in the end
some redactions were made that shouldn't have been but everyone was acting in good faith said John Biancamano, OU's general counsel. He called the newly-released version of the report virtually unchanged.
Click here to see the settlement, revised Moran report and checks from the university.
Ohio University ended a two-year legal battle in March, agreeing to pay two former employees $90,000 and revise censorship of a controversial report on the series of computer security breaches that rocked the university in 2006.
As part of the deal, OU must release more information from the controversial Moran Report, a document detailing problems that exposed huge databases filled with the personal information of students and alumni to hackers. By revealing sections of the report that it previously kept secret, OU is essentially admitting that it incorrectly withheld public information.
I think
in the end
some redactions were made that shouldn't have been
but everyone was acting in good faith
said John Biancamano, OU's general counsel. He called the newly-released version of the report virtually unchanged.
Click here to see the settlement, revised Moran report and checks from the university.
University attorneys have long argued that the security and infrastructure exemptions in Ohio's public records law justified removal of some information. Under those exemptions, the university refused to release names and other non-sensitive information in the report. Now, those sections will be open to the public, said Fred Gittes, an attorney from Columbus who represented the two men, Tom Reid and Todd Acheson.
Reid headed Communication and Network Services, a group now part of the Office of Information Technology. Acheson worked under Reid as Manager of Internet and Systems.
The lawsuit wasn't about their termination
it was about destroying information and hiding information from the public
Gittes said.
Parts of the report remain redacted - blacked out - to hide information OU considers sensitive. An analysis by The Post of the revised report shows relatively innocuous material is still redacted.
For example, OU removed a large part of the section titled Security Not An Institutional Priority that detailed Acheson's belief that firewalls would inhibit the free exchange of information on the university network. Since that time, OU has installed firewalls at multiple points on its network.
Other information still redacted includes a cell phone number removed from a university employee's e-mail signature and the e-mail address of a man who told the university about the security problem.
Releasing more of the controversial report, though, won't likely improve its credibility.
Redacting more or less of it doesn't change the facts that it was flawed when it first came out and it's still flawed
said Reid, who wrote a 60-page rebuttal after losing his job. Two of the university's former technology chiefs have blasted the report in lengthy letters, attacking its technical merit and ethical standards.
The settlement agreement, signed March 17 by the university, was released today. Most of the money will go to Reid and Acheson's attorneys. The former employees will keep $22,000.
