic generated by Mr. de Seve
  • d.    Time Stamps for each record so as to determine “length of time onsite”. For this item, summary records of site visits with such information will be acceptable.

This answers the that (now) old adage

what did they know and when did they know it?

This data would definitively prove our observations concerning Mr. de Seve’s activities – dead to rights.  And given that the data HAD to be flowing through their system, they had the opportunity to monitor it.  Thus, this data, more importantly, allow us to swing our attention from his actions to that of the Department of IT and Department of Environmental Services:

“what weren’t they doing that they should (or could) have been doing, and why weren’t they doing it?

So, what was result of this part of our Right To Know request?

Response to Request 7 (emphasis mine):

DOIT [the Department of Information Technology  – Skip] systems log URLs for internet traffic moving through state internet gateways.  DES has been advised that DOIT systems do not log, capture, or otherwise retain packet level details or content of inbound or outbound internet traffic.

7.a. Because packet level details and content are not captured, DES and DOIT cannot provide packet level records containing Mr. de Seve’s user ID.

7.b. Because packet level details and content are not captured, DES and DOIT cannot provide packet level records containing Mr. de Seve’s IP address. All DES IP addresses are dynamically assigned and are retained by a user as long as the IP address is renewed by logging in during the applicable lease period.

7.c. As you clarified during our telephone conversation on Wednesday, March 21, this request is for the destination IP address (rather than designation) of such traffic generated by Mr. de Seve, This information is logged by DOIT’s systems. As this is a request of first impression, DES and DOIT are currently working to determine the appropriate response to this specific request.

7 .d. DES and DOIT cannot provide records responsive to this request. DOIT systems log only the destination URL address and the time at which a hit was generated. They cannot track the length of time spent at a particular internet site.

The operative line: “DES and DOIT cannot provide records responsive to this request“. I had a back and forth with the DES RTK guy (and a phone conversation); see the bottom of the post.  What it comes down to is that none of the IT related data packets we wanted are available.  It is impossible to now trace back Mr. de Seve’s actions such as writing a comment anywhere on an outside site – the State does not track its employees in this fashion.  Or they don’t know if they can say one way or another.  So, in answer to “what did they know and when did they know it?“, the answer is that they did know it all and they knew it when the packets went through the system.  How do we know that?  Time stamps at the Concord Monitor on de Seve’s comments done during work hours – going through the NH systems.  His admission that he was commenting during work hours – going through the NH systems.

We will have to see if their URL tracking can be linked to Mr. de Seve.  Now, this still doesn’t let him off the hook – again, he’s admitted to this all anyways.  But it does bring up the larger question: can the State live up to its own personnel policies in this area?

Next post!

As an aside, I just got off the phone with someone getting ready to try his hand at being an entrepreneur with some T-Shirt designs as I was writing this; his quip was “Oh, Little Brother is spying on Big Brother?“.  Yeah, that just about fits…hey!  sounds like a Breitbart styled T-Shirt: Be Breitbart: turn the tables and be Little Brother spying on Big Brother

=======================================================================================

I promised that discussion on responsive earlier; for our purposes, it is very important to understand the complete definition of the term responsive.  To recap: The operative line: “DES and DOIT cannot provide records responsive to this request“.  Now when this first came in, I had to make sure that I really understood, so I had a bit of (good natured) back and forth but we needed to nail the definition down solid (reformatted, converted to be more bloggish):

Hi!

One really quick question from Page 2:  Response to Requests 1 and 2

No responsive records exist for the time period specified in your request.

Does “No responsive records exist” mean that “there are no records that exist that can be sent to you (meaning me) but there are records that exist that fit the request” or “no records exist at all” (meaning that such records absolutely don’t exist – and therefore, were never sent)?

-Skip
====================
Skip,

It means that 1) no responsive records exist at all and 2) even if they did, they would be exempt under  RSA 91-A:5.

Does that clear it up?
====================
>> Does that clear it up?

Nope

>> It means that 1) no responsive records exist at all and 2) even if they did, they would be exempt under  RSA 91-A:5.

If you would, please clarify the following logic statement based on the context of my request and your “answering” sentence above:

True or False:  ” no responsive records exist at all” = “no records exist at all

As you can tell, I am trying to divine the use of the modifier “responsive” in your answer, as it could radically change my perception of your answer; I wish to ensure that I understand it correctly.

-Skip
(who sometimes HAS to “overthink” utterances – especially when dealing with other engineers, lawyers, and politicians)
==========================
I understand.  I think this will clarify it.

Responsive” refers to whether or not a record meets the criteria established in your request.  Our searches are always limited to “responsive” records.  Think of Venn diagrams.  If you asked me to produce all our green widgets and in my search I found only red widgets, I would have to respond that I found nothing responsive to your request, even though I found plenty of widgets.

You asked for specific personnel-related records for a specific time period.  My inquiry revealed that no records meeting the criteria in your request exist, even though every employee’s personnel file would contain other personnel-related records.  Those “other” records would not be responsive.  Thus, my response was that “no responsive records exist.”

“Responsive” and “exempt” are different.  Searches can reveal responsive records (those that meet the criteria in the request) that cannot be produced because of an applicable exemption.  That is not the case with the records you requested.  Records that meet your search criteria do not exist.

I hope that explains it better.

============================
Better.

Lawyers and politicians (sheesh)…..and I thought *I* “write long”…   OK, appreciate your response to “responsive” (sometimes, I just cannot help myself!)

So, from your answer, this is a definitive True logic construct:  ” no responsive records exist at all” = “no records exist at all”

The translation: IT did not notify DES about Richard de Seve’s Internet surfing – correct?

-Skip

>