New Rochelle Schools Technology Director Fired For Unauthorized Access to Employee Emails

Written By: Robert Cox

NEW ROCHELLE, NY — As first reported by Talk of the Sound last March, Dr. Christine Coleman was fired after more than a decade as Director of Technology for the City School District of New Rochelle. It is highly unusual for a tenured administrator to be fired from a public school district in New York.

Talk of the Sound has recently confirmed through multiple sources the reason for the sudden departure of Coleman, a tenured administrator who ran the District’s Information Technology Department for over a decade.  Coleman did not respond to requests for comment for this article.

Coleman was fired following an investigation by Southern Westchester BOCES. The investigation was triggered by complaints within the District that Coleman often abused her administrative access to the school’s computer network and email servers to voyeuristically access employee computers, read their emails and use information gleaned from them to harass, intimidate or seek termination of employees.

On March 21, 2016, Coleman was informed she was to be terminated. Her keys and school ID were taken from her, as Talk of the Sound reported at the time. She was escorted out of City Hall by Joseph Williams, Assistant Superintendent for Human Resources. At the time, Coleman was one of the highest paid public sector employees in New Rochelle, receiving a salary of $187,248 for the 2015-2016 school year.

The BOCES investigation reportedly identified 1,700 instances of Coleman opening and reading employee emails without justifable cause. Confronted by the BOCES investigation report, Coleman engaged in a loud shouting match with Assistant Superintendent for Business & Administration Jeff White, according to sources who were present. Soon after that verbal altercation, she was notified that she was being terminated. Coleman was paid through the remainder of the school and has since taken a job as Director of Technology at Yeshivah of Flatbush in Brooklyn.

Reached for comment, Coleman told Talk of the Sound. “In March 2016, I resigned my position in order to seek new challenges and further my career.”

A search of school board meeting records did not turn up any board actions since March 21, 2016 accepting a Christine Coleman’s resignation or otherwise addressing her departure.. No official statement was released. Coupled with the abrupt nature of her separation from the District, the lack of a paper trail is consistent with reports that she did not leave the District of her own accord.

Sources inside City Hall say the animating issue was Coleman’s use of her administrative access to District computers to read “private” employee emails including those of confidential employees, among them members of the Superintendent’s cabinet.

The New Rochelle Board of Education Policy on Employee Acceptable Use of the Internet, written and edited by Coleman, does allow administrators to monitor employee use of district computers including reading emails and looking through web history and folders and files on a computer hard drive.

Employees must understand that access to School District computers, network and Internet facilities is a revocable privilege, and not a right. Use of the system can and will be monitored by the School District, and there is no expectation of privacy in employee use. These policies apply to all employees who use School District computers, networked hardware, or who otherwise gain access to School District network facilities and/or the Internet via computer equipment and/or access lines located in the School District or elsewhere. This includes any remote access which employees may gain from off-site, but which involves the use of School District sites, servers, intranet facilities, e-mail accounts or software. Except for limited incidental and appropriate use, as aforesaid, all access to and use of School District computers, network facilities and Internet access must be for the purposes of work, teaching or scholarship consistent with the educational goals of the School District. Employees must make efficient, ethical and legal utilization of network resources. Employees must be aware that material created, stored on, or transmitted from or via the system is not guaranteed to be private. In addition to the fact that the Internet use is inherently insecure, School District network administrators may review any and all individual computers and/or areas of the network at any time to ensure that the system is being used properly. For this reason, employees should expect that e-mails, materials placed on personal Web pages, and other work that is created on the network may be viewed by a third party.

The broad powers granted to Coleman under the policy suggest that she did more than just look at employee’s work emails.

Coleman’s administrative access allowed her to do far more than just monitor email on school district servers or inspect files and folders on school district computers used by employees. She had complete, remote control over employee computers including the ability to install key logging software and otherwise track every aspect of employee computer use, including the entry of user IDs and passwords on third-party web sites including personal bank accounts and personal email accounts. Coleman’s interpretation of District IT policy appears to have been broad enough to justify her accessing any data even on a personal computing device like an iPhone or personal laptop.

This opens up a whole other can of worms.

Coleman had the technical ability to observe as an employee logged in to a personal Gmail account, capturing the employees User ID and Password, observing or “screen grabbing” emails, opening and reading personal email and even gaining control of the employee’s personal Gmail account to read and even send emails (as that employee) by using the captured login information to open the employee’s secure personal email account.

In instances where Coleman had physical control or remote control over a private smartphone, she could make a complete copy of all content on the employee’s phone and then, at her leisure, read the employee’s personal emails, text messages, view private photos and videos, review web browsing history, login into e-commerce web sites, make purchases and more.

Such actions, if undertaken, might constitute violations of the federal Stored Communications Act and the federal Computer Fraud and Abuse Act.