Forget Porn, Computer Woes Could Cost Millions


A recent investigation into the computer-porn habits of city employees has launched a citywide crackdown, but critics say the focus of the investigation misses the real problem — the huge holes in City Hall’s computer network

The investigation was first announced in a Sept. 21 press release — the highlight being a “pattern” of porn-site visits using City Council President Bill Pantele’s City Hall login, later found to be a single visit.

It has since uncovered tens of thousands of porn visits on other city computers and has led to the expected dismissal of at least two city employees.

But porn may be the least of the city’s problems.

A March report from City Auditor Umesh Dalal found minimalist standards for issuing passwords from the city’s Department of Information Technology, wherein a person needs only to call a technician and provide a legitimate user ID. All callers were then given the same standard password that allowed them to reset their logins. “Stronger authentication methods must be considered,” the report concludes.

It gets worse. A second March audit of DIT found the department was unaware of exactly how many personal computers the city owns, estimating the number between 2,700 and 3,600.

The audit also uncovered poor software management, leaving the city vulnerable to serious copyright infringement. All told, the audit found, the copyright violations could cost the city up to $496 million in civil and criminal fines, if the software companies were to pursue such charges.

The report about computer security “wasn’t just critical,” Pantele says, “it was scathing.”

While the city has trumpeted the findings from the porn sweep, what’s more revealing are the breaches of city technology protocol, showing that even low-level security concerns have gone unaddressed.

“The city doesn’t have the filters that a prudent business would have,” Dalal says, which “should prevent people from visiting those sites even if they wanted to.”

Public schools and all libraries that accept state funding are required to install Internet filters on their computers, but the city didn’t decide to install filters until after the recent porn raid. According to an internal memo from Gene Doody, the city director for information technology, the city began blocking adult sites Oct. 4 at the request of Chief Financial Officer Harry Black.

Dalal says the post-porn report itself raises more questions than answers.

“The methodology they that they adopted is questionable, actually,” Dalal says. If someone visited a site that linked to an inappropriate site or was pinged with an adult-themed pop-up, for example, those may have been counted, unbeknownst to the user.

That may help explain some of the inconsistencies in the administration’s report findings, which don’t jibe with those of City Council officials.

“Some information I got indicated that some employees were out of town,” says Daisy Weaver, City Council’s chief of staff, referring to reports of porn site visits on the computers of council staffers who weren’t there when the usage occurred.

Installing Web filters would be a first step, Dalal says, but it doesn’t begin to address the overall mismanagement of software in the city’s IT department. In the March audit report, Doody says his department lacks the necessary funds to address the problems.

“The city would need to consolidate budget dollars from across the city and aggregate them in [the Department of Information Technology’s] budget for enterprise management,” Doody wrote. S

  • Click here for more News and Features
  • TRENDING

    WHAT YOU WANT TO KNOW — straight to your inbox

    * indicates required
    Our mailing lists: