eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
The story of the dismissal of 9 District of Columbia workers for surfing pornography on the Web from their work computers is both a social story and a technical one.
My first thought, when I see a story like this, is how stupid some people can be. But it’s even worse than it looks.
“Each of the nine employees clicked on porn sites more than 19,000 times last year,” according to the city’s internal investigation. If you divide this up and assume a 225-day year (probably a lot for city workers, who we can also assume don’t come in much on their days off), it comes out to just over 84 a day.
But 19,000 is just the floor for this group; the Gold, Silver and Bronze go to three workers with over 39,000 “clicks,” for an average of 173 per day. What about the employee who only clicked 18,000 times in the year? Those between 2,000 and 19,000 will receive letters of reprimand or suspensions. Under 2,000 (not quite 9 clicks a day) and it’s not clear what, if any, consequences there are.
But wait — there’s more.
The District actually had software in place (from WebSense) to monitor such behavior. It appears, from the Post story, to have been client-based software, and was only installed on 10,000 of the District’s approximately 30,000 computers. Was the investigation the result of alerts from that software? Maybe, maybe not.
“The investigation was launched late last month after D.C. Chief Technology Officer Vivek Kundra received a tip from an employee in the Office of Property Management,” officials said. So it sounds like no standard procedures were in place to act based on the results of this monitoring; it took a tip to the CTO to do it. And since only one-third of the computers were investigated, it’s not unreasonable to assume that only one-third of the offenders were caught.
This story is, to me, a great example of the necessity and advantages of perimeter-based security. Imagine trying to manage an application on 30,000 desktops! Of course, desktop protection (these days the term has become “endpoint” protection) is necessary for many purposes, but it’s a perilous approach doomed to fail if connections are not monitored at an earlier stage.
Legal Issues
Perhaps malware protection belongs both at the perimeter and the endpoint, but content protection belongs at the perimeter. Content filtering at the endpoint is, at best, a luxury. With perimeter content filtering, reporting and analysis become vastly simpler because all the data is collected at one point. I’m willing to bet that D.C. did no central collection and reporting on their WebSense data.
Updating also becomes much easier and more reliable with a perimeter solution, since only one — or a small number in any case — of systems need to be updated. Pushing out updates to 30,000 systems is always a tough job. Some security solutions brag about the frequency of their updates.
I spoke with Andrew Lochart, vice president of marketing and product management at St. Bernard, who, like WebSense, has products in the enterprise content filtering space. He argues that the drive behind these products has always been from legal issues.
Originally, because of COPA (the Children’s Online Protection Act), the first big movement in the market came from K-12 schools. It’s 40 percent of their installed base and Lochart argues that the market is just about 100 percent penetrated because of legal mandates. He also says it’s almost entirely perimeter protection.
The corporate market is only about 60 percent – 70 percent protected, and I think we can guess that governments are at best no better. But different legal issues are growing the market, mostly in the form of lawsuits by employees over a hostile workplace.
I can’t imagine a company these days so unaware of these issues that they would tolerate porno surfing by employees. Such companies deserve what they get. And we’re probably at the point where it’s dangerous not to have effective — meaning perimeter-based — content filtering. At least you could show that you tried.
I guess I have to point out that the numbers in the Washington Post story, of 19,000 and 39,000 views, are probably exaggerations. It would seem from them that these workers did little else but look at dirty pictures, but I suspect limitations in the WebSense software (or a desire by District officials to overstate) resulted in one page view showing up as multiple clicks. Often, such sites will open up multiple popup windows, for example (so I’ve heard; of course I’ve never seen it myself…).
So did they surf porn 84 times a day or just 25? Close enough for government work I guess.
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.
For insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer’s blog Cheap Hack