Slashdot Mirror
Blow the Whistle, Lose Your Job?
ccnull writes "You're a systems admin. On a routine PC repair, you discover a trove of child porn on an employee's PC. You call the cops. The employee pleads guilty and goes to jail. Then what do you do? You get fired. InformationWeek has an interesting expose on whistleblowers who lost their jobs, they say, because they publicly embarassed the company. The company has another version of the story. No matter what the reality is, at the center of this is a good question: If you discover illegal goodies on a machine, what should you do about it?"
The Boss will either just fire the employee or call the cops herself. Regardless, you should call the cops too, especially in the case of child porn which is quite serious.
Ideally you should alert the boss first to prepare for the embarassment and have the spokesman prepare statements before the employee is carried away. Tell her, I intend to notify the cops, she wont be able to stop you then. If she tries to stop you, and you tell the cops, and get fired, youd have a lot against the boss too.
"Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
I believe you're right about being guilty for not reporting it.
:)
In Illinois and some states, if the cops pull you and your friends over after a night of drinking, they give everybody breathalyzer tests. If the least drunk guy is driving, they're happy. But, if you're in the car, the driver is drunker than you, then you get a ticket. Same goes for everyone else in the car.
I know it's a stretch but it seems relevant to this thread for some vague reason.
I used to work on repairing printing machinery and one place I went to was publishing a child porn mag called 'Young and Free'. The machinery was repaired without comment and as I drove away I phoned the police on the cellphone.
Each of the guys working there got a prison sentence, and I hope they had a tough time.
Peter Jones
Ex AGFA engineer
The next day, Perry gave the PC to Gross to back up, fearing it might crash and lose valuable data.
In the process, according to the suit, Gross opened a folder titled "my music," within which was another folder, named "nime," then another, "nime2." It was here, Gross said in an interview, that he encountered the illicit content. "I didn't have to click on any files when I went into the folder," says Gross. "There were thumbnail images, so I was pretty much instantly exposed to that."
If Gross hadn't opened those folders, he wouldn't have come across the offensive images in the first place. But Perry and Gross say it wasn't unusual for them to check the content of folders when troubleshooting; a large file, for example, can be an indication that a virus is at work.
I don't buy this. Are they claiming that standard procedure for these folks, when looking for a virus, is not to boot with a known-good disk and run an up-to-date virus scanner, but rather to go through folders looking for large files which might "be an indication that a virus is at work"? If so, that's pretty crappy. Well, I have this huge file called PAGEFILE.SYS on my C:\ drive, I guess I have a virus (it's Windows' swap file, for those who use other OSes), right? Sigh.
I also don't buy the "they were looking in the folder for files to backup" argument, either. That's not the way you do it. You use Windows backup, or a 3rd party utility, or a disk-imaging program (like Ghost for windows or DiskCopy for Mac) or you drag everything to a server for later restoration, or you use an external firewire/USB drive. You don't poke around for files and copy them one by one. Apart from being horribly inefficient, that would also kill the client's directory structure. For example, within my documents folders, I have subfolders for different classes, and for things like correspondance, and receipts, and the like. If some tech support company had to back up my stuff, and had copied the files one by one, instead of copying the entire tree, I'd be real pissed off.
So I don't think that they quite came across the porn in the line of duty. I think they were looking around without any good reason. (Not that this makes child porn any less wrong, but it does cloud the issue of discovery and reporting)
There is, of course, the other issue, which is that by default, newer versions of Windows use thumbnail view, which is unfortunate. If the prof had been using regular list view, and the techs had double-clicked the files, they wouldn't stand a chance of defending themselves. This raises the issue of just what exactly is "invading someone's privacy"? Even filenames can say a lot about someone. For example, if you see someone's desktop, and they have a bunch of files named "naked_teens_1.jpg" through "naked_teens_50.jpg", what are you going to think about them? What if the files were named "12_year_old_naked.jpg"? Does that change things? Suppose you wrote an editorial to your newspaper about how much you though Al Qaeda sucked. You named this file "al_qaeda_letter.txt". You take your PC in for service, and some tech sees it, and decides to report you to the FBI. (Not too far-fetched in this day and age). Are filenames public or private information? Sure, you can't prevent people from seeing filenames, but do they have the right to act upon them? (This applies to other issues, like when the RIAA found files with the name "usher" and "mp3" and assumed they were songs when they actually were some prof's lectures.)
I work in tech support, and I find myself in lots of situations when I have access to users PCs. The general guideline where I work is to see as little as possible. For example, If I'm working on a PC, I try to stay at the root level as much as possible. When we need to backup a PC, we drag the entire directory tree to a USB drive (if its PC) or a FireWire drive (if it's a Mac), or a server if nei
There is no sig, there is only Zuul.
I reported rampant software piracy to our CEO and board member and got fired within hours. This happened in January. Now I sense that I'm blacklisted.
While I would agree that the person was in the right calling the cops, but it opens up a can of worms as far as trust between IT professionals and companies that they contract to.
People generaly want to protect their privacy, even in cases where a person who did what I'd consider to be the honest, moral, and legal thing, businesses don't tend to hire people who phone the cops on clients, right or wrong. Business if full of shady dealings, even how profit margin businesses like resturants and their dealings with local health inspectors.
This is sad but true.
What comes to mind, typical non-discolsure agreements prohibit you from discussing what you see in the workplace. Sadly, violating that even in this case tends to get you fired.
Personaly I feel there should indeed be a law protecting wistle blowers, but until then, do it ANONYMOUSLY.... like in this case, burn the CD of the offending material, and send to the FBI, or better yet, setup a simple script to e-mail the images on a time delay.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
They reported it to their supervisor. Then the company has the ability to handle it how they like.
I don't see why anyone should get in trouble for reporting an illegal activity going on at work to their supervisor. I could understand if the employees directly went to the police or media and not giving the company the ability to handle it.
Maybe I've had the experience of working at better companies. A coworker and I had the wonderful experience of walking into work late one night and all the lights were off and one of the employees was sitting at a computer... well you get the idea. I reported it to my boss and the employee was fired the next day. Their were logs that verified what was going on. Some things just aren't appropriate at work.
As a system administrator, I always make sure that their is a message drawn up by the legal department that we may discover things in the normal duties of our job. I have never poked around people's stuff. But I have had to go into people's home directories to fix things for them (my general policy is I don't touch your home directory unless you ask me to). However, I do go through system logs occasionally. If something turns up in system logs that shouldn't be there, I will report it to my boss.
One company I worked for had a policy that we were to ignore any porn found. That was fine with me, it's their decision. This was done after management decided to crack down on it, and it was found that the largest downloaders of porn were some of the vice presidents. After those results, the policy was quickly put in place.
This message is encrypted with Quad ROT-13 to protect the author's copyright under the DMCA.
JUST DELETE IT, no notice, no complaints, no information. I've been a systems admin for 10 years in one form or another and I've NEVER had backlash from deleting inappropriate content, but then I've never reported anyone either...
Let the user complain someone removed their MP3's or pr0n. Just let them compain...*signed* BoFH
errr....umm...*whooosh* *whoosh* Is this thing on ?
this isn't just pr0n, but child porn. big difference. let's say you found emails, etc., that the guy was running a drug ring, selling crank to kids down at the local school yard. or that he was funneling money to al qaida or something. where do yo draw the line. maybe i'm biased. i have two children and i teach seventh grade (12-13 yr olds). child porn is a pernicious offense and offenders should be pubished. you think he jsut say, gee thanks, i won't do that any more. look at the research on child molestors. they are habitual. they cannot be "cured". actually true of most sex offenders. but towards children especially.
i'm not talking about some 17 year old tittie, or some 18 year old drerssed in a school uni. hell, if i'd found the stuff on his computer, i'd probably just take the guy out back and beat him fucking senseless.
My problem? I was perfectly gruntled, until some numbnuts came by and dissed me.
I save proof of the offending material, along with the IPs from which it was obtained, etc., such that I could prove it in court. At that point, I go to the CEO and demand weekly "protection" payments to commence immediately in the amount of US$2,000.00 (what a good deal), adjusted semi-annually for inflation and/or any arbitrary amount selected by me, whichever is greater.
KIDDING ASIDE I would actually handle this situation legally and ethically: Save the proof I talked about a moment ago for my own protection, but not to bring down the company. Then, I go to the most in-charge people in the company and talk to them about the problem. Let them call the police, fire the guy, or do whatever they think is right. I save proof of these meetings (like, audio tape of talking to the big shots about it). If they fire me for bringing up the subject with them, or try to silence the issue without busting the asshole who is doing it, I then deem the company unethical and call the police, the media, and every customer this company has and tell everyone about it, getting the company busted big time for not only having tons of child porn on their boxes but also for trying to shut me up and discredit me. It'll be on O'Reilly faster than shit going through a tin horn.
Oh yeah... And either way, I'd get the biggest, baddest gangsters in town to kick the ass of whoever is looking at that material. It's immoral and unethical because it wastes bandwidth that should be used for transferring FreeBSD ISOs around instead. Want porn? Buy a magazine, asshole.
Executive summary: Matters of law, should not be weighed against matters of corporate policy. It is the duty of the corporation to defer handling of these situation to the appropriate authorities.
The proper action for them to take would have been to simply delete the offending material,
That's destruction of evidence, you're not allowed to be a party to that as an Officer of the Court (caps not accidental). Destroying the evidence does not undo the crime. And if you know your client is lying or has destroyed evidence, you MUST inform the court. You cannot stand by if a fraud is perpetrated upon the court.
This guy's termination is actionable, he needs to find a good lawyer, not a Democratic Party crook seeking to justify Bill Clinton's criminality. He can get big bucks from this, and should.
I've actually seen this. Some years ago, I was a police officer working on a sobriety checkpoint. Of course, the first thing we ask for is driver's license and registration. In this case, the kid didn't have one. But, he was also the only one in a car of four people who was sober.
I can't remember exactly what we did in this case, but I know for sure that we didn't even come close to throwing the book at him. The kid was trying to do the right thing. If memory serves, we held them at the checkpoint until a responsible driver could come get them.
In this case, kids. I can't say whether looking at child pornography causes one to molest, but common sense would say it wouldn't deter it.
To what extent is being put in to the position of being photographed in sexually explicit positions not molestation? The point is that some child is abused in this process and that downloading *and storing* this material is contributing to this abuse. If someone can *make money* by *sexually abusing childen* then that person needs to be put in prison for a long long time, IMO. If someone contributes to that trade, then that person needs some sort of criminal punishment, though maybe not to the same degree.
Now, whether digital representations should fall into the same category is a whole different question, and I have a different answer because I am afraid of how that could be a slippery slope with regard to censorship.
LedgerSMB: Open source Accounting/ERP
Now the story makes it seem like their discovery was innocuous enough. But how many times do computer repair people snoop around where they should not? Yes, the person had vile, disgusting, and illegal content on his computer. But why did the repair person find this material? If I send a computer in for repair, I am not giving access for someone to look through all my personal shit.
It's as if I left my diary in a car that was in the shop, and all the mechanics started reading it. Except for computers, this is the norm rather than the exception. I don't want someone going through all my personal shit.
So the people that fired them made the right decision. The word is now out that giving your computer to these people will hold all your personal data up to scrutiny by complete strangers. So what if your wife picks it up, and they tell her about the (legal) porn hidden in an innocuous sounding directory? Or maybe they'll read about the financial plans of your company, because some important documents were on the PC?
The truth is that people doing repairs should make every attempt not to view even a smidgen of personal data on the PCs they repair. So this article makes their discovery sound like they couldn't help it. But why were they clicking around in random directories? Simply wondering, "Hmm, what's in this directory," is not nearly a good enough reason. A repairperson should know what directories are relevant to fixing the computer and which are not.
Now, of course, all of this is null and void if there was some telling "C:\ChildPorn" directory on the computer. But barring such obvious dumbassedness on the part of the person giving the computer for repair, the repair-persons' actions were clearly unethical, even if, in the end, they discovered another unethical action. Two wrongs don't make a right, remember.
Then again, there are illegal things (like mp3's) and illegal things (like child porn) and they are not created equal.
Well, yes and no. I do expert witness testimony in criminal defense cases, many involving accusations of child pornography. The reality is that the feds view kiddie porn as an effortless conviction machine. Here's how it works:
If you have ANY porn on your hard disk whatsoever, they print it all up poster size and show it to a jury. After about the 450th pic of a thirty year old in pig tails, cheerleading outfit, or with shaven nether regions, technicalities such as legal age disappear from the minds of most jurors. It's easy to say to yourself, oh, kiddie porn - fry the bastard. It is quite another to consider the ramifications of having every image ever stored on any part of your system's hard drive (including deleted files, file slack, ram buffer slack, swapfile contents, etc.) and shown to 12 church ladies. And that's if the case even goes to trial. Most defense firms have no idea how to challenge electronic evidence, and often simpily do a plea bargain. In the cases I've dealt with, I have yet to see one instance of actual, real child pornography. Furthermore, of the computers I've worked on which were ever used to view pornography of any kind on the Internet, I've found enough of what passes for "evidence" these days to put the owner in prison.
Simple rules: if you like your money, don't download mp3s. If you like your freedom, don't surf porn. And don't participate in the 3 minutes hate. You may not know how finely the line is drawn beteween yourself and "those evil bastards".
what if ...
I take pictures of myself when I'm 13 doing all sorts of sex acts.
I'm now 21.
1. Am I allowed to even keep the pictures I took of myself?
2. Can I sell copies of them?
3. What if I was making out with my twin. Could we have each other arrested for having a copy?
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
I understand fully what these two people are going through, I too was fired for, what I believed to be, the right thing to do.
This issue takes place about 10 or 11 years ago, I worked for a hardware manufacturer, back in the early days of the internet. The company had wanted to put up a tech support BBS, I had experience with this, so they asked me to do it, but limited me to the software used, which was crap. Well, to cut it short, it was up for several months until it crashed and we lost user data.
I posted a small note from the Admin asking users to reenter their data and apologized for the inconvenience, which I believed to be the professional and right thing to do. A trade rag caught wind of it, and posted a little blurb about it. The company was a tape backup company and the article was felt by the company to have given them a black eye.
I was removed from the BBS project, put on probabtion, and then investigated, my desk rummaged through, my workstation examined, etc. Finding nothing, I was later interviewed for one thing or another by managers, then fired on trumped up and false charges of inappropriate behavior, tardiness (I was never late a day I worked there and up to that point had never taken a sick or personal day). I was hauled down to HR, shown a huge stack of pink slips (all without my signature or a note that I'd read them), and fired that day. Up until then my reviews had been perfect, my attendance at work had been reported as perfect, my knowledge level for the job was impecable, my skill was exemplary.
I spoke with a lawyer who told me at that time, there was nothing I could do, the company can produce all the evidence they wanted to prove their case, including providing dated and signed material which can be backdated, and I had nothing, no witnesses and no documentation to prove my case, I was advised to drop it and move on, so I did.
Personally, I believe what happened to these two people, I know from experience what companies will do in cases like this, and I know it's going to be a hard road ahead for them.
Society -- ANY society -- only recognizes the rights of those people it is forced to recognize. That force can be political, moral, or physical.
Children will only have rights that are respected by western civilizations when they grab enough guns and revolt for those rights. The problem is, by the time most of them figure this out they're already adults.
My favorite part of the article:
But as criminally disturbing and emotional as this issue may be, the pending litigation has nothing to do with the professor. Employment of the technicians ended due to issues completely unrelated to this isolated incident, which will become clear as the case progresses through the legal system. Claims made by the plaintiffs cannot be taken at face value and should not be trumpeted as fact via media when they are based solely on unsubstantiated allegations.
Translation: Yeah, we fired them for that, but we didn't think they'd sue us. We'll just say we have evidence that will appear in court. We'll pull a tardy report from a few months ago, bam, permission to fire them. Never mind that the guy they told on was a golf buddy of mine and asked me to get rid of them as revenge.
Do corps do this kind of thing? You'd better believe it. I used to work for a utility as the network admin. They would come to me and ask for me to find "evidence" for them to fire someone. Usually all that took was a weblog or a copy of an email of them doing something against company policy. I hated doing it, but it would have been my job if I said no. The reason they tell you you are fired is never the real reason.
The company's article says that there are other things going on, which they can't talk about because there's a lawsuit pending. If that's not true, and they're really doing it because they're embarassed about it being reported to the police, then they should presumably have also fired the supervisor who reported it. Sounds like there are multiple sets of ugliness and stupidity going on here...
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Moron, the reason YOU have to operate under these provisos is because of the sensitive nature of the files your users may have on their systems. This is designed for national security, not to act as a fucking cloak for child-molesters. In your circumstance, you may have no legal way of reporting such a finding, but to say that this is how ALL members of the IT industry should do their jobs is fucking retarded.
Come on- if some asshole told me that reading /. was workrelated, i'd pity that ignorant fool motherfucker and call 'BULLSHIT, BEEEATCH!
and you know that if that person worked for me, i'd fire his/her punk bitch ass.
So, if our P2P file sharing networks get shut down, kiddie pr0n won't be leached for free as much, kiddie pr0n syndicates will get more money, they will abuse more children, and the RIAA will be directly responsible for all of the young girls and boys lives ruined through that industry.
And to think.... most of us thought Microsoft got dirty money for selling information in sleazy ways.
P.s. this post was not a joke.... well blaming the RIAA for child pr0n was, but the rest was serious.
When Argumentum ad Hominem falls short, try Argumentum ad Matrem
I worked at an electronics store and a customer returned a computer for a refund, I checked it out after it was returned and they had templates in there to generate fake proof of insurance certificates for cars. I notified the store loss prevention. They agreed that the person was using the computer for illegal purposes but decided not to contact the police for fear that the customer would sue them for "invasion of privacy". What a bunch of crap. Then a year or so later, I was working on a computer that belonged to a state supreme court judge and it had some pornograpy on it including under-aged porn. We decided not to do anything about it because we figured he might be using it for a court case. My general rule on working on people's home computers is that they all have porn. Just do a search for *.jpg and sort by size. I've never been disappointed when searching.
Wait for that person to leave there desk and leave a nice, polite, unsigned note saying:
"I know that you have child porn on your computer. You cannot hide it. If I ever EVER find it again YOU SICK FUCK, your ass will be in jail and Bubba will use you as his child porn bitch."
Something tells me that would go a long way in solving the problem... At work at least.
You need a FREE iPod Nano
...And, in fact, we have a new case about once a week, once every 2 if it's slow.
Here's what we do:
We find $STUDENT to have images,movies,mp3s whatever on the server (P-90 running Novell 4, 9 GB HD- ancient as heck, but, being SCSI, works okay)
We then:
Lock their account (once or twice, we just gave 'read-only' permission- those were funny, we'd get a call saying '$STUDENT' can't save to their folder-says something about permissions? then we explain that $STUDENT did something they shouldn't have, and have been locked out. have them go see asst. principle for more info)
go talk to principle/assitant principle about it
for the 'Net, we have a Proxy server running. 'nuff said. logs it for IP and MAC addresses. we get calls from district office (where they have the time to sit and watch traffic go by) and walk in behind the kids some times. tap them on the shoulder, and drag them upstairs.
we do scan for large files (on our network, that means 500k or more, as each student *should* (should because Mac files don't show up as correct file size on Novell, long story) only have about 5-10 MB of stuff. we don't delete, we just lock down and report. we don't do anything until building administration decides what to do about student.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Given that the tech saw the files, he did the right thing, but he also violated, or at least gave the appearance of having violated, the company's policy and hurt its business. It seems to me that the company can legitimately fire the tech in this case. (Of course, that would make it harder to hire good techs!)
This hypothetical example isn't necessarily relevant to the situation in the article. But it could be. Maybe the faculty at other schools will not want their school to hire this company because of what happened.
The same goes for pictures "morphed" into something bad, but in a different way. This is not a sign of the morality police, but a way of preventing any kind of brain-food for perverts to get their fix. It's entirely questionable as to if this actually helps at all (some will have their addiction starve off and die, others will go looking harder) but it does have a logical purpose other than enforcing morality.
That's plain bullshit. Child porn laws were passed to prevent the sexual exploitation of children. 'Morphing', as you call it, creates fictitious porn in which no children were harmed in any way whatsoever.
Personally, I don't understand the mind that finds such things titillating. But I can clearly reason that fictitious porn harms no child, and therefore has no business being prosecuted under child porn laws - since no children were involved in the making of it.
So you might find it sick and twisted and perverted. That's nice, but no justification for a law when no harm is done. Fact is, I find religion sick, twisted and perverted in *any* form, but I don't go around demanding that laws be passed to prosecute the practitioners. So long as the religious perverts don't go about harming anyone, they can indulge in whatever sordid activities that they want, no matter how disturbing I find personally find them.
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
So if we remove the 'fake stuff' the only thing left they can do is go for 'the real thing'. That's how I feel. I don't get what the allure to naked children is either, but child rape and molestation has been around a lot longer than child porn, and I think that in societies where there aren't laws that prevent the sharing and posession of such pictures there is a lot less exploitation of children.
I feel the same way about illegal substances. Nobody would get shot over drugs if you could go get them at the liquor store. The prohibition forces the culture to become make-or-break violent.
Also, you fail to address that at least some of the child porn out there is completely consentual and non-coerced. I remember when I was nine a female friend and I took 'child porn' polaroids of each other because it was fun and not-allowed. Is that sick or immoral? I don't think so, just a little weird.
"Sometimes, I think Trent just needs a cup of hot chocolate and a blankie." -Tori Amos on Nine Inch Nails