Slashdot Mirror
Blow the Whistle, Lose Your Job?
ccnull writes "You're a systems admin. On a routine PC repair, you discover a trove of child porn on an employee's PC. You call the cops. The employee pleads guilty and goes to jail. Then what do you do? You get fired. InformationWeek has an interesting expose on whistleblowers who lost their jobs, they say, because they publicly embarassed the company. The company has another version of the story. No matter what the reality is, at the center of this is a good question: If you discover illegal goodies on a machine, what should you do about it?"
But child porn... I'd tell for sure. Fire me if you will...
We've always been at war with Eurasia.
When you're at work you're acting as an agent of your employer. You should always go through your proper chain of command until the situation is resolved. The last step in the chain being law enforcement.
Only an idiot would get all high and mighty, and call the police right away. He deserved to be fired.
Tell your boss and let the company deal with it. Don't embarrass yourself and your employer all in one go. Sheesh, this is worthy of a front page story?
... I simply report them anonymously.
That way, the perpetrator gets punished, I am left out of the deliberations, and everyone's happy.
Just email the URL or IP address to the proper authorities (your boss, the police, etc.) from one of your anonymous email accounts and you're all set (use a proxy too).
See No Evil, Listen No Evil, Say No Evil, and keep the job.
Actually, the companies who fire whistle blowers really do have something to hide, which also shows that they are untrustworthy with their business pratices.
Please direct all bug reports to
I know I would be very displeased if I found one of our system administrators playing "computer god" with our proprietary information. If he can't be trusted to keep the privacy of a coworker, then who's to say that he can keep the privacy of the company's trade secrets? He would be outta here in no time.
--sdem
For each child in a single picture, how many more are hurt by it propagating along the internet and encouraging more abuse?
I think that there should be a law to protect whistleblowers, and perhaps some form of federal insurance that the can draw from in the event that they are retaliated against.
Whistleblowing, wether it is calling the cops on pedophiles in the workplace, or terrorists in your apartment building, is a critical tool of law enforcement. Sadly, too many privacy nuts would rather shelter pedos for the sake of being able to post anonymous crap on message boards...
Advise him to erase it, or at least encrypt it and transfer it to his home computer.
So, are you unaware that his downloading said porn in the first place is financially and morally supporting the sites he got it from, whom in turn finance people who sexually molest their children?
Or are you simply condoning child abuse?
I've already noted several posts here that say words to the effect of "report it to the boss" and "its not your problem to call the law".
Unfortunately, that is not always such a simple decision.
In some states, and I'm sure many more will follow, it is the law that, should you find evidence of child abuse or child porn, YOU are guilty of a crime if YOU do not report it immediately to authorities.
You may be an agent of the company, but you are also subject to the laws of the state you are working in.
I want a new quote. One that won't spill. One that don't cost too much. Or come in a pill.
I work government network security for a living. Part of the ethics instilled in us (along with federal regulations governing the position) is the broad understanding that we are here to protect the security of the network. We are not the porn police or any other type of legal official.
We are legally bound NOT TO report anything even if discovered on a routine call, not our job. We are not legally authorized to invade your privacy. That is why they have policy with warrants. It is also a position I stand behind and advidly enforce on my more moral or do gooder juniors. Your users should trust you to do your job and FIX the computer / issue, not narc them out. Your job is NOT to enforce your morality or ideas of what the law is upon them.
If you want to be a narc join a legal body and put your computer skills to use helping them. If just want to narc on your coworker because they don't fit in your ideas of morality, I have no sympathy for you or anybody like you. Losing your job should be the least of your worries, you should be hung from a tree.
Everybody breaks the law including you. Do you really want to live in a society where the guy behind you on the freeway calls the police on you for doing 57 in a 55.
Mind your own business and do you job unless your job is to bust folk.
De Oppresso Liber
You should call the police. Tells the boss that you're going to call the police, don't let him (or her) talk you out of it. In the long run you might lose your job, but you'll know that you did the right thing. You very easily end up thinking about whether or not you did the right thing or knowing that the person who commited the crime didn't get the appropriate punishment.
A clean conscience is more important than the best paying job in the world.
Some people have this attitude towards porn, but usually, it's because they haven't seen the right kind yet.
Just wait until you get married and you're down to one night every week. You'll go hunt down some dvds you and the wife can 'enjoy together'. Believe it or not, the right kind of porn makes women very excited.
Are we becoming good little nazis who spy on each other and use punishment and revenge as the first resort?
"Only in their dreams can men truly be free 'twas always thus, and always thus will be."
--Tom Schulman
I completely understand what you are saying about the "proper channels".
I worked at particularly large American semiconductor manufacturer for many years.
They have their own fire response team.
If there's a fire on the site, screw the city fire department -- you're supposed to call security.
The company says that the city fire department is unfamiliar with the chemicals and equipment that they're liable to encounter. On the other hand, they have been chastised by the city police department and fire department on more than one occassion because they unnecessarily risked human safety by trying to handle their problems themselves, allowing them to spiraled out of control.
In the end, the company was frequently unable to handle these situations.
Now, here is why I'm very, very skeptical of your suggestion...
Corporations are legal entities in the eyes of the law, sure, but they have no morals. They didn't "grow up"... they are chartered by suits, snapping into life in one afternoon. Unlike real people, their first and only priority in life is financial.
I don't know you. Our parents didn't know each other. I grew up and live in Texas and I have no idea where you live. Still, I'll bet that you and I would probably agree on the "right thing to do" in 99% of the moral delimmas that we encounter, even though everything in the equation is subjective.
That's amazing to me, but it's a testiment to how societies function to keep order.
And how about corporations? Who "raised" them and what are their motives?
The real purpose of a company's "proper channels" is to mitigate their legal liabilities, that's all.
Go find a corporate lawyer and ask. They'll set you straight on this.
An employee discovering illegal porn on a computer or illegal anything is in a tough position: report it to you employer and the problem will magically go away or report it to the proper authorities and get fired because you violated some legal agreement you signed with them (under duress) the year before.
Employees caught in this situation are not fools; they're just unfortunate bastards.
--Richard
Everybody knows that as soon as you place yourself at the scene of a crime, you become a suspect. My friends and I learned this when we called the police after seeing some kids set fire to a pallet of cardboard boxes behind a Wal-Mart. Guess who got grilled the hardest? Yup.
You see something wrong? I'll tell you what you do. Walk away. It's either that, or get yourself involved and substantially raise the chances that something negative will happen to you.
In this case, the chain of command is trumped by the law. The police is the first line in the chain of command because a crime was commited. Any idiot who is advocating the chain of command in this case is advocating a coverup. Alot of time, corporations use the chain of command as a technique to cover the asses of the people higher up. If an employee sees a crime or fraud, call the cops or FBI. If more people did that in Enron and Worldcom, it would have saved alot of people their pension money. The chain of command is not law. The law enacted by legislature and congress is the law and is supreme to any coverup mechanisms that corporations are advocating.
If the company policy is that PCs are not for personal use and may not contain illegally-copied materials, I'm gonna tell them to clean up their act. If I find it a second time, you're goddam sure as hell I'm going to report it. Same with giant MP3 collections, P2P clients...none of it is appropriate in a work environment. You remind them they're violating policy, and if they keep it up, you let the appropriate folks know the facts. Seriously, what planet are you on?
I see this all the time with users- they think that because they USE the PC, it is THEIR PC, and they have the right to do whatever the hell they want to with it...
Please help metamoderate.
I'm going to hold in my opinions about using net filtering software at all, and just say this. How the heck do you know he didn't ssh into his home computer and download it from there? Or go to an ftp site? Or download the thing using any method that doesn't use a browser, thus bypassing the net filter?
Not to mention the guy getting caught was a professor...I'm willing to bet he had admin rights to his computer, and could disable all sorts of net filtering software
Warning: Opinions known to be heavily biased.
If a tech guy, justified or not, should discover that sort of sh%t, he should alert management, and give them a chance to handle the case and do damage control as they see fit..
If managenment doesn't feel it needs to do anything, or the action doesn't match your moral standards, you don't wanna work there anyway - so go ahead and blow the whistle - anonymously or not.
Working for M$ is selling your soul?! No, working for an employer that doesn't report child porn in order to protect marketing interests is selling your soul!
So now you can lose you're job for reporting people with child pornography, but get a freaking medal for reporting people with mp3's of the work of musicians that get caught with child pornography?
I've always found it boring, cheezy, and fairly degrading toward women.
Yeah you're more for the child porn, eh?
Interesting that you give your take on porn: Apparently you go hunning just to sit back and go "boring!", "cheezy!", etc.
Sexuality, and the desire for the female body, is genetically coded into most males. That is a simple REALITY. Either you're a eunich, or a total bullshitter (people who spout your sort of bullshit are usually the ones sodomizing the young kids at boyscouts). Men who have girlfriends, wives, or harems still enjoy the occasional bit of pornography. As far as the PATHETIC "degrading toward women" attempt at Bleeding Heartism, realize that they're capitalists taking advantage of an asset. Calling it degrading is akin to feeling sorry that poor actors are being paid millions to read a couple of lines and feign tears.
From a point of view of avoiding personal hassle to oneself, it might be best to pretend one has seen nothing, in situations where that is plausible.
I really don't see how it is possible for an employee to get out of the situation of being sacked for one reason, if the company says the reason is another -- since the employee cannot prove why they are really being sacked.
You work for the company. You should at least consider the company's interests. Having the cops investigate could expose the company to considerable costs if the cops have to shut down the network or look around for other illegal files, which they may well have cause to, since all they (and you) really know is illegal material is stored on a company computer - which for all you know was put there by some disgruntled employee or admin at the office.
The right thing to do is report it to your manager. Presumably they will bring it to the attention of the authorities, and if they don't, well THEN you consider going to the cops yourself.
Why is whistleblowing so sanctified when it's on the part of the little guy ? Would we automatically want companies notifying the cops if a drug test showed we had (say) coke in our system ? Should we expect our neighbours to call the RIAA if they have evidence that you're sharing files illegally ?
The problem with the other option - covering it up - could be that some children would continue to be abused.
How does having JPEGs on a computer equate to child abuse? I'm sure many of us have seen the pictures of the death camps with corpses stacked like cordwood, but that doesn't mean we go out and exterminate Jews. A couple of decades ago, there was a problem with so-called "snuff flicks" which showed the actual torture and murder of people (usually young women). I can't imagine anything worse than that, but people weren't put in jail for viewing those tapes.
This is like the laws against drug use. They really don't do anything except give warm fuzzies to the people who stand up and beat their breasts to show their concern. I don't use or advocate drug use or viewing child porn, but I don't want my tax dollars wasted on the pursuit and incarceration of perpetrators of victimless crimes.
Just out of curiosity, how many children do you think were protected from abuse by imprisoning the professor?
"The legitimate powers of government extend only to such acts as are injurious to others." Thomas Jefferson.
Well without seeing exactly what pictures these techs saw, one can't say for sure, but I think 99% of 'kiddie porn' accusations are nonsense. They don't involve, say, someone kidnapping 5 year olds and photographing their rape and torture. Now, if this professor was actually doing that, then I'd have no problem throwing the switch on him. But something tells me that's exceedingly unlikely.
Usually what's involved is someone that didn't produce the pictures, has no way to know their provenence and in no way contributed to their making, and the pictures in question are perhaps shots of 16 year old girls on nude beaches and the like. 16 years is the age of consent in a lot of countries you know. In the US it was formerly 12, in fact if memory serves 11 in one state. And there's no way to tell what age a model was in most cases anyway - is that a 16 year old, or an 18? Without knowing the provenence of the pictures and having records to prove the ages of those involved, it's simple conjecture, hiding behind outrage to avoid proving anything.
Frankly, in the absence of evidence of some real wrongdoing (kidnapping, torture, whatnot) I'm extremely skeptical of the notion of simply possessing digital image files being a crime. I'm extremely skeptical, also, of a tech that would make a stink because he saw some naughty pictures on a professors machine. Like I said, without having been there and knowing all the details, I'll have to withold judgement, but it sure sounds to me like a couple of people that have proven themselves untrustworthy by their actions, caused a basically innocent man a hell of a lot of trouble, and deserve a lot worse than they're getting.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
Problem is that this is not the employee's computer, it is the _company's_ computer. Most large companies do have an acceptable use policy, and most also have policies that employees will not use company computers to commit crimes.
Unfortunately, once techie noticed the kiddie porn, he was in a "damned if he does, damned if he doesnt" position. He had three choices. He could go to the cops like he did and face being fired for exposing the company to embarrasment. He could have kept his mouth shut. However, that might make him legally liable for covering up the fact there was child porn in his company's computers. He could have went to his boss and let the company deal with it. However if he had done this and the company decided to sweep it under the rug, he'd once again be legally liable for not reporting the pr0n to the authorities.
I would personally hate to be the sysadmin and discover kiddie porn on a computer in my network,
however if if the IT department is theoritically in charge of enforicing a company's acceptable use policy, I see nothing wrong with them inspecting the hard drives of company computers periodically for abuses of said policy.
MP3s and stuff might deserve a reprimand (and deletion) if found, but child pornography is a whole different ballpark entirely.
Really, what is the bigger mess? Reporting it as soon as its found, turning over the pervert to the authorities and showing that most of your company is responsible and wont stand for this sort of thing OR not reporting it, having it discovered later by authorities, and then having your whole company be accused of harboring pedophiles?
"You spoony bard!" -Tellah
I wouldn't put this to the "nazi" test. First off, it is our duty as humans to keep predators away from those that cannot defend themselves. In this case, kids. I can't say whether looking at child pornography causes one to molest, but common sense would say it wouldn't deter it.
I agree the guy needs help. But, if you think the shrink can make it all better (all the time), then you need a little more reality. For child pornography or murder, the coppers were the right path.
I am sure the court will give him a fair shake and you can rest easier knowing this. Look at old Pete... who knows if his story was real. And, if this turns out like you want, perhaps the professor could move to your neighborhood and babysit your kids (when you do have kids). Any problems? Call a shrink, they work magic.
Just do your job, ignore the kiddie porn, and get on with your life.
Ignore the kiddie porn? Ignore clear evidence of a felony?
What if you recognized one of the children in the photos? What if you (accidentally or otherwise) ran across a photograph of your neighbor's child, your niece or nephew, your son or daughter, being sexually abused? Would you just ignore it and get on with your life? If not, why would it make any difference if the children in the photographs are strangers?
Ok, maybe you don't think child pornography should be a crime. What if you ran across photographs that provided evidence of bank robberies? Murder? Rape?
!!!NUKE ALL ARABS GO AMERICA!!!
Oh, I see. You're an idiot.
That's exactly what the filmmakers who make that sick crap want you to think. They don't want you to ask little Suzzie why she comes into school crying, and they dont' want her to tell you why either.
Normally I would agree with you, but in the case of child porn, I don't. People who have it need help. The children in it need to be stopped from being forced to make it. If an employee spends all day in his office whacking off, I woudln't care, as long as he was getting his work done. But if he was bringing on stuff that directly harmed children, then I would have sonething to say about it.
Ok, fair enough. If the kids in the kiddie porn were his own kids, or there was some other evidence that he had taken the pictures himself (they were taken in his house, for instance), then I would agree that one should get the police involved immediately. But if he just downloaded some stuff off the net, I think the correct response is just tell him to delete it from the office computer and do his jerking off at home!
Really, do we have to make a federal case out of everything?
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
How the hell do you know that this guy didn't run, say, Freenet? There are ways. How do you know he didn't use a CGIproxy over HTTPS? There are plenty available. Really, installing web filtering software is like seeing a bunch of barrels of apples, noticing that there is one rotten apple, tossing out the whole barrel, then declaring that you've gotten rid of all the rotten apples.
Contraband MP3s/movies are one thing - child pornography is something completely different.
Backup not found: (A)bort (R)etry (P)anic
I read both articles. The whiny tone of Collegis' response cannot be missed. They acknowledge that they refused to talk about the case, then attack the newspaper for running the story without trying to tell both sides of it? Ridiculous. If the media worked this way, anytime some sleezebag wanted to keep a story out of the news, all they have to do is refuse to talk?
What if it is the boss's computer?
Go to HR. Talk to them about what you found. Give them a heads up and that you may have to involve law enforcement, but want to give the company time to put together a coordinated response.
LedgerSMB: Open source Accounting/ERP
I think the correct response is just tell him to delete it from the office computer and do his jerking off at home!
Except then he continues to be a consumer of child pornography, thus he continues to pay for it, and someone else (an even bigger sicko) continues to get paid to exploit children in disgusting ways.
my pet machine
What about the issue of most child pornography being legal somewhere else? Nobody is claiming that there are child-molestation rings cranking out kiddie rape videos. I don't doubt that there are a few, but surely 99%+ are simply Dutch porn where the age of consent is lower than 18.
Hell, many of "our" porn sites proudly state "Only 18!". How is that not a crime for us, but a mortal crime for someone in a country where 19 is the age of consent?
Videos/Pics that actually involve harm to a minor certainly deserve the witch-hunt mentality we see on here, but nobody is questioning the fact that this is probably only illegal because of an arbitrary limit being different between countries.
Because "Child Pornography" as demonized by the FBI probably shouldn't be a crime. As far as I've ever heard, it's all 16-year olds from Amsterdam doing what are 18-year olds are allowed to do.
It's stupid escalation of terminology. Now everything is terrorism, even if it's what would have been called Assault with a Deadly Weapon a few years back. Ditto with kiddy porn. A few years ago the term would have meant 12yo or under, and rape. Now it seems to be used for anything where anyone is under the age of consent in any country. I'm not ready to condone locking people up for watching dutch porno. I want more details before I grab the pitch-fork.
Really it depends on what kind of child porn we are talking about. Belive it or not there is more than one kind:
Type A) A lewd picture of an 8 year old usually engaged in some sexual activity or pose. This is the kind that 99.9% of us can agree is bad/wrong/whatever.
Type B) Two 16 or 17 year olds boffing eachother in some European country where said boffing and the publication thereof is legal.... All until it's on your harddrive in America, where pictures of nude minors is a crime. I, personally, don't have a problem with this kind of 'child porn.'
Type C) Virtual child porn, either by hentai or entirely digitally created images. I'll leave you to your own decisions on if this is bad or wrong.
So, which form of child porn do you have a problem with? Some of the above, all of the above?
--Demonspawn
society has decided that somone under 16 can't consent therefore they can't "have no objection".
Adult : "Can I tattoo your face?"
Child : "Sure, go right ahead"
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
I also don't buy the "they were looking in the folder for files to backup" argument, either. That's not the way you do it. You use Windows backup, or a 3rd party utility, or a disk-imaging program (like Ghost for windows or DiskCopy for Mac) or you drag everything to a server for later restoration, or you use an external firewire/USB drive.
You might have the hour or two to ghost an entire drive, but our policy is to ftp the user's documents directory and any other directories which they may be storing documents in (we do a search for word and excel docs and ask the user just in case), cached e-mail, and favorites. This works for us because virtually all apps that our employees use store data server-side, with the exception of MS Office. The My Documents also tends to catch whatever they were doing on the side during work (like people's three-gig music collections).
With the ridiculous amount of cached data and other stuff, it's simply not worth it to ghost a drive when you're upgrading a user or nuking their drive unless there are good reasons to do so.
In corporate situations, you also have to realize that the computer in question is usually company property, so issues of personal privacy go out the window. They may be willing to overlook the fact that you're wanking off on the company dime, but you better not be doing anything illegal with company property, or they're liable as well.
I am a network admin. when I find porno on someone's machine what I do about really depends on whether you are a dick or not.
As far as child porn goes I can see how the company would fire the admin who called the cops. The company is just pissed the admin didn't go through them first... so he was maken an example of.
If you've stumbled across evidence of substantial and systematic bilking, theft, fraud, etc. in a corporate database on an utterly massive scale... remember, fish rots from the head down. Going up your chain of command is what you have to do, but do expect severe and immediate retaliation.
Just them knowing that you know what they've been up to, by your routine data QA, is enough to cause sudden complaints about your "behaviour." Remember, it takes two to tango, but only one to squirm . Their complaints are evidence that they're starting to squirm. You need a plan now.
When the going gets tough, the tough take notes . Keep copies of things. You you are going to need a well-planned and pre-established "exit strategy", because you will be punished for doing the right thing.
While "Retaliation for Opposition to An Unlawful Practice" is illegal, it will take you 3-5 years to prosecute your retaliation case, while also giving testimony in the civil and criminal cases the FBI or Serious Fraud Office is going to be bringing against them. You are going to need one heck of a safety net.
So your order of business is:
- Detect Evidence
- Discuss with Spouse, Family, Religious Leaders
- Document Evidence
- Find out whose the best lawyer in the
State, if not the Land for handling your case
- Copy Evidence,place under lock and key
- Find another job, sell excess assets, cash in annuities
- Report Evidence up Chain of Command
- Enjoy Watching them Squirm!
- Resign at the worst possible time for them
- Provide Your Evidence to The Authorities
- Going to the Press is a last resort
You have to discuss this with your spouse and grown children as soon as you even have suspicions, so that you can plan your exit strategy together. They have to understand that you all might be a lot happier in the Peace Corps or setting up wireless networks in Africa, or living on a high-school teachers' salary or grad student stipend. If you belong to a church, mosque or synagogue, discuss it with your pastor, priest, imam, rabbi-- because, God help you, you will need serious moral support when the poo hits the ventillation system.When you must report criminal wrongdoing expect to get canned--for "other reasons" of course. You will be surprised at how lame a case they'll be willing to make for those "other reasons." So will the judge.
Child pornography is criminal wrongdoing. Bilking legitimate shareholders of millions of dollars a month is criminal wrongdoing. A utility defrauding half a nation to the point that its factories are closing, its schools are cold and dark, and its hospitals have to turn away sick children is criminal wrongdoing.
Contact HR, tell the situation. No matter what management has to say, they have to listen.
Call in a forensics company to take a snapshot image of the suspect computer, (~$AUS200-300 hr) this can be done after hours when the offending child porn artist is blissfully unaware of the actions.
Most forensics experts are ex-police/ investigators with an understanding how to handle these situations. And if the matter has to be delt with in a court of law, the evidence taken will be admissiable because the way they acquire the images in the first place.
If the company wants to fire you over being a whistleblower, sue their ass.
Yes, I work closely with these types of investigators. They deal with aquiring harddisk images from child porn, homicide to industrial espionage.
Uh, please tell me now, what's so wrong about having porno on a computer?
Against YOU!
Is it fascism yet?
By the way, kiddie porn or anything else that is illegal should fall under the category of "Serious Asshole" or you could get in the same boat, because you didn't report what you found immediately.
Also, I make the chauvinist assumption that anyone who watches porn on the company box is male; most of the porn-watching women I've met aren't dumb enough to do something that would probably cost them their job if the wrong person found out. Deal.
That's it. I'm no longer part of Team Sanity.
Report the problem and lose your job. Ignore it and it comes out anyway, your ignoring it will count as complicity in a coverup and you will go to jail. Your boss won't because he can afford a better lawyer.