Utah Bill Would Require IT Workers To Report Child Porn

Mr.Intel writes: A Utah lawmaker wants computer technicians to face jail time if they don't immediately report child pornography they discover on someone's computer. The proposal would require computer technicians to report child pornography to law enforcement or a federal cyber tip line if they encounter the material, but they would not be required to go searching for it. If they find it and don't report it, they could be given up to six months in jail and a $1,000 fine. It would mirror laws already on the books in at least 12 other states, according to the National Conference of State Legislatures.

As an IT tech worker in Utah

We already do this, the law is more a formality than a change of any kind. Every company in this state will fire you on the spot if you fail to report child pornography. In terms of what constitutes "knowing about it," it's if you actually are exposed to child pornography while working on someone's computer. Moreover, if you do report it, you can get recompense for being sexually assaulted, so there's a bit of financial motivation to do so as well.

Also, when you call into Dell tech support, that's here, so be mindful of remote technicians too as they have to report anything they think might be child porn. Most companies here have a 0-tolerance policy where if you view pornography on your work computer (even at home), and you can't prove that it was a forcible exposure (like a banner ad on a regular site) then most will fire you instantly.

Re:Where is deniability?

[newcastlejon]

why would anyone NOT want to report it?

Blackmail for one.

Cartoons?

[U2xhc2hkb3QgU3Vja3M]

Do we have to report cartoons too? What about furry hentai? Does a cartoon drawing of an anthropomorphic animal boy being forced to suck the tentacle of a squid monster equal child porn?

I'm pretty sure those making that bill have never been into the dark corners of teh IntarWeb.

Re:This can be a huge can of worms...

[__aaclcg7560]

The first question is: Were you and your coworkers following hospital policy by investigating the contents of user files when it appears you were tasked with as you say a "PC refresh project?"

A PC refresh project is replacing old PCs with new PCs. In this case, it was replacing 1,500 PCs and deploying 3,000 flat screen monitors. If the user's Windows profile wasn't already pointing to the network share, we would change it from the C: drive to the network share and Windows copy the data to the network. We monitor the copying process to make sure that the files are copied over to the share. We keep an eye out for any large collection of personal music, videos or picture files that aren't supposed to be on the PC per hospital policies, which users are reminded of three times in email prior to replacing the PC. If personal files are found, users are requested to delete their personal files and reschedule to have their PC replaced. My coworker noticed a series of unusual file names — "jenny_does_daddy.jpg" — during the transfer process that prompted his curiosity and the child pornography collection was found. He reported it as required by hospital policy.

The second question is: If the files had contained normal (legal) pornography would you still have reported it?

Yes, as required by hospital policies. Many Fortune 500 companies also have similar policy requirements for both legal and illegal pornography.

The last question is: If the files had contained HIPAA protected client/patient information, would you and your coworkers reported yourselves for violating HIPAA privacy laws (and most likely been fired)?

We had no reason to look at any HIPAA-related data that belonged on a PC. If I caught a coworker browsing for patient data or taking home a hard drive that wasn't wiped and destroyed, I would report him to my supervisor as required by hospital policies. Security made the determination that files were child pornography prior to confiscating the hard drive from old PC and the new PC.

I would guess that any future employers would read your story and make damn sure not to hire your company if you or your coworkers are going to take it upon themselves to 'investigate' the contents of a customer's machine because some filenames were 'odd.'

What I did was fairly routine in IT. If suspicious activity occurs during the course of my job, I'm obligated to report it and let management decide what to do. That's why employers hired me for the last 20 years. The people who don't follow policy are the ones who shouldn't be hired.

This is the rub of the story and the legislation.

If you think that's bad, my current job has PCs with HIPAA and classified data. HIPAA can send you to jail. Classified data can get you the death penalty. As long as I follow policies, I don't have a problem.

Re:Where is deniability?

[mysidia]

That doesn't sound right. I reported a felony exactly two weeks ago and an officer just handed me a witness statement form. Filled it out, went down to the station to hand it in. Took about 20 minutes.

I think that is probably representative of what normally happens, BUT of course people who have done nothing wrong can still be afraid of law enforcement, and law enforcement DO have the authority to lock up witnesses, there are some legitimate uses for detaining, AND law enforcement departments sometimes abuse that power.

I might have to testify if it goes to trial someday, but I think it's more likely they'll just plea.

This is the other thing.... if you're a small business owner, for example, and you start needing to take totalling days or weeks off to appear for depositions, and investigator interviews, and as a witness in court; this can cost you a heck of a lot of money, money which you won't be reimbursed for by the defendant or anyone else.

Or as an employee it can cost you paid or unpaid leave time ---- which can mean suddenly you cannot pay your rent, or for transportation or other basic necessities.

This is also one of the reasons people don't want to take on jury duty or go to court to fight a small lawsuit or traffic ticket, and will essentially accept default guilt..... pay a $50 ticket, versus take a couple days off work, and possibly put your job at risk while losing much much more in wages.