Emails from blogger Pete Dinelli to city of Albuquerque addresses were incorrectly blocked because of security concerns, a city IT staffer told the Albuquerque City Council on Monday, but the error was recognized and corrected.
Two city councilors expressed their doubts.
Mark Leech, the director of the city’s Department of Technology and Innovation, said millions of emails are blocked because they are seen as suspicious and potentially harmful to the city’s electronic infrastructure. That’s what happened to Dinelli’s emails, Leech said.
“It looked like it could have been an attack. We had a very short window of time in which to make a decision,” he said. “We made the decision in order to keep the city assets safe. It was a very quick decision.”
Dinelli, a former Albuquerque city councilman who writes a news and commentary blog, www.PeteDinelli.com, previously told the New Mexico Sun his emails were blocked to more than 250 Albuquerque city officials and employees from March 22-27. He said he doesn’t believe the reasons offered by city staff last week and again Monday.
“The IT director read a statement giving general remarks about IT security and costs associated but not addressing the real issue of blocking city councilors from receiving or screening emails from public,” Dinelli told New Mexico Sun.
Albuquerque Digital Engagement Manager Erika Eddy previously told the New Mexico Sun that Dinelli’s email address was identified as a potential phishing expedition on March 22 and it was blocked. Eddy said the block was removed March 27 once it was determined the earlier assessment was incorrect.
On Monday night, City Councilor Brook Bassan said it’s clear many Albuquerque residents are angry about this apparent censorship of ideas and commentary.
“I would like to make sure to be very clear that I never directed anyone to block my emails for the city so I would be prevented from … I don’t want to sit there and pick and choose who I hear from from my constituents,” Bassan said during a lively and contentious question-and-answer period with city administration. “And they’re very upset.”
Leech said a tidal wave of emails arrives daily, and city staff does its best to let legitimate messages through, while stopping harmful missives from entering the system. He said 8 million emails were received by the city in the last quarter, and 40% of them, or 3 million, were blocked. Another 700 were reported by city staff as spam or phishing attempts.
He also stated that cities and counties across the country are spending millions to secure their IT systems from harmful attacks, including Ransomware, using “well-established security protocols.”
Bassan asked how the city can reassure citizens that city staff and elected officials will listen and respond to them and their views are not being censored.
“They’re very angry, and I frankly am as well,” she said. “I also respect that we have to be safe and keep the city protected. But we’re here to serve.”
Leech said city staff will reflect on what happened and try to learn from it. Emails are only blocked if they are deemed harmful or suspected as malware or are of malicious origin.
Councilor Louie Sanchez tried, once again, to pin down who exactly blocked Dinelli’s emails.
“Who permitted it? Why did it happen? We’re asking a specific question,” Sanchez said. “Councilor Bassan asked a specific question about who does it, who makes the blocks, who permitted it, how is it decided to do so and why is it done without the permission of the owner of the email.”
Leech said it’s done by the system because an email address is deemed suspicious or potentially harmful. He said hackers often use what appear to be private email addresses in an attempt to gain entry into a system.
Sanchez, without mentioning Dinelli by name, said a blogger’s email address was blocked after he published a column critical of some city actions. Sanchez noted numerous emails have come from that same address many times. Why was it blocked this time?
Leech had no direct response to that.
Sanchez said the council was not getting a straight answer.
“This happens over and over and over again. This body up here, we’re the City Council. We’re the legislative body, the City Council,” he said. “Our job is to check and balance the administration so we need to know exactly what is going on, and we don’t get those answers.”
Leech said he didn’t want to go into details and tip the city’s hand on how it operates its IT security system. He said it was a hasty decision, and once it was determined this was not from a dangerous address, it was unblocked.
Sanchez was unconvinced and said it still appears suspicious.
“It sounds very, very fishy to me,” he said. “That’s what it looks like to us.”
Chief Administrative Officer Lawrence Rael dismissed the idea that this was politically motivated. Rael said the use of spam blockers and other IT defense mechanisms are common techniques.
“Yes, we do block some emails from time to time whenever it is determined either through the systems in our IT world that actually flag those as phishing expeditions or whatever the term may be in that world of IT, that could signal that there could be some folks are trying to phish information, etc., out of our system,” he said. “Once it was determined it wasn’t a phishing expedition, it was unblocked,” he said.
Rael said he had no clue this was happening, and he played no part in the process. He said Mayor Tim Keller was not involved, either.
“It has nothing to do with politics, Councilor Sanchez,” Rael said.
Councilor Klarissa Peña said she appreciated the discussion and was glad the councilors had finally received the emails. Peña asked Rael and Mayor Keller to examine the city’s email policy to ensure citizens are confident their voices are being heard.
Dinelli told New Mexico Sun he watched the meeting and was pleased four councilors pressed city officials on the email issue. But he said more could have been done.
“It was just discussed with Bassan and Sanchez asking questions and administration tapping around with no explanation who blocked and why,” he said. “Only generalities and no disclosure as to exactly how my emails were Malware or malicious. Sanchez called it fishy, but no one asked that the inspector general or internal audit look at."