Wednesday, Jan. 23, 2008

City forgoes criminal investigation of e-mail fraud

Search of city manager’s computer hard drive turns up no other discrepancies

E-mail this article \ Print this article

Gaithersburg officials have decided not to open a criminal investigation of Assistant City Manager Fred Felton for accessing the then-city manager’s e-mail account without authorization and sending inappropriate messages to a female staff member in October.

‘‘I’ve discussed it with the chief of police and at this point we didn’t think it rose to the level” of criminal activity, Acting City Manager Jim Arnoult said last week. He called the episode a personnel matter.

Information technology staff have been reviewing city computer files and e-mails to determine if other infractions occurred. To date, none have been found, officials said.

Gaithersburg Police Chief John King declined to comment.

Felton declined to comment Tuesday. ‘‘I would like to discuss this issue with you and set the record straight, but I just don’t feel it’s in the city’s best interest for me to comment publicly.”

At issue are three e-mail messages fraudulently sent on Oct. 28 from the account of then-city manager David B. Humpton. Two of the messages sent to a female worker at City Hall were sexually suggestive, according to copies of the messages, and the third, with an attachment regarding Felton’s job performance, was sent to Felton. Oct. 28 was Humpton’s last day as a city employee.

In a Nov. 2 letter to the mayor and City Council, Humpton reported that he saw copies of the fraudulent messages on his Blackberry, and notified Arnoult and city’s information technology director. He said that on Nov. 1, Arnoult had informed him that Felton admitted sending the messages.

‘‘My password was not written down, so he obviously obtained it in some other way,” Humpton said in the letter.

According to state law, anyone who ‘‘intentionally, willfully and without authorization accesses, attempts to access, causes access” to a computer or computer network, software, control language, system, services or database may be charged with a misdemeanor and face a $1,000 fine and up to three years in prison.

A crime requires both an act and established criminal intent, or a clear probable cause that a malicious act was intended with knowledge of the crime, according to a 2005 Austin Law Review article.

As the city has begun fielding questions from the public on the matter, Arnoult has responded that the episode, like all personnel matters, was treated with ‘‘utmost seriousness.”

‘‘I realize that stating the matter is a personnel issue is not an explanation,” he wrote in a Jan. 15 e-mail to Gaithersburg residents Richard and Cecilia McKay, who wrote the mayor an e-mail on Jan. 9 asking why Felton was still employed by the city. ‘‘However, because it is a personnel matter, I am not at liberty to provide a detailed explanation.”

Details of disciplinary action must be kept confidential, he wrote. Not only do city employees ‘‘deserve discretion,” but ‘‘publicly commenting on private personal issues would erode the trust that city employees place in their managers.”

Arnoult said last week he felt the city had done ‘‘a pretty thorough job” investigating. Officials were able to determine that no computer files on Humpton’s hard drive were accessed on Oct. 28, and it does not appear files were fraudulently accessed prior to that, he said.

As for Humpton’s e-mail, ‘‘We’re still looking at his e-mail account and that’s kind of daunting. There is a lot of e-mail there,” Arnoult said.

From what the city’s information technology staff could tell, the only items sent Oct. 28 from Humpton’s account were the three e-mails Humpton referenced in his letter, Arnoult said.

‘‘I don’t think we really think that anything was deleted from his e-mail account and we don’t have an ability to see what was read,” he said. ‘‘Once you open an e-mail, it’s marked as ‘open.’”

As follow-up, Arnoult said he had placed a reminder in the city’s bi-weekly employee newspaper reminding city staff to abide by the city’s Internet use policy and to be careful with their passwords.

‘‘I think if we follow the policy and we’re careful with our passwords we have a secure system,” he said. ‘‘I also asked our IT people to look at what they can do to better monitor security,” he said. ‘‘We may have some changes.”

Former councilwoman Geri Edens said that she received Humpton’s letter following her last meeting with the City Council. She was never informed of any disciplinary actions taken, perhaps due to timing, she said.

‘‘When I did receive it, I thought it was a very serious matter,” she said. ‘‘I did not have any appreciation for the fact when this happened that there was any law on the books” regarding computer password theft and e-mail fraud, said Edens, a partner at McKenna Long & Aldridge LLP, a Washington, D.C., law firm. ‘‘All I can say is I hope that the city is investigating that aspect of it.”