People send me stuff all the time. Sometimes it’s interesting. Sometimes it’s not. The missive below definitely falls into the former category. From former Montesano City Administrator Kristy Powell, favorite punching bag of Club Chihuahua and Co. Here’s what she had to say:
I recently read a local blog that indicated a city employee, Montesano CFO Doug Streeter was using his personal Apple computer while working for the City. What Is that Mayor Lady Doing?
Suddenly an email I received in June made perfect sense. The email states that someone using my email and password was logging into my City of Montesano account (see below). Google was informing me that my login was being used on a MAC. When I resigned as City Administrator, the city was using a highly functioning firewall and related software. So I knew that this was not an outside hack of my email. This unauthorized access came from within the city.
The city uses Microsoft computers and iPads, and at that time no one had a MAC for city work. It appeared that someone inside the city network was using my city email, my personal password, and using it on equipment that was neither owned nor authorized by the city. No one uses their own equipment due to a huge issue in using private computers with city information on. Mayor Samuel has been very circumspect on not co-mingling email accounts, or equipment. Anything on that computer then becomes discoverable and must be subject to the Public Records Act.
For those of you that do not know about Public Records Act, anyone can request any information from the City and the city MUST provide it. Exceptions would be on-going court cases,etc. In order to comply, the city used Google Vault to discover any emails written by city employees and documents generated or received by city equipment. Even with all of that access to employee mail, at no time did the city administration have employee passwords. Documents were searched in Google Vault, and then provided as per any public request, but only on a city computer.
It troubled me when I received the email but it is finally clear as presented in the blog listed above. While I understand they have the need to access my previous emails, it should not be done on a computer that does not belong to the city. It seems a creepy if not illegal thing to do.
Now that I know who has the equipment and the ability to use it, I will be contacting Google to see what, if any, of my information has been accessed on this non-city equipment. I would think that with all of the safeguards and issues surrounding identity theft, not to mention public records that an honest person would not do something so foolish. That person could not have been acting in the best interest of the city or the citizens.
I want to thank you for the opportunity to share this information. Please forgive me for redacting my personal email address.
~ Kristy Powell
The salient portion reads:
You received this message because (redacted eddress) is listed as the recovery email for firstname.lastname@example.org. If email@example.com is not your Google Account, click here here to disconnect from that account and stop receiving emails.
Your Google Account firstname.lastname@example.org was just used to sign in from Chrome on Mac.
The notice is date-stamped June 9, 2016 2:25 PM (Pacific Daylight Time).
Here’s the same notice in PDF: New sign-in from Chrome on Mac.
During a phone interview, Powell said she received the above notice in June “letting me know that my password had been changed and my email used.”
A few questions here:
- The city uses Google Vault to access city email for public record retrieval and the like. So who’s hacking into Powell’s old city account? Why?
- If city personnel or anyone else wanted to access this account, why not just ask?
- Who’s signing in from Chrome on Mac, on a Thursday afternoon?
- What in the h-e double hockey sticks is going on in Montesano City Hall?
Remember, it’s all about “restoring trust” and “transparency” to city government. Unless, apparently, you are city government?
Not to fret. There’s more on the way… Arf! Arf!