A deputy state inspector general says it should be a given that public employees’ Internet usage on the clock is monitored, but the recent arrest of a Clark State administrator reveals that isn’t always the case.
Stuart Secttor was fired last month from his job as executive director of the community college’s Performing Arts Center after he was arrested and accused of soliciting a prostitute in March.
Secttor told police he used his work computer to access an escort website that day, according to a police report, and that it wasn’t the first time he’d done so.
But it’s unknown exactly how many times he might have browsed inappropriate websites at work because the college said it doesn’t use any technology to monitor Internet activity on its servers.
Many in the public sector say monitoring the online activity of employees is common practice and ensures the public’s trust.
“It’s a given that if you are an administration, public or private, there is some duty to monitor your computer resources,” Ohio Inspector General spokesman Carl Enslen said. “There is an expectation that you are worrying about those things.”
Other public employees also have been caught recently misusing Internet resources.
During an investigation into Ohio State Parks Assistant Chief Jonathan Dobney last year, the Ohio Inspector General discovered that his son, a state parks officer, had updated his Xavier sports blog at work 84 times in less than a year.
Also last year, monitoring by Five Rivers MetroParks’ IT staff helped catch a part-time employee who later pleaded guilty to numerous counts of pandering child pornography. The charges against Byron Layman stemmed from the discovery that he had accessed illegal images from a computer at Germantown MetroPark on two occasions.
Clark County Sheriff Gene Kelly said Internet tracking allowed his office to confirm that Dustin Hensley, a former deputy, hadn’t accessed illegal material from the county’s network after he was arrested in connection with the possession of child pornography.
“He did have a laptop assigned to him,” Kelly said, but deputies determined that there was no illegal material on it.
Clark State declined to comment for this story, but has previously confirmed they don’t have any software or technology in place to monitor or track employee activity online. The school also couldn’t fulfill a public records request from the Springfield News-Sun for Secttor’s web browser history, saying no such records exist.
Many other local government officials asked about their computer monitoring policies by the Springfield News-Sun said they track what their employees do on the Internet, with some actively blocking access to certain websites.
“Regular monitoring is a common practice,” said Stacy Parr, director of technology and information services for the Springfield City School District. “We also perform random checks of equipment and filters.”
While most workers will admit to the occasional foray onto social media on the job, it’s longer dalliances that affect productivity and viewing of inappropriate or illegal material that has prompted most employers — public and private — to monitor usage.
“You’re supposed to be doing your job,” Springfield City Manager Jim Bodenmiller said.
The city, like the county, school district, state and other public entities interviewed, spells out what is considered appropriate versus inappropriate use of its computers in a written policy that each employee must sign.
“People are going to look up a game score, or they’re going to text a spouse to say what’s for supper tonight. I think you’re going to have some of that,” Bodenmiller said. “But when it goes beyond just a very brief exchange of information to they’re spending an inordinate amount of time, and they’re engaging in those activities regularly, that’s just completely unacceptable.”
The city tracks what sites each computer visits and the log is reviewed and purged on a monthly basis. If something jumps out as odd or inappropriate, Bodenmiller said it is reported to the employee’s supervisor.
At local government offices with small staffs, such as the Clark County Park District, IT policies might be followed on more of an honor system. The park district does some monitoring of its servers on a random basis.
“We are all aware of the dangers of the Internet and have pledged to each other to keep our actions honest and respectful,” said Executive Director and Chief Ranger James Campbell.
Every state-owned computer has a disclaimer posted or displayed on its screen that says the user understands Ohio’s information technology policy. State employees also must sign a statement that they agree to follow the guidelines.
“The people of Ohio expect their public servants to devote their time to conduct the state’s business and compensate them for that time. In the use of their time and IT resources, public servants must be mindful of the public trust that they discharge,” the state IT policy says.
The policy outlines numerous banned uses of state computers including any illegal activity and the use of dating or escort websites. It also says employees have no expectation of privacy and the state reserves the right to “view any files and electronic communications on state computers, monitor and log all electronic activities, and report findings to appropriate supervisors and authorities.”
However the state’s policy doesn’t dictate how agencies should enforce the policy and doesn’t require monitoring.
“Technique of enforcement is pretty individual (to each agency),” said Enslen, from the state inspector general’s office.
Community colleges, though publicly funded, don’t fall under the state’s IT policy. The Ohio Board of Regents, which sets initiatives for higher education institutions statewide, also said it doesn’t have a blanket IT policy that schools must follow.
“Any best practices we would provide would echo the state’s IT policy,” said Jeff Robinson, Board of Regents director of communications.
No reason not to monitor
As early as 2007, the last time the American Management Association surveyed employers about electronic monitoring, 66 percent of companies reported that they tracked Internet connections and 65 percent used software to block connections to inappropriate sites.
“In 2014, there’s no reason not to monitor,” said Nancy Flynn, founder and executive director of the ePolicy Institute. “It’s just playing fast and loose with your computer resources, your reputation and your security.”
Some of the easiest technology tools are keyword or automated search software, which would flag certain words in an email or detect if an employee tries to visit a blocked website.
“It does take time and it does take human resources and financial resources,” Flynn said. “But they should look at it like an insurance policy.”
It’s a preventative measure to avoid a potentially disastrous situation in which an organization’s reputation and security are at risk, she said.
Privacy and workers’ rights advocates caution, however, that random monitoring can be both inefficient and an unnecessary intrusion.
Keyword software set to pick up on the use of certain body parts, for example, could detect potential sexual harassment among employees, said Lewis Maltby, president of the National Workrights Institute in New Jersey.
“But you’ll also catch emails between an employee and their doctor or an employee and their husband,” he said. “Which is the last email in the world (an employer) should be looking at.”
Some people have the perception that any personal use of a government computer is wrong, Maltby said, “but everybody gets coffee breaks and lunch breaks,” he said.
The best way to balance employee privacy and the need to control abuse of resources, Maltby said, is to just block access to unwanted sites.
“You don’t have to worry about people going to an X-rated site if they can’t get there,” he said.
At public colleges and universities the issue of academic freedom can also come into play when professors and researchers believe their work could be stymied by monitoring.
The American Association of University Professors has developed guidelines they believe can preserve freedom of inquiry and still ensure security.
“Faculty members should be involved in the setting of institutional policies surrounding the monitoring of and access to content and traffic data,” according to the association’s 2013 report on Academic Freedom and Electronic Communications.
The Ohio Board of Regents said however that any higher education employees should know they have no expectation of total privacy while using computers owned by their institution, private or public.
Clark County uses website blocking technology on county-owned computers, in addition to tracking Internet use.
“We do capture where people go on the Internet,” said Kim Deniston, information systems director for the Clark County commissioners. “As an IT department we don’t look at that everyday,” and don’t have the staff to do so, she said.
But the record is there if a complaint or suspicion of misuse arises.
Her department will also take a look if a bandwidth issue occurs. At one point it was discovered that some second- and third-shift jail officers were watching Netflix because the streaming slowed down the network.
Netflix then was added to the county’s list of blocked websites, which includes Facebook and eBay, along with gambling and pornography sites.
Only select employees have access to the blocked sites if it is necessary for their jobs, such as sheriff’s detectives who use social media during criminal investigations.
As more and more employees use both personal and county-issued smartphones as part of their job, Deniston said the policy has extended to include those devices.
The county can block certain apps from being downloaded onto publicly owned phones and can remotely wipe them of all data if necessary.
In the case of a community college, Flynn said there are numerous reasons the administration should monitor Internet use beyond lost productivity.
“Colleges are required by law to protect their student’s privacy,” she said. “They should be monitoring whether anyone is accessing those records.”
If no one tracks what’s happening on the network, she said, “how do you know who is looking at what, who is transmitting what?”
Springfield News-Sun I-Team Reporter Katie Wedell digs into government waste, fraud and abuse allegations. Send her story tips at firstname.lastname@example.org or 937-225-2251.