Blow the Whistle, Lose Your Job? 839
ccnull writes "You're a systems admin. On a routine PC repair, you discover a trove of child porn on an employee's PC. You call the cops. The employee pleads guilty and goes to jail. Then what do you do? You get fired. InformationWeek has an interesting expose on whistleblowers who lost their jobs, they say, because they publicly embarassed the company. The company has another version of the story. No matter what the reality is, at the center of this is a good question: If you discover illegal goodies on a machine, what should you do about it?"
Don't call the cops. (Score:0, Interesting)
Re:tell your boss and not the police.....?? (Score:5, Interesting)
Ideally you should alert the boss first to prepare for the embarassment and have the spokesman prepare statements before the employee is carried away. Tell her, I intend to notify the cops, she wont be able to stop you then. If she tries to stop you, and you tell the cops, and get fired, youd have a lot against the boss too.
Re:Not so simple (Score:4, Interesting)
In Illinois and some states, if the cops pull you and your friends over after a night of drinking, they give everybody breathalyzer tests. If the least drunk guy is driving, they're happy. But, if you're in the car, the driver is drunker than you, then you get a ticket. Same goes for everyone else in the car.
I know it's a stretch but it seems relevant to this thread for some vague reason.
Easy (Score:2, Interesting)
I used to work on repairing printing machinery and one place I went to was publishing a child porn mag called 'Young and Free'. The machinery was repaired without comment and as I drove away I phoned the police on the cellphone.
Each of the guys working there got a prison sentence, and I hope they had a tough time.
Peter Jones
Ex AGFA engineer
Similar Happened Where I Work (Score:5, Interesting)
So we told our boss, who told the guy's boss, and I thought he would be fired for sure, but he just got a letter of reprimand in his permanent file.
Someone else in our company was discovered with child porn on their computer and it was leaked to the press. Huge black eye for the company. If the person who leaked it was discovered, they were probably fired for making the company look bad.
The other thing about these idiots is they don't realize we backup the network at night. So our backup tapes have this stuff archived on them and if a subpoena is issued to get that data, the perp is screwed. Personally I think our guy was trying to get caught.
It doesn't add up... (Score:5, Interesting)
The next day, Perry gave the PC to Gross to back up, fearing it might crash and lose valuable data.
In the process, according to the suit, Gross opened a folder titled "my music," within which was another folder, named "nime," then another, "nime2." It was here, Gross said in an interview, that he encountered the illicit content. "I didn't have to click on any files when I went into the folder," says Gross. "There were thumbnail images, so I was pretty much instantly exposed to that."
If Gross hadn't opened those folders, he wouldn't have come across the offensive images in the first place. But Perry and Gross say it wasn't unusual for them to check the content of folders when troubleshooting; a large file, for example, can be an indication that a virus is at work.
I don't buy this. Are they claiming that standard procedure for these folks, when looking for a virus, is not to boot with a known-good disk and run an up-to-date virus scanner, but rather to go through folders looking for large files which might "be an indication that a virus is at work"? If so, that's pretty crappy. Well, I have this huge file called PAGEFILE.SYS on my C:\ drive, I guess I have a virus (it's Windows' swap file, for those who use other OSes), right? Sigh.
I also don't buy the "they were looking in the folder for files to backup" argument, either. That's not the way you do it. You use Windows backup, or a 3rd party utility, or a disk-imaging program (like Ghost for windows or DiskCopy for Mac) or you drag everything to a server for later restoration, or you use an external firewire/USB drive. You don't poke around for files and copy them one by one. Apart from being horribly inefficient, that would also kill the client's directory structure. For example, within my documents folders, I have subfolders for different classes, and for things like correspondance, and receipts, and the like. If some tech support company had to back up my stuff, and had copied the files one by one, instead of copying the entire tree, I'd be real pissed off.
So I don't think that they quite came across the porn in the line of duty. I think they were looking around without any good reason. (Not that this makes child porn any less wrong, but it does cloud the issue of discovery and reporting)
There is, of course, the other issue, which is that by default, newer versions of Windows use thumbnail view, which is unfortunate. If the prof had been using regular list view, and the techs had double-clicked the files, they wouldn't stand a chance of defending themselves. This raises the issue of just what exactly is "invading someone's privacy"? Even filenames can say a lot about someone. For example, if you see someone's desktop, and they have a bunch of files named "naked_teens_1.jpg" through "naked_teens_50.jpg", what are you going to think about them? What if the files were named "12_year_old_naked.jpg"? Does that change things? Suppose you wrote an editorial to your newspaper about how much you though Al Qaeda sucked. You named this file "al_qaeda_letter.txt". You take your PC in for service, and some tech sees it, and decides to report you to the FBI. (Not too far-fetched in this day and age). Are filenames public or private information? Sure, you can't prevent people from seeing filenames, but do they have the right to act upon them? (This applies to other issues, like when the RIAA found files with the name "usher" and "mp3" and assumed they were songs when they actually were some prof's lectures.)
I work in tech support, and I find myself in lots of situations when I have access to users PCs. The general guideline where I work is to see as little as possible. For example, If I'm working on a PC, I try to stay at the root level as much as possible. When we need to backup a PC, we drag the entire directory tree to a USB drive (if its PC) or a FireWire drive (if it's a Mac), or a server if nei
Even Senior VP's get fired for blowing the whistle (Score:3, Interesting)
Non-discolsure? (Score:3, Interesting)
People generaly want to protect their privacy, even in cases where a person who did what I'd consider to be the honest, moral, and legal thing, businesses don't tend to hire people who phone the cops on clients, right or wrong. Business if full of shady dealings, even how profit margin businesses like resturants and their dealings with local health inspectors.
This is sad but true.
What comes to mind, typical non-discolsure agreements prohibit you from discussing what you see in the workplace. Sadly, violating that even in this case tends to get you fired.
Personaly I feel there should indeed be a law protecting wistle blowers, but until then, do it ANONYMOUSLY.... like in this case, burn the CD of the offending material, and send to the FBI, or better yet, setup a simple script to e-mail the images on a time delay.
Me too (Score:3, Interesting)
Grad student was working on UNIX computer owned by professor, and noticed some weird files. Freaked out, he went to a sysadmin in the department. Sysadmin monitored network usage on the machine, noticed that files were being transferred back and forth between server and the prof's home computer (which was also on campus). Files turned out to be a shitload of kiddie porn. Sysadmin went to police.
This was quite a large scandal at the time, aggravated by the fact that the prof was an important residential fellow and thus was personally known to several hundred students. Prof had tenure revoked and was sent to jail on state and federal charges; it turned out he'd sexually abused a boy he was supposed to be mentoring as well. Sysadmin kept job, rightly so, and ended up moving to a better one in another department.
The whole affair was just sad, because the prof was apparently a brilliant researcher and a really nice guy. It's hard to imagine how he could have been so foolish as to do all this on school property, and store the files on a multi-user computer. I almost feel sorry for him, because it's obvious in retrospect that he was seriously disturbed and needed psychiatric help. But he ultimately got what he deserved, and he absolutely should have been ratted out as soon as they realized what was going on.
Re:Am I the only one... (Score:3, Interesting)
IMO, that seems overly simplistic as there are lots of programs that don't keep data and configuration info in that directory. People don't necessarily try to keep stuff there either. I know Quicken 2002 keeps its accounting data in its program files directory by default(!). Backups are IMO clearly the responsibility of the owner but unfortunately they don't take kindly to a wipeage of data.
You do have a point though, techs shouldn't be snooping other people's data, but what happens when someone stumbles onto something? I don't think it is too unlikely. Does such a person turn a blind eye to illegal stuff and therefore risk being an accomplice under some laws?
The employees did the right thing (Score:3, Interesting)
I don't see why anyone should get in trouble for reporting an illegal activity going on at work to their supervisor. I could understand if the employees directly went to the police or media and not giving the company the ability to handle it.
Maybe I've had the experience of working at better companies. A coworker and I had the wonderful experience of walking into work late one night and all the lights were off and one of the employees was sitting at a computer... well you get the idea. I reported it to my boss and the employee was fired the next day. Their were logs that verified what was going on. Some things just aren't appropriate at work.
As a system administrator, I always make sure that their is a message drawn up by the legal department that we may discover things in the normal duties of our job. I have never poked around people's stuff. But I have had to go into people's home directories to fix things for them (my general policy is I don't touch your home directory unless you ask me to). However, I do go through system logs occasionally. If something turns up in system logs that shouldn't be there, I will report it to my boss.
One company I worked for had a policy that we were to ignore any porn found. That was fine with me, it's their decision. This was done after management decided to crack down on it, and it was found that the largest downloaders of porn were some of the vice presidents. After those results, the policy was quickly put in place.
What I do currently (Score:3, Interesting)
Let the user complain someone removed their MP3's or pr0n. Just let them compain...*signed* BoFH
Re:tell your boss and not the police.....?? (Score:5, Interesting)
i'm not talking about some 17 year old tittie, or some 18 year old drerssed in a school uni. hell, if i'd found the stuff on his computer, i'd probably just take the guy out back and beat him fucking senseless.
I have it all planned out. (Score:3, Interesting)
I save proof of the offending material, along with the IPs from which it was obtained, etc., such that I could prove it in court. At that point, I go to the CEO and demand weekly "protection" payments to commence immediately in the amount of US$2,000.00 (what a good deal), adjusted semi-annually for inflation and/or any arbitrary amount selected by me, whichever is greater.
KIDDING ASIDE I would actually handle this situation legally and ethically: Save the proof I talked about a moment ago for my own protection, but not to bring down the company. Then, I go to the most in-charge people in the company and talk to them about the problem. Let them call the police, fire the guy, or do whatever they think is right. I save proof of these meetings (like, audio tape of talking to the big shots about it). If they fire me for bringing up the subject with them, or try to silence the issue without busting the asshole who is doing it, I then deem the company unethical and call the police, the media, and every customer this company has and tell everyone about it, getting the company busted big time for not only having tons of child porn on their boxes but also for trying to shut me up and discredit me. It'll be on O'Reilly faster than shit going through a tin horn.
Oh yeah... And either way, I'd get the biggest, baddest gangsters in town to kick the ass of whoever is looking at that material. It's immoral and unethical because it wastes bandwidth that should be used for transferring FreeBSD ISOs around instead. Want porn? Buy a magazine, asshole.
Re:Illegal things... (Score:1, Interesting)
Executive summary: Matters of law, should not be weighed against matters of corporate policy. It is the duty of the corporation to defer handling of these situation to the appropriate authorities.
you're obviously not an honest lawyer (Score:1, Interesting)
That's destruction of evidence, you're not allowed to be a party to that as an Officer of the Court (caps not accidental). Destroying the evidence does not undo the crime. And if you know your client is lying or has destroyed evidence, you MUST inform the court. You cannot stand by if a fraud is perpetrated upon the court.
This guy's termination is actionable, he needs to find a good lawyer, not a Democratic Party crook seeking to justify Bill Clinton's criminality. He can get big bucks from this, and should.
Re:Not so simple (Score:2, Interesting)
I've actually seen this. Some years ago, I was a police officer working on a sobriety checkpoint. Of course, the first thing we ask for is driver's license and registration. In this case, the kid didn't have one. But, he was also the only one in a car of four people who was sober.
I can't remember exactly what we did in this case, but I know for sure that we didn't even come close to throwing the book at him. The kid was trying to do the right thing. If memory serves, we held them at the checkpoint until a responsible driver could come get them.
Re:tell your boss and not the police.....?? (Score:3, Interesting)
To what extent is being put in to the position of being photographed in sexually explicit positions not molestation? The point is that some child is abused in this process and that downloading *and storing* this material is contributing to this abuse. If someone can *make money* by *sexually abusing childen* then that person needs to be put in prison for a long long time, IMO. If someone contributes to that trade, then that person needs some sort of criminal punishment, though maybe not to the same degree.
Now, whether digital representations should fall into the same category is a whole different question, and I have a different answer because I am afraid of how that could be a slippery slope with regard to censorship.
Re:Illegal things... (Score:5, Interesting)
It's as if I left my diary in a car that was in the shop, and all the mechanics started reading it. Except for computers, this is the norm rather than the exception. I don't want someone going through all my personal shit.
So the people that fired them made the right decision. The word is now out that giving your computer to these people will hold all your personal data up to scrutiny by complete strangers. So what if your wife picks it up, and they tell her about the (legal) porn hidden in an innocuous sounding directory? Or maybe they'll read about the financial plans of your company, because some important documents were on the PC?
The truth is that people doing repairs should make every attempt not to view even a smidgen of personal data on the PCs they repair. So this article makes their discovery sound like they couldn't help it. But why were they clicking around in random directories? Simply wondering, "Hmm, what's in this directory," is not nearly a good enough reason. A repairperson should know what directories are relevant to fixing the computer and which are not.
Now, of course, all of this is null and void if there was some telling "C:\ChildPorn" directory on the computer. But barring such obvious dumbassedness on the part of the person giving the computer for repair, the repair-persons' actions were clearly unethical, even if, in the end, they discovered another unethical action. Two wrongs don't make a right, remember.
Re:Only partly agree (Score:5, Interesting)
Then again, there are illegal things (like mp3's) and illegal things (like child porn) and they are not created equal.
Well, yes and no. I do expert witness testimony in criminal defense cases, many involving accusations of child pornography. The reality is that the feds view kiddie porn as an effortless conviction machine. Here's how it works:
If you have ANY porn on your hard disk whatsoever, they print it all up poster size and show it to a jury. After about the 450th pic of a thirty year old in pig tails, cheerleading outfit, or with shaven nether regions, technicalities such as legal age disappear from the minds of most jurors. It's easy to say to yourself, oh, kiddie porn - fry the bastard. It is quite another to consider the ramifications of having every image ever stored on any part of your system's hard drive (including deleted files, file slack, ram buffer slack, swapfile contents, etc.) and shown to 12 church ladies. And that's if the case even goes to trial. Most defense firms have no idea how to challenge electronic evidence, and often simpily do a plea bargain. In the cases I've dealt with, I have yet to see one instance of actual, real child pornography. Furthermore, of the computers I've worked on which were ever used to view pornography of any kind on the Internet, I've found enough of what passes for "evidence" these days to put the owner in prison.
Simple rules: if you like your money, don't download mp3s. If you like your freedom, don't surf porn. And don't participate in the 3 minutes hate. You may not know how finely the line is drawn beteween yourself and "those evil bastards".
Here's a though experiment (Score:2, Interesting)
I take pictures of myself when I'm 13 doing all sorts of sex acts.
I'm now 21.
1. Am I allowed to even keep the pictures I took of myself?
2. Can I sell copies of them?
3. What if I was making out with my twin. Could we have each other arrested for having a copy?
Re:It doesn't add up... (Score:4, Interesting)
But in this case it's different. The way you pose it, there is a dilemma between two choices:
Maybe in your world (1) is better, but I definitely prefer (2). Total loss of privacy is not something I'd sacrifice to stop child pornography, as noble as its eradication would be.
Maybe I'm attacking a straw man, but I don't think so. You speak as though any invasion of privacy is justified if it discovers something like child porn. But this is only known after the fact. So there are two choices: (a) snooping without discovery of child porn, or (b) snooping with discovery of child porn. The actor who snoops cannot know whether they are facing (a) or (b). And what they cannot know they cannot act on. And what they cannot act on they cannot be held morally responsible for--ought implies can. So by moral theory, these actions are by necessity equivalent. And, if in your mind, (b) is justified, then (a) must also be justified.
But (a) is not justified. No one has a right to invade my privacy without any reason to suspect me of wrong-doing. And if you think about it, you should come to the same conclusion.
Fired for doing what's right (Score:1, Interesting)
This issue takes place about 10 or 11 years ago, I worked for a hardware manufacturer, back in the early days of the internet. The company had wanted to put up a tech support BBS, I had experience with this, so they asked me to do it, but limited me to the software used, which was crap. Well, to cut it short, it was up for several months until it crashed and we lost user data.
I posted a small note from the Admin asking users to reenter their data and apologized for the inconvenience, which I believed to be the professional and right thing to do. A trade rag caught wind of it, and posted a little blurb about it. The company was a tape backup company and the article was felt by the company to have given them a black eye.
I was removed from the BBS project, put on probabtion, and then investigated, my desk rummaged through, my workstation examined, etc. Finding nothing, I was later interviewed for one thing or another by managers, then fired on trumped up and false charges of inappropriate behavior, tardiness (I was never late a day I worked there and up to that point had never taken a sick or personal day). I was hauled down to HR, shown a huge stack of pink slips (all without my signature or a note that I'd read them), and fired that day. Up until then my reviews had been perfect, my attendance at work had been reported as perfect, my knowledge level for the job was impecable, my skill was exemplary.
I spoke with a lawyer who told me at that time, there was nothing I could do, the company can produce all the evidence they wanted to prove their case, including providing dated and signed material which can be backdated, and I had nothing, no witnesses and no documentation to prove my case, I was advised to drop it and move on, so I did.
Personally, I believe what happened to these two people, I know from experience what companies will do in cases like this, and I know it's going to be a hard road ahead for them.
Re:what would be bad? (Score:1, Interesting)
Children will only have rights that are respected by western civilizations when they grab enough guns and revolt for those rights. The problem is, by the time most of them figure this out they're already adults.
Yeah, sure. (Score:4, Interesting)
But as criminally disturbing and emotional as this issue may be, the pending litigation has nothing to do with the professor. Employment of the technicians ended due to issues completely unrelated to this isolated incident, which will become clear as the case progresses through the legal system. Claims made by the plaintiffs cannot be taken at face value and should not be trumpeted as fact via media when they are based solely on unsubstantiated allegations.
Translation: Yeah, we fired them for that, but we didn't think they'd sue us. We'll just say we have evidence that will appear in court. We'll pull a tardy report from a few months ago, bam, permission to fire them. Never mind that the guy they told on was a golf buddy of mine and asked me to get rid of them as revenge.
Do corps do this kind of thing? You'd better believe it. I used to work for a utility as the network admin. They would come to me and ask for me to find "evidence" for them to fire someone. Usually all that took was a weblog or a copy of an email of them doing something against company policy. I hated doing it, but it would have been my job if I said no. The reason they tell you you are fired is never the real reason.
They told their boss, who reported it to the cops (Score:4, Interesting)
The company's article says that there are other things going on, which they can't talk about because there's a lawsuit pending. If that's not true, and they're really doing it because they're embarassed about it being reported to the police, then they should presumably have also fired the supervisor who reported it. Sounds like there are multiple sets of ugliness and stupidity going on here...
Re:Nothing at all (Score:1, Interesting)
you're a fucking dipshit asswipe stupidhead (Score:1, Interesting)
and you know that if that person worked for me, i'd fire his/her punk bitch ass.
Re:How about go through proper channels? (Score:3, Interesting)
For example, lets say you report it to your super and he/she reports it up the chain of command. Someone in that chain decides that the best way to handle the matter is to fire the guy and be done with it. So the guy is fired. A year later some father finds out from his little girl that a certain neighborhood man took pictures of her that day. Through a little proding they parents come to realize that this guy was taking child porn photos. They report it to the police. The police investigate. He's arrested and charged. During the investigation/trial his past child porn incidents comes out in public. "Why wasn't this reported to the police?" will be the question on everyone's mind. If the DA is bucking for re-election he may very well charge every single person that knew about the child porn at your institution with accessory to produce a sexual performance by a child. Now you're really SOL. Even worse, now that you and your co-workers in the chain of command have been identified you, them, and the institution can face civil charges from the family of that little girl (and any other family with a child he molested) for your failure to report the child pornography that could have prevented his futher sexual abuse.
To hell with the chain of command. The law is the law. Corporate policy does not supercede the law. You would be well-advised to remember that in case something like this ever happens to you.
Just what slashdot is all about (Score:3, Interesting)
So, if our P2P file sharing networks get shut down, kiddie pr0n won't be leached for free as much, kiddie pr0n syndicates will get more money, they will abuse more children, and the RIAA will be directly responsible for all of the young girls and boys lives ruined through that industry.
And to think.... most of us thought Microsoft got dirty money for selling information in sleazy ways.
P.s. this post was not a joke.... well blaming the RIAA for child pr0n was, but the rest was serious.
Different things I've seen. (Score:3, Interesting)
The personal approach. (Score:3, Interesting)
"I know that you have child porn on your computer. You cannot hide it. If I ever EVER find it again YOU SICK FUCK, your ass will be in jail and Bubba will use you as his child porn bitch."
Something tells me that would go a long way in solving the problem... At work at least.
My School does the following... (Score:2, Interesting)
Here's what we do:
We find $STUDENT to have images,movies,mp3s whatever on the server (P-90 running Novell 4, 9 GB HD- ancient as heck, but, being SCSI, works okay)
We then:
Lock their account (once or twice, we just gave 'read-only' permission- those were funny, we'd get a call saying '$STUDENT' can't save to their folder-says something about permissions? then we explain that $STUDENT did something they shouldn't have, and have been locked out. have them go see asst. principle for more info)
go talk to principle/assitant principle about it
for the 'Net, we have a Proxy server running. 'nuff said. logs it for IP and MAC addresses. we get calls from district office (where they have the time to sit and watch traffic go by) and walk in behind the kids some times. tap them on the shoulder, and drag them upstairs.
we do scan for large files (on our network, that means 500k or more, as each student *should* (should because Mac files don't show up as correct file size on Novell, long story) only have about 5-10 MB of stuff. we don't delete, we just lock down and report. we don't do anything until building administration decides what to do about student.
Re:Illegal things... (Score:2, Interesting)
Given that the tech saw the files, he did the right thing, but he also violated, or at least gave the appearance of having violated, the company's policy and hurt its business. It seems to me that the company can legitimately fire the tech in this case. (Of course, that would make it harder to hire good techs!)
This hypothetical example isn't necessarily relevant to the situation in the article. But it could be. Maybe the faculty at other schools will not want their school to hire this company because of what happened.
Re:Viewing kidde porn hurts nobody, leave it alone (Score:3, Interesting)
That's plain bullshit. Child porn laws were passed to prevent the sexual exploitation of children. 'Morphing', as you call it, creates fictitious porn in which no children were harmed in any way whatsoever.
Personally, I don't understand the mind that finds such things titillating. But I can clearly reason that fictitious porn harms no child, and therefore has no business being prosecuted under child porn laws - since no children were involved in the making of it.
So you might find it sick and twisted and perverted. That's nice, but no justification for a law when no harm is done. Fact is, I find religion sick, twisted and perverted in *any* form, but I don't go around demanding that laws be passed to prosecute the practitioners. So long as the religious perverts don't go about harming anyone, they can indulge in whatever sordid activities that they want, no matter how disturbing I find personally find them.
Max
Re:Viewing kidde porn hurts nobody, leave it alone (Score:3, Interesting)
I feel the same way about illegal substances. Nobody would get shot over drugs if you could go get them at the liquor store. The prohibition forces the culture to become make-or-break violent.
Also, you fail to address that at least some of the child porn out there is completely consentual and non-coerced. I remember when I was nine a female friend and I took 'child porn' polaroids of each other because it was fun and not-allowed. Is that sick or immoral? I don't think so, just a little weird.