http://www.athensnews.com/issue/article.php3?story_id=25781 By Jim Phillips Athens NEWS Senior Writer 2006-08-31 A set of notes that a consultant used to put together a report on Ohio University's computer security problems, and that reportedly was thrown out, has now apparently turned up. "We found all the interview notes," reported Charlie Moran, president of the Illinois-based Moran Technology Consulting, on Monday. The supposedly discarded notes have been a factor in a bitter dispute between OU and two top information technology officials whom the university fired Aug. 3. Tom Reid and Tom Acheson were fired for their alleged responsibility in allowing hackers to break into OU computer databases on repeated occasions, and to access personal data including Social Security numbers on thousands of alumni, students, donors and subcontractors. After the breaches were discovered (and made the news nationwide), OU hired Moran to investigate why they happened. In June, the company released a report -- with many sections blacked out for security reasons -- that laid heavy blame on Reid and Acheson for leaving OU's computer system open to attack. Reid was director of OU's Communication Network Services, and Acheson was the Unix systems manager for CNS. OU Chief Information Office William Sams has said that he did not rely primarily on the Moran report in deciding to fire the two, though Reid and Acheson argue that the report did play a central role in their losing their jobs. Reid and Acheson are fighting their terminations, and have asked a local judge to order OU to release records relating to the security breaches and the creation of the Moran report. Last month, OU officials confirmed that Moran had told them that the company disposed of the notes it used of its interviews with OU personnel, which went into the writing of the report. Attorneys for Reid and Acheson cried foul, contending that the interview notes should have been public record, that Moran was required to turn them over to OU under the terms of its contract, and that their destruction was probably illegal. Attorney Fred Gittes, who represents Acheson, said Wednesday that he had not known the interview notes had supposedly been found. He added that he's going to be highly skeptical about the documents, assuming he ever gets to see them. "I hadn't been informed of that," Gittes said. "And of course, there will be serious questions about the authenticity of these records, since there have been repeated public statements that they have been destroyed." James Colner, who represents Reid, said that he also had been unaware of the recovery of the notes, but that he hopes to see them soon. "We certainly believe they're public records, and they should be turned over to us," he said. "We'll see if the university does that. So far, they haven't given us hardly anything." Moran said he believed all copies of the notes had been trashed, but that a search for them in an electronic version turned up e-mailed copies that had been retained. He said Moran has given them to OU. "We were able, by going back through old e-mails, to find the 22 interviews that were missing. So OU has all that stuff," he confirmed. "Any document we ever had, and every file we ever had, is there." He stressed that Moran continues to believe that the notes are private work product, which the public has no legal right to see. However, he added, he has decided to wash his hands of that issue and leave the status of the documents to OU. "We're still convinced they aren't public records," Moran said. "But I don't need that noise any more." Asked Wednesday about OU's receiving the lost notes, OU Legal Affairs Director John Burns responded, "We can't comment on that at the moment." He did say, however, that assuming the existence of the documents, OU would still have to make a decision on whether it considers them public records. Burns added that OU is still working through records requests by Reid and Acheson, and that "much of what they've asked for, we don't have." This would include preliminary drafts of the Moran report, he said. Though a court may end up ruling on whether Moran complied with the terms of his contract as far as providing documents related to its report, Burns said that in his view, "he's acted in good faith and given us what he's got." _________________________________ HITBSecConf2006 - Malaysia The largest network security event in Asia 32 internationally renowned speakers 7 tracks of hands-on technical training sessions. Register now: http://conference.hitb.org/hitbsecconf2006kl/
This archive was generated by hypermail 2.1.3 : Fri Sep 01 2006 - 02:31:34 PDT