Attorney General Clears Yankee Institute of SEBAC Charges

Attorney General George Jepsen’s statement concerning a complaint filed with his office claiming falsely that the Yankee Institute obtained improper access to the state e-mail system to disseminate false information related to the tentative SEBAC agreement is here printed in full:

STATEMENT BY ATTORNEY GENERAL GEORGE JEPSEN

REGARDING SEBAC COMPLAINT ABOUT E MAILS

By letter dated June 17, 2011, representatives of the State Employees Bargaining Agent Coalition (SEBAC) requested that my office investigate possible violations of state law by the Yankee Institute. The letter alleged that the Yankee Institute obtained improper access to the state e-mail system to disseminate false information related to the tentative SEBAC agreement. We have now, in conjunction with the Auditors of Public Accounts, concluded our inquiry of this matter. We have found no evidence that the state e-mail system was improperly accessed or hacked.

As part of the inquiry, we met twice with representatives of SEBAC. We reviewed the e-mails brought to our attention by SEBAC, and certain other e-mails critical of the proposed settlement brought to our attention by others. We also worked with the former state Department of Information Technology (now a part of the Department of Administrative Services) to determine whether any of these e-mails had been transmitted to the state e-mail system through a breach or violation of that system, and whether there was any other evidence of a breach of the state e-mail system in connection with communications to state employees regarding the proposed settlement.

As part of our inquiry, we reviewed the e-mails sent to state employees and provided by SEBAC. The first e-mail, containing the subject line “VOTE No twice on concessions..pass it on” was sent on May 24, 2011 at 8:07 pm from “Lawrence Jones” to a state employee. The second e-mail, containing the subject line “http//votenotoconcessions.com,” was sent to a state employee on June 13, 2011 at 8:07 pm from “Daniel Luciano.” Neither Lawrence Jones nor Daniel Luciano is listed on the state’s central financial and administrative computer system (CORE-CT) as a state employee. Neither of these two e-mails originated from State of Connecticut internet protocol (IP) addresses. Each originated outside the state e-mail system and reflected a Yahoo e-mail address. The e-mails were sent to IP addresses leased by the State of Connecticut. State information systems security personnel informed us that the e-mails were not sent from within the state system, and there was no evidence that the safeguards in place to protect the state’s network from hackers or other intrusions were compromised or altered to permit or facilitate the transmission of these e-mails.

In the course of the investigation, we uncovered information about additional e-mails that were critical of the proposed union agreement and sent to state employees. Some of these e-mails originated from IP addresses outside the State of Connecticut system; other e-mails were sent by state employees from their state computers and addressed to other state employees. We found no evidence that these e-mails were transmitted in circumvention of the safeguards in place to protect the integrity of the state e-mail system.

SEBAC complained that negative information about the tentative agreement was sent to state employees through “blast” e-mails, suggesting state software settings were circumvented. State information systems security personnel found no evidence that anyone sent “blast” e-mails concerning the tentative SEBAC agreement from outside the state e-mail system to hundreds or thousands of state employees in a single mailing and no evidence that security measures were bypassed.

With some limitations, individuals outside state government have the right to e-mail state employees. Here, because there was no evidence that state laws or policies were violated, i.e., no evidence to substantiate that the state e-mail system was compromised, hacked, or used without authority, we did not pursue the investigation further to attempt to determine the identity of the outside senders or consider the allegations that the e-mails contained false information.

In the course of our investigation, we noted that some individual state employees had used the state e-mail system to broadcast opinions about the proposed settlement in possible violation of state and agency policies about acceptable use of the state e-mail system. The relevant state agencies promptly addressed the conduct. Generally, state agencies, in accordance with their personnel policies, can and should continue to address any alleged misuse of the state e-mail system by state employees.

Our review of the e-mails provided by SEBAC, and other selected e-mails that originated from IP addresses outside the state system, did not show that the state e-mail system was improperly accessed or compromised in violation of state laws or policies. Therefore, based on the evidence to date, and with the agreement of the State Auditors, I am closing the investigation.

###

(Note: The Attorney General will not be commenting beyond the statement.)