Just as Aaron Stene and Tiffany Edwards Hunt have heard from Hawaii County Corporation Counsel Lincoln Ashida in response to what they wrote on their blogs, Ashida has responded to my post, too.
Sounds almost reasonable, until you consider that the County may never (probably will never, if they are serious about curbing abuse) stop collecting these data. Unless there is a plan to halt internet access by County employees altogether at some point, the “proper timing” argument for the release of the data is, if not a red herring altogether, going to be a real challenge. Here’s why: the portion of the investigation that “includes sites currently being visited in order to establish trends” may reveal other alleged cases of abuse, which would lead to further “ongoing” investigations preventing the release of the data, which could again reveal other potential cases of abuse, ad infinitum. Long story short: investigations of this nature are never “complete.” Following Ashida’s argument to its logical conclusion, we’ll never have access to these data.
1. We are looking at the period from January 2008 through December 2008. Even though subsequent data may be looked at to establish trends, we are mindful of statute of limitations concerns, and that will drive us to ensure closure of the investigation in order to generate charges, if any (with a referral to the Prosecuting Attorney if appropriate). Assuming there is a noncriminal violation (i.e., no internet gambling or private business use or anything that would constitute a penal offense; we anticipate this will be the vast majority of â€œcasesâ€ made), then the reports will be forwarded to the offending employeeâ€™s appointing authority for appropriate disciplinary action. At that point, normal UIPA standards would apply with respect to a department head (or Council representative) determining whether the records may be made public or not.
2. More on the â€œtrendsâ€ I mention above, I doubt we will find much more probative evidence at this point, given the media coverage generated. I would assume offending employees have since stopped visiting any illicit sites (but you never know).
3. Iâ€™m sure youâ€™re more interested in â€œwhenâ€ you can expect the reports to be released or when the department head may be asked to produce them. I donâ€™t want to make a commitment we cannot keep, but I will be meeting with Data System representatives on Wednesday (i.e. April 29) to develop an internal timeline for completion. We are proceeding one department at a time, and I am recommending the first set of departments be completed by the end of May 2009.
4. Regarding the UIPA standards I mention above, I am talking about the balancing of the publicâ€™s right to know against any significant privacy interest as defined by HRS Chapter 92F. Once the investigation is completed (each department) and there no longer is a basis to withhold the information based on the UIPAâ€™s â€œfrustrationâ€ exception, my recommendation would be to release the records.
Let me know if you need any more information.
The only questions I have at the moment are these:
What kind of internet use data are collected? How much detail is captured in the data (and how much would be released)? i.e. Does the County capture only a list of domain names visited, an exhaustive list of full-length urls and length of visit to each individual page, or something in between those extremes? After accounting for any possibly illegal activity, I am much less interested in tying any particular website visit to any particular employee than I am interested in knowing what amounts and what websites are considered “allowable” internet use with government equipment, on a government network, on government time.
While I have your attention, Mr. Ashida, I’d also like a list of IP addresses for the County network so that, by scrutinizing my server logs, I would be able to tell whenever County employees visit and/or leave anonymous comments on my blog. Heh.