CT DOC Clear on Training Policy Violations – Hartford Courant
In November 2020, officials at a state prison decided it was too disruptive to require some correctional officers to complete training for the state. Criminal Justice Information System.
Instead, an official at Corrigan Jail in Uncasville concocted a scheme and had a subordinate collect the usernames and passwords of 19 correctional officers and fraudulently complete online training to them and report them as having completed it, a DOC spokesperson confirmed.
CJIS is a state agency that creates and oversees state policies, according to its website, relating to “judicial information in support of law enforcement and court functions involving the arrest, trial, incarceration and surveillance”. The information in the system is voluminous and often sensitive. Technology has made confidential information about individuals more susceptible to unauthorized disclosure and inflicting harm.
The Department of Corrections requires thousands of corrections officers to undergo training to understand what documents are and are not available to them. It also tells them what to do when they spot information they shouldn’t have.
Correctional officers complete mandatory online security awareness training. This requirement is one of the simplest elements of a complex system of making information available to thousands of government officials. The state police oversee the system.
Versions of what happened at Corrigan, which is now closed, and what state police members believed happened apparently differ. Several people in at least two agencies have learned about the program. An investigation has been opened in Corrigan. He made his way to the DOC central office.
The Department of Emergency Services and Public Protection “oversees [Correction’s] use of the CJI system, to ensure it complies with policy,” DOC public information officer Ashley McCarthy wrote in an email Thursday. “We have partnered with DESPP to ensure that a thorough investigation has been carried out and that anyone found to have breached the policy has been held accountable.”
Two officials have been investigated and cited for policy violations, McCarthy said. They then retired. Action for a violation of the rules by a third employee is mired in state bureaucracy.
As DOC officials investigated the fraud, reports of irregularities came to the attention of state police. State police believe there were violations involving the Connecticut Law Enforcement Online Communications Teleprocessing System (COLLECT) which is part of an international confidential information network that is supervised in the United States by the FBI, according to an email from the State Police.
A state civilian police official, Versie Jones, became aware of what she believed to be a fraudulent test at DOC under the upper security COLLECT system, the email states. On December 28, 2020, State Police Lt. Joshua Pattberg informed Major Scott Smith of the alleged violations in an email.
“One of the cases that we (him and Versi) talked about was the DOC case with the employee who allegedly took recertification tests for other DOC employees under the direction of the (DOC official),” said wrote Pattberg in the email to Smith.
Perspective on the biggest stories of the week from the Current Opinion page
Jones, Pattberg reported, “fears that this investigation or lack thereof will create exposure for the DESPP/COLLECT unit, if not handled the way other COLLECT violations have been in the past. Having spoken with Versie about the matter this morning, I share his concerns.
The email was obtained through a records request under the state’s Freedom of Information Act. Pattberg’s email update was the only one of the requested documents the state police provided.
“The DESPP’s level of exposure is quite high in the eyes of the FBI in cases like this,” Pattberg warned, “because these violations are systemic and allegedly at the direction of the most senior official.” The FBI audits state practices to ensure rules are followed and information is protected.
Failure to act, wrote Pattberg, “could be problematic for us in the future and DESPP leadership should be aware of this.” Jones had notified the DOC in November of the apparent breach earlier in the fall, but had not received “an update on the status of [its] investigation,” Pattberg said, as the year drew to a close.
McCarthy, however, said no violation of COLLECT by the DOC was found at that time.
The DOC’s explanation is at odds with what Pattberg’s email says DESPP suspects had happened this fall. At the same time, the DOC claims it was cooperating with the state police, as the state police apparently remained confused, misguided, or misinformed. If there has not been a breach of the high-security COLLECT system, the State Police investigation should be closed and open to the public.
Prison authorities executing a scheme to undo the integrity of a state information system is troubling in itself. There is another troubling possibility. State police could have been wrong for months on a breach of a high-security system that relies on trained administrators to detect threats to protecting the privacy of public information. This would require additional measures to protect the system and the information about all of us in it.