Unless you have been completed isolated from the Internet the last couple of weeks, you likely know that about 35 million account records about alleged users of the cheating website, Ashley Madison, were released to the public. Much of the online arguments center on the legality of accessing the data, both civilly and criminally, as well whether users of the site should be exposed for their activities. I am of the mindset that what individuals do privately and with their own money is between them and their loved ones. However, if public resources are used for questionable items then it becomes a matter for the taxpayers to scrutinize.
Therefore, I was interested in seeing whether any governmental email addresses were used to register on the site. On August 18, 2015, some hackers, who have dubbed themselves the Impact Team, released data they have stated that they captured from Ashley Madison servers. From media reports, it appears that the hackers accessed the data sometime in July. The hackers demanded that the sites Ashley Madison and Established Men be taken down or they would release the data to the public.
The Ashley Madison marital cheating site is owned and operated by Canadian based Avid Life Media. The site was launched in 2001. The data dump that has been released is 30 gigabytes of data. As a comparison, as of June 2015, the entire of the English version of Wikipedia is about 100GB compressed. The hackers told Motherboard that they have 300 gigabytes of data. The news media has reported that the hackers broke into Avid’s servers in July.
Avid Life Media has released media statements that question that validity of the data. Additionally, the company has stated that they are cooperating with Canadian police officials and the Federal Bureau of Investigation (FBI). Several news media outlets have independently verified that the data is likely from the company’s servers.
So far, the news media has reported that about 32 to 37 million email addresses are in the data dumps.
As I originally wrote, my interest is on whether publicly funded email accounts were used to access the philandering website. Already about 15,000 email addresses have been linked to government and military servers. The United States military makes adultery a crime under the Uniform Code of Military Justice. To be clear, I do not see how having an account proves a possible violation of adultery and thus I believe that other than embarrassing to the military account holder there would have to be other evidence of adultery to be prosecuted.
Other government entities are governed by federal and local jurisdictional laws or rules.
In the case of the City of El Paso and the County of El Paso, they generally follow the official doctrine that government resources are to be used for official business only. Obviously, an Ashley Madison account is unlikely an official business activity.
Now it is important that I make clear that having an email address show up in the data dump is not proof that the account holder actively participated or signed up for an account. Ashley Madison did not verify the email addresses used to create an account. Anyone can use any email address to create an account without having access to it.
I used various resources to comb through the data to try to identify if any El Paso County (dot epcounty.com) or City of El Paso (dot elpasotexas.gov) email accounts are on the data dump. I verified my findings through various independent sources to make sure my results were as accurate as possible. Two sources, in particular, was very helpful to me. One individual goes by the handle “t0x0” and they can be found at “@t0x0pg” on Twitter. To be clear, “t0x0” declined to provide me the full email addresses but did confirm the data I had already discovered. Another source, “slihmm” who maintains a Soundcloud account (soundloud.com/slihmm) was also helpful in validating my information. Other sources declined to be identified. All were extremely helpful because the size of the data makes it extremely difficult to efficiently verify the data.
It is a huge data schema and therefore my research to date is not as exhaustive as it could be, however I feel it is as accurate as the current information allows it to be.
I found two El Paso County email addresses in the data so far made available. Likewise, for the City of El Paso, I found two email addresses.
I have decided not to release the email addresses of the four email accounts that are on the Ashley Madison data dump. Rather I have provided the two city email addresses to the City of El Paso via the City’s Public Information Manager, Juli Lozano.
I believe that the City of El Paso will conduct an investigation of the email accounts and hopefully, take the necessary steps to address any possible violations. The two email addresses do not appear to belong to office holders. One appears to be a generic departmental email address. The other appears to belong to an individual.
Julie Lozano released the following City statement to me;
“As this is a personnel matter, the City will investigate and determine whether there has been a violation of City rules and policies.”
In regards to the County of El Paso, there appear to be two email accounts on the data dump. Both appear to be two individuals. Like, the City of El Paso addresses, I decided to send them to the County for them to investigate. Unlike the City of El Paso, I did not find a single conduit for communicating to the County. The County is made up of several elected officials and thus each has control over their departments. I am aware that the County recently implemented a County Manager and that Steve Norwood has been appointed to that position. However, I am unclear on what his responsibilities are.
Therefore, I decided to send the list to the highest staff member listed for each of the County Commissioners. For Veronica Escobar it is Ruben Vogt. For Carlos Leon it is Mayela Mejia. For David Stout it is Joshua Acevedo. For Vince Perez it is Jose Landeros. Andrew Haggerty does not have email addresses listed for his staff members.
However, unlike the city, I decided to wait until today to send the addresses to them. I did this because I believe that Jaime Abeytia has a direct line to Vince Perez and Veronica Escobar and I did not want to take the chance that he would post a blog yesterday pretending that he “scooped” me on the county email addresses on the cheating website. I will be sending the elected officials the two email addresses later today.
Having the email addresses, the City’s Information Technology (IT) Department should be able to quickly and effectively scan their server logs to determine whether any violations occurred.
The issue is not adultery, but rather using taxpayer-funded equipment to access a website for private use.
I cannot end this piece without commenting on the many online discussion streams about adultery, suicide because of the exposure and hacktivism.
The bottom line is that any data you put anywhere online is subject to being exposed. This includes banks and governmental agencies. Data dumps like these are both very damaging but also allows us an opportunity to hold governmental entities accountable.
During the discussions, it is easy to forget that if you misuse the resources paid for by the taxpayers it is likely that the truth will eventually leak out.