What is going on with this "Outside Investigative Firm"?
The most shocking thing about yesterday's Washington Post article was the casual revelation that an "outside firm" accessed internal UM servers and then reported that material to the NCAA.
I have seen some speculation that this firm was working on behalf of Michigan. That makes absolutely no sense to me: first, a vendor hired by the University would be bound by multiple confidentiality and disclsoure provisions. There could be certain contractual stipulations that, upon subpoena, the vendor would be required to disclose its materials, but again that obligation would have to be legally compelled and to a law enforcement agency (not a organization like the NCAA). And if the vendor was hired by Michigan for an internal audit, Michigan would be the party turning over the materials in exchange for leniency and self-reporting mitigation.
Assuming that the firm is thus not a UM-affiliated vendor, this becomes a very troubling starting point for the entire bruhaha. Either someone at UM, with requisite access, provided the firm with access in a deliberate attempt to sabotage, or the investigative firm received that access either through false pretense or possible criminal intrusion. Law firms often times use "investigative firms" (some big ones are Nardello, Kroll) to take actions that you don't want to trace back to yourself, or to provide some degree of anonymity. But I am not aware of any reputable firm green-lighting access another institution's email servers without their explicit consent. That steps into federal privacy and computer crimes which very few reputable firms would want to risk violating (and most likely their liability insurance wouldn't even cover).
Which brings me back to Matt Weiss. Did the community ever reach any sense of what happened there? Could he have been downloading the materials from servers without requisite permission and the investigative firm got it from him?
If I'm Michigan (and clearly the U approaches everything it feels different than I would), I would focus in like a laser on this. It's one thing for us to have scouted live games which 100,000 attendees are also witnessing. It's another for an interested party to retain a firm and traffic in materials that were obtained through either an unlawful breach of contract, corporate espionage, or hacking. And need as much pressure as possible on the press to dig into exactly who this is.
October 26th, 2023 at 4:18 PM ^
Haha agreed. Plus they said email accounts.
October 26th, 2023 at 3:13 PM ^
One would assume this hard drive was in a computer, current system and it environment unknown
October 26th, 2023 at 12:47 PM ^
Agree. We need more intel on this "investigative firm". The fact that we have a million leaks, the NCAA hasn't even met with UM until today and we now have this shady "investigative firm" in the mix, this has to be a coordinated plan to take down Michigan. Wouldn't be surprised if someone with a grudge at Michigan is teaming up with OSU/MSU.
October 26th, 2023 at 1:45 PM ^
This is what I want to know, and I would like to hear some people in the Michigan friendly media address it. Every single story has relied on unnamed sources, which in my opinion is not appropriate unless you're dealing with matters that could get the source sent to prison or killed. Yellow Journalism at its finest.
Where are the leaks coming from? Why is nobody asking this question?
October 26th, 2023 at 1:48 PM ^
Nobody is asking the question because they are getting their own house in order. There is no question that all of this will be addressed, but Michigan is still in a loss-mitigation posture.
Unless there is some truth to the point raised about this being an investigative firm hired by Michigan related to cheeseburger-gate. If that is the case then they are going to look so dumb that there is simply nothing to say.
October 26th, 2023 at 12:47 PM ^
Brian covered it on the WTKA round table. His synopsis was they're hired by Ohio and had one of Stallion's guys flipped and gave them access to the spot where he had to upload videos or whatever which was presumably a school provided Google drive.
October 26th, 2023 at 12:50 PM ^
Which doesn’t seem legal.
October 26th, 2023 at 12:51 PM ^
It's probably legal if the server itself wasn't some kind of secure environment. Which might be the case because at this point it's well-established that Stalions is probably a fucking moron
October 26th, 2023 at 1:11 PM ^
If you setup a server (google drive or whatever) where you can share a link that is 'Anyone that clicks this link can access this database' then I don't see how the firm would be at fault. Given the stupidity of the rest of his operation, I'd bet Stallions literally supplied random 'scouts' he hired a link to a server to drop their videos into and didn't remove those people later or remove items from the server so this investigative firm could come in after the fact and just look at what was there, who was listed as a 'user', etc.
October 26th, 2023 at 1:15 PM ^
They would have had to known of the hard drive in the first place and gain access to it through the unnamed scouts. How would they know who these people are and why would these people give them access to their accounts?
October 26th, 2023 at 1:55 PM ^
Id bet OSU hired the firm, the firm was able to figure out who at least one of the people Stallions hired was, they contacted them, and (per Auerbach) perhaps they paid that person for their time to unwrap how Stallions set this up and where they uploaded their video(s)
October 26th, 2023 at 2:03 PM ^
Because they didn’t flip anyone. They sent him here this year undercover.
October 26th, 2023 at 1:19 PM ^
But, back to those bylaws, if the scouting is on a site that is publicly accessible, then it's allowed. So either it is public and the scouting was legal, or it was private and the investigative firm breached it.
BAM (lol)
October 26th, 2023 at 3:06 PM ^
recording is not scouting
October 26th, 2023 at 3:13 PM ^
It says "recording" directly in the bylaw:
In the interest of simplicity and consistency, it is appropriate for one rule regarding scouting to apply to all sports. In most cases, video of future opponents is readily available either through institutional exchange, subscription to a recording/dubbing service or internet sites accessible to the general public.
October 26th, 2023 at 1:14 PM ^
If he was having these people upload videos to a school Google drive he is beyond stupid as fuck. If he had a personal Google drive that the coaches were accessing from school accounts they are stupid as fuck.
Unless everyone involved in this was so sure it would hold up under scrutiny that they just didn't give a fuck and didn't bother trying to cover their tracks, also stupid as fuck.
tl;dr everyone involved in this is stupid as fuck.
October 26th, 2023 at 1:56 PM ^
He had a 500-600 page Manifesto on Michigan football. The dudes a little nutty and every snippet of evidence that leaks further supports that
October 26th, 2023 at 2:07 PM ^
Yeah, the legality wouldn't be with the firm unless they handed him some money and said "go give us all the info they have on these drives, which we know is secure and would be illegal for us to access with you", and even then UM would have more of a cause of action against the guy they flipped for access moreso than the firm.
I'm sure UM's access to that drive is restricted to people with UM AD accounts and as part of your employment agreement said employees undoubtedly agreed they would not share information stored on said drives with people outside of the University. So while it's not "secure" in that sense the guy who shared it definitely is in deep shit with the University, and they can absolutely go after him civilly for damages. So my guess is one of these guys is going to be in for some hurt.
October 26th, 2023 at 12:52 PM ^
If the school provided the drive, then probably isn't legal (there has to be at least HIPAA standards for this). If the dumb ass had a privately shared google drive that he provided rights to other people to edit/maintain/view, then it's open game.
October 26th, 2023 at 1:01 PM ^
"If the dumb ass had a privately shared google drive that he provided rights to other people to edit/maintain/view, then it's open game."
Occam's Razor FTW. (For the record, not my desired outcome. It would be awesome if OSU did something illegal.)
There's been a lot of lazy reporting here.
October 26th, 2023 at 1:23 PM ^
Well just hope it was a private UM shared drive and not a privately shared dropbox or google drive that he created and gave out to his buddies.
October 26th, 2023 at 2:58 PM ^
I just can't imagine "multiple Michigan coaches" accessing this dude's Google drive.
October 26th, 2023 at 1:01 PM ^
What does the Health Insurance Portability and Accountability Act have to do with this?
October 26th, 2023 at 1:10 PM ^
Not a damned thing, but some people seem to be jumping to any excuse they can find. The PSU/OSU Excuses mindset is apparently infectious.
If Michigan was breaking the rules, they should get in trouble, and "waaaah you shouldn't have been able to catch me in that particular way" isn't a defense. This isn't a criminal proceeding; the fourth amendment doesn't apply. Michigan is a voluntary member of the NCAA. If they don't like the NCAA rules, they can (a) petition to change them or (b) leave the organization. What they can't do is break them with impunity and then say "you shouldn't have been able to catch me."
Anyone who wants to defend Michigan -- "there don't actually seem to be any rules violations" is a much better defense than "OMGZ HACK0RZ!!1!"
October 26th, 2023 at 1:18 PM ^
Yes, it is a defense. Acquiring information by illegal or unethical means undercuts your argument about “breaking the rules”.
Between the bylaw implicitly condoning theft and the hue and cry over cheating rings hollow to people who have a modicum of understanding of ethics.
October 26th, 2023 at 1:48 PM ^
Best possible outcome:
Illegal means were used by a rival to discover that Michigan was secretly doing something that's not against the rules.
October 26th, 2023 at 2:24 PM ^
Agree. And if Brian and others are right--I pray it's true--the infraction and punishment are going to be relatively light. The court of public opinion, OTOH, is where the damage will be done. Already is being done, both by the drip, drip, drip (even when 90 of it is bullshit), and by people happy to believe the worst of Michigan, and (as lots of people are) everybody.
The public tends to disregard the legalities if they (want to) find the action heinous.
A certain amount of damage now goes with this, whether we like it or not. My chief concern is with the morale of the team, honestly. I want them to go out there and crush everything in their path for six more games, myself. Because over time--I think it's reasonable to hope--people WILL come to think that a) Michigan was doing something everyone does; b) that Stalions was a zealot who thought he could take established practices to a new level of rigor; and c) that the actual infraction, where established rules were concerned, was negligible or minor.
I agreed with Bronxblue this morning that it's pretty likely if the coordinators or Jim knew, we'd have had some of these assholes trumpeting that by now. Gonna keep my fingers crossed that that is true.
October 26th, 2023 at 1:25 PM ^
Stop saying Michigan. It was one guy until further notice.
October 26th, 2023 at 2:22 PM ^
Yes. And it doesn't appear that he broke any rules.
October 26th, 2023 at 2:36 PM ^
Today, I heard somewhere that he was at a recent game against a team not named Michigan. this gets interesting by the day…. 😂😂😂😂I’ll keep enjoying my burgers…
October 26th, 2023 at 3:16 PM ^
Don't think this is true. He was passing the stuff to someone, hopefully low on the totem pole. Whether the intel found its way into game planning will be an obvious question investigators pursue.
October 26th, 2023 at 1:30 PM ^
If they got the drive illegaly, hell yea it matters. People are wondering how they accessed the drive. Do you not care how the drive was accessed?
October 26th, 2023 at 3:09 PM ^
recording isn't scouting. average joe with a smartphone is not a professional scout
October 26th, 2023 at 3:25 PM ^
Your getting downvoted, but you make a valid point in that the methods (legal or otherwise) used in obtaining this information is irrelevant at this point as it pertains to guilt or what the NCAA / B1G is planning on doing. The NCAA and the B1G are not in the business of handing out criminal penalties, so the whole "fruit of a poisonous tree" stuff that some people are clinging to is not going to be a valid defense.
I think there is all in all too much faith being put into legalese, as if the burden of proof here is going to be "beyond a reasonable doubt" a violation occurred, when in reality it will probably be closer to "more likely than not" a violation occurred. Especially when the NCAA already has it out for JH.
October 26th, 2023 at 1:13 PM ^
With it being a school and the records could have some personal information on it, they can't give people access to their school drives. It's a blanket cover so the school isn't opened up to litigation if some nurse or idk, a staffer on an athletics team gives out their documents on said drive.
Source: Im in IT at a school, everything is protected by HIPAA when it comes to staff and administration
October 26th, 2023 at 1:42 PM ^
Source: I'm a licensed pharmacist and proud M grad. I am now very involved in HIPAA compliance at a large pharmacy chain - from the IT side... This has absolutely nothing to do with HIPAA. It is not a system of medical records, nor could it be vaguely construed as such. Just because a person in said records could be a patient somewhere, does not make this HIPAA information.
October 26th, 2023 at 2:38 PM ^
Correct, but it is PII (personally identifiable information). Most states have laws regarding the obligations companies have to safeguard PII.
October 26th, 2023 at 1:58 PM ^
HIPAA is not applicable unless you are running self insurance at your school where in you fall under Health insurance carrier category. Or if you are providing counseling services at your school and there is a possibility of clinical notes.
OTOH, there are Federal law come into play, but not sure if it is applicable to a school.
October 26th, 2023 at 2:42 PM ^
I'm guessing your school isn't the size of Michigan.
At any school with enough money to run a full IT department -- no offense -- you're not going to have segregated any HIPAA-related information in its own storage, and low-level staffers on the football team aren't going to have access to it. The systems that the medical staff within the athletic department use would be completely separate from anything Stalions would have been able to use to store game film or signal charts. You don't treat everything with the same information classification unless you have no other choice.
Even if Michigan did use this same "everything is protected as potentially containing HIPAA-sensitive information just in case," no HIPAA violation would occur unless the drive they accessed actually did contain information that fell under the Act. There is no evidence of that, nor is there any reason to think that.
October 26th, 2023 at 1:47 PM ^
I lol'd at the HIPAA comment. Probably the dumbest take I've seen yet
October 26th, 2023 at 1:04 PM ^
Pretty sure this is a not a HIPAA thing.
October 26th, 2023 at 1:17 PM ^
I didn't say it was, I was insinuating it's fishy and at the very least if the school gave Connors the drive as an employee and someone shared the school drive, it's a hipaa violation, that's all.
October 26th, 2023 at 1:43 PM ^
No, it's not. That's not what HIPAA covers. Unless the university is acting as a health care provider here, then HIPAA is not in any way involved in this case. This is probably one where you might want to take a back seat and listen for a bit.
October 26th, 2023 at 1:46 PM ^
OK, you doubled-down on this. Please stop. This has zero to do with HIPAA. Zero. It's a completely different area of law. We are not focused on anyone's health records here.
October 26th, 2023 at 1:49 PM ^
HIPAA is maybe tangently related to school records, but, really, no. Its due to insurance companies selling patient information for DTC advertising purposes. It has to do with the "right to know", "personally identifying information" and "minimal necessary information" shared between healthcare entities (and patient's families) for the purpose of providing care for a HEALTHCARE patient. It is illegal for a pharmacy, health insurance provider, hospital or other entity to provide identifiable information to outside parties who do not have a right to know. Furthermore, they are required to only provide the minimum necessary information to the inquiring party.
October 26th, 2023 at 2:05 PM ^
If anything, I’d think it would be a FERPA violation, but I wouldn’t expect the UM Football program to have academic records on their drive, since that’s usually only accessed through the admissions dept.
October 26th, 2023 at 2:16 PM ^
Schools have to comply with FERPA (Family Educational Rights and Privacy Act). That usually applies mostly to school records (grades, attendance, discipline, etc.) but covers a lot of other personal information as well. Schools aren't allowed to release this information without consent from the student. It probably doesn't apply in this case though.
October 26th, 2023 at 12:54 PM ^
A staffer flipped? What would induce a staffer to flip besides money?
October 26th, 2023 at 12:55 PM ^
Not a staffer, one of Connor's associates that worked on the manifesto.
October 26th, 2023 at 1:38 PM ^
Well if they are deemed an “agent of the staff” when they are asked to film games then they are still an “agent of the staff” when they were induced to flip.
im guessing if we paid an outside firm to pay an osu staffer to give us access to their hard drives it would not be received well.
either they are not staffers when they filmed games which makes all of this legal or they were staffers when they were induced to share access to a university hard drive