Forgot your password?
typodupeerror
The Courts Government News

Blow the Whistle, Lose Your Job? 839

Posted by michael
from the are-you-moral-or-wise dept.
ccnull writes "You're a systems admin. On a routine PC repair, you discover a trove of child porn on an employee's PC. You call the cops. The employee pleads guilty and goes to jail. Then what do you do? You get fired. InformationWeek has an interesting expose on whistleblowers who lost their jobs, they say, because they publicly embarassed the company. The company has another version of the story. No matter what the reality is, at the center of this is a good question: If you discover illegal goodies on a machine, what should you do about it?"
This discussion has been archived. No new comments can be posted.

Blow the Whistle, Lose Your Job?

Comments Filter:
  • by r00tarded (553054) on Saturday May 17, 2003 @03:54PM (#5981317)
    you are a whistle tester.
  • Illegal things... (Score:5, Insightful)

    by NamShubCMX (595740) on Saturday May 17, 2003 @03:55PM (#5981324)
    I don't think I would tell about most "illegal" stuff I could find on a computer...

    But child porn... I'd tell for sure. Fire me if you will...

    • by pizzaman100 (588500) on Saturday May 17, 2003 @04:05PM (#5981406) Journal
      Exactly. If I found child porn, I would report it. If I found a screener of the Matrix Reloaded I would co.. nevermind. :)
    • by Soko (17987) on Saturday May 17, 2003 @04:15PM (#5981507) Homepage
      I agree with you whole heartedly.

      Though out of work at the moment, I have in the past drafted company policy regarding things of this nature.

      I always made sure that employees understood that the workstation they sat at was the property of the company and to be used for company related business only. I made certain they understood that they were not to use resources as though they were connecting via an ISP, (I helped many people connect to thier ISPs mail system in order to recieve personal messages - I'm not heartless, just professional) and that the company viewed activities of this nature very, very seriously. "Dismissal with cause" was used very often in the wording of the policy, and "seek Legal remedies" was used once or twice as well.

      Most people don't realise that even viewing questionalble content with company resources, (But I didn't "download" it, I just looked at it!!!) leaves the company open to legal issues ("Know what a proxy is Bob? How about your browsers cache, hmmmm?) since the file ends up on the comanies system somewhere.

      Executive summary: Things like this should be a matter of policy, and made known to each and every employee the day they're hired before they even touch a keyboard.

      Soko
      • by billstewart (78916) on Saturday May 17, 2003 @07:27PM (#5982684) Journal
        According to both articles, the two sysadmins reported the files to their supervisor, who reported it to the police. Sounds like they followed policy. The only uncertainty about that that I see in the article is that one of the sysadmins reported it to the other before they went to the supervisor, but depending on the work environment that's a pretty typical thing to expect.

        The company's article says that there are other things going on, which they can't talk about because there's a lawsuit pending. If that's not true, and they're really doing it because they're embarassed about it being reported to the police, then they should presumably have also fired the supervisor who reported it. Sounds like there are multiple sets of ugliness and stupidity going on here...

      • by wideBlueSkies (618979) on Saturday May 17, 2003 @08:46PM (#5983077) Journal
        >>Most people don't realise that even viewing questionalble content with company resources, (But I didn't "download" it, I just looked at it!!!) leaves the company open to legal issues ("Know what a proxy is Bob? How about your browsers cache, hmmmm?) since the file ends up on the comanies system somewhere.

        Which is exactly why I can't view a site like /. at work. Too many times, I run into profanity on these pages. It's a shame... it's tech related, and as such is justified surfing.

        Yet, I've been warned more than once(informally) because the sniffer on our proxy picks up nasty words pretty frequently. The compliance guys are even thinking about banning ./ permanently.

        The only reason I haven't been warned formally or canned is because it IS a tech relted site. But this excuse is getting old.

        So, hey guys, stop cursing around here. Please.

    • by Gojira Shipi-Taro (465802) on Saturday May 17, 2003 @04:17PM (#5981533) Homepage
      Precisely. Any company that would fire someone because such an act is "publically embarassing" should give some thought to

      A) how embarrassing it will be when the news outlets get ahold of the story of them FIRING an employee for doing the right thing. and

      B) what else the former employee might be able to embarrass them with once he's no longer employed and has a good reason to do as much damage to them as legally allowable.

      Unless they provide the whistle blower with a spectacular severance package tied to a no-blabbling agreement, they might as well lay off their PR department, because at that point the company's reputation is officially worthless.
      • Re:Illegal things... (Score:5, Interesting)

        by etymxris (121288) on Saturday May 17, 2003 @05:56PM (#5982137)
        Now the story makes it seem like their discovery was innocuous enough. But how many times do computer repair people snoop around where they should not? Yes, the person had vile, disgusting, and illegal content on his computer. But why did the repair person find this material? If I send a computer in for repair, I am not giving access for someone to look through all my personal shit.

        It's as if I left my diary in a car that was in the shop, and all the mechanics started reading it. Except for computers, this is the norm rather than the exception. I don't want someone going through all my personal shit.

        So the people that fired them made the right decision. The word is now out that giving your computer to these people will hold all your personal data up to scrutiny by complete strangers. So what if your wife picks it up, and they tell her about the (legal) porn hidden in an innocuous sounding directory? Or maybe they'll read about the financial plans of your company, because some important documents were on the PC?

        The truth is that people doing repairs should make every attempt not to view even a smidgen of personal data on the PCs they repair. So this article makes their discovery sound like they couldn't help it. But why were they clicking around in random directories? Simply wondering, "Hmm, what's in this directory," is not nearly a good enough reason. A repairperson should know what directories are relevant to fixing the computer and which are not.

        Now, of course, all of this is null and void if there was some telling "C:\ChildPorn" directory on the computer. But barring such obvious dumbassedness on the part of the person giving the computer for repair, the repair-persons' actions were clearly unethical, even if, in the end, they discovered another unethical action. Two wrongs don't make a right, remember.
        • by ColaMan (37550) on Saturday May 17, 2003 @06:27PM (#5982319) Homepage Journal
          Your analogy is still a little flawed.

          To try and fix your car analogy it's like getting your mechanics to swap your car with another, and while transferring your personal effects, they find a whole bunch of loose paper in the back of the car with child porn on it.

          Computer repair people often *need* to see everything.

          I'll give you a real-world example :
          Your PC stops working. I find that windows 98 is scrambled. I say, "Hmm ,better back everything up here before I toast it and start again" In the process of backing up, I notice that your 40GB drive is nearly full, but "C:\My Documents" only has 5MB of documents in it.
          I check "C:\program files" ... hmmm just office (and office is not *yet* 35GB). Where the hell is all this space going? I'd better find it, because If I blow away your 38GB of thesis data , you're going to be pissed.

          So, now I'm poking around your PC going "Where the hell does this guy store all his data?"

          So eventually I find your data, in C:\windows\options\cabs\Porn. While copying the files to a safe place, I see lots of "lolita" type filenames. What to do? If I've copied it to a spare drive of mine, whilst I erase and fix yours, *I've* got child porn on *my* drive now.
          What If there's a raid just after I finish reformatting your drive? "Honest Officer, It's *my* drive, but it's that guys data" is a hard one to pull off.
          • by Anonymous Coward
            You should be backing up *EVERYTHING* regardless, anyway.
            Then you just claim stupidity ... which is true. problem solved.

            There is no real reason to go snooping through other people's files

            This is just a lousy excuse so you get to copy other peoples porn.

            Don't snoop. 'Problem' solved.
        • by unixbob (523657)
          If you read the article it says that the support engineers were looking around the PC was twofold

          a) Ms. Perry's previous experience showed that virus's leave evidence of their existence on the system. The PC had come in with the end user suspecting it had a virus and the tech had had problems with getting virus software on there. It is inherently easier to fix a computer for an end user than to reinstall it and lose either data or custom settings which the user would find difficult to recreate.

          b) Th
  • "Goodies" (Score:5, Insightful)

    by Urthpaw (234210) on Saturday May 17, 2003 @03:56PM (#5981330) Homepage
    Since when is child porn "goodies"?
  • by Freston Youseff (628628) on Saturday May 17, 2003 @03:56PM (#5981334) Homepage Journal
    SUE FOR PROFIT
  • by A Proud American (657806) on Saturday May 17, 2003 @03:57PM (#5981341)
    ... I simply report them anonymously.

    That way, the perpetrator gets punished, I am left out of the deliberations, and everyone's happy.

    Just email the URL or IP address to the proper authorities (your boss, the police, etc.) from one of your anonymous email accounts and you're all set (use a proxy too).
    • If you report it anonymously, do you expect the cops to be able to act on the info? They're going to sieze a computer in order to obtain evidence, based on an anonymous tip? Surely you can see how this could be abused.

      Anonymous speech has no credibility.

  • Absolutely not. (Score:3, Insightful)

    by I Am The Owl (531076) on Saturday May 17, 2003 @03:57PM (#5981343) Homepage Journal
    If you discover that an employee has, say, anime on his machine, it is certainly not your business to go and report him. You are not the law, you have no moral authority, and you should therefore not be able to bring punishment down upon someone who has done you no wrong. Pure and simple.

    I know I would be very displeased if I found one of our system administrators playing "computer god" with our proprietary information. If he can't be trusted to keep the privacy of a coworker, then who's to say that he can keep the privacy of the company's trade secrets? He would be outta here in no time.

    • If you discover that an employee has, say, anime on his machine, it is certainly not your business to go and report him.

      If the company policy is that PCs are not for personal use and may not contain illegally-copied materials, I'm gonna tell them to clean up their act. If I find it a second time, you're goddam sure as hell I'm going to report it. Same with giant MP3 collections, P2P clients...none of it is appropriate in a work environment. You remind them they're violating policy, and if they keep it

    • Refactoring time:

      "If you discover that an employee has, say, severed limbs in his desk drawer, it is certainly not your business to go and report him. You are not the law, you have no moral authority, and you should therefore not be able to bring punishment down upon someone who has done you no wrong. After all, you still have all your limbs, so what harm is it to you? Pure and simple."

      "I know I would be very displeased if I found one of our system administrators playing "hall monitor" with our proprie
  • Well, DUH... (Score:3, Informative)

    by mcrbids (148650) on Saturday May 17, 2003 @03:58PM (#5981348) Journal
    An officer of a company is a representative of that company. While people are personally accountable for their actions on a criminal level, their actions are nonetheless that of the company, as well.

    Remember, a "company" doesn't exist. It's just an idea held by a group of people. Think of these people as your friends, because even if you don't like them, they are. They help provide for your welfare.

    Would you report your best friend's smoking weed? Would you report your father for voeyerism?

    Report this matter to your boss, and document (in writing) that you did so. Having effectively wiped your hands of the matter, enjoy your job.
  • by Bold Marauder (673130) <boldmarauder&gmail,com> on Saturday May 17, 2003 @03:58PM (#5981353) Homepage
    For each child in a single picture, how many more are hurt by it propagating along the internet and encouraging more abuse?

    I think that there should be a law to protect whistleblowers, and perhaps some form of federal insurance that the can draw from in the event that they are retaliated against.

    Whistleblowing, wether it is calling the cops on pedophiles in the workplace, or terrorists in your apartment building, is a critical tool of law enforcement. Sadly, too many privacy nuts would rather shelter pedos for the sake of being able to post anonymous crap on message boards...

    • by KrispyKringle (672903) on Saturday May 17, 2003 @04:21PM (#5981566)
      I'm more than a little curious how many people are wrongfully accused and seriously injured by whistleblowers vs. how many children are saved. No offense, but the argument that explicit media leads to further abuse or turns people into sex-crazed perverts is SO McCarthy-era.

      I would, of course, never defend kiddie-porn, but only because of the children harmed in the actual filming, not because it has some perverting effect on viewers. When Ashcroft wanted to charge those who possesed porn that was "simulated" kiddie porn, the Supreme Court (rightfully, in my opinion) struck it down. There are no thought crimes, and no laws prohibiting things which are explicit simply because they may (according to you; I would dispute the claim) have some sort of perverting effect on people. Extend that, and you end up with bans on explicit (non-kiddie) porn, explicit movies and television, and Mark Twain and J.D. Salinger.

      In comparison, quite a number of wrongful imprisonments spring to mind, especially when you comment on "terrorists in your apartment building." A Middle Eastern student (Jordanian, I believe) at NYU was arrested shortly after September 11 and held for a few months without a lawyer and only intermittent contact with his family because a hotel security guard claimed he had found a pilot's radio tranceiver in his room. It had, in fact, been found in the room beneath his, and he was completely exonerated of possessing a radio tranceiver (something that is not a crime, at least, not if you aren't Middle Eastern).

      Suspicion and accusations are not what we need to protect our safety, but they do aid in removing our liberties. Are we trying to merely defend our physical safety, or our society which embraces people without suspicions based solely on their accents on the sound of their last names? Some may be heroic whistleblowers, but others are just scared, suspicious fools.

  • by Snover (469130) on Saturday May 17, 2003 @03:59PM (#5981355) Homepage
    I'm not quite sure about this one. The story submitter says that these people were fired because they gave the company a bad light, but this wouldn't even be about the company, since they were being outsourced. It was a computer of a professor at New York Law School, not a computer of someone at Collegis.
    • Snover writes:

      The story submitter says that these people were fired because they gave the company a bad light, but this wouldn't even be about the company, since they were being outsourced.

      The way these things usually go is like this:

      Very Big Outsourcing Customer: "One of your employees embarrassed one of our employees publicly. This embarrasses us publicly. What are you going to do about it?"

      Small Outsourcing Provider: "We will fire that employee, as quickly as we think we can get away with it, o

  • by larry bagina (561269) on Saturday May 17, 2003 @03:59PM (#5981356) Journal
    Blackmail!

    The pervert doesn't know you'll both get fired for reporting it.

  • Not so simple (Score:5, Insightful)

    by davmoo (63521) on Saturday May 17, 2003 @04:07PM (#5981432)
    I've already noted several posts here that say words to the effect of "report it to the boss" and "its not your problem to call the law".

    Unfortunately, that is not always such a simple decision.

    In some states, and I'm sure many more will follow, it is the law that, should you find evidence of child abuse or child porn, YOU are guilty of a crime if YOU do not report it immediately to authorities.

    You may be an agent of the company, but you are also subject to the laws of the state you are working in.
    • Re:Not so simple (Score:4, Interesting)

      by Afrosheen (42464) on Saturday May 17, 2003 @04:13PM (#5981480)
      I believe you're right about being guilty for not reporting it.

      In Illinois and some states, if the cops pull you and your friends over after a night of drinking, they give everybody breathalyzer tests. If the least drunk guy is driving, they're happy. But, if you're in the car, the driver is drunker than you, then you get a ticket. Same goes for everyone else in the car.

      I know it's a stretch but it seems relevant to this thread for some vague reason. :)
  • by vastabo (530415) on Saturday May 17, 2003 @04:08PM (#5981440)
    look at the bottom of the page at that quote thingy:
    A child of five could understand this! Fetch me a child of five.

    Or maybe it's not that funny.

  • Nothing at all (Score:5, Insightful)

    by Eol1 (208982) on Saturday May 17, 2003 @04:13PM (#5981473) Homepage Journal
    I work government network security for a living. Part of the ethics instilled in us (along with federal regulations governing the position) is the broad understanding that we are here to protect the security of the network. We are not the porn police or any other type of legal official.

    We are legally bound NOT TO report anything even if discovered on a routine call, not our job. We are not legally authorized to invade your privacy. That is why they have policy with warrants. It is also a position I stand behind and advidly enforce on my more moral or do gooder juniors. Your users should trust you to do your job and FIX the computer / issue, not narc them out. Your job is NOT to enforce your morality or ideas of what the law is upon them.

    If you want to be a narc join a legal body and put your computer skills to use helping them. If just want to narc on your coworker because they don't fit in your ideas of morality, I have no sympathy for you or anybody like you. Losing your job should be the least of your worries, you should be hung from a tree.

    Everybody breaks the law including you. Do you really want to live in a society where the guy behind you on the freeway calls the police on you for doing 57 in a 55.

    Mind your own business and do you job unless your job is to bust folk.
    • Re:Nothing at all (Score:3, Informative)

      by ocbwilg (259828)
      I work government network security for a living. Part of the ethics instilled in us (along with federal regulations governing the position) is the broad understanding that we are here to protect the security of the network. We are not the porn police or any other type of legal official.

      But what you have utterly failed to comprehend here is the third word in your post. Government. Since you are working as an employee of a government agency then you are considerably more restricted in what you can and ca
  • In South Carolina (Score:3, Informative)

    by icewalker (462991) on Saturday May 17, 2003 @04:14PM (#5981495)
    I believe the SC Legislature recently passed a law [sc-lock.com] that requires an IT person to turn in another who may have Child Pornography on their computer. Not doing so would be illegal. For the company to fire the person afterwards would then open the company up to litigation. Basically, I'm between a rock and a rock! Time for a Career Change??

  • What should you do about it? What until the owner shows up for it, then beat the shit out of him.
  • by NetDanzr (619387) on Saturday May 17, 2003 @04:20PM (#5981553)
    ...who thinks that there wasn't something right with the whole story?

    Let's start from the beginning. We have a PC that has access problems and crashes, and the owner fears it's infected by a virus. The techie installs and uninstalls the antivirus software several times, in order to find the virus. Give me a break! All you need is to install Norton once, get the latest updates, and you'll catch 99.9% of existing viruses (the rest is so rare that it's very unlikely to infect a machine). Then you install AdAware, get the latest updates and look for spyware. If you still don't find anything, you do the usual defrag, diskscan and clean up the registry, and if it still gives you problems, you back up the Documents folder and reinstall everything. (Sorry if I missed a step, I have only my own 8 PCs that I take care of.)

    So all you have to do is to copy the Documents folder somewhere, if you feel like it, get the bookmarks and cookies folders as well, and that's about it. There is absolutely no reason for a techie to actually snoop around the folders.

    All that, assuming, that the company is a not so traditional computer outsourcing company. The computer outsourcing companies that I have worked with operate on a different principle. Your computer gets broken, and they replace it with an identical one. They warn you in big bold letters on the screen or the case that everything stored on the computer may be lost, which is why you should keep all your documents on your network server. In that case, there is even less reason to check the files in the Documents folder, because all you do is to wipe out the hard drive and do a clean install of everything.

    So suddenly we have two conflicting issues here. The techies have violated the customer's privacy, snooping around his Documents folder, but found child porn there, which is illegal (this kind of reporting to authorities reminds me painfully on my youth in Eastern Europe, but that's a different story). The employer is grateful in this case, but soon realizes that the techies could have very well gone through other people's private documents at will, with the only difference that they didn't find anything appaling enough to admit it.

    Looking at the story from this perspective, I am well aware that the techies did the right thing by reporting the customer. However, I am also well aware that the techies in this company routinelly check their customers' private documents, which is why I would not want to hire the company. This may be very well the reason why the techies got fired after all...

    • you back up the Documents folder and reinstall everything.

      IMO, that seems overly simplistic as there are lots of programs that don't keep data and configuration info in that directory. People don't necessarily try to keep stuff there either. I know Quicken 2002 keeps its accounting data in its program files directory by default(!). Backups are IMO clearly the responsibility of the owner but unfortunately they don't take kindly to a wipeage of data.

      You do have a point though, techs shouldn't be snoopin
  • by Col. Panic (90528) on Saturday May 17, 2003 @04:22PM (#5981580) Homepage Journal
    Except it wasn't child pr0n - it was gay pr0n and it was on the network. My partner was looking to clear space on the LAN and searched for .mov, .mpg, and .jpg's in the user directories and turned up over a 100 files - movies and pictures. We watched the beginning of one and saw it was, indeed, porno.

    So we told our boss, who told the guy's boss, and I thought he would be fired for sure, but he just got a letter of reprimand in his permanent file.

    Someone else in our company was discovered with child porn on their computer and it was leaked to the press. Huge black eye for the company. If the person who leaked it was discovered, they were probably fired for making the company look bad.

    The other thing about these idiots is they don't realize we backup the network at night. So our backup tapes have this stuff archived on them and if a subpoena is issued to get that data, the perp is screwed. Personally I think our guy was trying to get caught.
    • Me too (Score:3, Interesting)

      by the gnat (153162)
      This was back when I was a college student:

      Grad student was working on UNIX computer owned by professor, and noticed some weird files. Freaked out, he went to a sysadmin in the department. Sysadmin monitored network usage on the machine, noticed that files were being transferred back and forth between server and the prof's home computer (which was also on campus). Files turned out to be a shitload of kiddie porn. Sysadmin went to police.

      This was quite a large scandal at the time, aggravated by the fac
  • Do what's right (Score:3, Insightful)

    by pongo000 (97357) on Saturday May 17, 2003 @04:23PM (#5981584)
    In a previous life as an air traffic controller, I made the "mistake" of bringing up some serious safety issues involving less-than-stellar controllers which had the high potential of resulting in a loss of life. In a nutshell, I was relentlessly retailiated against by the tower chief and his cronies for making the chief "look bad," spent 44 days on suspension, and was fortunately able to negoatiate my resignation on favorable terms (taking down the tower chief and at least one of his suck-ups in the process). I never regretted my decision to expose these controllers for the weaklings that they were.

    What these two individuals did was right, and I applaud them. They deserve every dollar they can get from Collegis. Until you've been in a similar situation, you can't possibly pass judgement. There is simply no room in this world for pedophiles or weak air traffic controllers.
  • It doesn't add up... (Score:5, Interesting)

    by jdreed1024 (443938) on Saturday May 17, 2003 @04:31PM (#5981643)
    From the article:

    The next day, Perry gave the PC to Gross to back up, fearing it might crash and lose valuable data.

    In the process, according to the suit, Gross opened a folder titled "my music," within which was another folder, named "nime," then another, "nime2." It was here, Gross said in an interview, that he encountered the illicit content. "I didn't have to click on any files when I went into the folder," says Gross. "There were thumbnail images, so I was pretty much instantly exposed to that."

    If Gross hadn't opened those folders, he wouldn't have come across the offensive images in the first place. But Perry and Gross say it wasn't unusual for them to check the content of folders when troubleshooting; a large file, for example, can be an indication that a virus is at work.

    I don't buy this. Are they claiming that standard procedure for these folks, when looking for a virus, is not to boot with a known-good disk and run an up-to-date virus scanner, but rather to go through folders looking for large files which might "be an indication that a virus is at work"? If so, that's pretty crappy. Well, I have this huge file called PAGEFILE.SYS on my C:\ drive, I guess I have a virus (it's Windows' swap file, for those who use other OSes), right? Sigh.

    I also don't buy the "they were looking in the folder for files to backup" argument, either. That's not the way you do it. You use Windows backup, or a 3rd party utility, or a disk-imaging program (like Ghost for windows or DiskCopy for Mac) or you drag everything to a server for later restoration, or you use an external firewire/USB drive. You don't poke around for files and copy them one by one. Apart from being horribly inefficient, that would also kill the client's directory structure. For example, within my documents folders, I have subfolders for different classes, and for things like correspondance, and receipts, and the like. If some tech support company had to back up my stuff, and had copied the files one by one, instead of copying the entire tree, I'd be real pissed off.

    So I don't think that they quite came across the porn in the line of duty. I think they were looking around without any good reason. (Not that this makes child porn any less wrong, but it does cloud the issue of discovery and reporting)

    There is, of course, the other issue, which is that by default, newer versions of Windows use thumbnail view, which is unfortunate. If the prof had been using regular list view, and the techs had double-clicked the files, they wouldn't stand a chance of defending themselves. This raises the issue of just what exactly is "invading someone's privacy"? Even filenames can say a lot about someone. For example, if you see someone's desktop, and they have a bunch of files named "naked_teens_1.jpg" through "naked_teens_50.jpg", what are you going to think about them? What if the files were named "12_year_old_naked.jpg"? Does that change things? Suppose you wrote an editorial to your newspaper about how much you though Al Qaeda sucked. You named this file "al_qaeda_letter.txt". You take your PC in for service, and some tech sees it, and decides to report you to the FBI. (Not too far-fetched in this day and age). Are filenames public or private information? Sure, you can't prevent people from seeing filenames, but do they have the right to act upon them? (This applies to other issues, like when the RIAA found files with the name "usher" and "mp3" and assumed they were songs when they actually were some prof's lectures.)

    I work in tech support, and I find myself in lots of situations when I have access to users PCs. The general guideline where I work is to see as little as possible. For example, If I'm working on a PC, I try to stay at the root level as much as possible. When we need to backup a PC, we drag the entire directory tree to a USB drive (if its PC) or a FireWire drive (if it's a Mac), or a server if nei

    • Well, I have this huge file called PAGEFILE.SYS on my C:\ drive, I guess I have a virus (it's Windows' swap file, for those who use other OSes), right? Sigh.
      Yes, you do have a virus. Windows.
    • "Don't ask, don't tell" really is the best policy in this case.

      That's exactly what the filmmakers who make that sick crap want you to think. They don't want you to ask little Suzzie why she comes into school crying, and they dont' want her to tell you why either.

      Normally I would agree with you, but in the case of child porn, I don't. People who have it need help. The children in it need to be stopped from being forced to make it. If an employee spends all day in his office whacking off, I woudln't car

      • by WNight (23683) on Saturday May 17, 2003 @05:53PM (#5982116) Homepage
        What about the issue of most child pornography being legal somewhere else? Nobody is claiming that there are child-molestation rings cranking out kiddie rape videos. I don't doubt that there are a few, but surely 99%+ are simply Dutch porn where the age of consent is lower than 18.

        Hell, many of "our" porn sites proudly state "Only 18!". How is that not a crime for us, but a mortal crime for someone in a country where 19 is the age of consent?

        Videos/Pics that actually involve harm to a minor certainly deserve the witch-hunt mentality we see on here, but nobody is questioning the fact that this is probably only illegal because of an arbitrary limit being different between countries.
      • by etymxris (121288) on Saturday May 17, 2003 @06:23PM (#5982289)
        That's exactly what the filmmakers who make that sick crap want you to think. They don't want you to ask little Suzzie why she comes into school crying, and they dont' want her to tell you why either.
        While it is indeed noble to stop this immoral activity that happens in secret, we have to weigh this against the alternatives. And while you may think that stopping child porn is more important than anything else in the world, it isn't. What's more important? Life, for one. Freedom, for two. Privacy, for three. Now, any of these in their absolute will have negative consequences. Must you perserve the life of someone who is shooting at you? Must you preserve the freedom of one who takes it away from others (i.e., a kidnapper)? Must we protect the privacy of those that we already know to have done many illegal things in secret? The answer to all of these is "No". So there are limits on these things.

        But in this case it's different. The way you pose it, there is a dilemma between two choices:
        1. Strong privacy and a clandestine culture of child pornography.
        2. No privacy and the eradication of child pornography.

        Maybe in your world (1) is better, but I definitely prefer (2). Total loss of privacy is not something I'd sacrifice to stop child pornography, as noble as its eradication would be.

        Maybe I'm attacking a straw man, but I don't think so. You speak as though any invasion of privacy is justified if it discovers something like child porn. But this is only known after the fact. So there are two choices: (a) snooping without discovery of child porn, or (b) snooping with discovery of child porn. The actor who snoops cannot know whether they are facing (a) or (b). And what they cannot know they cannot act on. And what they cannot act on they cannot be held morally responsible for--ought implies can. So by moral theory, these actions are by necessity equivalent. And, if in your mind, (b) is justified, then (a) must also be justified.

        But (a) is not justified. No one has a right to invade my privacy without any reason to suspect me of wrong-doing. And if you think about it, you should come to the same conclusion.

  • by dk.r*nger (460754) on Saturday May 17, 2003 @04:31PM (#5981647)
    If a tech guy, justified or not, should discover that sort of sh%t, he should alert management, and give them a chance to handle the case and do damage control as they see fit..

    If managenment doesn't feel it needs to do anything, or the action doesn't match your moral standards, you don't wanna work there anyway - so go ahead and blow the whistle - anonymously or not.

    Working for M$ is selling your soul?! No, working for an employer that doesn't report child porn in order to protect marketing interests is selling your soul!
  • by pjh3000 (583652) on Saturday May 17, 2003 @04:36PM (#5981674)
    So now you can lose you're job for reporting people with child pornography, but get a freaking medal for reporting people with mp3's of the work of musicians that get caught with child pornography?
  • Turn a blind eye? (Score:3, Insightful)

    by cabalamat2 (227849) on Saturday May 17, 2003 @04:38PM (#5981688) Homepage Journal

    From a point of view of avoiding personal hassle to oneself, it might be best to pretend one has seen nothing, in situations where that is plausible.

    I really don't see how it is possible for an employee to get out of the situation of being sacked for one reason, if the company says the reason is another -- since the employee cannot prove why they are really being sacked.

  • by CaptainFrito (599630) on Saturday May 17, 2003 @04:39PM (#5981691)
    I reported rampant software piracy to our CEO and board member and got fired within hours. This happened in January. Now I sense that I'm blacklisted.
  • by tmark (230091) on Saturday May 17, 2003 @04:45PM (#5981726)
    You work for the company. You should at least consider the company's interests. Having the cops investigate could expose the company to considerable costs if the cops have to shut down the network or look around for other illegal files, which they may well have cause to, since all they (and you) really know is illegal material is stored on a company computer - which for all you know was put there by some disgruntled employee or admin at the office.

    The right thing to do is report it to your manager. Presumably they will bring it to the attention of the authorities, and if they don't, well THEN you consider going to the cops yourself.

    Why is whistleblowing so sanctified when it's on the part of the little guy ? Would we automatically want companies notifying the cops if a drug test showed we had (say) coke in our system ? Should we expect our neighbours to call the RIAA if they have evidence that you're sharing files illegally ?
  • by Ryu2 (89645) on Saturday May 17, 2003 @04:46PM (#5981731) Homepage Journal
    In California, and most if not all other states, certain professions who come in contact with children are required by law to report suspected child abuse, which porn would certainly qualify as. These professions include the obvious (doctors, police, teachers, etc.) and not so obvious (photo processors).


    Why shouldn't a computer support person have similar protection under the law, especially in this day and age, where so much of the porn is in digital form?

    • Because "Child Pornography" as demonized by the FBI probably shouldn't be a crime. As far as I've ever heard, it's all 16-year olds from Amsterdam doing what are 18-year olds are allowed to do.

      It's stupid escalation of terminology. Now everything is terrorism, even if it's what would have been called Assault with a Deadly Weapon a few years back. Ditto with kiddy porn. A few years ago the term would have meant 12yo or under, and rape. Now it seems to be used for anything where anyone is under the age of co
  • Non-discolsure? (Score:3, Interesting)

    by zakezuke (229119) on Saturday May 17, 2003 @04:48PM (#5981745)
    While I would agree that the person was in the right calling the cops, but it opens up a can of worms as far as trust between IT professionals and companies that they contract to.

    People generaly want to protect their privacy, even in cases where a person who did what I'd consider to be the honest, moral, and legal thing, businesses don't tend to hire people who phone the cops on clients, right or wrong. Business if full of shady dealings, even how profit margin businesses like resturants and their dealings with local health inspectors.

    This is sad but true.

    What comes to mind, typical non-discolsure agreements prohibit you from discussing what you see in the workplace. Sadly, violating that even in this case tends to get you fired.

    Personaly I feel there should indeed be a law protecting wistle blowers, but until then, do it ANONYMOUSLY.... like in this case, burn the CD of the offending material, and send to the FBI, or better yet, setup a simple script to e-mail the images on a time delay.

  • Tell HR (Score:4, Informative)

    by ces (119879) <christopher...stefan#gmail...com> on Saturday May 17, 2003 @04:50PM (#5981757) Homepage Journal
    If you discover illegal goodies on a machine, what should you do about it?

    The policy at my employer is for us to tell our boss who then tells the VP HR.

    In every case I know of the employee was fired and in one case where child porn was found the employee was arrested on the spot.

    The right call at most companies is to punt the situation to HR and let them deal with it.
  • by dszd0g (127522) on Saturday May 17, 2003 @04:56PM (#5981787) Homepage
    They reported it to their supervisor. Then the company has the ability to handle it how they like.

    I don't see why anyone should get in trouble for reporting an illegal activity going on at work to their supervisor. I could understand if the employees directly went to the police or media and not giving the company the ability to handle it.

    Maybe I've had the experience of working at better companies. A coworker and I had the wonderful experience of walking into work late one night and all the lights were off and one of the employees was sitting at a computer... well you get the idea. I reported it to my boss and the employee was fired the next day. Their were logs that verified what was going on. Some things just aren't appropriate at work.

    As a system administrator, I always make sure that their is a message drawn up by the legal department that we may discover things in the normal duties of our job. I have never poked around people's stuff. But I have had to go into people's home directories to fix things for them (my general policy is I don't touch your home directory unless you ask me to). However, I do go through system logs occasionally. If something turns up in system logs that shouldn't be there, I will report it to my boss.

    One company I worked for had a policy that we were to ignore any porn found. That was fine with me, it's their decision. This was done after management decided to crack down on it, and it was found that the largest downloaders of porn were some of the vice presidents. After those results, the policy was quickly put in place.
  • What I do currently (Score:3, Interesting)

    by Archfeld (6757) * <treboreel@live.com> on Saturday May 17, 2003 @04:59PM (#5981812) Journal
    JUST DELETE IT, no notice, no complaints, no information. I've been a systems admin for 10 years in one form or another and I've NEVER had backlash from deleting inappropriate content, but then I've never reported anyone either...

    Let the user complain someone removed their MP3's or pr0n. Just let them compain...*signed* BoFH
  • by rice_burners_suck (243660) on Saturday May 17, 2003 @05:01PM (#5981826)
    "You're a systems admin. On a routine PC repair, you discover a trove of child porn on an employee's PC..."

    I save proof of the offending material, along with the IPs from which it was obtained, etc., such that I could prove it in court. At that point, I go to the CEO and demand weekly "protection" payments to commence immediately in the amount of US$2,000.00 (what a good deal), adjusted semi-annually for inflation and/or any arbitrary amount selected by me, whichever is greater.

    • If someone talks about the blackmail, I produce proof of the offending material, say that the company forced me to accept blackmail payments in exchange for shutting up, and bring down the whole company.
    • If they refuse to pay, I produce proof of the offending material, say that the company forced me to accept blackmail payments in exchange for shutting up, but that I recently decided to stop accepting payments and to "do the right thing" and bring down the whole company.
    • If they talk about the porn, I produce proof of the offending material, say that I tried to talk but was silenced because the company wanted to discredit me, that they forced me to accept blackmail payments in exchange for shutting up, and that I am coming forward to prevent further wrongdoing from taking place in the organization, and, obviously, bring down the whole company.
    • If they do nothing at all, I happily receive all kinds of money.

    KIDDING ASIDE I would actually handle this situation legally and ethically: Save the proof I talked about a moment ago for my own protection, but not to bring down the company. Then, I go to the most in-charge people in the company and talk to them about the problem. Let them call the police, fire the guy, or do whatever they think is right. I save proof of these meetings (like, audio tape of talking to the big shots about it). If they fire me for bringing up the subject with them, or try to silence the issue without busting the asshole who is doing it, I then deem the company unethical and call the police, the media, and every customer this company has and tell everyone about it, getting the company busted big time for not only having tons of child porn on their boxes but also for trying to shut me up and discredit me. It'll be on O'Reilly faster than shit going through a tin horn.

    Oh yeah... And either way, I'd get the biggest, baddest gangsters in town to kick the ass of whoever is looking at that material. It's immoral and unethical because it wastes bandwidth that should be used for transferring FreeBSD ISOs around instead. Want porn? Buy a magazine, asshole.

  • by fname (199759) on Saturday May 17, 2003 @05:32PM (#5981993) Journal
    I read both articles. The whiny tone of Collegis' response cannot be missed. They acknowledge that they refused to talk about the case, then attack the newspaper for running the story without trying to tell both sides of it? Ridiculous. If the media worked this way, anytime some sleezebag wanted to keep a story out of the news, all they have to do is refuse to talk?
  • Yeah, sure. (Score:4, Interesting)

    by Saint Mitchell (144618) on Saturday May 17, 2003 @07:06PM (#5982565)
    My favorite part of the article:

    But as criminally disturbing and emotional as this issue may be, the pending litigation has nothing to do with the professor. Employment of the technicians ended due to issues completely unrelated to this isolated incident, which will become clear as the case progresses through the legal system. Claims made by the plaintiffs cannot be taken at face value and should not be trumpeted as fact via media when they are based solely on unsubstantiated allegations.

    Translation: Yeah, we fired them for that, but we didn't think they'd sue us. We'll just say we have evidence that will appear in court. We'll pull a tardy report from a few months ago, bam, permission to fire them. Never mind that the guy they told on was a golf buddy of mine and asked me to get rid of them as revenge.

    Do corps do this kind of thing? You'd better believe it. I used to work for a utility as the network admin. They would come to me and ask for me to find "evidence" for them to fire someone. Usually all that took was a weblog or a copy of an email of them doing something against company policy. I hated doing it, but it would have been my job if I said no. The reason they tell you you are fired is never the real reason.
  • Whistleblowing 101 (Score:4, Insightful)

    by stanwirth (621074) on Saturday May 17, 2003 @09:05PM (#5983153)

    If you've stumbled across evidence of substantial and systematic bilking, theft, fraud, etc. in a corporate database on an utterly massive scale... remember, fish rots from the head down. Going up your chain of command is what you have to do, but do expect severe and immediate retaliation.

    Just them knowing that you know what they've been up to, by your routine data QA, is enough to cause sudden complaints about your "behaviour." Remember, it takes two to tango, but only one to squirm . Their complaints are evidence that they're starting to squirm. You need a plan now.

    When the going gets tough, the tough take notes . Keep copies of things. You you are going to need a well-planned and pre-established "exit strategy", because you will be punished for doing the right thing.

    While "Retaliation for Opposition to An Unlawful Practice" is illegal, it will take you 3-5 years to prosecute your retaliation case, while also giving testimony in the civil and criminal cases the FBI or Serious Fraud Office is going to be bringing against them. You are going to need one heck of a safety net.

    So your order of business is:

    1. Detect Evidence
    2. Discuss with Spouse, Family, Religious Leaders
    3. Document Evidence
    4. Find out whose the best lawyer in the State, if not the Land for handling your case
    5. Copy Evidence,place under lock and key
    6. Find another job, sell excess assets, cash in annuities
    7. Report Evidence up Chain of Command
    8. Enjoy Watching them Squirm!
    9. Resign at the worst possible time for them
    10. Provide Your Evidence to The Authorities
    11. Going to the Press is a last resort
    You have to discuss this with your spouse and grown children as soon as you even have suspicions, so that you can plan your exit strategy together. They have to understand that you all might be a lot happier in the Peace Corps or setting up wireless networks in Africa, or living on a high-school teachers' salary or grad student stipend. If you belong to a church, mosque or synagogue, discuss it with your pastor, priest, imam, rabbi-- because, God help you, you will need serious moral support when the poo hits the ventillation system.

    When you must report criminal wrongdoing expect to get canned--for "other reasons" of course. You will be surprised at how lame a case they'll be willing to make for those "other reasons." So will the judge.

    Child pornography is criminal wrongdoing. Bilking legitimate shareholders of millions of dollars a month is criminal wrongdoing. A utility defrauding half a nation to the point that its factories are closing, [nzherald.co.nz] its schools are cold and dark, and its hospitals have to turn away sick children [nzherald.co.nz] is criminal wrongdoing.

"A great many people think they are thinking when they are merely rearranging their prejudices." -- William James

Working...