
Fired IT employee offered to unlock data for $200,000 - sbuttgereit
http://www.indystar.com/story/news/2017/01/17/after-his-firing-employee-unlock-data-200000/96487962/
======
intherdfield
The article describes how a college with 2000 student email accounts couldn't
get Google to unlock their administrator account. And it wasn't resolved by
Google until the legal situation with the fired IT employee made the news. The
college switched to another cloud provider. It sounds one-sided, but also
believable.

From the article,

<quote>

School officials asked Google for help. Google, the college said, refused to
grant access to anyone other than Williams, who was listed as the account's
sole administrator.

...

About 12 hours after an IndyStar reporter contacted Google representatives on
Friday, the college's attorney, Scott Preston, said the internet company
unlocked the account and returned control of the emails and data to the
school.

Before that resolution, Preston told IndyStar: "The college has done all it
can to resolve this short of police intervention or suing Google."

</quote>

~~~
pawadu
If you are a Google customer just take a minute to think about this:

What would happen to your business if your IT guy was hit by a bus?

~~~
swalsh
Make sure your IT guy registers the account in the business name, and not
yours. That's the crux of the issue. It's like putting your real estate agents
name on the deed to your house instead of yours.

------
flukus
> Williams told the school the password had been saved on a laptop computer
> that he returned to the school in May. The college, however, claims Williams
> erased the laptop's hard drive and installed a new operating system.
> Williams' lawyer told IndyStar that the college must have erased the hard
> dive.

Not as clear cut as the title makes it sound. I wonder if their are also
ambiguities as to who's account and password it is? Either way, the school is
also guilty of only having a single administrator account, they were still
only a single bus away from the same issue occurring.

~~~
Brockenstein
Aside from William's bad faith $200,000 shenanigans. It's the college's
account and regardless of how and why Williams was the sole adminstrator,
holding it hostage when he should have turned it over originally is a problem.
So for me it does seem clear cut.

Additionally seeing as he was the administrator wouldn't that be part of HIS
job to protect the school from those sorts outcomes like being hit by a bus? I
mean you say "the school is guilty" but there is a certain expectation that IT
will follow best practices. And if they don't? You would need outside auditing
to uncover that. And depending on the legal requirements that may be a tough
pill to swallow budget-wise, especially if you haven't been burnt yet.

It seems like Williams was pissed at the circumstances and thought this would
be a good idea. And fortunately his claims can be tested. Google ought to be
able to determine when the passwords were changed. It should be simple
analysis to determine if and when the laptop was formatted (before or after
Williams returned it) and go from there.

Just too much of Williams claims are bogus. Of course an Indiana based company
is going to file in Indiana... and the claim that they removed his access to
the system, so how could he change the Google account password that he was the
sole admin on? That's going to hold up for about six seconds in court... And
trying to charge $200,000 to recover an account he was still the owner of and
not being surprised when that blew up in his face. It's just incompetent and
while William's may not be the only incompetent in the mix, it's not a license
to behave as he has, in my opinion.

------
unstatusthequo
Down for me. But as a lawyer who deals with dissidents like this, extortion
typically costs the requester far more.

~~~
RickS
>So far, Williams has failed to appear for multiple hearings in Indianapolis.
Marion Superior Judge Heather Welch issued a default judgment in September and
ordered Williams pay the college $248,350 in damages.

sounds like you're right

~~~
charlesdm
That's quite a price to pay for being an idiot. Either he should've argued he
didn't have the password (it was on the drive they erased), or he should've
just given it to them.

If he wanted to "stick it to them", he should've gone with the first option.

~~~
Brockenstein
Or option C. use his position as the sole admin of the account to do a simple
recovery. Turn it over to the college, get it it in writing that everything is
squared away concerning that account.

Ending on that high note, I feel like he could ask for a good reference and
clear up their history. "I wasn't willing to relocate and things didn't work
out. I handled this request in good faith and I'd appreciate a good reference
for past work and the handling of this issue."

Alternatively trying to bill them reasonably for contract/freelance/consulting
work would probably be OK too.

------
sbuttgereit
This sort of thing pops up from time-to-time and I expect it to be somewhat
more common that it is reported.

Having said that, what I found interesting was more about such stories might
have to say about the role of professional ethics for technologists: how
really developed the thinking is and how mindful practitioners are about
having a professional ethic.

When we look at many areas in technology, we really are often times granting a
significant amount of real power to individual technology practitioners within
organizations (or even society in some cases). Take the guy in the story: my
guess was he was a run-of-the-mill small organization sysadmin, probably not
very senior as a professional, but with the power to stop all of the students
from being able to work on their educations as normal. The kind of power we
put into relatively low ranking/low experienced individuals because they are
technologists more often than not far exceeds the power of any other kind of
worker in an organization, save for CxOs.

Also, there's a matter of managerial ethics in regard to managing staff and
allowing these kinds of threats to exist (as others have pointed out).

I don't know that I have the answers on how to bring a better consciousness of
this sort of thing to the workplace, but I do find it interesting to think
about (and do care about it myself as a professional in the field). Maybe
technical interviews should have some discussion of how candidate think of
their potential role from an ethical point of view.

I do know some of the professional societies also address it for themselves
(I'm an ACM member, and they're going through a Code of Ethics revision
[http://ethics.acm.org/code-of-ethics/code-2018/](http://ethics.acm.org/code-
of-ethics/code-2018/)).

------
moftz
They laid off their entire IT staff because no one wanted to move to Indiana.
You would think after the first few declined the transfer, the company would
reconsider that policy. The entire college is online so I don't see why you
would require your entire IT staff to be in the office other than a couple
local guys for desktop support.

------
aaronhoffman
I don't see this guy working in IT again

~~~
sbuttgereit
Yep, this is why I Google/search candidates I'm considering. Truth be told, I
could care less about the unfortunately photo from last year's New Year's Eve
party that got posted on a candidate's Facebook page and somehow I came across
and much more interested in finding out what may or may not be a direct
reflection on professional judgment.

One time mistakes, like a drunken party happen, a wrong course of action
consistently held is disqualifying.

Not only should this guy not work in I.T. again, but he shouldn't work in any
career that grants him a modicum of trust. Over time he might change his ways,
but I'd need to see clear evidence of that before I'd consider hiring him.

Of course, everything is contextual, too.

