Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Education Google Operating Systems Software The Almighty Buck The Courts IT Technology

College Fires IT Admin, Loses Access To Google Email, Successfully Sues IT Admin For $250K (theregister.co.uk) 277

An anonymous reader quotes a report from The Register: Shortly after the American College of Education (ACE) in Indiana fired IT administrator Triano Williams in April, 2016, it found that it no longer had any employees with admin access to the Google email service used by the school. In a lawsuit [PDF] filed against Williams in July, 2016, the school alleges that it asked Williams to return his work laptop, which was supposed to have the password saved. But when Williams did so in May that year, the complaint says, the computer was returned wiped, with a new operating system, and damaged to the point it could no longer be used. ACE claimed that its students could not access their Google-hosted ACE email accounts or their online coursework. The school appealed to Google, but Google at the time refused to help because the ACE administrator account had been linked to William's personal email address. "By setting up the administrator account under a non-ACE work email address, Mr Williams violated ACE's standard protocol with respect to administrator accounts," the school's complaint states. "ACE was unaware that Mr Williams' administrator account was not linked to his work address until after his employment ended." According to the school's court filing, Williams, through his attorney, said he would help the school reinstate its Google administrator account, provided the school paid $200,000 to settle his dispute over the termination of his employment. That amount is less than half the estimated $500,000 in harm the school says it has suffered due to its inability to access its Google account, according to a letter from William's attorney in Illinois, Calvita J Frederick. Frederick's letter claims that another employee set up the Google account and made Williams an administrator, but not the controlling administrator. It says the school locked itself out of the admin account through too many failed password attempts. Williams, in a counter-suit [PDF] filed last month, claims his termination followed from a pattern of unlawful discrimination by the school in the wake of a change in management. Pointing to the complaint she filed with the court in Illinois, Frederick said Williams wrote a letter [PDF] to a supervisor complaining about the poor race relations at the school and, as a result of that letter, he was told he had to relocate to Indianapolis.
This discussion has been archived. No new comments can be posted.

College Fires IT Admin, Loses Access To Google Email, Successfully Sues IT Admin For $250K

Comments Filter:
  • default judgment (Score:5, Informative)

    by borcharc ( 56372 ) * on Wednesday January 18, 2017 @07:06PM (#53692811)

    They got a default judgment against him, they did not win on the merits of the case. Default judgments are not so final when the other party wants to fight about it some more.

  • What an idiot (Score:5, Insightful)

    by realmolo ( 574068 ) on Wednesday January 18, 2017 @07:14PM (#53692861)

    ALL sysadmins have thoughts of what they would do as "revenge" for getting fired. Hoarding passwords is something that has occurred to all of us, at one time or another. It's such an easy thing to do.

    But you can't do that stuff. It's unethical, and immature, and unprofessional. Not to mention, you'll end up getting sued, and YOU WILL LOSE.

    This guy sounds like a whiny little bitch, and he never should've been hired in the first place. When you hire sysadmins, you need to hire people that seem trustworthy, first and foremost.

    • Re: (Score:3, Insightful)

      by ASDFnz ( 472824 )

      ALL sysadmins have thoughts of what they would do as "revenge" for getting fired.

      It is never crossed my mind so not quite all.

      • Re: (Score:3, Insightful)

        by Anonymous Coward

        Good plausible deniability there. I see what you are doing... Sure... You've "never" thought about it once...

        • You have far less reason to doubt his claim than the "ALL sysadmins" claim which, since it's an absolute, is undoubtedly false.

          • Re: (Score:2, Informative)

            by Anonymous Coward

            There are two thoughts any sysadmin should have:

            • if it was me, how would I break into this system
            • how could I damage the company

            Then think how many of those things you could do by accident if someone persuaded you they needed your help whilst drunk or, in many cases, merely by being knocked down by a bus and spending three months in hospital. The end result of this thinking should be.

            • more regular, better more distributed backups
            • better ways to recover from disaster
            • more privilege separation and protection ag
            • A post like that deserves a real name next to it, not A/C, so you can be recognized for a clear, well-thought out response.

        • Re:What an idiot (Score:5, Insightful)

          by Anonymous Coward on Wednesday January 18, 2017 @07:47PM (#53693063)

          O COME ON...SERIOUSLY? You have such little integrity that you actually believe that anyone who has ever been a sysadmin covets keeping passwords or even fantasizes about it as revenge?

          You know its been said that the 'measure of a man is not what you do when people are watching but what you do when nobody is watching'...I really hope I never interact with you.

          There are still people in this world that have morals/personal integrity that they live by both in thought & deed regardless of who may or may not 'know' they are doing so.

          • O COME ON...SERIOUSLY? You have such little integrity that you actually believe that anyone who has ever been a sysadmin covets keeping passwords or even fantasizes about it as revenge?

            You know its been said that the 'measure of a man is not what you do when people are watching but what you do when nobody is watching'...I really hope I never interact with you.

            There are still people in this world that have morals/personal integrity that they live by both in thought & deed regardless of who may or may not 'know' they are doing so.

            Not only that but if you do have these thoughts then perhaps you should take a step back and re-evaluate your life and line of work? Sounds like it is time to get another job if any employee gets this angry with her or her employer or frustrations with the day to day job.

            I have never thought about doing such a thing in the I.T. field. However, I have had angry thoughts about these things on past employers. I quit these jobs as I figured at this point I may not be a good fit for the company culture or positi

            • Re:What an idiot (Score:4, Insightful)

              by silentcoder ( 1241496 ) on Thursday January 19, 2017 @04:57AM (#53694927)

              If you want to make it harder for somebody to break into your house - what is the first step ?

              Oh right, it's asking "How could I break into it right now".

              Thinking of how one could take revenge does not imply any desire to act on those thoughts - it implies doing your due diligence as an admin by looking for weaknesses in the setup that need to be fixed and fixing them before somebody else can exploit them.

              So, sorry, but if you've never sat down and thought "how could I take revenge on this company if they fuck me over" - you are not doing your JOB. Because it means, if somebody else (rightly or wrongly) feels they have been fucked over, you won't know what revenge they may want to take, and you won't have put the systems in place to prevent it.

              • by AmiMoJo ( 196126 )

                These days a lot of people seem to be worried about being replaced, perhaps by offshoring or just by someone cheaper. In that case, there is little incentive to make the system robust enough to survive your exit from the organization.

                It's long been the dream of everyone in tech. Become so essential to the business, usually by being the only one who can perform a vital function with no possibility of replacement within standard notice periods.

                Good wages and conditions are a great insurance policy and motivat

      • Has it ever crossed your mind what would happen if you got hit by a bus? It sounds like the school didn't have proper succession protocols in place.

        They fired the admin. From that moment forward he wasn't in charge of doing anything for them. If they needed access to something they should have thought of that before hand.

        • by ASDFnz ( 472824 )

          Has it ever crossed your mind what would happen if you got hit by a bus?

          All the time.

          As a sysadmin most of my job is planning for contingencies and that is one of them. The hardest part of that is making sure that I keep my contingency up to date with all of the correct credentials needed AND that someone can access and implement it.

          Every now and then I hit up the people responsible just to make sure they can access everything they need.

          • by cdrudge ( 68377 )

            The hardest part of that is making sure that I keep my contingency up to date with all of the correct credentials needed AND that someone can access and implement it.

            Well it sounds like the guy in the story didn't do that. He probably should be reprimanded or fired or something. They just need to be sure to do it AFTER he fixes the situation because they're screwed if they do it before. Oh wait...

      • Really? That makes me doubt you are a good IT tech, because you don't think of all possible options. It's fundamental to the job of IT to consider as many possibilities...

      • Comment removed based on user account deletion
    • by Sycraft-fu ( 314770 ) on Wednesday January 18, 2017 @07:28PM (#53692949)

      You have a plan should you get killed or otherwise be unable to provide the passwords. Where I work, in addition to there being more than one IT staff, all the passwords are safely locked away where the Dean can get at them, if needed. We make sure that even if we are all gone, whoever comes after can get access.

      These days the university has policies to that effect but we did it before then because that is what you do. You have a disaster plan, and that plan includes what happens if you aren't around.

      • by argumentsockpuppet ( 4374943 ) on Wednesday January 18, 2017 @10:59PM (#53693905)

        When I go on vacation, I like to go places where there is often no phone or internet service. If there is anything that my department cannot handle while I'm out, that's a problem. It's a problem I fix as soon as possible. It's been quite a few years since anything that "needed" my attention turned out to be something besides "we didn't bother reading the documentation." I expect a backlog of issues they couldn't handle as efficiently as I could, but nothing they couldn't do if they just read and learned more.

        My predecessor once bragged that my employer would never be able to keep him from being able to log back in. He left on "good" terms, so I didn't have to immediately ensure that wasn't the case. That was nice since it did take me more than a month to ensure his access was truly disabled without interrupting any services. My replacement shouldn't need more than a day.

        If I'm ever hurt, I expect my job to be waiting for me when I get back. I don't expect it to visit me in the hospital or at my home when I'm recuperating.

        If I win the lottery* one day, I expect to call HR and let them know that I'll come in for an exit interview after a few months in a tropical resort. I expect them to miss me and need to pay three times my salary for my replacements. I expect to get invited to office Christmas parties.

        *I don't expect to win the lottery. I don't buy lottery tickets, but according to the way I understand math, my odds of winning are exactly the same for planning purposes.

        Once in a while I get a call from somebody who wants to sell IT in a box type outsourcing. I don't dismiss the idea out of hand because there's a lot of scut work I wish I didn't have to spend time on, but so far, I can't rationalize the cost. I know they can't replace us, but sometimes I think it would be nice to separate our true work from the work that just fills the low priority moments. There's a very slim chance that somebody with a poor sense of what we actually do will get one of those calls and think they can save money by replacing us. In our offices, I expect that idea to be dismissed immediately, but maybe personnel will change or somebody will make a stupid decision and I'll get to hand over the passwords to my replacement. My next employer will have a dozen references vouching for me and in three months I'll get offered my old job with a salary high enough to make me, at least briefly, consider taking them up on it.

      • Be careful with this -- don't forget to UPDATE those physical envelopes when necessary. And that still doesn't solve intentional breakage where someone changes then absconds with the new controlling credentials.

        A stored-in-a-safe envelope is still a single point of attack, albeit good for emergencies. If you want to distribute the password and know you have time to recover it, see Shamir's Secret Sharing Scheme [point-at-infinity.org] or overview [stackexchange.com] for how this would work. Basically: for T total users force a quorum subset Q of
    • by Tesen ( 858022 )

      ALL sysadmins have thoughts of what they would do as "revenge" for getting fired. Hoarding passwords is something that has occurred to all of us, at one time or another. It's such an easy thing to do.

      But you can't do that stuff. It's unethical, and immature, and unprofessional. Not to mention, you'll end up getting sued, and YOU WILL LOSE.

      This guy sounds like a whiny little bitch, and he never should've been hired in the first place. When you hire sysadmins, you need to hire people that seem trustworthy, first and foremost.

      Look the issue here is simple:

      1) Their IT management sucked and he was allowed to use a personal email account for his admin duties despite their "rules" (rules can always be made up after the fact). So I would fire all the way up the chain of command to the CIO/CTO.

      2) They _fired_ him. The caveat to that statement is he wiped a laptop that was not HIS property.

      If he had simply returned the laptop and refused to help them, no harm no foul - you do not owe your past employers ANYTHING especially if they fire

    • Re:What an idiot (Score:5, Informative)

      by quetwo ( 1203948 ) on Wednesday January 18, 2017 @08:43PM (#53693335) Homepage

      That wasn't really the case here. The IT shop apparently had a crew of a dozen or so people. They all had admin rights on the Google domain plus some root admin account. When they fired Williams, (according to the court docs), the laptop was sent back with the root account set to auto-login. Apparently the company they had outsourced the IT to either wiped the machine or did something to it where the root account got locked out or the password changed. The only other account that had admin access was William's personal google account (which was supposed to be removed from admin rights).

      He didn't want to work with them anymore to help them recover their admin account, which they screwed up. They ended up suing him. He ended up losing because he didn't show up to all the court dates, because he couldn't travel to Indiana because he was not able to take his kid with him to Indiana (because of a ruling from family court).

      If he would have shown up to court, he actually would have won. It was the school's responsibility to secure their property before firing him (including logins, etc.) They didn't, and they can't expect him to even answer his phone after they separated. He was actually in the right, by law, to ask for compensation for working with them, as a new contract work for hire. This is pretty standard case law, and the LRB has postings about it all the time. Now, he could have been in the wrong if there was a policy about not associating the domain admin account with your personal account, but that clearly wasn't the case since it was well known that it was done and they didn't bat an eyelash about it.

    • Hoarding passwords for revenge might actually work. You could claim that you forgot the password especially since it was quite some time between when he was fired and when he was asked for the password. But to then "offer to help" in exchange for money, it's no longer revenge but rather extortion. He's lucky not to go to jail.
    • Uh, no.. it would never have occurred to me to do that.. mostly because my department would not be so callous (that would be the HR people or corporate) and they were my friends. I wouldn't do that to them, and I would lose respect as well. So if you do this, you are definitely not someone I want to hire.
    • by hey! ( 33014 )

      Actually it's worse... or rather stupider. He offered to fix it (which really is just involves filling out and submitting a web form) if school settled a lawsuit for $200,000.

      Now let's assume this guy is totally in the right as far as the claims in his lawsuit are concerned. That doesn't give him the right to hold his employers' systems hostage until he gets what he wants. Those systems still belong to them.

      What was he thinking? Of course the courts are going to order him to hand over the metaphorical ke

      • by AmiMoJo ( 196126 )

        Another way of looking at it is that the school needed to employ him again to help them recover from their mistake. It was their mistake, they locked themselves out through incompetence (relying on auto-login). He declined to accept their contract due to the pending lawsuit against them, but offered to reconsider if they settled it.

    • ALL sysadmins have thoughts of what they would do as "revenge" for getting fired.

      Whenever I get let go on a contract, I never consider revenge. I feel sorry for that company letting go of one their best IT workers and look forward to the 40% raise at the next company.

  • Terry Childs... (Score:2, Interesting)

    by Anonymous Coward

    Reminds me of Terry Childs.... Not sure it's so malicious as of yet. There are a lot of idiots who can spin their own lack of technical knowledge into supposed misdeeds.

    Sometimes people just assume you are to blame because you were simply the one who "did something" to the machine before they came along and messed it up.

    I had a boss who was given my password to the company laptop but contacted me accusing me of locking him out after employment because the machine booted with numlock emulation and if you ar

  • by xxxJonBoyxxx ( 565205 ) on Wednesday January 18, 2017 @07:17PM (#53692881)
    From the letter linked to in TFA summary:

    >> The culture of American College of Education (ACE) has become very toxic over the last 6 months and seems to affect only the African American demographic of our college. I know our HR manager is relatively new and may not know the history of the college regarding a few past discriminatory practices that were resolved by legal actions...I suggest that all members of upper and middle management at the company take diversity and sensitivity training.

    How does that read? "I want less racist managers and if you don't make me happy I may find an attorney to help me play the race card..."

    Maybe he had a point, but I could understand how a lot of people in the college might be looking to drive him out, regardless of his IT skills (or lack thereof).
    • by kamapuaa ( 555446 ) on Wednesday January 18, 2017 @07:21PM (#53692907) Homepage

      Maybe it was a legitimate complaint?

      Holding passwords hostage isn't the answer, but nothing inherently wrong with bringing attorneys into it. No company wants to hire or even interview tech workers over 45, and Slashdot is happy to talk about lawsuits with regards to that issue.

      • by Anonymous Coward on Wednesday January 18, 2017 @07:29PM (#53692957)

        Maybe that's because the majority of slashdotters don't need to worry about waking up black or female. Waking up old, however, awaits us all...

        • by cdrudge ( 68377 )

          Waking up old, however, awaits us all...

          Speak for yourself. I plan on dying a young 400 pound hacker good at cyber.

        • by gosand ( 234100 )

          Maybe that's because the majority of slashdotters don't need to worry about waking up black or female. Waking up old, however, awaits us all...

          Do not regret growing older. It is a privilege denied to many.

          And I strongly disagree with the GPs assertion that there is "nothing inherently wrong with bringing attorneys into it."
          That seems to be such a pervasive sentiment that it has made our society one that actually believes we need lawyers to behave like reasonable people. It's a self-fulfilling prophecy that has been created by - you guessed it - lawyers.

    • by Attila Dimedici ( 1036002 ) on Wednesday January 18, 2017 @07:59PM (#53693123)
      I want to first say that there is enough lack of information in this article that it is impossible to reach any conclusion without a heaping load of reasonable doubt.

      That disclaimer having been made, this sounds like a situation where the sys admin became a malcontent because he was left out of the loop on a lot of things,,,something which often happens when someone works remotely. He claims they refused to promote him to management, likely because he was working remotely and they did not think it was practical for him to manage people he never saw (they may have been wrong, but I understand why they felt that way). As for the secret meetings he alleges, I doubt they were secret. There were probably a bunch of meetings they did not mention to him because they were not directly related to his job and not worth setting up a way for him to attend remotely. Then they probably forgot to include him in some meetings they should have because A) he worked remotely and B) they had not invited him to the other meetings (the latter which there was no reason to include him in).

      Having read the whole story, it reads like there was a change in administration and the new administration did not like that Williams worked remotely and was trying to find a way to get rid of him if he would not move to where he could actually come into the office (something he could not do). I think he read the writing on the wall (Sidenote: by the time the writing is on the wall, being able to read it does you no good) and wrote his letter in an attempt to intimidate them into leaving things the way they were.

      My skepticism for his account of things is not because I do not think it could have happened that way. My skepticism is because the story is almost entirely from his side of things and everything still has explanations that do not require malice on the part of the Institution or its staff.
      • by AmiMoJo ( 196126 )

        If you read his lawsuit (linked in TFA), he claims that he was given management duties without the matching promotion. He also claims there were typical pressure/bullying tactics like making him account for his time in 15 minute blocks. And this was the guy who apparently held the keys to the (email) kingdom...

        Of course he might be lying, but it would be pretty dumb to file a lawsuit making easily verifiable claims like the 15 minute thing or the nature of his work, which will be documented on both sides, i

    • by fedos ( 150319 )
      I think the point, which you do a good job of demonstrating, is that racist shitbags are idiots.
  • need more details (Score:5, Insightful)

    by v1 ( 525388 ) on Wednesday January 18, 2017 @07:38PM (#53693007) Homepage Journal

    If his account wasn't the controlling account, and the school really did lock themselves out, they started the problem. If he used rng for a good strong master organizational email password, and it got wiped as the laptop got returned, he may not have it to return. (one wonders about the state of the school's backups...) As an employee you can't just assume the school is going to go retard on you and require you to provide copies of stuff they ought to already have. To the school's credit, he ought not to have wiped the computer before returning it, that's his bad.

    When I last changed jobs, it was well known that I had copies of work-related data on personal drives, as I mirrored them to several around the shop for everyone to use the tools and data on. I was asked to delete that data on my personal drives when I left, which I did. I found out months later that the GM went on a wiping spree, intent on nuking ALL the service drives. (bright lad, that one) I was asked later by the SM if I had that data. nope. The SM finally found one last service drive in an old service machine that had been replaced and mothballed, saving enormous headaches. If they'd have lost that data for good, tough. NOT my problem.

    It does sound like Williams isn't going out of his way to be cooperative, but it also sounds like the school is expecting more than they are entitled to in the way of cooperation. Will need to get more details on both sides. Even if he "violated policy" while he was working there, that'll be tough to find any legal liability over. You fired him, that's what you do when they violate policy. That doesn't also mean you're allowed to fine, sue, or break his knuckles after you've parted ways.

  • by Anonymous Coward

    Last day is this Friday, and I am feverishly working to plug as many holes as I can. What management doesn't realize is we don't have a leak so much as it turns out the boat was made out of salt and it has been raining for six months.

    I have no idea if they'll be contacting me after I leave to see if I can throw them a life preserver. But I do know this: the price of life preservers is going up.

    That said, I'm not scuttling the lifeboats, but if I were, I'd deny it and try not to get caught in the act.

    • Last day is this Friday, and I am feverishly working to plug as many holes as I can.

      Ugh. TMI, dude.

  • This is going to be a tough fight. Williams just filed for Forma Pauperis, which means she can't afford the filing fees. Good luck winning this one without having high-dollar attorneys. https://www.docketalarm.com/ca... [docketalarm.com]
  • by Anonymous Coward on Wednesday January 18, 2017 @08:08PM (#53693173)

    If the company providing it can't/won't reset your accounts when a manager leaves. That's the point of paying Google bucks for this.

  • ...you don't get to run off with the root passwords. They are not your property, and you will end up on the wrong end of the shit stick.

  • I can picture the Dean, the Lord of the campus, just saying "He's not gonna move here?, He's fired today. That will show him." *Just think Animal House* They got what they deserved. He was the IT Admin. They should have worked with him to transition him out in a careful and respectful manner. Then he would have made sure everything was kosher before signing off for the last time. i did read he immediately returned the laptop that had the password on it. They flushed it..
  • Whenever I see stories like this, and there are a lot of them, I'm reminded that the executive crowd is seeing the same news. Has anyone ever stopped to consider the possibility that part of the offshoring and outsourcing has been to mitigate against the "anti-social jerk sysadmin" issues? I'm not perfect, but one thing I do as part of my job is to be as professional as possible. There are always bad apples, but it's rare to see stories about a lawyer stealing client funds or a doctor intentionally mistreat

No spitting on the Bus! Thank you, The Mgt.

Working...