Federal Workers Caught Watching Porn at Work

Several senior staffers at the U.S. Securities and Exchange Commission (SEC) spent hours daily watching porn on their work computers even as the massive financial crisis was unfolding in 2008, according to agency's inspector general.

In a report prepared by SEC Inspector General David Kotz at the behest of Sen. Charles Grassley (R-Iowa), Kotz cited 31 investigations of workers who had violated SEC rules regarding the use of government computers and time to view pornographic and sexually explicit images. The probes covered a two-and-a-half year period dating back to 2007.

Seventeen investigations involved senior SEC staffers earning between $100,000 and $222,000 annually. In many cases, the Kotz's office obtained on-the-record admissions from the employees involved, though the report does not say how, or even whether, the employees were disciplined.

Kotz's report lists several instances where SEC employees spent several hours daily on porn. One such case involved a senior attorney at the SEC's Washington headquarters who sometimes spent eight hours a day surfing pornographic sites and downloading explicit images. The attorney apparently downloaded so much porn that he filled up all the available space on his government-issued computer. He then downloaded more images onto personal CDs and DVDs, which he stored in boxes in his office.

Another case involved an SEC regional office staff accountant caught trying to access porn sites 1,800 times over a two-week period. That person apparently stored over 600 images on her laptop hard drive. Another employee used SEC computers to upload explicit videos of his own to various porn sites that he had joined, while still another tried accessing porn sites 16,000 times in a month, the report said.

Among those snared in the investigations were two senior enforcement attorneys, one of whom had 775 pornographic images on his SEC-assigned computer. The other attorney had a thumb drive attached to his SEC laptop that contained five videos "depicting hard core pornography," Kotz sais in his report.

In total, the number of people identified by the inspector general in its investigation is less than 1% of the SEC's 3,500 employees.

The issue of porn in the workplace has been a longstanding problem affecting both government and private sector organizations. In 2008, the District of Columbia fired nine municipal employees for using work computers to visit porn sites. Investigations into their activities revealed that each of the fired employees clicked on at least 20,000 porn images over a 12-month period. In that period, one person clicked on over 48,000 porn images while at work. In addition to the firings, an unspecified number of workers in 18 city agencies were sanctioned for violating city computer usage policies.

Approaches to dealing with the issue have been somewhat cyclical in nature, said John Pescatore, an analyst with Gartner Inc. Back in the early days of workplace Internet connectivity, porn was a "huge problem. Then the child pornography stings of the early 2000s led to a huge growth in URL blocking/content filtering and the problem was mitigated," he said.

More recently, the drive to open up corporate connections to social networking and other sites -- and the growing pressure on IT to "treat users like adults and assume they will be responsible" -- has lead to a reemergence of the problem, he said. "The pressure has definitely been on to open up more and security has had to back off; but incidents like this will drive things a bit in the other direction," Pescatore predicted.

Pete Lindstrom, an analyst with Spire Security in Malvern, Pa. wasn't surprised by the revelation. "That said, most of the larger companies in the world have protection in place to address this problem," he said. "It is possible that some employees figured out a way around protection mechanisms already in place, but if the SEC doesn't have any, they are surely lagging in terms of mainstream adoption of Web content filters."

The Washington Times first reported on the investigations in February when it obtained documents from the SEC via a Freedom of Information Act request. But the story received a much broader airing this week after ABC News reported that it had obtained a copy of the yet-to-be-released report from Kotz.

John Nester, a spokesman for the SEC said that every instance of inappropriate use that had been investigated by Kotz had resulted from the SEC's own surveillance using filtering products from companies such as BlueCoat and McAfee. "Each of the offending employees has been disciplined or is in the process of being disciplined. Some have already been suspended or dismissed," Nester said via e-mail.

Since February, the SEC has increased penalties for those caught using work computers inappropriately, he said. "We will not tolerate the transgressions of the very few who bring discredit to their thousands of hardworking colleagues."

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld . Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com .

Read more about security in Computerworld's Security Knowledge Center.

Subscribe to the Daily Downloads Newsletter

Comments