Slashdot Mirror
College Fires IT Admin, Loses Access To Google Email, Successfully Sues IT Admin For $250K (theregister.co.uk)
An anonymous reader quotes a report from The Register: Shortly after the American College of Education (ACE) in Indiana fired IT administrator Triano Williams in April, 2016, it found that it no longer had any employees with admin access to the Google email service used by the school. In a lawsuit [PDF] filed against Williams in July, 2016, the school alleges that it asked Williams to return his work laptop, which was supposed to have the password saved. But when Williams did so in May that year, the complaint says, the computer was returned wiped, with a new operating system, and damaged to the point it could no longer be used. ACE claimed that its students could not access their Google-hosted ACE email accounts or their online coursework. The school appealed to Google, but Google at the time refused to help because the ACE administrator account had been linked to William's personal email address. "By setting up the administrator account under a non-ACE work email address, Mr Williams violated ACE's standard protocol with respect to administrator accounts," the school's complaint states. "ACE was unaware that Mr Williams' administrator account was not linked to his work address until after his employment ended." According to the school's court filing, Williams, through his attorney, said he would help the school reinstate its Google administrator account, provided the school paid $200,000 to settle his dispute over the termination of his employment. That amount is less than half the estimated $500,000 in harm the school says it has suffered due to its inability to access its Google account, according to a letter from William's attorney in Illinois, Calvita J Frederick. Frederick's letter claims that another employee set up the Google account and made Williams an administrator, but not the controlling administrator. It says the school locked itself out of the admin account through too many failed password attempts. Williams, in a counter-suit [PDF] filed last month, claims his termination followed from a pattern of unlawful discrimination by the school in the wake of a change in management. Pointing to the complaint she filed with the court in Illinois, Frederick said Williams wrote a letter [PDF] to a supervisor complaining about the poor race relations at the school and, as a result of that letter, he was told he had to relocate to Indianapolis.
Reminds me of Terry Childs.... Not sure it's so malicious as of yet. There are a lot of idiots who can spin their own lack of technical knowledge into supposed misdeeds.
Sometimes people just assume you are to blame because you were simply the one who "did something" to the machine before they came along and messed it up.
I had a boss who was given my password to the company laptop but contacted me accusing me of locking him out after employment because the machine booted with numlock emulation and if you aren't aware it replaces standard keyboard keys with numbers... U=4,I=5,O=6 etc. I literally came in, turned off numlock emulation with the Fn hotkey, typed exactly what was on the paper, and walked out simply to dismiss a potential lawsuit.
Some people are just stupid.
From the letter linked to in TFA summary:
>> The culture of American College of Education (ACE) has become very toxic over the last 6 months and seems to affect only the African American demographic of our college. I know our HR manager is relatively new and may not know the history of the college regarding a few past discriminatory practices that were resolved by legal actions...I suggest that all members of upper and middle management at the company take diversity and sensitivity training.
How does that read? "I want less racist managers and if you don't make me happy I may find an attorney to help me play the race card..."
Maybe he had a point, but I could understand how a lot of people in the college might be looking to drive him out, regardless of his IT skills (or lack thereof).
Maybe it was a legitimate complaint?
Holding passwords hostage isn't the answer, but nothing inherently wrong with bringing attorneys into it. No company wants to hire or even interview tech workers over 45, and Slashdot is happy to talk about lawsuits with regards to that issue.
Slashdot: providing anti-social weirdos a soapbox, since 1997.
That is kind of the right way to do it, but the reality is the "escort out the door" policy on firing people. (There is no rational way around that which adequately protects the employer both in terms of damage and liability.) The established process for this type of thing, which works pretty well, is a password escrow system where ultimate passwords reside (root and the like). I have seen digital and dead-tree versions of these systems, and personally prefer the dead tree variant: seal password book in envelope signed by senior system administrator who wrote down the passwords, place that envelope in a second envelope signed by legal counsel, and then place it in the president's safe. A third witness level is a nice to have on both envelopes. When the senior administrator is fired, quits, or dies, all the passwords need to be changed, so you open the escrow and validate the signatures, and get to work. The weakness is that as you update the keys-to-the-kingdom you have no proper means of redundancy or control.
That's been my experience as well.
Actually, when I got fired (after training my H1-B "assistant") most of my things were already in a box in security's arms by the time I got out of the office - barely took five minutes too. They pretended my trackball was their property as well, never got it back. Old walkman either.
Two months later I get an email demanding my personal (not work) email password because they'd occasionally sent me documents through it - even though they were warned not to do so - and had lost some. Not "could you send us some of those old docs we'd mailed to your personal address", let alone a "please?", no, a piece of snailmail from legal accusing me of stealing my own hotmail address. That I've had since highschool.
I owned a small consulting company in the late '90s and we were hired to do some work for a VPN vendor. We had to sign a rather onerous NDA and then they stiffed us on payment after six months' work and proceeded to ship what we had built anyway. The "separation" was acrimonious and involved court just so we could get paid.
Two years later, the president of the company contacts me begging for archival copies of what we'd produced, as they suffered some sort of catastrophic event and had lost a lot of source code.
I rather gleefully told him that (a) I had to take him to court to get him to pay me for shipping our work last time around, and (b) as per the NDA that they made a serious issue of in court, we had dutifully wiped everything we had ever worked on for them, and good luck.
I smiled for about a month after that.
STOP . AMERICA . NOW
It's the Trump way of doing things. Don't get upset when a lowly serf tries it as an "opening bid".