CT DOC comes clean about training policy violations – Hartford Courant

In November 2020, officials at one state prison decided it was too disruptive to require some correction officers to complete their training for the state’s Criminal Justice Information System.

Instead, an official at the Corrigan prison in Uncasville cooked up a scheme and had a subordinate collect the usernames and passwords of 19 correction officers and fraudulently take the online training for them and report them as having completed it, a DOC spokesperson has confirmed.

CJIS is a state agency that creates and oversees state policies, according to its website, related to “justice information supportive of law enforcement and court functions involving apprehension, adjudication, incarceration and supervision.” The information in the system is voluminous and often sensitive. Technology has made confidential information about individuals more susceptible to unauthorized disclosure and the infliction of harm.

The Department of Correction requires thousands of correction officers to undergo training to understand what documents are and are not available to them. It also instructs them in what to do when they spot information they should not have.

Correction officers take a mandatory online security awareness training course. That requirement is one of the simpler elements of a complex system of making information available to thousands of government officials. The state police oversee the system.

Versions of what happened at Corrigan, which is now closed, and what members of the state police thought had occurred apparently differ. Several people in at least two agencies became aware of the scheme. An investigation was commenced at Corrigan. It made its way to the DOC central office.

The Department of Emergency Services and Public Protection “oversees [Correction’s] use of the CJI system, to ensure it is within policy,” Ashley McCarthy, DOC’s public information officer wrote in an email Thursday. “We partnered with DESPP to ensure a thorough investigation was completed and any individuals found to have violated the policy were held accountable.”

Two officials were investigated and cited for policy violations, McCarthy said. They subsequently retired. Action on a third employee’s breach of rules is mired in the state bureaucracy.

As DOC officials were investigating the fraud, reports of irregularities came to the attention of the state police. The state police believed there were violations involving the Connecticut On-Line Law Enforcement Communications Teleprocessing (COLLECT) System that is part of an international confidential information network that is overseen in the United States by the FBI, a state police email shows.

A civilian state police official, Versie Jones, became aware of what she believed was fraudulent test-taking at DOC as part of the higher security COLLECT system, the email says. On Dec. 28, 2020, State Police Lt. Joshua Pattberg updated Major Scott Smith on the alleged violations in an email.

“One of the cases we (he and Versi) spoke about was the DOC case with the employee that was allegedly taking recertification tests for other DOC employees at the direction of the (DOC official),” Pattberg wrote in the email to Smith.

Jones, Pattberg reported, “has concerns that this investigation or lack thereof, will create exposure for DESPP/COLLECT Unit, if not handled in the manner other COLLECT violations have been in the past. After speaking with Versie about this case this morning I share her concerns.”

Opinion

Weekly

Perspective on the week’s biggest stories from the Courant’s Opinion page

The email was obtained by a request for documents under the state’s Freedom of Information Act. Pattberg’s email update was the only one of requested documents that the state police provided.

“DESPP’s level of exposure is quite high in the eyes of the FBI on cases like this,” Pattberg warned, “as these violations are systemic and allegedly at the direction of the higher ranking official.” The FBI audits state practices to ensure rules are observed and information protected.

Failing to act, Pattberg wrote, “could be problematic for us in the future and DESPP leadership should be aware.” Jones had notified DOC in November of the apparent violation earlier in the fall, but had not received “an update as to the status of [its] investigation,” Pattberg stated, as the year was ending.

McCarthy, however, said there were no COLLECT violations by DOC found at that time.

DOC’s explanation is at variance with what Pattberg’s email says DESPP suspects had occurred that fall. At the same time DOC says it was cooperating with the state police, the state police apparently remained either confused, wrong or misinformed. If there were no violation of the high security COLLECT system, the state police’s own investigation should be closed and ought to be available to the public.

Prison officials executing a scheme to defeat the integrity of a state information system is disturbing on its own. There’s another unsettling possibility. The state police could have been wrong for months about a breach of a high security system that relies on skilled administrators to detect threats to protecting the confidentiality of the public’s information. That would require action further to safeguard the system and the information about all of us that it contains.

Kevin Rennie of South Windsor is a lawyer and a former Republican state senator and representative.