Mesa County officials say they can't access the county-issued cellphone used by former administrator Frank Whidden because they don't know his pin number or have his fingerprint.
Assistant County Attorney John Rhoads said in an email responding to multiple Colorado Open Records Act requests filed by The Daily Sentinel that the county's information technology office told him they need both to unlock Whidden's phone, even though most smart phones only require one or the other.
The Sentinel's CORA requests included any text messages that would help explain why Whidden abruptly resigned his $180,000-a-year job after being placed on paid administrative leave for about two months.
While county officials released no emails or other documents under those CORA requests that would offer an explanation, they hadn't checked his cellphone text messages, something that is subject to public view.
The Sentinel has been trying to uncover why Whidden was placed on paid administrative leave for two months starting in May and then abruptly resigned "to pursue other opportunities," but has been blocked by the county, which has cited attorney-client privileges for not disclosing any details.
The Sentinel filed three Colorado Open Records Act requests in the matter that produced nothing.
Then on Monday, the County Attorney's Office said the county's IT department couldn't review any text messages on Whidden's county-owned cellphone for "technical" reasons. Those reasons were that it requires a special passcode along with Whidden's fingerprint that they didn't possess.
"Without both, the county cannot unlock the phone," Rhoads wrote in the email.
But Grand Junction cellphone expert Jeremy Marshall, owner of GJ Smartphone & Electronics Repair and Service, 2470 Patterson Road, said that while there are security protocols that could require both a password and a fingerprint to unlock a phone, the need for both isn't likely.
"Typically, it is only one or the other," he said. "It's a possibility they have the dual protection, but my background with any of the phones is one or the other. It's possible that they could encrypt it and have a second-level security on there, but I don't think so. That doesn't even make sense. I've worked for companies and we just had a single password."
Marshall said there are other ways to bypass those security measures, but it takes special equipment to do so.
He said he was surprised to learn that the county's IT department doesn't routinely build in additional passwords to allow it to access county-issued cellphones. He said that's routine with private companies that issue laptop computers to their employees.
"If it can be built, it can be destroyed," he said. "There are hackers out there that get paid doing that, or they just do it for fun. There are ways to get around that kind of security, but it takes time. If they really wanted to get into it, they could."