Slashdot Mirror

← Back to Stories (view on slashdot.org)

How IT Pros Can Avoid Legal Trouble

Posted by Soulskill on from the don't-listen-to-michael-bolton dept.

snydeq writes "InfoWorld's Peter S. Vogel reports on the kinds of inadvertent transgressions that could land IT pros into legal trouble without realizing it. From confidentiality and privacy negligence, to copyright and source code violations, IT staff are legally liable for a lot more than they might think — in some cases because the law will not stop at your employer, instead holding individual IT employees responsible for violations even if the individuals are just 'doing their job.' Worse, as the recent case against Terry Childs has shown, judges and juries are often not technically savvy enough to understand what IT pros do. 'That lack of understanding can lead them to conclude you're at fault or should have known better,' Vogel writes. 'After all, many people think anyone technical is a whiz kid or brainiac on any topic.'" What legally questionable scenarios have cropped up at your job?

9 of 230 comments (clear)

  1. Liability by nhaines · · Score: 5, Funny

    I'm liable for first posts.

    1. Re:Liability by skids · · Score: 5, Funny

      As long as you caught them forking children, I don't think anyone will mind.

      --
      Someone had to do it.
  2. Licensing by CaptSlaq · · Score: 5, Informative

    It's such a gigantic PITA to track all of the licensing for everything that I weep for any small to medium sized shop that can't afford to have a dedicated person/dedicated people for it.

    1. Re:Licensing by Dr+Herbert+West · · Score: 5, Interesting

      I can't tell you how many shops I've worked at where it was obvious that all the software was cracked. My favorite was a print vendor who would encourage his staff (college interns) to "bring in" some of their school software/plugins to "test in a real-world environment". Anytime someone had to send a job to print, all the workstations would have to be disconnected from the network or else there would be licensing conflicts with all the cracked warez. This was more than a decade ago, and the vendor in question has been out of business for a long time. Scumbag-- everything he did somehow reeked of illegality.

      I remember I came in once (this was right after I started) only to find the entire staff (except the interns) had quit without warning. Everyone from the production managers to the secretaries-- gone. I soon followed, natch!

    2. Re:Licensing by Brandee07 · · Score: 5, Insightful

      Your job is to keep his copy of Microsoft Office working, not to tell him that he should switch to OpenOffice.

      In my limited workplace experience, if you answer "Fix my software" with "Use this other software instead," you will either be ignored or fired. (I found myself ignored, but instilled with a profound desire to not attempt to be helpful again.)

  3. Premeditated murder by Peach+Rings · · Score: 5, Funny

    I'm a medical equipment technician at a California corrections facility. My boss routinely asks me to kill people in cold blood, and I've been doing it for a few years now... there's a lot of paperwork and everything, but I'm not entirely sure it's legal.

    Does anyone else have experience with being ordered to kill somebody as part of their IT duties?

  4. Re:Terry Childs was NOT an IT pro by Toonol · · Score: 5, Insightful

    Terry Childs is a terrible poster child for IT professionals. He did all sorts of things professionally and ethically wrong, and probably legally wrong, as well. I certainly would have pressed charges if he had been my employee.

    However, there are some legal traps that even a well-behaved IT pro can fall into. For instance, monitoring too much can be a privacy invasion, monitoring not enough can be negligence. Because the IT word scales up so much, sometimes a minor mistake can end up with millions of dollars of consequences.

  5. Re:Terry Childs the new Mitnick? by Anonymous Coward · · Score: 5, Insightful

    Umm no. I disagree entirely. Are we forgetting there was a network engineer on the jury? Seriously? This is exactly the sort of thing that SHOULD happen. A jury of his "peers!"

    It was described to the engineer, and he was the de-facto explainer for the group, but seriously Childs was working for the gov't too long and had too many bad habits of "fiefdom" creation that are everywhere in city and state organizations. He created a world, then he took the keys away from everyone and didn't give it up. He's not the first, nor will he be the last, but the lesson here should be to all comers "hit by bus strategy... always." Otherwise, things that together could be suspect or could be best practice BECOME suspect without a backup and recovery plan.

    And no, an encrypted that's tattoo'd to an admin's ass doesn't count. Especially if there's a likelyhood of a flame thrower being involved at some point.

  6. I'm always close to violating copyright laws by Opportunist · · Score: 5, Insightful

    Why?

    Because I'm in IT security. My job is to analyze and dissect malware, not only to find out what it does but also how it does it, what attack vectors are used, what system flaws are exploited, what means of communication with a controlling server are used and, if possible, I should also try to cut those lines and render the malware useless, preferably create some kind of remedy or even protection against it. All this can usually only be done by taking a closer look at the software than is possible by simply watching it run. In other words, disassembly and protocol sniffing and decoding are two of the main parts of my work. Both already illegal in some countries.

    Now, fortunately my country provides protection for this (albeit ... well, I have a law that I might pull out of my ass should I need it, but it's anything but a certain victory in case anyone ever goes to court for it). But in theory, any writer of malware could pull any IT security company to court and stand a pretty good chance to win. Though he'd first have to admit that it was him who created the malware.

    In other words, as odd as it may be, I may violate that copyright because the one who could drag me to court for it certainly has no interest to come forwards and claim ownership of the code.

    And now let's ponder for a moment what will change should ACTA become reality and copyright violations get shifted from civil to criminal code. Technically, the State Attorney would have to step forward and protect the copyright of the writers of malware without them asking for it (because the SA has to act even without prompting from the injured party) and prosecute those that analyze malware and design protection and remedies against it.

    You see, you don't have to be the bad guy to think that ACTA is a really, really bad idea...

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.