Some years ago, I got a job doing network support for the District Attorney’s office in a large city that shall remain nameless. When I arrived, the network was a mess. Malware was rampant, Internet and WAN connections were saturated, and users were constantly complaining about slow computer and network performance.
Even so, my attempts to enforce a mindful security policy were met with fierce resistance. The attitude among the legal staff was, “This is my computer and my network; you’re just a computer janitor.”
Worse yet, “to make things easier for everyone,” network access permissions had been set so all home directories were open and available to all network users. That was what the Powers That Be wanted. As a result, investigators’ notes, lawyers’ case reports, research, strategies and so on were open and unprotected — at least within the network.
But even that wasn’t the worst. One day I visited our cross-town branch office to find that virtually every computer had Napster loaded on it, providing open access to every network hard drive, thanks to the default Napster settings. This opened up a security hole big enough for a battleship.
When I tried to explain this to the branch’s head attorney, she proclaimed, “I’ll take this stuff off my computer when your boss tells me to.”
My boss, the head of IT (who was better at politics than technology), told me, “She can be difficult to deal with. Let them have their toys if it keeps them happy.”
I was flabbergasted, but what could I do? I wrote up my concerns and submitted them to my boss in the form of a “cover letter,” designed to cover my behind.
About four months later, the state telecommunications agency (which was our ISP) got a call from a network security officer in another state asking, “Do you know that the county District Attorney’s network is wide open to anyone with a Napster client?”
Things got rapidly unpleasant after that.
For some reason, I was never called to account for the security breach. (Perhaps my boss recalled the cover letter.) Instead, the head of the agency sent a strongly worded memo to the IT office, which I forwarded to all the attorneys. Over the next few weeks I managed to get Napster off all the computers, although I never succeeded in changing the open-home-directories policy.
And while I made a strong attempt to explain to everyone why Napster was dangerous, at least one lawyer who loved sharing his music defended his right to continue doing so with a passionate, hair-splitting argument of the sort that had probably convicted many a miscreant. I knew I was fighting a losing battle; within weeks, unauthorized software started to reappear.
Despite my noble decision to resist saying, “I told you so!”, I was fired a month later — something about failure to show proper respect to those exalted enough to be attorneys. Of course, it could have been that my boss wasn’t happy with my having a copy of that cover letter, either.
I’m tempted to say that the lesson here is don’t work for lawyers, but I’ve known quite a few good ones. Maybe it’s more about letting technical people set technical policies.
Got amazing tales, real-life experiences or war stories from the trenches? E-mail them to [email protected]. If we use your story, we’ll be sure to conceal your identity and that of your company and colleagues.