More Technical Difficulties for Councilman Tom Berg

By /
Reading time: 5 minutes.

An email from the desk of Honolulu City Council member Tom Berg was flagged as spam by the city’s internal system, creating an intriguing technical puzzle for the city’s chief geek.

The spam incident came before the District 1 member falsely accused the Honolulu Star-Advertiser of censoring his web comments due to his focus on the rail project and his decision to fire his chief of staff amid a series of cyber attacks against a sitting state lawmaker.

Gordon Bruce, director of the city’s Department of Information Technology and the city’s Chief Information Officer, told Civil Beat last week that between 100 and 200 city employees had an email from Berg’s official city email — tberg@honolulu.gov — land in their spam folder on a recent furlough Friday.

“To me it was interesting as a technical problem because I wanted to know how we got spammed internally,” Bruce said. “For me, as a geek, it was intriguing.”

After doing some “forensic” investigation, Bruce determined that the spam came from an Internet “listserv” — a type of site that exists solely to do mass emails. Some handle run-of-the-mill newsletters, and some trade in more nefarious content.

“What happens is the Internet itself, because it’s policing things, if certain things happen, they can turn around and flag one as a potential negative site,” he said. “These sites go in and out. One day they may be clean and then they’re on a blacklist. … What I surmise was that the guys that (Berg) was using on that particular day were blacklisted. So when it hit our system, it flagged them as spam.”

Berg told Civil Beat Friday evening — in an email from his personal account — that he knew of no blocked email or newsletter. Philmund Lee, Berg’s deputy chief of staff, said the only person who would know about mass emails would be Chief of Staff Eric Ryan — who had just been given his “pink slip.”

Ryan has a history with the Department of Information Technology. When Mufi Hannemann was mayor, Keith Rollman served in the department as a senior adviser under Bruce. Rollman and Ryan have a history of Internet squabbles that flared up again last week with each writing scathing op-eds in the Hawaii Reporter. (Click to read and .)

Regardless of who actually engineered the mass email, it went out under Berg’s name.

In the grand scheme of things, 100 to 200 pieces of spam isn’t even a drop in the bucket as far as the city is concerned. Bruce said the city filters out, on average, about 1.4 million pieces of spam each week, plus another 80,000 phishing attacks and other aggressive attempts to access city information.

But it’s rare for the spam to originate inside the city’s system, and it could conceivably have consequences beyond Bruce sending a warning to 7,000 or 8,000 city email accounts to avoid opening the offending note, as he did in this case.

“Mass email blasts could get the city blacklisted. … At some point, because if the volume gets high enough, people are gonna go ‘wait a minute, is this site really a legit site or is it someone spoofing to be you or spoofing to be us?'” Bruce said.

The city’s — developed by DIT, human resources and the city’s lawyers — tells employees they should not use the Internet in a way that would “jeopardize the security of the city’s network or other networks on the Internet.” Examples include sharing one’s password and impersonating another person.

It makes no explicit mention of listservs, mass emails or spamming. And even if it did, it’s unlikely those rules would apply to Berg.

“I can’t tell an elected official what to do. That’s the separation (of powers), that’s our country, that’s the beauty of it,” said Bruce, a member of the city’s executive branch.

There are other rules and regulations that could come into play. The city’s Ethics Code requires appropriate use of city resources, such as the email system. The Ethics Commission has published on how to remain in compliance — for example, by not sending emails related to non-city business or political campaigns.

The guidelines also make no explicit mention of listservs, mass emails or spamming. If the email from Berg was a newsletter, it could be considered acceptable constituent outreach, not political activity — regardless of how many people it was sent to, how those people ended up on the distribution list, and what service Berg used to distribute the email.

Read earlier coverage of Council member Berg’s office’s Internet use:

Support Independent, Unbiased News

Civil Beat is a nonprofit, reader-supported newsroom based in ±á²¹·É²¹¾±Ê»¾±. When you give, your donation is combined with gifts from thousands of your fellow readers, and together you help power the strongest team of investigative journalists in the state.

 

About the Author