[2014] FWC 1637

FAIR WORK COMMISSION

DECISION


Fair Work Act 2009

s.394 - Application for unfair dismissal remedy

Mr Darko Gmitrovic
v
Australian Government, Department of Defence
(U2013/3166)

SENIOR DEPUTY PRESIDENT HAMBERGER

SYDNEY, 13 JUNE 2014

Application for relief from unfair dismissal.

[1] Mr Darko Gmitrovic (the applicant) made an application on 20 September 2013 under s.394 of the Fair Work Act 2009 (the Act) seeking an unfair dismissal remedy in relation to the termination of his employment by the Commonwealth Department of Defence (the respondent). The matter was referred to me for determination and hearings were held on 5 and 7 March 2014. The applicant represented himself and the respondent was represented by Mr Darren Gardner (Maddocks Lawyers). Following the hearing, the parties filed written submissions.

[2] The applicant gave evidence on his own behalf. The following gave evidence on behalf of the respondent:

The Applicant

[3] Prior to his dismissal, the applicant was employed as a Senior Regional Information Officer 1 (APS5) inter alia to:

under limited direction manage the facilities electronic/graphical database and technical library;

undertake Total Quality Management procedures and audit for all facilities databases and libraries; 3

manage and coordinate the building survey program; and

liaise both orally and in writing with clients, stakeholders and industry on issues relating to DEMS, and maintain the facilities databases and the Technical library. 4

The Referral from ICT Security Operations

[4] On 27 June 2012, Mr Joshua Harrison-Brown (Policy Violation Officer, ICT Security Operations) sent a minute to Ms Stores. The minute said that it had been reported to the Directorate of ICT Security Operations that Mr Gmitrovic's account had been identified as using an ‘Anonymous Search Engine to hide search activity on the Defence Restricted Network (DRN).’ The minute indicated that this activity may have contravened Defence Policy. It also said that it was possible that Mr Gmitrovic had attempted to hide his internet activity by deleting system cookies at the end of each day. The minute indicated that connections had been made to an ‘anonymizing’ search engine tool. Also included with the minute was a CD-ROM containing data from the applicant’s account ‘as at the time of capture, 30th March 2012’ including the accumulated internet history from 8/1/2012 till 2/4/2012, as well as a folder with user logon times, and screenshots showing changes in the applicant’s cookies folder. Attached to the minute was a document headed ‘Investigation Report’ which, inter alia, said that ‘the activities of the individual ... may breach the following:

[5] In an annexure to the minute it was noted that the user had been seen browsing several real estate websites. It also made specific reference to ixquick.com which it described as a ‘secure and private search engine tool’. It said:

[6] The minute also included a discussion paper which ‘summarised the threats posed by tools such as an Anonymizer, or a Proxy Service.’ It included the following general definition:

[7] Under the heading ‘ Threats Posed’ the discussion paper continued:

[8] The paper then discussed ‘ Examples of Anonymizers’:

[9] The paper concluded with the following:

[10] On 19 July 2012, Ms Stores determined that further investigation was warranted and allocated the matter to Ms Kirsten Mahoney, case officer. Ms Mahoney reviewed the material and prepared an initial case summary in late July/early August 2012. That summary included the following under the heading ‘ allegation/issue/code’

[11] The initial case summary continued under the heading ‘Notes/Considerations’

[12] This summary was given to the delegate, Ms Pokoney in mid-August 2012. On 23 August 2012 she hand-wrote the following after indicating that the investigation process should proceed:

[13] Even though Ms Pokoney was then the delegate, Ms Stores signed the Notification of Commencement of Investigation into Suspected Misconduct on 27 August 2012. She did this instead of Ms Pokoney because the latter was on leave at the time. 8 The ‘Notification’ was sent to the applicant. It told him that certain matters had been referred to Ms Stores for consideration relating to allegations of inappropriate use of Defence ICT resources. While the applicant was told that Ms Stores might be required to determine whether his conduct had in fact breached the APS Code of Conduct, the nature of the allegations was not identified. The applicant was advised that Ms Mahoney would be investigating the matter.9

[14] On the November 2012, Ms Pokoney sent a Notification of Suspected Misconduct (NOSM) to the applicant. This advised him that Ms Pokoney had been appointed to determine whether or not he had engaged in conduct which breached the APS Code of Conduct. The section headed ‘Background’ included the following:

[15] Under the heading ‘Suspected Misconduct’ it included the following:

Note: due to the large volume of material contained on your Defence Restricted Network account "darko.gmitrovic” a CD-ROM containing your ‘Internet logs from January 2012 to May 2012 is attached ...’

[16] The NOSM listed a number of elements of the APS Code of Conduct which it was suggested might have been breached. The range of sanctions that could apply where a breach has occurred was outlined. The applicant was advised that he had until 14 December 2012 to provide a written response in relation to the allegations. 10 The applicant was subsequently given an extension of time within which to respond. He provided his written response on 17 December 2012.11

[17] Mr Gmitrovic provided a lengthy response. He stated that:

[18] Most of the rest of the response focused on the allegation referred to in a), i.e. ‘between January 2012 and May 2012, you have accessed non-work related Internet sites excessively, averaging up to 1822 website visits per day (note this number contains multiple visits to the one site)’.

[19] Mr Gmitrovic said:

[20] Mr Gmitrovic then went on to show how opening a site was associated with opening up ten other sites.

[21] To illustrate his point, Mr Gmitrovic showed how the data log submitted with the NOSM showed him accessing one particular site 172 times in the period of one hour. He also visited another site 194 times in the same period. He went on:

[22] Mr Gmitrovic then gave other examples where the internet log included with the NOSM showed him opening one site 331 times in seven minutes.

[23] Mr Gmitrovic continued in a similar vein, showing how the log suggested him opening a large number of sites a hundred or more times in a few minutes.

[24] He then gave examples of social media sites that the internet log showed him visiting, which were in fact blocked by Defence internet filters.

[25] The applicant then dealt with the specific allegation that ‘you downloaded/uploaded unapproved software onto the DRN called an Anonymizer to conduct and mask your Internet search activities...’ He responded:

[26] Mr Gmitrovic summarised his response to the allegations. In relation to allegation (a) he said that:

[27] In relation to allegation (b) he said

[28] In relation to allegation (c) he said:

[29] The applicant concluded by saying in relation to allegation (d):

[30] According to her written statement, Ms Pokoney said that on reading this response she formed the view that she would need to seek clarification from Defence’s ICT Security Operations team in Canberra about the IT issues the applicant discussed, as this was not her area of expertise. She also formed an impression that the applicant was dismissive of the NOSM and the seriousness of the matters raised for his comment, and was ‘disrespectful’ of the disciplinary process. 13

[31] Ms Pokoney and Ms Mahoney met with Mr Michael James, Audit Manager, National Security Operations, and Mr Harrison-Brown on 8 February 2013. Following this meeting Ms Pokoney sent an email on 14 February 2013 asking for help with understanding Mr Gmitrovic’s response. It was not until 29 April 2013 that Ms Pokoney received an email from Ms Bolling providing her advice. 14

[32] With regard to the applicant’s analysis of the allegation that he had visited 1822 sites per day, on average, Ms Bolling commented: ‘In his argument against this figure alone he is quite correct, however if you take his usage down to just the sites visited (rather than include all the ‘add-on’ sites as well his browsing is still excessive. The main point that we are concerned with though is not the excessive browsing but the use of anonymizer sites.’ [Emphasis in the original]

[33] With regard to the second allegation, Ms Bolling said that:

[34] Ms Bolling reiterated that ‘1822 sites per day was incorrect’ and not a figure given by ICT Security Operations, though she added that ‘we have his logs, from which his actual browsing can be identified and this was still considered excessive against Defence's reasonable use policy. Again though the main issue is the anonymizer use and this is not addressed by Mr G at all.’

[35] Ms Bolling noted that:

[36] After reviewing this advice, Ms Pokoney prepared a notice of Intent to Sanction on 3 July 2013. According to her statement, this reflected her finding that the applicant's conduct amounted to a breach of the APS Code of Conduct.

[37] In this document, Ms Pokoney stated:

[38] Ms Pokoney specifically referred to a number of sections of the Code, including the requirement to behave honestly and with integrity, to act with care and diligence, to comply with any lawful and reasonable direction, to use resources in a proper manner, and to act in a way that upholds the APS values and integrity and good reputation of the APS, particularly with regard to the highest ethical standards. She indicated that she was of the belief that termination of employment was warranted.

[39] Ms Pokoney indicated that she was seeking the applicant’s comments on whether a sanction was warranted, the level of sanction that should apply, any mitigating circumstances that should be considered, and any other matters that the applicant considered relevant to the imposition of a sanction. She stated that she had determined that the APS Code of Conduct had been breached and that if the applicant wished to seek a review of this decision he would have to apply in writing to the Merit Protection Commissioner.

[40] Ms Pokoney attached to the document, the reasons for her decision. With regard to the first allegation she said that ‘ it appears that the "averaging up to 1822 website visits per day" figure initially alleged was incorrect. Regardless of that, I do consider that the allegation between January 2012 and May 2012, you have accessed non-work-related Internet sites excessively remains valid’. She indicated that she relied on ‘DI(G) CIs 6-1-001 Appropriate and Inappropriate use of Information and Communications Technology Resources.’

[41] Ms Pokoney also provided an analysis from ICT Security Operations of the applicant's Internet logs to provide specific examples in relation to the duration of his browsing actions. There were seven examples given between 9 February and 2 April 2012. These were:

[42] ICT Security Operations had told Ms Pokoney that ‘Defence members are allowed the internet for their work requirements and for ‘reasonable personal use’ which is generally considered to be use through a member's lunchtime or short durations to complete urgent personal tasks such as banking. To determine the work requirement you would have to discuss with the members chain of command, however the browsing supply seems to be excessive even allowing for some work requirement. This is suggested against the time and duration of internet sessions and the type of sites visited.’

[43] Ms Pokoney commented:

[44] In relation to the second allegation, Ms Pokoney said:

[45] Ms Pokoney also commented:

[46] Mr Gmitrovic responded on 26 July 2013 with a brief email saying he did not agree with the allegations, denying that he had breached the Code of Conduct and indicating he would ‘vigorously pursue all legal options to find out what and/or who is behind this, and clear my name of imputations and labels that the decision is trying to impose on my name.’ 16

[47] On 29 August 2013 Ms Pokoney sent the applicant a ‘Determination of Sanction’ indicating that he was to be dismissed. In the attached statement of reasons Ms Pokoney said that she was disappointed that the applicant had continued to fail to take any responsibility for his actions in the matter. She denied that she had denied the applicant natural justice.

[48] During his cross examination the applicant said that he had a ‘very deep and solid’ knowledge of IT systems. 18 He agreed that his access to the DRN, including Internet and e-mail, was primarily provided to carry on his job.19 He also agreed that there was permission for reasonable personal use on the condition that it was not inappropriate use.20

[49] The applicant said that he had to use the Internet as an essential tool of doing his job. This included accessing certain external sites. 21 He needed to be on the Internet the whole day for work.22 He did agree that during the day, in his ‘spare time’ he would access non-work-related sites on the Internet.23 This included sites accessed to keep his IT knowledge up to date.24 He would often open sites, and leave them open while he undertook other tasks. Thus a site could remain recorded as if he was looking at it for four hours, even though he was doing something else at the time.25

[50] The applicant implied that almost all the sites he looked at had information that he used for work. When it was put to him that he had looked at a number of real estate sites he responded that his agency was involved in:

[51] The applicant was asked whether he ever used Scroogle as a search engine when he was at work. He replied:

[52] The applicant said that no one had ever told him that he should not use sites like Scroogle. 28 Indeed he was never told that he should not use an anonymizer search engine.29 He said that ‘In the rules, search engines are actually allowed websites. So from my perspective I wasn't doing anything wrong. I was simply looking for a safe search engine that would allow me to search Internet without advertising to the world - and there's a lot of nasty stuff going on on the Internet, so I was trying to protect Defence because whenever you connect to the Internet, whatever the site, your opening the system - no matter how well protected it is, your opening the system to the external world.’30

[53] The applicant also said he used the search engine Ixquick. When asked why he did this he responded:

[54] The applicant said that using Ixquick would not prevent Defence from knowing what sites had been looked at as it placed cookies to enable it to follow/monitor the use of Internet or your computer during the working day. He added:

[55] He said that he used an anonymous search engine because he did not want the external ‘sniffers’ to penetrate Defence's system. 33

[56] The applicant said that he was not using an ‘anonymizer’, because you knew what he was doing on the Internet. The only thing was that he was using the search engine to hide his IP from where the search results were coming from. 34

[57] The applicant said that the log demonstrated that using search engines such as Ixquick does not delete one’s browsing history. 35 Using such search engines ‘cannot hide what sites I am visiting. I can only hide the IP address of my computer to external sniffers, trackers, spies, whatever.’36 He acknowledged that Ixquick has a proxy search function that provides extra protection, however he said that such servers were not allowed in Defence and were blocked automatically.37 ‘... in my profession it is common knowledge that proxy systems make you completely invisible to the systems and of course we can't have that in Defence because in that case everyone could go on whatever sites you want and no one would be able to see. Of course Defence does have appropriate filters to stop any such software from being used on Defence system. It is just impossible. The link is there but you can't go to it.38

[58] When it was put to the applicant that Ixquick had been blocked by Defence, and that Defence did not consider it a benefit for people to use it, he responded:

[59] The applicant when asked about deleting cookies, said there was no policy preventing staff from doing this, and it was an option that was freely available in Internet Explorer. This was something done by other IT professionals. 40 He saw it not as ‘paranoia’ but as a good security practice.41 He only deleted the cookies at the end of the day which meant that the administrator knew exactly what he was doing.42

[60] Mr Gmitrovic accepted that it was legitimate for Defence ICT to be able to openly monitor and view all his internet activity whilst using the Defence Restricted network - indeed he said it was their duty. 43 He agreed that ICT was reporting something that looked suspicious.

[61] Mr Gmitrovic rejected the proposition that it would have been ‘ethical and honest’ simply to apologise and accept that he had misused defence resources with excessive personal internet browsing. ‘No, because the security actually agreed with me on all the points that I raised, so there was nothing to confess that needs honesty and ethically because what was alleged is not what happened.’ 44

[62] The applicant also rejected the proposition that it would have been ethical and honest for him to just accept that he was trying to hide his searches using an anonymizer. He said that he had never denied using a search engine. Under Defence rules, search engines were appropriate websites. ‘As such, I had no reason to believe that that particular website was any different from any other search engine because it was not blocked, it was available on the DRN and because the search engines are proper websites, and I was not using the proxy ... I had no reason to believe that I was doing something that constituted a notifiable breach.’ 45

[63] The applicant conceded that he had not told Ms Pokoney about using the anonymous search engine because this is not what had been alleged. While it had been mentioned in Mr Joshua Harrison-Brown's paper it was never actually put in the allegations. He had seen that it was mentioned that he considered that it was his duty to respond to the actual allegations against him. 46 He subsequently agreed that it may have been better if he had told his employer that he had used the search engine, even though he did not consider that this was a breach of policy or was in any way malicious.47

[64] In her oral evidence, Ms Bolling explained Defence’s concerns with anonymous search engines such as Ixquick. ‘essentially, the concern with the anonymizers is the doubt ... We don’t know the actions of the members performing behind them and we don’t know if any malicious embedded software is coming back ...’. She did however agree that while Defence would not know what search term had been entered, or the list of search results, as soon as someone clicked on a site on that search list that would become visible - at least from a standard search. 48 She said:

[65] Ms Bolling agreed that one could not download malware from a site just by it appearing on a search list. 50 Nor could you access Facebook using Ixquick on the DRN.51

[66] During her cross-examination, Ms Bolling agreed, when it was put to her that the allegation against the applicant in the NOSM was that he had downloaded and uploaded unapproved software into the DRN called an Anonymizer ‘that there was a bit of confusion in the initial instances of this case ...’. 52

[67] Ms Bolling also conceded that the applicant’s computer was reviewed to see if any applications had been installed and there was no evidence that the applicant had downloaded any inappropriate software. 53 She also said it was not prohibited to delete cookies on the Defence network.54

[68] Ms Bolling was asked to take the Commission precisely to the policies that it was alleged the applicant had breached. The first was the Defence Instructions General DI(G) CIS 6-1-001 - Appropriate and Inappropriate use of Information and Communications Technology Resources. 55 These were issued on 14 July 2011. According to Ms Bolling, the applicant had engaged in conduct referred to paragraphs 20 (i) (1) (a) and (b) under the heading: ‘Use Defence ICT Resources to engage in dishonest, deceptive or malicious practices’. These were being:

[69] When asked whether ‘you’re saying he masked from view an unauthorised file’ Ms Bolling replied: “Specifically no, but that there was the potential for that. Through the use of the anonymizer, an unauthorised file, say, malware, could possibly have come back to the network engineered to penetrate automatic gateway filters.’

[70] Ms Bolling conceded that if he had done this it would have been the external service provider that would have been the sender and they who would have masked the unauthorised file. This would only have arisen if the applicant had used ‘the image facility’. 57

[71] Ms Bolling also referred to paragraph 20(d)(1)(b) under the heading ‘Create cost impact on the Commonwealth’ which gave as an example being ‘wasteful of defence ICT Resources.’ She agreed that one person’s ‘excessive’ use would not increase the cost to Defence 58 ‘but I suppose the other factor is we’re paying them to sit there and browse the internet.’59 Another paragraph referred to ‘excessively using non-Government related sites. This includes web surfing and sustained accessing of non-work related internet content.’

[72] Ms Bolling also referred to Defence Information Management Policy Instruction 2001 which prohibits any use of email or internet access for personal purposes, 60 which had not been rescinded - though she acknowledged that it conflicted with other Defence policies that permitted ‘reasonable private use’.61

[73] The next policy referred to by Ms Bolling was the Information Systems Security Practices and Procedures for the Defence Restricted Network. 62 She referred to paragraph 38 (c) which stated:

[74] Ms Bolling also referred to the definition of potential security incidents involving the DRN in that document which included ‘any perceived or real compromise of data or DRN infrastructure.’

[75] Ms Bolling was asked whether there was anything that said ‘You should not use an anonymous search engine. Her response was ‘Not that directly, your Honour, no.’ 63 She was then asked ‘To know that you shouldn't use anonymous search engine, you have to think that what you're doing is that you're going into a site that masks the identity of the people you are searching, is that right? ... I suppose, yes ... So there is, as you say, nothing that specifically says not to use an anonymizer; it's more the intent and the masking that's outlined in policy.’64

[76] Ms Pokoney gave oral evidence that the applicant was given an opportunity to respond to the intent to sanction letter of 3 July 2013. He ‘was given the opportunity to comment on the sanction that was being proposed, whether or not it was, in his view, commensurate with the information that had been obtained ... Any mitigating circumstances that he wished to raise, so if any of the reasonings that was outlined in the intended to sanction document he disagreed with or had evidence which would either confirm or be contrary to the decisions in that document, that was an opportunity to raise those, and then there's a blanket any other matter that Mr Gmitrovic would have considered to be relevant to the imposition of the sanction. 65

[77] Ms Pokoney acknowledged that in the initial notification of suspected misconduct for office came up with a number of 1822 sites visited per day; however during her conversations with ITC Security Operations she came to understand that that figure was incorrect. However ITC Security Operations ‘remained supportive of the allegation that Mr Gmitrovic had excessively used the Internet or browsed the Internet.’ 66

[78] Ms Pokoney also acknowledged that initially due to her lack of understanding of what an anonymizer or anonymous search engine were technically, she alleged that it was something that was downloaded or uploaded. However her discussions with ICT Security Operations indicated that it was not a piece of software - it was a tool that you access online. She did not consider that the way she framed her initial allegation negated the validity of the allegation. ‘It was the actual use of the anonymous search engine or the anonymous searching activity was a concern.’ 67

[79] Ms Pokoney confirmed that she did not as part of the investigation talk to the applicant's supervisor or any of the people he directly worked with. When asked why she had not done so she responded, ‘My view would be that we relied heavily on the ITC Security Operations information and that it was the Internet searching activities were concerned.’ She agreed that ‘potentially’ it might have been relevant to talk to the applicant's supervisor about whether there were any problems with him completing his work if he was spending so much time doing personal activities on the Internet. She said however, that the applicant’s supervisor was located at a different site. When pressed whether it would have raised questions whether the applicant really was spending so much time on the Internet if he had no trouble getting through his work, Ms Pokoney responded:

[80] Ms Pokoney did however agree that despite excessive Internet use being one of the grounds on which the applicant was terminated she did not think it appropriate to find out whether it was interfering with his ability to get his job done. 69

[81] Ms Pokoney denied that the deletion of cookies was in any way a breach of policy or was inappropriate. When asked during her cross-examination whether there was any evidence that the applicant had deleted cookies to ‘cover his tracks’ she responded ‘I really don’t know.’ 70

[82] Ms Pokoney agreed that she had never put to the applicant that he spent specific periods of time in personal browsing on the Internet. 71

Consideration

[83] In considering whether the dismissal of the applicant by the respondent was harsh, unjust or unreasonable, I must take into account:

[84] In his written submissions on behalf of the respondent, Mr Gardner attacked the credibility of the applicant, asserting that he was not open and honest, either in his responses to the respondent or as a witness in the Commission. Mr Gardener submitted as an example that ‘during the investigation, on the critical concern as to why he was using anonymizer search engines, the Applicant deliberately avoided any admission to the Respondent that he did use anonymizer search engines and gave no explanation of what purposes he had for using anonymous search engines while at work.’

[85] I do not agree with this assessment. The applicant is certainly argumentative. He is also very focussed on technical detail and rather literal-minded - verging on the pedantic. Accordingly when a specific allegation was put to him that he considered to be wrong his response was to deny the allegation. That is hardly unreasonable. In his responses to allegations during the investigation, and the hearings in the Commission, he not only denied the specific allegations put to him, he also provided (often copious) information why the allegation was wrong. He did not feel it was his responsibility to reframe the allegation and then justify his conduct in the context of an allegation that had not been made.

[86] For example, one of the original allegations against him was that he downloaded/uploaded unapproved software onto the DRN called an Anonymizer to conduct and mask his Internet search activities. It is quite clear that the applicant never did anything of the sort, which is what he said. It is unfair to criticise the applicant for not responding that, while he had not ‘downloaded/uploaded unapproved software called an Anonymizer’ etc., he had used an ‘anonymous’ search engine - especially when he believed that he had done nothing wrong by using such a search engine.

[87] While the applicant was (understandably) keen to present the facts in the best possible light, I consider him to have been an honest witness. On occasion he might have been wrong about particular matters - but that does not mean that he did not believe the evidence he was giving to be true.

[88] It is very clear, both from his responses during the investigation, and during the hearings in the Commission, that the applicant has a very strong interest in IT security issues, particularly as they relate to the internet. This lends considerable weight to the credibility of his evidence as to his motivation for using anonymous search engines and deleting cookies.

[89] The first issue to be dealt with is whether the respondent had a valid reason for dismissing the applicant. While the allegations against the applicant changed during the investigation, it is reasonably clear that he was dismissed for two reasons: excessive personal use of the internet, and the use of an ‘anonymous’ search engine (Ixquick).

[90] The respondent’s evidence about the applicant’s personal use of the internet was all based on the internet logs extracted by the IT Security Operations area. That area was in fact not really concerned about the ‘excessive use’ issue - telling Ms Pokoney on more than one occasion that their real worry was the ‘anonymizer’ issue. It was Ms Pokoney who annotated Ms Mahoney’s initial case summary with the comment:

[91] Ms Pokoney then included the allegation of accessing non-work related internet sites excessively to the NOSM (including the wildly incorrect figure of an average of up to 1822 website visits per day). Unfortunately she took no action to obtain an answer to her question - what was the applicant’s performance like if he was - as she clearly thought - spending ‘the majority of his days on the internet.’ One of the more bizarre aspects of the investigation is that no attempt was made to talk to the applicant’s supervisor or any of his work colleagues - who would presumably have had a very good idea whether the applicant was indeed spending most of his time browsing the internet. Ms Pokoney could not come up with a convincing reason why this did not occur - falling back on the poor excuse that excessive use of the internet was a ‘secondary issue’ (despite a being a ground for the applicant’s dismissal).

[92] While the log does show the applicant making considerable use of the internet, it was the applicant’s evidence that using the internet was a critical part of his job. He did not deny that he sometimes used the internet for personal reasons, but that most of the sites were visited for work purposes. There is no evidence to the contrary from Mr Gmitrovic’s own manager. I accept that most of the applicant’s use of the internet was for work. Even if he was using the internet too much for non-work related purposes, given that there was no evidence that this was affecting his work, and given the rather vague and contradictory nature of Defence’s policies on this subject, this conduct would have warranted at best some informal counselling. It was not a valid reason for the applicant’s dismissal.

[93] The second ‘more serious’ reason for the applicant’s dismissal was the use of the anonymous search engine. Given his views about internet security, I accept the applicant’s evidence about why and how he used the anonymous search engine. In particular he did not do so to hide from Defence but to protect Defence’s network. Perhaps he was being a bit naive, but it is important to note that there is no policy that explicitly bans the use of such search engines. The policies referred to by Ms Bolling as having been breached by the applicant were all essentially concerned with deliberate action by Defence personnel to mask their internet activities from the Department. The concern that Ms Bolling had was that the applicant may have been hiding some nefarious activity behind the anonymous search engine. It is possible that anonymous search engines could be used in this way. Indeed Mr Harrison-Brown’s paper makes the bold - but unsupported - assertion that ‘the use of anonymizers is a deliberate attempt by an individual user with the sole purpose of rendering them anonymous to network administrators and network security tools.’ However I accept the applicant’s evidence that he did not use the anonymous search engine for this purpose. On that basis I am not satisfied that the applicant breached any of Defence’s IT policies. I might add that if Defence wants to make using search engines such as Ixquick in itself a sackable offence it needs to make sure this is clearly spelled out in their policies. The applicant’s use of an anonymous search engine was not - in the circumstances - a valid reason for his dismissal.

[94] There were a number of problems with the investigation carried out by the respondent, to some of which I have already alluded. One concern is that the reasons that were eventually used to justify the applicant’s dismissal were significantly different from those that were put to him in the NOSM. This is important because this was the applicant’s primary opportunity to respond to the allegations against him. The three allegations were that:

[95] By the time of his dismissal, the figure of 1822 website visits per day had been abandoned. Ms Pokoney did however still refer to excessive internet browsing (which she defined for the first time in the intent to sanction document). The downloading/uploading of unapproved software called an Anonymizer to conduct and mask internet search activities, and the deliberate use of an Anonymizer to hide a number of internet search activities, had changed to using an anonymous search engine.

[96] The actual reasons for the applicant’s dismissal were not provided to him until the notice of intent to sanction on 3 July 2013. Importantly, by this stage Ms Pokoney had made her findings about what had occurred and that the Code had been breached. A proper reading of the document indicates that the applicant was being asked to comment on the issue of what sanction, if any, should apply - not whether the reasons for the proposed sanction of dismissal were valid. It is clear from reading the document that that had already been determined by Ms Pokoney.

[97] I find that the applicant was notified of the reasons for his dismissal - but not until the notice of intent to sanction. Because of the nature of that document he was not given an adequate opportunity to respond to those reasons (rather than being given an opportunity to comment on the proposed sanction.)

[98] The issue of having a support person present at any relevant meetings does not arise because there were no such meetings. The dismissal did not concern the applicant’s work performance.

[99] The Department of Defence is one of the largest employers in the country and it could reasonably be expected that it would approach allegations of serious misconduct in a relatively sophisticated way. That did not happen in this instance. The investigation into the applicant’s alleged misconduct, and the process used to dismiss him, was an extraordinarily drawn out affair. It was both amateurish and unfair. I accept that the Defence IT Security Operations area had some reason to be concerned about the way the applicant was using the internet. What I fail to understand however is why the issue was not brought to the attention of the applicant’s immediate manager to enable a sensible discussion with the applicant to take place. Instead a bureaucratic process was put in train that appeared to take on a life of its own.

[100] Having regard to all these factors, I find that the applicant’s dismissal was harsh, unjust and unreasonable.

[101] I do not have enough information before me to make a decision about what remedy would be appropriate. The matter will be re-listed to consider the issue of remedy.

SENIOR DEPUTY PRESIDENT

Appearances:

D Gmitrovic on his own behalf

D Gardner solicitor for the Respondent

Hearing details:

2014

Sydney

5, 7 March

Final written submissions:

24 April 2014

 1   PN254

 2   PN256

 3   PN265

 4   Exhibit D6, tab B

 5   Exhibit D3, tab B

 6   Exhibit D3, tab C

 7   Exhibit D3, tab D

 8   Exhibit D3, paragraph 11

 9   Exhibit D3, tab E

 10   Exhibit D6, tab E

 11   Exhibit D6, paragraphs 9-12

 12   Exhibit D6, tab H

 13   Exhibit D6, paragraph 11

 14   Exhibit D6, paragraphs 13-20

 15   Exhibit D6, tab J

 16   Exhibit D6, tab L

 17   Exhibit D6, tab M

 18   PN284

 19   PN286

 20   PN287

 21   PN333-342

 22   PN353

 23   PN355

 24   PN356 -357

 25   PN362-363

 26   PN373

 27   PN597

 28  PN599

 29   PN607

 30   PN608

 31   PN612-614

 32   PN616

 33   PN711

 34   PN1343 of the

 35   PN658

 36   PN782

 37   PN707-708

 38   PN714

 39   PN1299

 40   PN1259

 41   PN1274

 42   PN1310

 43   PN1638-1639

 44   PN1650

 45   PN1622

 46   PN1665-1670

 47   PN1698

 48   PN1842-1846

 49   PN1863

 50   PN12847-1850

 51   PN1865

 52   PN1921

 53   PN2000

 54   PN2003

 55   Exhibit D5, tab B

 56   PN2016-2017

 57   PN2024

 58   PN2035

 59   PN2035

 60   Exhibit D5, tab C

 61   PN2048-2051

 62   Exhibit D, tab D

 63   PN2068

 64   PN2071

 65   PN2151-2152

 66   PN2154

 67   PN2157-2159

 68   PN2173-2175

 69   PN2176-2180

 70   PN2272

 71   PN2286

Printed by authority of the Commonwealth Government Printer

<Price code G, PR548490>