Wednesday, September 30, 2009

Inspector General: no time to chase fraud, we're after Porn surfers

At the National Science Foundation:

Employee misconduct investigations, often involving workers accessing pornography from their government computers, grew sixfold last year inside the taxpayer-funded foundation that doles out billions of dollars of scientific research grants, according to budget documents and other records obtained by The Washington Times.

The problems at the National Science Foundation (NSF) were so pervasive they swamped the agency's inspector general and forced the internal watchdog to cut back on its primary mission of investigating grant fraud and recovering misspent tax dollars.

How bad was it? Well, there was the guy who surfed porn for 331 days. Without being detected. So did they frogmarch him from the building? Fire him for cause? Err, no. Seems he was some sort of hero:

When finally caught, the NSF official retired. He even offered, among other explanations, a humanitarian defense, suggesting that he frequented the porn sites to provide a living to the poor overseas women. Investigators put the cost to taxpayers of the senior official's porn surfing at between $13,800 and about $58,000.

"He explained that these young women are from poor countries and need to make money to help their parents and this site helps them do that," investigators wrote in a memo.

Sigh. Let me leave you with a couple stories from the Paleolithic Age of the Internet. Since I was one of the Security Guys, management came to us one day. Someone had turned on logging for outbound HTML at the Firewall, and the list of outbound destinations were (shall we say) not something that Mom would approve. Management asked us what they should do. They didn't want to fire anyone, but they didn't want to just let this continue.

After some discussion, we emailed everyone in the company the Top 10 destinations list *I think 6 or 7 were porn). This let everyone know that someone was watching, and that they should do this somewhere else if that was their bag, baby.

Story 2 was from a security conference, where I spoke on a panel about this very subject. Also on the panel was a lawyer, who had some very interesting things to say about how to set up a program that would let you fire someone without being sued for wrongful dismissal. The whole point, said the lawyer, was to make the situation so egregious and outrageous that no jury would find for the guy you fired.

Your corporate porn policy, said the lawyer, should say that possession of over 500 pornographic pictures was grounds for dismissal. If it were a small number, then someone who went to whitehouse.com (a notorious porn site) my mistake (when they actually wanted whitehouse.gov) would muddy the waters. Anyone with hundreds of pix would have crossed the poorly defined "I know it when I see it" line.

So to the NSF crowd, folks have figured out how to solve this problem. Srlsy. Boy, I can't wait until these guys run my health care.

2 comments:

Tangalor said...

Headlines I can see in my minds eye:

"Healthcare Official: Porn is good for the wrists"

"Obama signs new law to help citizens in third world countries"

"Amscott: Porn now tax deductible!"

BobG said...

"How bad was it? Well, there was the guy who surfed porn for 331 days."

I imagine he got quite good at one-handed typing...