[2014] FWC 1637 |
FAIR WORK COMMISSION |
DECISION |
Fair Work Act 2009
s.394 - Application for unfair dismissal remedy
Mr Darko Gmitrovic
v
Australian Government, Department of Defence
(U2013/3166)
SENIOR DEPUTY PRESIDENT HAMBERGER |
SYDNEY, 13 JUNE 2014 |
Application for relief from unfair dismissal.
[1] Mr Darko Gmitrovic (the applicant) made an application on 20 September 2013 under s.394 of the Fair Work Act 2009 (the Act) seeking an unfair dismissal remedy in relation to the termination of his employment by the Commonwealth Department of Defence (the respondent). The matter was referred to me for determination and hearings were held on 5 and 7 March 2014. The applicant represented himself and the respondent was represented by Mr Darren Gardner (Maddocks Lawyers). Following the hearing, the parties filed written submissions.
[2] The applicant gave evidence on his own behalf. The following gave evidence on behalf of the respondent:
● Ms Jacqueline Stores (Assistant Director, Conduct Performance and Probation);
● Ms Carolyn Bolling, (Acting Assistant Director, ICT Security Analyst, ICT Security Branch); and
● Ms Danielle Pokoney, (Assistant Director, Conduct, Performance and Probation, Values, Behaviours and Resolutions Branch).
The Applicant
[3] Prior to his dismissal, the applicant was employed as a Senior Regional Information Officer 1 (APS5) inter alia to:
● oversee the management and local operation of the Defence Estate Management System (DEMS); 2
under limited direction manage the facilities electronic/graphical database and technical library;
undertake Total Quality Management procedures and audit for all facilities databases and libraries; 3
manage and coordinate the building survey program; and
liaise both orally and in writing with clients, stakeholders and industry on issues relating to DEMS, and maintain the facilities databases and the Technical library. 4
The Referral from ICT Security Operations
[4] On 27 June 2012, Mr Joshua Harrison-Brown (Policy Violation Officer, ICT Security Operations) sent a minute to Ms Stores. The minute said that it had been reported to the Directorate of ICT Security Operations that Mr Gmitrovic's account had been identified as using an ‘Anonymous Search Engine to hide search activity on the Defence Restricted Network (DRN).’ The minute indicated that this activity may have contravened Defence Policy. It also said that it was possible that Mr Gmitrovic had attempted to hide his internet activity by deleting system cookies at the end of each day. The minute indicated that connections had been made to an ‘anonymizing’ search engine tool. Also included with the minute was a CD-ROM containing data from the applicant’s account ‘as at the time of capture, 30th March 2012’ including the accumulated internet history from 8/1/2012 till 2/4/2012, as well as a folder with user logon times, and screenshots showing changes in the applicant’s cookies folder. Attached to the minute was a document headed ‘Investigation Report’ which, inter alia, said that ‘the activities of the individual ... may breach the following:
‘In accordance with the DRN ISSPP
Quote
78. Security incidents. A security incident is considered to be any event which compromises, or has the potential to compromise, the confidentiality integrity or availability of the DRN and its data holdings. DRN users shall consider any occurrence of the following to be potential security incident involving the DRN:
s. Any perceived or real compromise of data or DRN infrastructure.
Unquote
In accordance with the (DI(G) CIS 6-1-001
Quote
19. The following paragraph provides a non-exhaustive list of categories of conduct which Defence Personnel and External Service Providers must not engage in, and therefore the types of conduct which constitute inappropriate use of Defence ICT Resources. Examples of the types of activities which are considered to fall within these categories are provided to assist in determining what is inappropriate use of Defence ICT and therefore subject to disciplinary/administrative action against the user.
20. Use of Defence ICT Resources by Defence Personnel or External Service Providers must not:
f. Be wasteful of time and Defence ICT resources:
(1) examples relating to this category include where Defence Personnel or External Service Providers:
(b) subject to paragraph 29, excessively use non-government related sites. This includes Web surfing and sustained accessing of non-work-related internet content;
i. Use Defence ICT Resources to engage in dishonest, deceptive or malicious practices:
(1) examples relating to this category include where Defence Personnel or External Service Providers:
(a) are involved in the renaming, masking or locking from view any unauthorised files (e.g. to penetrate automated gateway filters or in an endeavour to hide their true content);
(b) are involved in the masking of a sender's identity from Defence investigators;’
[5] In an annexure to the minute it was noted that the user had been seen browsing several real estate websites. It also made specific reference to ixquick.com which it described as a ‘secure and private search engine tool’. It said:
‘The search engine acts like an anonymizer in that when the user searches, their search terms and results are hidden behind a secure connection mean we cannot see what has been searched.
The only difference between the search tool and an anonymizer is that when the user clicks on a search result and is taken to the webpage, they leave the secure connection and viewed websites become visible in the internet blogs.’
[6] The minute also included a discussion paper which ‘summarised the threats posed by tools such as an Anonymizer, or a Proxy Service.’ It included the following general definition:
‘An anonymizer or an anonymous proxy is a tool that attempts to make activity on the Internet untraceable. It is a proxy server computer that acts as an intermediary and privacy shield between a client computer and the rest of the Internet. It accesses the Internet on the user's behalf, protecting personal information by hiding the client computer's identifying information.’
[7] Under the heading ‘ Threats Posed’ the discussion paper continued:
‘By using an anonymizer, the user is able to bypass the majority of Defence Network Safety Protocols that provide a layer of protection to the Defence Restricted Network. With many of the network defences rendered useless, the user is then able to browse any website at their leisure, as well as visit chat sites, forums, blogs and other social media websites and streaming services. By hiding behind the anonymizer proxy, the user is able to upload as much data as they wish to any source on the Internet, in majority of cases without Defence being able to see what is being said, or the user is providing information to. It also allows the user access to a broad range of inappropriate material, including pornography and webmail, without the normal Defence Gateway filters capturing and reporting dangerous, inappropriate or illegal activity.
In general terms, an anonymizer allows a user to view anything they desire on the Internet while logged into the DRN, all while hiding the activities that he/she does not want Defence to know about, raising alarms of suspicion concerning the user's activity and therefore preventing the ability to judge whether the activity is careless or malicious e.g. uploading sensitive data from the DRN to direct sources. Discussing classified information through the means of chat, blogs and social media sites. Viewing inappropriate material and visiting websites that are potentially harmful to the Defence Network.
[8] The paper then discussed ‘ Examples of Anonymizers’:
● General Proxy Service (home made)
User is able to browse the Web and bypass filters, however due to the difficulty in building an actual ‘Secure’ proxy at home, traffic can usually be seen through the program " Packet Ninja", which displays extended information on the user's Internet browsing logs, such as IP Address, images and files associated with the websites, website home address and actual link visited.
● Secure Proxy Service
Secure proxy services are able to hide the Web addresses and traffic that the user is searching/visiting. It is easy to tell when a user is using such tool, as all traffic will display the same web address for each website the user accesses through the tool.
● Proxy Search Engine
We have recently come across a new type of anonymizer, which was in the form of a search engine. The user is able to access the Anonymous search tool, and enter their desired search terms. The results are then displayed within the website's own webpage, as if looking through a window at the results. Because the information is displayed behind their web page, the information is hidden behind the proxy they have in place.
Effectively, the user can search for inappropriate materials and view them as thumbnails like when viewing Google images, all while being hidden behind the "web page/proxy."
[9] The paper concluded with the following:
The use of anonymizers is a deliberate attempt by an individual user with the sole purpose of rendering them anonymous to network administrators and network security tools. It is activity contrary to DI(G) CIS 6-1-001 as it may contravene the appropriate use of Defence ICT resources in some or all of the following:
[10] On 19 July 2012, Ms Stores determined that further investigation was warranted and allocated the matter to Ms Kirsten Mahoney, case officer. Ms Mahoney reviewed the material and prepared an initial case summary in late July/early August 2012. That summary included the following under the heading ‘ allegation/issue/code’
‘On the 18 July 2012 Mr Joshua Harrison-Brown, Policy Violation Officer, ICT Security Operations, referred an alleged inappropriate use of ICT resources by Mr Darko Gmitrovic, Information Officer, Defence Support Operations NNSW. It is alleged Mr Gmitrovic has been identified using an anonymous search engine to hide search activity on the Defence Restricted Network (DRN) attempting to hide his internet activity by deleting the system cookies at the end of each day. Mr Gmitrovic is also seen excessively browsing several website hosting services throughout the day.’
[11] The initial case summary continued under the heading ‘Notes/Considerations’
‘An anonymizer or an anonymous proxy is a tool that attempts to make activity on the internet untraceable. It is a proxy server computer that acts as an intermediary and privacy shield between a client computer and the rest of the internet. It accesses the internet on the user's behalf, protecting personal information by hiding the client’s computer identifying information. An anonymizer allows a user to view anything on the internet while logged into the DRN. It hides activities that a person would not want Defence to know about, raising the question as to why Mr Gmitrovic was using the anonymizer to conduct searches.
Mr Gmitrovic was able to bypass the majority of Defence Network Safety Protocols that provide a layer of protection to the Defence Restricted Network (DRN). With many of the network defences rendered useless, Mr Gmitrovic would be able to browse any website at his leisure as well as chat sites, forums, blogs and other social media websites and streaming services. By hiding behind the anonymizer proxy he is able to upload as much data as he wishes to any source on the internet without Defence being able to see what is being said or to whom the communication is with. Mr Gmitrovic would have the option to view a broad range of inappropriate material, including pornography and webmail without the normal Defence Gateway filters capturing and reporting dangerous or illegal activity. ICT Security have now disabled Mr Gmitrovic's access to the anonymizer but he continues to browse the internet excessively.’ 6
[12] This summary was given to the delegate, Ms Pokoney in mid-August 2012. On 23 August 2012 she hand-wrote the following after indicating that the investigation process should proceed:
‘I find the behaviour (alleged) of Mr Gmitrovic to be highly concerning and suspicious. That is, if Mr Gmitrovic is searching the Internet using anonymizers, what is it that he needs to "hide"?
Aside from the potential threat that Mr Gmitrovic's actions have on the Defence IT Network, I am greatly concerned at the volume of data that has been obtained from his internet usage in only a matter of months. As an aside, are there any performance issues as Mr Gmitrovic appears to be spending the majority of his days on the internet. Is he producing against his PFADS? Please proceed to NOI. Thanks heaps!’ 7
[13] Even though Ms Pokoney was then the delegate, Ms Stores signed the Notification of Commencement of Investigation into Suspected Misconduct on 27 August 2012. She did this instead of Ms Pokoney because the latter was on leave at the time. 8 The ‘Notification’ was sent to the applicant. It told him that certain matters had been referred to Ms Stores for consideration relating to allegations of inappropriate use of Defence ICT resources. While the applicant was told that Ms Stores might be required to determine whether his conduct had in fact breached the APS Code of Conduct, the nature of the allegations was not identified. The applicant was advised that Ms Mahoney would be investigating the matter.9
[14] On the November 2012, Ms Pokoney sent a Notification of Suspected Misconduct (NOSM) to the applicant. This advised him that Ms Pokoney had been appointed to determine whether or not he had engaged in conduct which breached the APS Code of Conduct. The section headed ‘Background’ included the following:
‘As you are aware, this office received a referral from Information and Communication Technology (ICT) Security Operations, notifying of your alleged inappropriate use of Defence Restricted Network (DRN), specifically, your use of an anonymous search engine (Anonymizer) to hide search activities on the DRN and your excessive Internet use.’
[15] Under the heading ‘Suspected Misconduct’ it included the following:
‘It is alleged that:
a) between January 2012 and May 2012, you have accessed non-work related Internet sites excessively, averaging up to 1822 website visits per day (note this number contains multiple visits to the one site) ...
b) you downloaded/uploaded unapproved software onto the DRN called an Anonymizer to conduct and mask your Internet search activities...
c) you have deliberately used an Anonymizer to hide a number of your Internet search activities, therefore bypassing Defence Network security tools. The risk posed to the DRN by your actions allowing you to transmit and receive unsolicited data is significant.
d) Your use of the Defence computer system is in contravention of:
- DIMPI 5/2001 - Defence Information Environment Provision of Defence Email and Internet Services.
- DI(G) CIS 6-1-001 Appropriate and Inappropriate use of Information and Communications Technology Resources;
- Information Systems Security Practices and Procedures DRN (I S SPP)...
Note: due to the large volume of material contained on your Defence Restricted Network account "darko.gmitrovic” a CD-ROM containing your ‘Internet logs from January 2012 to May 2012 is attached ...’
[16] The NOSM listed a number of elements of the APS Code of Conduct which it was suggested might have been breached. The range of sanctions that could apply where a breach has occurred was outlined. The applicant was advised that he had until 14 December 2012 to provide a written response in relation to the allegations. 10 The applicant was subsequently given an extension of time within which to respond. He provided his written response on 17 December 2012.11
[17] Mr Gmitrovic provided a lengthy response. He stated that:
‘None of the evidence mentioned in [Mr Harrison-Brown’s] minute has been submitted. It is my right to assume that it has been found invalid and not for consideration. The allegations put to me in the Notification of suspected misconduct minute differ significantly from the original allegations in the previous minute. In any event, this investigation should be dismissed on the grounds that it violates the Natural Justice principle as I have been denied the access to complete evidence and accusations made against me.
Due to the fact that none of the allegations made by Mr J Harrison-Brown have been mentioned in the Notification of suspected misconduct minute my conclusion is that there is absolutely no evidence of any wrong-doing allegedly committed by myself.’
[18] Most of the rest of the response focused on the allegation referred to in a), i.e. ‘between January 2012 and May 2012, you have accessed non-work related Internet sites excessively, averaging up to 1822 website visits per day (note this number contains multiple visits to the one site)’.
[19] Mr Gmitrovic said:
‘A quick glance by those who know what they are looking at dismisses it at once.
Firstly, that would mean that I have spent 14.9 hours every day clicking on all those links. If we accept the shortest average a person spends on internet, which is 24.4 seconds, and another 5 seconds to open an average link (and some studies state the duration of average visit to a page to be up to 45 seconds), that would mean that I would have to spend 14.9 hours daily browsing the web. To do so I would have to start before 0700 and is very well after 1800, which in Defence Plaza Sydney is not possible due to stringent adherence to access times to the building and security sweeping the floors after 1800 to make sure everyone has left the building.
The next fact that dismisses this allegation is found in the links themselves. Anyone who understands the internet and technologies behind it will recognise majority "links" to actually be the advertising, statistical, crawling, spying and other similar sites that listen, track and record the browsing on the internet.
It would be exhausting on the reader to go through each and every line in the spreadsheet so I'll draw examples from randomly selected April summary to illustrate the point.’
[20] Mr Gmitrovic then went on to show how opening a site was associated with opening up ten other sites.
‘Now, if we observe the access times, we will see that they are all almost simultaneous, and just about all of them are accessed several times within a few milliseconds. I might be a fast clicker, but even if I could click ten or twenty times per second, I would still have to wait for each link to open up before I could click on the next. This is simply not humanly possible.
And the reason is that these are automated links that often do not even belong to the site visited. Many companies today listen and track the traffic on the internet when we opened a link, these multitudes of intruders and (commercial or otherwise) spies are recording our browsing, scan our computers and collect data they are interested in.
This is almost inevitable consequence of the internet. It happens to all of us the moment we open external link to any site. Internet is a marketplace and many companies are investigating what the potential customers are doing in order to reach their target groups easier.
Most of this tracking, advertising, and scanning of internet nowadays happens in a number of different ways and those who are keen to harvest the data from our computers have found ways to bypass many of controls available to prevent them from intruding into our privacy. One significant and hard to stop technology is programming their scanning, tracking, recording advertising etc activities into a java and java script codes, reducing their reliance on cookies to detect and penetrate computers and/or computer networks connecting to the internet. The code being built-in the pages is almost impossible to avoid, and it will inevitably result in the above internet log.’
[21] To illustrate his point, Mr Gmitrovic showed how the data log submitted with the NOSM showed him accessing one particular site 172 times in the period of one hour. He also visited another site 194 times in the same period. He went on:
‘In fact, I was quite busy in that one hour, clicking in total 577 times, according to the spreadsheet. Am I really that fast as I can pick 577 times in just under an hour for just that one single site, and still have plenty of time to visit the other two?
Of course not. As I said, these are the tracking sites that listen to the internet and connected computers without consent, and permission of people who are being tracked. And we are all tracked on the internet.’
[22] Mr Gmitrovic then gave other examples where the internet log included with the NOSM showed him opening one site 331 times in seven minutes.
‘The first question is why would I do that to start with? It is enough to open it once. In my opinion I would have had to be mentally disturbed to spend 7 minutes opening one and the same site 331 times. Did I not get tired and exhausted with the previous sites, opening them 557 times?’
[23] Mr Gmitrovic continued in a similar vein, showing how the log suggested him opening a large number of sites a hundred or more times in a few minutes.
‘As I said earlier, nothing could be further from the truth. These are, as their own name suggests, trackers, advertising, blogging, data harvesting codes from various sites, not only the site visited, that connect to our computers the moment we open what we perceive a legitimate link.’
[24] He then gave examples of social media sites that the internet log showed him visiting, which were in fact blocked by Defence internet filters.
‘Have I found a way to "visit" them anyway, according to the allegations? No.
As I have already explained, these sites are actively scanning and recording the internet. Or they may have some form of partnership/link-exchange etc, which they then used to penetrate more computers on the internet for their data-harvesting activities, which are activated when we open the link of those other sites, which are deemed to be safe and/or legitimate. Or, they may be external providers of some service to the site visited or simply have an apparently harmless icon/link back to those "social media" sites.
The reason there are so many of "visits" to "sites" recorded in internet log (in reality sub-links and/or code snippets built-in across the internet) is that they have automatic refresh that allows them to record our activities while browsing the web. Using cookies to detect any changes in our browsing, they refresh themselves on our computer in order to capture these changes.
If anything this investigation highlights not my excessive use of internet but the holes in Defence's protective measures when it comes to internet and DRN network. The allegations that I might be receiving and/or sending unsolicited material is outrageous, to put it mildly. Absolutely no evidence was offered to support that allegation. It is pure speculation in absence of any evidence of such wrong-doing.
[25] The applicant then dealt with the specific allegation that ‘you downloaded/uploaded unapproved software onto the DRN called an Anonymizer to conduct and mask your Internet search activities...’ He responded:
‘The same goes for supposed download and upload of data and software called anonymizer. No evidence has been put forward to support and justify this allegation. In fact, if we look at the spreadsheet, the column "Upload" is completely clean, and the site anonymizer.com is not on that list.
I would not be able to download the software of such nature anyway, if Defence's blocking filters are working correctly. As the software is commercial product, I could only download it if I first paid for it, even if I went to some other site to buy it (which is impossible, as I was unable in this short period to find another site that sells it, although that doesn't mean that there may not be other sites).
[26] Mr Gmitrovic summarised his response to the allegations. In relation to allegation (a) he said that:
‘A simple analysis of the internet log contradicts this allegation and shows merely commercial traffic connected to the actual sites visited, which in the randomly selected example for the month of April comes down to almost nine times less visits than alleged. I have also shown that the allegation is based on assumptions made by a person who does not seem to have even attempted to analyse the data before making these assumptions and allegations.
I have also demonstrated that it would be physically impossible to do what is alleged due to a number of obvious constraints: hundreds of these "visits" have occurred simultaneously, have extremely short span rendering it impossible to be a human activity, are clearly not the links to any "sites" and many are the tracking software of sites that are currently blocked by Defence and I cannot possibly open these links even if I wanted.
Then there's the fact that I would have to spend 14.9 hours in the office in order to open each and every link suggested, which is also impossible due to the access times for Defence Plaza.’
[27] In relation to allegation (b) he said
‘This allegation does not even cite any evidence in its support. As such it is a hearsay, completely unfounded and untrue. As I have explained above, my DRN profile settings do not permit any such thing, and the software, correctly spelled Anonymizer, is a commercial software that I would have to pay for first, before I could download it...’
[28] In relation to allegation (c) he said:
‘This allegation further labours on the previous and, just as the previous allegation, it does not offer any evidence to support it. As I have not seen any proof of the alleged download and upload of the said Anonymizer software, let alone of my usage of that software, I deny any wrong-doing as put to me in this allegation.’
[29] The applicant concluded by saying in relation to allegation (d):
‘As the previous allegation has violated my basic rights expressed in the principle of natural justice, which states that it is my right to be presented with and have the access to the evidence that is used as the basis for allegations made against me, this allegation too is no more than a hearsay and assumptions made without regards the facts. It too fails to provide any evidence of wrong-doing. Merely listing the rules and regulation does not constitute any misconduct or misuse, especially when the previous allegations are clearly an ill-constructed collection of unfounded guesses and assumptions resulting from lack of basic understanding and knowledge of the matter in question, as I have demonstrated in my analysis.’ 12
[30] According to her written statement, Ms Pokoney said that on reading this response she formed the view that she would need to seek clarification from Defence’s ICT Security Operations team in Canberra about the IT issues the applicant discussed, as this was not her area of expertise. She also formed an impression that the applicant was dismissive of the NOSM and the seriousness of the matters raised for his comment, and was ‘disrespectful’ of the disciplinary process. 13
[31] Ms Pokoney and Ms Mahoney met with Mr Michael James, Audit Manager, National Security Operations, and Mr Harrison-Brown on 8 February 2013. Following this meeting Ms Pokoney sent an email on 14 February 2013 asking for help with understanding Mr Gmitrovic’s response. It was not until 29 April 2013 that Ms Pokoney received an email from Ms Bolling providing her advice. 14
[32] With regard to the applicant’s analysis of the allegation that he had visited 1822 sites per day, on average, Ms Bolling commented: ‘In his argument against this figure alone he is quite correct, however if you take his usage down to just the sites visited (rather than include all the ‘add-on’ sites as well his browsing is still excessive. The main point that we are concerned with though is not the excessive browsing but the use of anonymizer sites.’ [Emphasis in the original]
[33] With regard to the second allegation, Ms Bolling said that:
‘Annex A and B in the date originally provided to you outlines the anonymizer use, the main use was through ‘Ixquick.com:443’. This is not software, this is an online utility that allows a user to go to that site, then from there perform further internet searches through a ’secure’ or hidden portal. It states on the main page of the site that it is ‘Ixquick -the world's most private search engine’ the Google description of the site states that ‘search anonymously with Ixquick search engine’. As such I find it a little difficult to fathom that a member who can outline the internet searching protocols with as much detail as he has here did not realise that a site described as above was not an anonymizer.’
[34] Ms Bolling reiterated that ‘1822 sites per day was incorrect’ and not a figure given by ICT Security Operations, though she added that ‘we have his logs, from which his actual browsing can be identified and this was still considered excessive against Defence's reasonable use policy. Again though the main issue is the anonymizer use and this is not addressed by Mr G at all.’
[35] Ms Bolling noted that:
‘You don't have to download or install anonymizers, they not software but rather sites used through the internet. Mr G did frequent and utilise these, as seen in his internet logs. This activity caused alerts on our system which prompted our report.’ 15
[36] After reviewing this advice, Ms Pokoney prepared a notice of Intent to Sanction on 3 July 2013. According to her statement, this reflected her finding that the applicant's conduct amounted to a breach of the APS Code of Conduct.
[37] In this document, Ms Pokoney stated:
‘ An investigation was undertaken into allegations that you had inappropriately used the Defence Restricted Network (DRN), specifically by accessing anonymous search engines (Anonymizers) to hide your search activities and excessively using the Internet. Upon review of the material provided to me in relation to this matter, including your response to the Notification of Suspected Misconduct, as Delegate of the Secretary, I have determined that you have breached the Code.’
[38] Ms Pokoney specifically referred to a number of sections of the Code, including the requirement to behave honestly and with integrity, to act with care and diligence, to comply with any lawful and reasonable direction, to use resources in a proper manner, and to act in a way that upholds the APS values and integrity and good reputation of the APS, particularly with regard to the highest ethical standards. She indicated that she was of the belief that termination of employment was warranted.
‘After reviewing the evidence and information/advice available to me in relation to this matter, I am of the view that the sternest of sanctions may be warranted, particularly as you have not displayed any level of appreciation for your actions or the potential ramifications of your actions.
Furthermore, I note that you have chosen to approach your response to the NOSM with a sense of arrogance and condescension. This is extremely disappointing, particularly given the advice I have received from ICT Security Operations (our ICT technical experts), and the fact that this matter was referred to CPP by the Department’s ICT Security Operations Directorate (as this matter was initiated by their detection of your anonymizer use).
I feel the sanction that I propose must communicate the seriousness with which the Department views your actions and address the significant risk your actions have posed to the Defence Restricted Network. The sanctions must also be stern enough to clearly articulate the seriousness of this process and the fundamental need for you to respect, understand and most importantly comply, with departmental requirements.’
[39] Ms Pokoney indicated that she was seeking the applicant’s comments on whether a sanction was warranted, the level of sanction that should apply, any mitigating circumstances that should be considered, and any other matters that the applicant considered relevant to the imposition of a sanction. She stated that she had determined that the APS Code of Conduct had been breached and that if the applicant wished to seek a review of this decision he would have to apply in writing to the Merit Protection Commissioner.
[40] Ms Pokoney attached to the document, the reasons for her decision. With regard to the first allegation she said that ‘ it appears that the "averaging up to 1822 website visits per day" figure initially alleged was incorrect. Regardless of that, I do consider that the allegation between January 2012 and May 2012, you have accessed non-work-related Internet sites excessively remains valid’. She indicated that she relied on ‘DI(G) CIs 6-1-001 Appropriate and Inappropriate use of Information and Communications Technology Resources.’
[41] Ms Pokoney also provided an analysis from ICT Security Operations of the applicant's Internet logs to provide specific examples in relation to the duration of his browsing actions. There were seven examples given between 9 February and 2 April 2012. These were:
[42] ICT Security Operations had told Ms Pokoney that ‘Defence members are allowed the internet for their work requirements and for ‘reasonable personal use’ which is generally considered to be use through a member's lunchtime or short durations to complete urgent personal tasks such as banking. To determine the work requirement you would have to discuss with the members chain of command, however the browsing supply seems to be excessive even allowing for some work requirement. This is suggested against the time and duration of internet sessions and the type of sites visited.’
[43] Ms Pokoney commented:
‘I am disappointed that you have chosen to present your response to this allegation with such an arrogance and condescension. Rather than actually responding to the allegation, providing any sort of mitigation/explanation or demonstrating any sort of remorse for your actions, I am saddened that you have instead focused on arguing the calculation of the 1822 figure (which I appreciate may not be correct), and have not appeared to accept any level of responsibility or sought to remedy your actions.
Furthermore, it can be identified from the ICT Security Operations Internet logs and the ongoing advice I have received from ICT Security Operations that you have spent, what I would consider to be an excessive amount of time browsing the internet. This view is shared by ICT Security Operations as they explicitly stated in the Investigation Report referred to CPP that ... User is seen excessively browsing several website hosting services throughout the day ...
My "excessive" determination is also confirmed by the duration of your browsing activities (i.e. - 4 hours and 30 minutes on one day - 30 March 2012). This covers more than half that particular working day and I can see no definition other than excessive to cover such internet browsing activities on a single working day.’
[44] In relation to the second allegation, Ms Pokoney said:
‘I must highlight at this point that the allegation presented to you referred to you downloading/uploading unapproved software. ICT Security Operations have since advised me that an anonymizer is not a piece of software. A user accesses an anonymizer like they would any website. Specifically their advice indicated that ... You don't have to download or install anonymizers, they are not software but rather sites used through the internet. Mr Gmitrovic did frequent and utilise these, as seen in his internet logs. This activity caused alerts on our system which prompted our report ...
Regardless of my erroneous terminology, I am of the view that your use of anonymizer/anonymous search engines is a significant issue, considering the security risks such action poses to the DRN (and as an extension National Security) and as such, cannot be discounted through a mere error in my understanding of the technical specifics around this issue.’
[45] Ms Pokoney also commented:
‘The fact that you also went to the effort of deleting your system cookies at the end of each day (something which I am advised is not automatically done on DRN workstations) lends me to the view that you have been engaging in deceptive conduct, specifically in relation to your DRN use (and misuse). It appears to me that you have utilised your IT capabilities to attempt to mask your internet activities and "cover your tracks".
[46] Mr Gmitrovic responded on 26 July 2013 with a brief email saying he did not agree with the allegations, denying that he had breached the Code of Conduct and indicating he would ‘vigorously pursue all legal options to find out what and/or who is behind this, and clear my name of imputations and labels that the decision is trying to impose on my name.’ 16
[47] On 29 August 2013 Ms Pokoney sent the applicant a ‘Determination of Sanction’ indicating that he was to be dismissed. In the attached statement of reasons Ms Pokoney said that she was disappointed that the applicant had continued to fail to take any responsibility for his actions in the matter. She denied that she had denied the applicant natural justice.
‘In the interests of maintaining transparency throughout this process, I clarified my errors in writing (regarding the 1822 website visits per day and the incorrect terminology used regarding the downloading/uploading of unapproved software) and advised you that I do not consider that the errors I made in presenting the allegations to you negated the validity of those allegations. Nor did they negate the validity of the allegation presented to you regarding your use of anonymizer sites. I remain of that view.
I am concerned that as an employee with a higher than basic understanding of the Departmental ICT environment (necessitated by your substantive Senior Regional Information Officer role), you have demonstrated no accountability for your actions and have displayed no remorse or appreciation for the seriousness of your actions. You have instead chosen to deflect the blame and have attempted to ignore and discredit the evidence presented to you.’ 17
[48] During his cross examination the applicant said that he had a ‘very deep and solid’ knowledge of IT systems. 18 He agreed that his access to the DRN, including Internet and e-mail, was primarily provided to carry on his job.19 He also agreed that there was permission for reasonable personal use on the condition that it was not inappropriate use.20
[49] The applicant said that he had to use the Internet as an essential tool of doing his job. This included accessing certain external sites. 21 He needed to be on the Internet the whole day for work.22 He did agree that during the day, in his ‘spare time’ he would access non-work-related sites on the Internet.23 This included sites accessed to keep his IT knowledge up to date.24 He would often open sites, and leave them open while he undertook other tasks. Thus a site could remain recorded as if he was looking at it for four hours, even though he was doing something else at the time.25
[50] The applicant implied that almost all the sites he looked at had information that he used for work. When it was put to him that he had looked at a number of real estate sites he responded that his agency was involved in:
‘maintenance of real estate equipment, electronics, hydraulic, building new buildings, removing old buildings and stuff. There is a lot of information that you can pick up when it you're looking for something from the real estate websites. The main reason why we all - not only me - if you look at my colleagues, they were all looking at real estate websites. The main reason: we didn't have money to collect the aerial photos every six months. So our aerial photos quite old. Real estate websites have, among other things, that are useful to us ... they have ... aerial photos, satellite aerial photos, with very high resolution. So if you needed to know what's going on on a particular site because some buildings had been removed, if you look at the Defence’s collection which is probably 5 to 10 years old, the buildings you are looking at probably didn't even exist when you started working ...
... So you're saying the real estate sites you were looking at were actually for work? - 95 per cent of it.’ 26
[51] The applicant was asked whether he ever used Scroogle as a search engine when he was at work. He replied:
‘As a security conscious person, because it's a part of my job as well, I looked for ways to protect the system from the external trackers and the spying software that is filling the Internet to the brinks. Scroogle is one of those - was one of those searching engines that allowed you to search for something in a way that Google or Baidu or whoever is listening to the Internet traffic cannot detect what it is that you are looking at.’ 27
[52] The applicant said that no one had ever told him that he should not use sites like Scroogle. 28 Indeed he was never told that he should not use an anonymizer search engine.29 He said that ‘In the rules, search engines are actually allowed websites. So from my perspective I wasn't doing anything wrong. I was simply looking for a safe search engine that would allow me to search Internet without advertising to the world - and there's a lot of nasty stuff going on on the Internet, so I was trying to protect Defence because whenever you connect to the Internet, whatever the site, your opening the system - no matter how well protected it is, your opening the system to the external world.’30
[53] The applicant also said he used the search engine Ixquick. When asked why he did this he responded:
‘For the particular reason whatever you as my client come and ask me and I have to provide some information for it and there is nothing in our library, either at electronic or physical because I have two libraries on my shoulders and I have to provide some sort of information and I have no idea what you're talking about, I have to go out in the world and look for it. To hide Defence from people looking at what is that Defence is looking for, I would use the search engine that would mask my behaviour on the Internet ... Ixquick stands between you and Google ... Google will give you the search hits but will never know that it was you because Ixquick is standing between you and them. So Google thinks it's Google Ixquick looking for it, not Department of Defence in Australia.’ 31
[54] The applicant said that using Ixquick would not prevent Defence from knowing what sites had been looked at as it placed cookies to enable it to follow/monitor the use of Internet or your computer during the working day. He added:
‘So you cannot really hide anything from Defence, as we can see, because the log is really long, isn't it? The log is thousands and thousands of hits.’ 32
[55] He said that he used an anonymous search engine because he did not want the external ‘sniffers’ to penetrate Defence's system. 33
[56] The applicant said that he was not using an ‘anonymizer’, because you knew what he was doing on the Internet. The only thing was that he was using the search engine to hide his IP from where the search results were coming from. 34
[57] The applicant said that the log demonstrated that using search engines such as Ixquick does not delete one’s browsing history. 35 Using such search engines ‘cannot hide what sites I am visiting. I can only hide the IP address of my computer to external sniffers, trackers, spies, whatever.’36 He acknowledged that Ixquick has a proxy search function that provides extra protection, however he said that such servers were not allowed in Defence and were blocked automatically.37 ‘... in my profession it is common knowledge that proxy systems make you completely invisible to the systems and of course we can't have that in Defence because in that case everyone could go on whatever sites you want and no one would be able to see. Of course Defence does have appropriate filters to stop any such software from being used on Defence system. It is just impossible. The link is there but you can't go to it.’38
[58] When it was put to the applicant that Ixquick had been blocked by Defence, and that Defence did not consider it a benefit for people to use it, he responded:
‘It looks like that and I think that that's wrong because it's a really, really good tool to protect yourself. Ixquick has twice now been awarded the highest privacy protection award from European community parliament. So it's not all bad as it seemed on the surface. There is absolutely no evidence that I did anything wrong using Ixquick, other than you didn't see the words that I typed in. That's not crime because any good Webmaster or network administrator will get my search term, as I said, from the first entry on the list of hits because that's what has exactly the word that you are looking for.’ 39
[59] The applicant when asked about deleting cookies, said there was no policy preventing staff from doing this, and it was an option that was freely available in Internet Explorer. This was something done by other IT professionals. 40 He saw it not as ‘paranoia’ but as a good security practice.41 He only deleted the cookies at the end of the day which meant that the administrator knew exactly what he was doing.42
[60] Mr Gmitrovic accepted that it was legitimate for Defence ICT to be able to openly monitor and view all his internet activity whilst using the Defence Restricted network - indeed he said it was their duty. 43 He agreed that ICT was reporting something that looked suspicious.
[61] Mr Gmitrovic rejected the proposition that it would have been ‘ethical and honest’ simply to apologise and accept that he had misused defence resources with excessive personal internet browsing. ‘No, because the security actually agreed with me on all the points that I raised, so there was nothing to confess that needs honesty and ethically because what was alleged is not what happened.’ 44
[62] The applicant also rejected the proposition that it would have been ethical and honest for him to just accept that he was trying to hide his searches using an anonymizer. He said that he had never denied using a search engine. Under Defence rules, search engines were appropriate websites. ‘As such, I had no reason to believe that that particular website was any different from any other search engine because it was not blocked, it was available on the DRN and because the search engines are proper websites, and I was not using the proxy ... I had no reason to believe that I was doing something that constituted a notifiable breach.’ 45
[63] The applicant conceded that he had not told Ms Pokoney about using the anonymous search engine because this is not what had been alleged. While it had been mentioned in Mr Joshua Harrison-Brown's paper it was never actually put in the allegations. He had seen that it was mentioned that he considered that it was his duty to respond to the actual allegations against him. 46 He subsequently agreed that it may have been better if he had told his employer that he had used the search engine, even though he did not consider that this was a breach of policy or was in any way malicious.47
[64] In her oral evidence, Ms Bolling explained Defence’s concerns with anonymous search engines such as Ixquick. ‘essentially, the concern with the anonymizers is the doubt ... We don’t know the actions of the members performing behind them and we don’t know if any malicious embedded software is coming back ...’. She did however agree that while Defence would not know what search term had been entered, or the list of search results, as soon as someone clicked on a site on that search list that would become visible - at least from a standard search. 48 She said:
‘the risks of an anonymizer, to use that loose term, are manifold, but there’s obviously the risk to our network of losing traffic. We can’t see if there’s upload or even just discussion on our topics of sensitivity.’ 49
[65] Ms Bolling agreed that one could not download malware from a site just by it appearing on a search list. 50 Nor could you access Facebook using Ixquick on the DRN.51
[66] During her cross-examination, Ms Bolling agreed, when it was put to her that the allegation against the applicant in the NOSM was that he had downloaded and uploaded unapproved software into the DRN called an Anonymizer ‘that there was a bit of confusion in the initial instances of this case ...’. 52
[67] Ms Bolling also conceded that the applicant’s computer was reviewed to see if any applications had been installed and there was no evidence that the applicant had downloaded any inappropriate software. 53 She also said it was not prohibited to delete cookies on the Defence network.54
[68] Ms Bolling was asked to take the Commission precisely to the policies that it was alleged the applicant had breached. The first was the Defence Instructions General DI(G) CIS 6-1-001 - Appropriate and Inappropriate use of Information and Communications Technology Resources. 55 These were issued on 14 July 2011. According to Ms Bolling, the applicant had engaged in conduct referred to paragraphs 20 (i) (1) (a) and (b) under the heading: ‘Use Defence ICT Resources to engage in dishonest, deceptive or malicious practices’. These were being:
‘involved in the renaming, masking or locking away from view any unauthorised files (eg to penetrate automated gateway filters or in an endeavour to hide their true content);’ and
‘involved in the masking of a sender’s identity from Defence investigators.’
[69] When asked whether ‘you’re saying he masked from view an unauthorised file’ Ms Bolling replied: “Specifically no, but that there was the potential for that. Through the use of the anonymizer, an unauthorised file, say, malware, could possibly have come back to the network engineered to penetrate automatic gateway filters.’
‘... Let’s go back a bit. Before you said you wouldn’t have got any malware into the system unless he clicked on to the site? ... Unless he was using the image.
That’s right. So you’re saying that he might have done that, but you don’t know that he did this? ... Correct.’ 56
[70] Ms Bolling conceded that if he had done this it would have been the external service provider that would have been the sender and they who would have masked the unauthorised file. This would only have arisen if the applicant had used ‘the image facility’. 57
‘If he had gone in using the image facility and had gone into a site through that, their identity would be masked, that’s what you’re saying? ... True.’
[71] Ms Bolling also referred to paragraph 20(d)(1)(b) under the heading ‘Create cost impact on the Commonwealth’ which gave as an example being ‘wasteful of defence ICT Resources.’ She agreed that one person’s ‘excessive’ use would not increase the cost to Defence 58 ‘but I suppose the other factor is we’re paying them to sit there and browse the internet.’59 Another paragraph referred to ‘excessively using non-Government related sites. This includes web surfing and sustained accessing of non-work related internet content.’
[72] Ms Bolling also referred to Defence Information Management Policy Instruction 2001 which prohibits any use of email or internet access for personal purposes, 60 which had not been rescinded - though she acknowledged that it conflicted with other Defence policies that permitted ‘reasonable private use’.61
[73] The next policy referred to by Ms Bolling was the Information Systems Security Practices and Procedures for the Defence Restricted Network. 62 She referred to paragraph 38 (c) which stated:
‘Any person who has access to a Defence/Defence Industry domain or interdomain connection, will be in breach of their conditions of access if he/she ...
Attempts to circumvent the access mechanisms that have been applied to protect information and/or resources.’
[74] Ms Bolling also referred to the definition of potential security incidents involving the DRN in that document which included ‘any perceived or real compromise of data or DRN infrastructure.’
[75] Ms Bolling was asked whether there was anything that said ‘You should not use an anonymous search engine. Her response was ‘Not that directly, your Honour, no.’ 63 She was then asked ‘To know that you shouldn't use anonymous search engine, you have to think that what you're doing is that you're going into a site that masks the identity of the people you are searching, is that right? ... I suppose, yes ... So there is, as you say, nothing that specifically says not to use an anonymizer; it's more the intent and the masking that's outlined in policy.’64
[76] Ms Pokoney gave oral evidence that the applicant was given an opportunity to respond to the intent to sanction letter of 3 July 2013. He ‘was given the opportunity to comment on the sanction that was being proposed, whether or not it was, in his view, commensurate with the information that had been obtained ... Any mitigating circumstances that he wished to raise, so if any of the reasonings that was outlined in the intended to sanction document he disagreed with or had evidence which would either confirm or be contrary to the decisions in that document, that was an opportunity to raise those, and then there's a blanket any other matter that Mr Gmitrovic would have considered to be relevant to the imposition of the sanction. 65
[77] Ms Pokoney acknowledged that in the initial notification of suspected misconduct for office came up with a number of 1822 sites visited per day; however during her conversations with ITC Security Operations she came to understand that that figure was incorrect. However ITC Security Operations ‘remained supportive of the allegation that Mr Gmitrovic had excessively used the Internet or browsed the Internet.’ 66
[78] Ms Pokoney also acknowledged that initially due to her lack of understanding of what an anonymizer or anonymous search engine were technically, she alleged that it was something that was downloaded or uploaded. However her discussions with ICT Security Operations indicated that it was not a piece of software - it was a tool that you access online. She did not consider that the way she framed her initial allegation negated the validity of the allegation. ‘It was the actual use of the anonymous search engine or the anonymous searching activity was a concern.’ 67
[79] Ms Pokoney confirmed that she did not as part of the investigation talk to the applicant's supervisor or any of the people he directly worked with. When asked why she had not done so she responded, ‘My view would be that we relied heavily on the ITC Security Operations information and that it was the Internet searching activities were concerned.’ She agreed that ‘potentially’ it might have been relevant to talk to the applicant's supervisor about whether there were any problems with him completing his work if he was spending so much time doing personal activities on the Internet. She said however, that the applicant’s supervisor was located at a different site. When pressed whether it would have raised questions whether the applicant really was spending so much time on the Internet if he had no trouble getting through his work, Ms Pokoney responded:
‘No, because it was very clear to me from the ITC Security Operations liaison that extensive Internet use was a secondary issue.’ 68
[80] Ms Pokoney did however agree that despite excessive Internet use being one of the grounds on which the applicant was terminated she did not think it appropriate to find out whether it was interfering with his ability to get his job done. 69
[81] Ms Pokoney denied that the deletion of cookies was in any way a breach of policy or was inappropriate. When asked during her cross-examination whether there was any evidence that the applicant had deleted cookies to ‘cover his tracks’ she responded ‘I really don’t know.’ 70
[82] Ms Pokoney agreed that she had never put to the applicant that he spent specific periods of time in personal browsing on the Internet. 71
Consideration
[83] In considering whether the dismissal of the applicant by the respondent was harsh, unjust or unreasonable, I must take into account:
(a) whether there was a valid reason for the dismissal related to the applicant’s capacity or conduct (including its effect on the safety and welfare of other employees); and
(b) whether the applicant was notified of that reason; and
(c) whether the applicant was given an opportunity to respond to any reason related to his capacity or conduct; and
(d) any unreasonable refusal by the respondent to allow the applicant to have a support person present to assist at any discussions relating to dismissal; and
(e) if the dismissal related to unsatisfactory performance by the person—whether the applicant had been warned about that unsatisfactory performance before the dismissal; and
(f) the degree to which the size of the respondent’s enterprise would be likely to impact on the procedures followed in effecting the dismissal; and
(g) the degree to which the absence of dedicated human resource management specialists or expertise in the enterprise would be likely to impact on the procedures followed in effecting the dismissal; and
(h) any other matters that the FWC considers relevant.
[84] In his written submissions on behalf of the respondent, Mr Gardner attacked the credibility of the applicant, asserting that he was not open and honest, either in his responses to the respondent or as a witness in the Commission. Mr Gardener submitted as an example that ‘during the investigation, on the critical concern as to why he was using anonymizer search engines, the Applicant deliberately avoided any admission to the Respondent that he did use anonymizer search engines and gave no explanation of what purposes he had for using anonymous search engines while at work.’
[85] I do not agree with this assessment. The applicant is certainly argumentative. He is also very focussed on technical detail and rather literal-minded - verging on the pedantic. Accordingly when a specific allegation was put to him that he considered to be wrong his response was to deny the allegation. That is hardly unreasonable. In his responses to allegations during the investigation, and the hearings in the Commission, he not only denied the specific allegations put to him, he also provided (often copious) information why the allegation was wrong. He did not feel it was his responsibility to reframe the allegation and then justify his conduct in the context of an allegation that had not been made.
[86] For example, one of the original allegations against him was that he downloaded/uploaded unapproved software onto the DRN called an Anonymizer to conduct and mask his Internet search activities. It is quite clear that the applicant never did anything of the sort, which is what he said. It is unfair to criticise the applicant for not responding that, while he had not ‘downloaded/uploaded unapproved software called an Anonymizer’ etc., he had used an ‘anonymous’ search engine - especially when he believed that he had done nothing wrong by using such a search engine.
[87] While the applicant was (understandably) keen to present the facts in the best possible light, I consider him to have been an honest witness. On occasion he might have been wrong about particular matters - but that does not mean that he did not believe the evidence he was giving to be true.
[88] It is very clear, both from his responses during the investigation, and during the hearings in the Commission, that the applicant has a very strong interest in IT security issues, particularly as they relate to the internet. This lends considerable weight to the credibility of his evidence as to his motivation for using anonymous search engines and deleting cookies.
[89] The first issue to be dealt with is whether the respondent had a valid reason for dismissing the applicant. While the allegations against the applicant changed during the investigation, it is reasonably clear that he was dismissed for two reasons: excessive personal use of the internet, and the use of an ‘anonymous’ search engine (Ixquick).
[90] The respondent’s evidence about the applicant’s personal use of the internet was all based on the internet logs extracted by the IT Security Operations area. That area was in fact not really concerned about the ‘excessive use’ issue - telling Ms Pokoney on more than one occasion that their real worry was the ‘anonymizer’ issue. It was Ms Pokoney who annotated Ms Mahoney’s initial case summary with the comment:
‘I am greatly concerned at the volume of data that has been obtained from his internet usage in only a matter of months. As an aside, are there any performance issues as Mr Gmitrovic appears to be spending the majority of his days on the internet.’
[91] Ms Pokoney then included the allegation of accessing non-work related internet sites excessively to the NOSM (including the wildly incorrect figure of an average of up to 1822 website visits per day). Unfortunately she took no action to obtain an answer to her question - what was the applicant’s performance like if he was - as she clearly thought - spending ‘the majority of his days on the internet.’ One of the more bizarre aspects of the investigation is that no attempt was made to talk to the applicant’s supervisor or any of his work colleagues - who would presumably have had a very good idea whether the applicant was indeed spending most of his time browsing the internet. Ms Pokoney could not come up with a convincing reason why this did not occur - falling back on the poor excuse that excessive use of the internet was a ‘secondary issue’ (despite a being a ground for the applicant’s dismissal).
[92] While the log does show the applicant making considerable use of the internet, it was the applicant’s evidence that using the internet was a critical part of his job. He did not deny that he sometimes used the internet for personal reasons, but that most of the sites were visited for work purposes. There is no evidence to the contrary from Mr Gmitrovic’s own manager. I accept that most of the applicant’s use of the internet was for work. Even if he was using the internet too much for non-work related purposes, given that there was no evidence that this was affecting his work, and given the rather vague and contradictory nature of Defence’s policies on this subject, this conduct would have warranted at best some informal counselling. It was not a valid reason for the applicant’s dismissal.
[93] The second ‘more serious’ reason for the applicant’s dismissal was the use of the anonymous search engine. Given his views about internet security, I accept the applicant’s evidence about why and how he used the anonymous search engine. In particular he did not do so to hide from Defence but to protect Defence’s network. Perhaps he was being a bit naive, but it is important to note that there is no policy that explicitly bans the use of such search engines. The policies referred to by Ms Bolling as having been breached by the applicant were all essentially concerned with deliberate action by Defence personnel to mask their internet activities from the Department. The concern that Ms Bolling had was that the applicant may have been hiding some nefarious activity behind the anonymous search engine. It is possible that anonymous search engines could be used in this way. Indeed Mr Harrison-Brown’s paper makes the bold - but unsupported - assertion that ‘the use of anonymizers is a deliberate attempt by an individual user with the sole purpose of rendering them anonymous to network administrators and network security tools.’ However I accept the applicant’s evidence that he did not use the anonymous search engine for this purpose. On that basis I am not satisfied that the applicant breached any of Defence’s IT policies. I might add that if Defence wants to make using search engines such as Ixquick in itself a sackable offence it needs to make sure this is clearly spelled out in their policies. The applicant’s use of an anonymous search engine was not - in the circumstances - a valid reason for his dismissal.
[94] There were a number of problems with the investigation carried out by the respondent, to some of which I have already alluded. One concern is that the reasons that were eventually used to justify the applicant’s dismissal were significantly different from those that were put to him in the NOSM. This is important because this was the applicant’s primary opportunity to respond to the allegations against him. The three allegations were that:
a) ‘between January 2012 and May 2012, you have accessed non-work related Internet sites excessively, averaging up to 1822 website visits per day (note this number contains multiple visits to the one site) ...
b) you downloaded/uploaded unapproved software onto the DRN called an Anonymizer to conduct and mask your Internet search activities...
c) you have deliberately used an Anonymizer to hide a number of your Internet search activities, therefore bypassing Defence Network security tools. The risk posed to the DRN by your actions allowing you to transmit and receive unsolicited data is significant.’
[95] By the time of his dismissal, the figure of 1822 website visits per day had been abandoned. Ms Pokoney did however still refer to excessive internet browsing (which she defined for the first time in the intent to sanction document). The downloading/uploading of unapproved software called an Anonymizer to conduct and mask internet search activities, and the deliberate use of an Anonymizer to hide a number of internet search activities, had changed to using an anonymous search engine.
[96] The actual reasons for the applicant’s dismissal were not provided to him until the notice of intent to sanction on 3 July 2013. Importantly, by this stage Ms Pokoney had made her findings about what had occurred and that the Code had been breached. A proper reading of the document indicates that the applicant was being asked to comment on the issue of what sanction, if any, should apply - not whether the reasons for the proposed sanction of dismissal were valid. It is clear from reading the document that that had already been determined by Ms Pokoney.
[97] I find that the applicant was notified of the reasons for his dismissal - but not until the notice of intent to sanction. Because of the nature of that document he was not given an adequate opportunity to respond to those reasons (rather than being given an opportunity to comment on the proposed sanction.)
[98] The issue of having a support person present at any relevant meetings does not arise because there were no such meetings. The dismissal did not concern the applicant’s work performance.
[99] The Department of Defence is one of the largest employers in the country and it could reasonably be expected that it would approach allegations of serious misconduct in a relatively sophisticated way. That did not happen in this instance. The investigation into the applicant’s alleged misconduct, and the process used to dismiss him, was an extraordinarily drawn out affair. It was both amateurish and unfair. I accept that the Defence IT Security Operations area had some reason to be concerned about the way the applicant was using the internet. What I fail to understand however is why the issue was not brought to the attention of the applicant’s immediate manager to enable a sensible discussion with the applicant to take place. Instead a bureaucratic process was put in train that appeared to take on a life of its own.
[100] Having regard to all these factors, I find that the applicant’s dismissal was harsh, unjust and unreasonable.
[101] I do not have enough information before me to make a decision about what remedy would be appropriate. The matter will be re-listed to consider the issue of remedy.
SENIOR DEPUTY PRESIDENT
Appearances:
D Gmitrovic on his own behalf
D Gardner solicitor for the Respondent
Hearing details:
2014
Sydney
5, 7 March
Final written submissions:
24 April 2014
1 PN254
2 PN256
3 PN265
4 Exhibit D6, tab B
5 Exhibit D3, tab B
6 Exhibit D3, tab C
7 Exhibit D3, tab D
8 Exhibit D3, paragraph 11
9 Exhibit D3, tab E
10 Exhibit D6, tab E
11 Exhibit D6, paragraphs 9-12
12 Exhibit D6, tab H
13 Exhibit D6, paragraph 11
14 Exhibit D6, paragraphs 13-20
15 Exhibit D6, tab J
16 Exhibit D6, tab L
17 Exhibit D6, tab M
18 PN284
19 PN286
20 PN287
21 PN333-342
22 PN353
23 PN355
24 PN356 -357
25 PN362-363
26 PN373
27 PN597
28 PN599
29 PN607
30 PN608
31 PN612-614
32 PN616
33 PN711
34 PN1343 of the
35 PN658
36 PN782
37 PN707-708
38 PN714
39 PN1299
40 PN1259
41 PN1274
42 PN1310
43 PN1638-1639
44 PN1650
45 PN1622
46 PN1665-1670
47 PN1698
48 PN1842-1846
49 PN1863
50 PN12847-1850
51 PN1865
52 PN1921
53 PN2000
54 PN2003
55 Exhibit D5, tab B
56 PN2016-2017
57 PN2024
58 PN2035
59 PN2035
60 Exhibit D5, tab C
61 PN2048-2051
62 Exhibit D, tab D
63 PN2068
64 PN2071
65 PN2151-2152
66 PN2154
67 PN2157-2159
68 PN2173-2175
69 PN2176-2180
70 PN2272
71 PN2286
Printed by authority of the Commonwealth Government Printer
<Price code G, PR548490>