Much Ado About Nothing: S.C.’s Ashley Madison Probe

June 15, 2016

Investigative Reports

Print Friendly, PDF & Email
By RON AIKEN

One leave of absence, two write-ups the extent of discipline taken

Like most of the users of the website Ashley Madison, South Carolina struck out.

An eight-month probe by the State Inspector General’s office that involved key personnel and agency heads from 36 state agencies examining 619 state and private email accounts and 44 IP addresses yielded four oral reprimands, two write-ups and one leave of absence – or about the number and severity of disciplinary actions taken in a given day at a large state agency.

In October, the state investigator general’s office alerted “Agency Heads to initiate administrative inquiries based on lead information that employees within your agency used a state email account or IP address to access open Ashley Madison accounts on an ‘adult’ website designed to facilitate extramarital affairs,” it said, referring to possible infractions as a “potential misuse of state assets.”

In late January the case was closed, and the results were obtained by The Nerve through a Freedom of Information Act request.

Of 59,285 state employees, 49 “potentially” misused state resources to access the site. The of the 619 email addresses investigated yielded 507 students (or “not identified” but associated with higher education), and 63 addresses used by either contractors or members of the public using free state wifi.

Of the 49 state employees identified, no action was taken in 20 cases, counseling was given to 22 more, four were orally reprimanded, two written up and one orally reprimanded and placed on a leave of absence for misuse of state resources.

Inspector General Patrick Maley said his office spent approximately a week on the project in terms of man-hours from beginning to end.

“The State IG estimates it has about a week invested spread out during the process, which included analyzing raw data and sending out leads on the front end; answering questions from agencies conducting their own personnel inquiries during their reviews; and ensuring all agencies responded and summarized results on the back end,” Maley wrote to The Nerve.

As to the total house it took for each agency to take up and complete the work, Maley was less certain.

“I have no data on the level of effort by agencies impacted … from agencies conducting their own personnel inquiries during their reviews,” he said.

Observations from the IG’s investigation included:

* Many of the IP addresses could not be linked to a specific user. Rather, the IP addresses were forward-facing IP addresses of agencies’ routers. Others used agencies’ public Wi-Fi IP addresses, wherein guests or the general public were allowed Internet access.

* The vast majority of email addresses belonged to students at State universities which were not included in the scope of this review as set forth in referenced communications.

* There were several instances where employees were victims of identity theft, to include their credentials being inappropriately used to gain email access.

* The organizational controls to protect against this type of misconduct are enhanced specificity in codes of conduct/policy on appropriate Internet use and employee Internet awareness training.

* It should be noted public media has reported scammers exploiting this open Internet data for extortion purposes. This Executive Branch-wide effort has mitigated the risk of an extortion of a State employee, both individually and any derivative impact on State government.

Reach Aiken at (803) 254-4411 or email him at ron@thenerve.org. Follow him on Twitter @RonAiken and @TheNerveSC.