Some years ago, I got a job doing network support for the District Attorney’s office in a large city that shall remain nameless. When I arrived, the network was a mess! Malware was rampant, Internet and WAN connections were saturated, and users were constantly complaining about slow computers and network performance. Even so, my attempts to enforce a mindful security policy were met with fierce resistance. The attitude among the legal staff was, “This is my computer and my network; you’re just a computer janitor.”
[ Got war stories of your own? Share them on the Off the Record blog. ]
Worse yet, “to make things easier for everyone,” network access permissions had been set so all home directories were open and available to all network users! That was what the Powers That Be wanted. As a result, investigators’ notes, lawyers’ case reports, research, strategies, and so on were open and unprotected — at least within the network.
But even that wasn’t the worst. One day I visited our cross-town branch office to find that virtually every computer had Napster loaded on it, providing open access to every network hard drive thanks to the default Napster settings. This opened up a security hole big enough for a battleship! When I tried to explain this to the branch’s head attorney, she proclaimed, “I’ll take this stuff off my computer when your boss tells me to!” My boss, the head of IT (who was better at politics than technology) told me, “Well, she can be difficult to deal with. Let them have their toys if it keeps them happy.” I was flabbergasted, but what could I do? I wrote up my concerns and submitted them to my boss in the form of a “cover letter,” designed to cover my behind.
About four months later, the state telecommunications agency (which served as our ISP) got a call from a network security officer in another state, asking “Do you know that the county District Attorney’s network is wide open to anyone with a Napster client?” Things got rapidly unpleasant after that.
For some reason, I was never called to account for the security breach. (Perhaps my boss recalled the cover letter.) Instead, the head of the agency sent a strongly worded memo to the IT office, which I forwarded to all the attorneys. Over the next few weeks I managed to get Napster off all the office computers, although I never succeeded in changing the open-home-directories policy. And while I made a strong attempt to explain to everyone why Napster was dangerous, at least one lawyer who loved sharing his music defended his right to continue doing so with a passionate, hair-splitting argument of the sort that had probably convicted many a miscreant. I knew I was fighting a losing battle; within weeks, unauthorized software started to reappear.
Despite my noble decision to resist saying “I told you so!” (it was so tempting), I was fired about a month later; something about failure to show proper respect to those exalted enough to be attorneys. Of course, it could have been that my boss wasn’t happy with my having a copy of that cover letter, either. I can’t say I regretted leaving. It put me in mind of walking off the Titanic at Cherbourg after doing the lifeboat math.
I’m tempted to say that the lesson here is don’t work for lawyers, but of course I’ve known quite a few good ones. Maybe it’s more about letting technical people set technical policies.