Slashdot Mirror
Blow the Whistle, Lose Your Job?
ccnull writes "You're a systems admin. On a routine PC repair, you discover a trove of child porn on an employee's PC. You call the cops. The employee pleads guilty and goes to jail. Then what do you do? You get fired. InformationWeek has an interesting expose on whistleblowers who lost their jobs, they say, because they publicly embarassed the company. The company has another version of the story. No matter what the reality is, at the center of this is a good question: If you discover illegal goodies on a machine, what should you do about it?"
The next day, Perry gave the PC to Gross to back up, fearing it might crash and lose valuable data.
In the process, according to the suit, Gross opened a folder titled "my music," within which was another folder, named "nime," then another, "nime2." It was here, Gross said in an interview, that he encountered the illicit content. "I didn't have to click on any files when I went into the folder," says Gross. "There were thumbnail images, so I was pretty much instantly exposed to that."
If Gross hadn't opened those folders, he wouldn't have come across the offensive images in the first place. But Perry and Gross say it wasn't unusual for them to check the content of folders when troubleshooting; a large file, for example, can be an indication that a virus is at work.
I don't buy this. Are they claiming that standard procedure for these folks, when looking for a virus, is not to boot with a known-good disk and run an up-to-date virus scanner, but rather to go through folders looking for large files which might "be an indication that a virus is at work"? If so, that's pretty crappy. Well, I have this huge file called PAGEFILE.SYS on my C:\ drive, I guess I have a virus (it's Windows' swap file, for those who use other OSes), right? Sigh.
I also don't buy the "they were looking in the folder for files to backup" argument, either. That's not the way you do it. You use Windows backup, or a 3rd party utility, or a disk-imaging program (like Ghost for windows or DiskCopy for Mac) or you drag everything to a server for later restoration, or you use an external firewire/USB drive. You don't poke around for files and copy them one by one. Apart from being horribly inefficient, that would also kill the client's directory structure. For example, within my documents folders, I have subfolders for different classes, and for things like correspondance, and receipts, and the like. If some tech support company had to back up my stuff, and had copied the files one by one, instead of copying the entire tree, I'd be real pissed off.
So I don't think that they quite came across the porn in the line of duty. I think they were looking around without any good reason. (Not that this makes child porn any less wrong, but it does cloud the issue of discovery and reporting)
There is, of course, the other issue, which is that by default, newer versions of Windows use thumbnail view, which is unfortunate. If the prof had been using regular list view, and the techs had double-clicked the files, they wouldn't stand a chance of defending themselves. This raises the issue of just what exactly is "invading someone's privacy"? Even filenames can say a lot about someone. For example, if you see someone's desktop, and they have a bunch of files named "naked_teens_1.jpg" through "naked_teens_50.jpg", what are you going to think about them? What if the files were named "12_year_old_naked.jpg"? Does that change things? Suppose you wrote an editorial to your newspaper about how much you though Al Qaeda sucked. You named this file "al_qaeda_letter.txt". You take your PC in for service, and some tech sees it, and decides to report you to the FBI. (Not too far-fetched in this day and age). Are filenames public or private information? Sure, you can't prevent people from seeing filenames, but do they have the right to act upon them? (This applies to other issues, like when the RIAA found files with the name "usher" and "mp3" and assumed they were songs when they actually were some prof's lectures.)
I work in tech support, and I find myself in lots of situations when I have access to users PCs. The general guideline where I work is to see as little as possible. For example, If I'm working on a PC, I try to stay at the root level as much as possible. When we need to backup a PC, we drag the entire directory tree to a USB drive (if its PC) or a FireWire drive (if it's a Mac), or a server if nei
There is no sig, there is only Zuul.
Then again, there are illegal things (like mp3's) and illegal things (like child porn) and they are not created equal.
Well, yes and no. I do expert witness testimony in criminal defense cases, many involving accusations of child pornography. The reality is that the feds view kiddie porn as an effortless conviction machine. Here's how it works:
If you have ANY porn on your hard disk whatsoever, they print it all up poster size and show it to a jury. After about the 450th pic of a thirty year old in pig tails, cheerleading outfit, or with shaven nether regions, technicalities such as legal age disappear from the minds of most jurors. It's easy to say to yourself, oh, kiddie porn - fry the bastard. It is quite another to consider the ramifications of having every image ever stored on any part of your system's hard drive (including deleted files, file slack, ram buffer slack, swapfile contents, etc.) and shown to 12 church ladies. And that's if the case even goes to trial. Most defense firms have no idea how to challenge electronic evidence, and often simpily do a plea bargain. In the cases I've dealt with, I have yet to see one instance of actual, real child pornography. Furthermore, of the computers I've worked on which were ever used to view pornography of any kind on the Internet, I've found enough of what passes for "evidence" these days to put the owner in prison.
Simple rules: if you like your money, don't download mp3s. If you like your freedom, don't surf porn. And don't participate in the 3 minutes hate. You may not know how finely the line is drawn beteween yourself and "those evil bastards".