Off the Kuff Rotating Header Image

February 11th, 2023:

Paxton settles with whistleblowers

Meh.

The only criminal involved

Attorney General Ken Paxton and four of his former top deputies who said he improperly fired them after they accused him of crimes have reached a tentative agreement to end a whistleblower lawsuit that would pay those employees $3.3 million dollars.

In a filing on Friday, attorneys for Paxton and the whistleblowers asked the Texas Supreme Court to further defer consideration of the whistleblower case until the two sides can finalize the tentative agreement. Once the deal is finalized and payment by the attorney general’s office is approved, the two sides will move to end the case, the filing said.

“The whistleblowers sacrificed their jobs and have spent more than two years fighting for what is right,” said TJ Turner, an attorney for David Maxwell, a whistleblower and former director of law enforcement for the attorney general’s office. “We believe the terms of the settlement speak for themselves.”

Paxton, a Republican who won a third four-year term in November, said in a statement that he agreed to the settlement to save taxpayer money and start his new term unencumbered by the accusations.

“After over two years of litigating with four ex-staffers who accused me in October 2020 of ‘potential’ wrongdoing, I have reached a settlement agreement to put this issue to rest,” Paxton said. “I have chosen this path to save taxpayer dollars and ensure my third term as Attorney General is unburdened by unnecessary distractions. This settlement achieves these goals. I look forward to serving the People of Texas for the next four years free from this unfortunate sideshow.”

The tentative agreement would pay $3.3 million to the four whistleblowers and keep in place an appeals court ruling that allowed the case to move forward. Paxton had asked the Supreme Court to void that ruling. The settlement, once finalized, also will include a statement from Paxton saying he “accepts that plaintiffs acted in a manner that they thought was right and apologizes for referring to them as ‘rogue employees.’”

The attorney general’s office also agreed to delete a news release from its website that called the whistleblowers “rogue employees.” The news release had been deleted as of Friday morning.

[…]

Two weeks ago, three of the four plaintiffs in that lawsuit – Penley, Maxwell and Vassar – asked the Texas Supreme Court to put their case on hold while they negotiated a settlement with Paxton. Brickman initially sought to oppose the motion but signed onto the settlement agreement filed with the court Friday.

See here for the previous entry. Good for the fired guys getting paid – Paxton did them wrong, and they made him pay for it, which is as it should be. And as this stands, the ridiculous argument that Paxton as an elected official is exempt from the Texas Whistleblower Act remains a crackpot theory and not an official opinion of the Supreme Court. Someone may try that again some day, but maybe this demonstrated the weakness of that claim. We can only hope.

On the other hand, all of the details of what happened here are going to be forever swept under the rug. Did Paxton do any of the things that he was alleged to have done – as a reminder, the list includes “bribery, tampering with government records, obstruction of justice, harassment and abuse of office”, as well as blatantly lying about the charges on the campaign trail? We’ll never know for sure, unless the FBI gets off its rear end and files criminal charges against him. And, um, not to put too fine a point on it, but where is that three million bucks to settle this going to come from? If the answer to that is “your tax dollars and mine”, well, I’m not so sure Paxton will be incentivized to actually learn a lesson from all this, you know? It’s true that a verdict and judgment against Paxton would have run into a lot more dough, also your taxes and mine, but I have this nagging feeling that Paxton was basically playing with house money. The asshole got away with it again.

Okay, maybe not:

The payment for the settlement would come out of state funds and has to be approved by the Legislature. After the tentative agreement was made public, state representative Jeff Leach, the Republican from Plano who oversees the House Judiciary and Civil Jurisprudence Committee, said he was “troubled that hardworking taxpayers might be on the hook for this settlement between the Attorney General and former employees of his office.”

“I’ve spoken with the Attorney General directly this morning and communicated in no uncertain terms that, on behalf of our constituents, legislators will have questions and legislators will expect answers,” Leach said in a statement to the Texas Tribune.

Yeah, well, I’ll believe that when I see it. The next time the Republicans hold Ken Paxton accountable for anything will be the first time that happens. The Chron has more.

DCAD’s ransomware experience

A story of great interest to me.

On Election Day 2022, Dallas County Chief Appraiser Ken Nolan and his staff showed up for work, but there was an unexpected problem. Nothing worked.

The Dallas Central Appraisal District’s desktop computers, all 300 of them, were frozen. Emails didn’t go through either. The website disappeared.

The only message that came through was from the world’s No. 1 cyber extortion group – Royal Ransomware.

Nolan recalled from memory what the message said: “We are Royal Ransomware, and if you’re reading this note, we’ve taken control of your systems. We can help you guys. We just need some money.”

What happened next amounted to the worst time in Nolan’s 42-year career at DCAD, including the past 18 years as chief appraiser.

The second largest appraisal district in the state struggled for the next 72 days without its website, historical data, messages and more. Ninety percent of the office data is online, not on paper.

The hackers demanded almost $1 million, Nolan said. “I was ready to tell them to piss off, and we’ll see if we can get going on our own.”

But that wouldn’t work. “We were scared to death to touch anything,” he said.

[…]

Texas appraisal districts are a favored target for Royal. In December, the Travis Central Appraisal District in Austin was similarly hacked by Royal. That was the second time for Travis, which also suffered a 2019 attack.

DCAD backed up its web data every day in the cloud. But the hackers found a way to break into that, too.

Nolan believes the attack was unknowingly launched by an employee who clicked on a fake email that appeared to come from a vendor. Who was it?

“Trust me. I’ve asked that question,” he said.

[…]

For blame on matters like this, victims should look in a mirror, says Auburn University information systems professor Casey Cegielski. Because these incidents usually begin when an employee clicks on a dirty link on a web page or in email, these attacks are self-inflicted wounds.

“There should be consequences for failure on the part of the employees,” he said.

DCAD has hired a third cyber company to monitor its entire system.

Employees must now use two-step authentication to log into the system. To get the code each day, “You have to have a cell phone to work here,” Nolan said.

DCAD said it was unable to immediately say how much it paid outside companies for work on the ransomware attack.

Getting the decryption key After getting paid, Royal handed over the decryption key. The district is back in business. But not completely.

Some work, such as registering homestead exemptions, has fallen two months behind. The mobile version of the site isn’t working yet. The district is asking property owners with outstanding issues to give it three more weeks to catch up before it’s ready to tackle a backlog.

After contacting the FBI and hiring a cybersecurity company, which negotiated with the hackers on their behalf, DCAD paid $170K to get the decryption key for their data. The real cost as noted is likely a lot higher, and that’s without factoring in in the stress, the lost time and productivity, and the confidence of their customers.

As we know, multiple other government entities in Texas have been hit with ransomware attacks. While banning TikTok on government-owned devices has its security merits, a stronger focus on ransomware and defenses against it should be a higher priority. We are quite attuned to it where I work, I can say that much. Given the recent history and the risks entailed, there really ought to be more of a coordinated effort from the state to emphasize cybersecurity. DCAD’s experience was bad, but it could have been a lot worse. And that goes for every other agency in the state.

Actually, UT and OU will join the SEC in 2024

Reports of their not-early departure were greatly exaggerated.

Texas and Oklahoma have reached an agreement in principle to leave the Big 12 after the 2023-24 athletic year, the league announced Thursday, allowing the schools to join the Southeastern Conference one full season ahead of schedule.

The agreement is subject to final approval by the UT and OU governing boards, a formality that will pave the way for the two flagship schools to join the SEC on July 1, 2024.

As part of the agreement, UT and OU will owe combined $100 million in “foregone distributable revenues” which the two schools “will be able to partially offset with future revenues,” according to the Big 12.

“The conference would only agree to an early withdrawalif it was in our best interest for Oklahoma and Texas to depart prior to June 30, 2025,” Big 12 commissioner Brett Yormark said. “By reaching this agreement, we are now able to accelerate our new beginning as a 12-team league and move forward in earnest with our initiatives and future planning.”

Yormark, who has been on the job seven months, added that he looks forward to “bright days ahead for the Big 12 Conference.”

The Big 12 is set to add four new schools — the University of Houston, UCF, Cincinnati and BYU — on July 1. With an exit date set, the Big 12 could look at future expansion; there’s reportedly interest in adding Gonzaga in men’s basketball, along with talks regarding four Pac-12 schools: Arizona, Arizona State, Colorado and Utah.

[…]

Texas, Oklahoma, the Big 12 and its two media partners reportedly hit a snag in their ongoing negotiations as the parties quarreled over how Fox would offset the expected financial hit it would take from losing as many as eight football games featuring the Longhorns and Sooners, two perennial ratings juggernauts.

In the end, the parties were able to iron out an exit agreement for that would distribute money to the Big 12’s remaining programs and keep Fox and ESPN executives (and their advertising partners) satisfied.

See here for the previous and now totally wrong entry. ESPN, which had reported the likelihood of UT and OU sticking around in the Big XII until the end of the current TV deal in 2025, adds this bit of context:

On July 1, the Big 12 will officially add BYU, Central Florida, Cincinnati and Houston and it will compete as a 14-team league for the upcoming season. Sources told ESPN recently that both parties were interested in finding a way for the schools to leave early, but when the athletic directors and presidents met last week in Dallas, there was no resolution. It was a quick change that even surprised some leadership within the league on Thursday afternoon.

Surprise, indeed. In the end, the solution was the same as the obstacle, which is to say money. The current Big XII schools that are not leaving will all reap a nice bounty out of this, and as we see there may be more shuffling about to happen with the PAC 12 in shaky condition as USC and UCLA prepare to depart. Never a dull moment, that’s for sure. CBS Sports has more.