A Client Wanted Me To Do Something Illegal Today

Computer generated image of an illegal download alert.

I had a shady client today. I first talked to them on Friday but it was only today that I released that they wanted me to do something shady. That Friday, I got a call from a new client saying that wants me “to make it so she can logon to the laptop without using the fingerprint scanner”.

I figured that wouldn’t be much of a problem to do since it should just be a case of her logging in and me switching it off. At the time, I couldn’t go into it further because I was already onsite so I just booked her in for a visit on Monday. Just before I hung up she told me that I must give her a call before I leave because her husband is going to a funeral or something. I just assumed she wants him around when I’m there because the husbands often take more interest in the computers than the wife.

Anyway, Monday rolls around and I give her a call before I leave my workshop as requested. She said it was OK to come over and I use this opportunity to ask her again what she wants me to do in more detail so I can bring the appropriate software and tools if need be.

She said that she wants me to make it so that she can see what the user of the laptop is doing remotely, without the knowledge of the user. This is when the alarm bells went off. Also, the reason she wanted me to call her before I arrived made more sense now. It wasn’t to make sure the husband was home, it was to make sure he wasn’t home. Just to confirm my belief that what she was asking me to do was malicious, I asked:

“You mentioned something about a fingerprint scanner on Friday?”
“Yes, I’d like you to make it so that I don’t need the fingerprint scanner to login”
“Are you able to login using the scanner at all?”
“No, I want you to bypass it”
“Is the laptop yours?”
“No, its my husbands”

In short, she wanted me to break into her husbands system and install a backdoor Trojan that allowed her to spy on him. I’m pretty sure that’s illegal and if it isn’t, its definitely unethical.

I know there are some technicians out there that wouldn’t care and wouldn’t have asked questions because her money is just as green as anyone else’s. However, think about it like this:

The husband and wife are obviously going though some relationship issues where she needs to spy on him. I’m guessing its because she thinks he is cheating on her via the computer. If I do the job and she finds it to be true, she may take him to court with this evidence for when they are deciding who gets what in the divorce. The judge is going to ask where she got this evidence and guess who is going to get called to court? Me. I also open myself up to being sued by the husband for unauthorized entry into his computer. Its just not worth getting involved in.

While I could technically break into the system using hacking tools and install legitimate “spy on my employees” software, I told the client that I wasn’t aware of any software that could do the job and that I couldn’t help her. It got rid of her without being confrontational.

I’m a strong believer in “Karma”. If I did this job which I consider to be bad karma, I’m sure it’ll eventually catch up to me somehow like one of my own systems having a security breach. Hopefully other technicians will maintain their morals and it might be your computer one day (whether used by an angry wife or having it stolen) that they refuse to do work on.



Bryce Whitty

About the Author

Bryce Whitty
More articles by me...
Bryce is an Australian computer technician and the founder of Technibble. He started his computer repair business when he was 17 years old and is still running it 9 years later. He is an avid traveller and spends at least a month of the year in another country.

Comments (35)

  • Good decision not doing the job. It’s unethical and therefore you should not do it.

  • Brendan says:

    Excellent decision. The description of how you declined the work will certainly be beneficial to all, especially newer entries into the field like myself.

    I know it’s a matter of time before I get asked to do something like what you just described.

  • You made the right call, no doubt about it. This is akin to a client who brought me a system and wanted me to see if her soon-to-be ex-husband was looking at pornography. I acquiesced at the time, and did the work, and thankfully, didn’t find anything, but I felt uncomfortable the whole time.

    Never again will I do that sort of work. I’m a PC technician, and a damn good one, but I am not a private eye.

  • marleyinoc says:

    .
    .
    .
    .
    .
    /couldn’t think of anything nice to say.

  • chuck817 says:

    nice call but jut to keep karma on track
    I would have told the husband

  • Dan says:

    The geeksquad which is the it dept in every BestBuy store here in the US got in trouble a couple years ago for installing networked hidden cameras in customer’s bathrooms when they went onsite. Very mischievious and quite illegal. Needless to say that didn’t end well for the geeksquaddies in question and has left a blackeye on them. Geeksquad is fine for what they are, I generally do not criticize them though because I get referrals from them :)))

  • Dan says:

    PS
    You were wise to refuse the job. Another issue which techs may encounter is child porn. In california if you find evidence of something illegal you are obligated by law to report it. In Texas you are supposed to have a private investigator’s license to work on a computer although I doubt few do and the law may have been rescinded.

  • dumb dan says:

    hey dan… it was not a “networked hidden camera”.. it was a cell phone. jesus christ where do you find your news.

  • No doubt, good call. These folks can be tricky though..

  • Randy says:

    Solid move my man!!!!

  • Excellent decision. There is no limit to how unethical we can be in our work if we choose to be. The best thing to do is to just do the right thing. If you feel uncomfortable, than its probably wrong.

  • Paul says:

    You definitely made the right call. if it was her laptop that would of been different but it would of still lead to some ethical and possible lawsuits. It’s best to keep away from those types.

  • jim walker says:

    You made the right decision for a more important reason than ethics. Its the law. The US Computer Crime laws are onerous. I the husband or his lawyers discovered that you illegally installed monitoring software on a computer that wasnt yours, you would go to jail for 3-5 yrs.

    Often the right the thing to do is the legal thing to do.

  • Samuel says:

    Good decision not to do the work. An even clever decision to the way you dealt with explaining to the client on why you couldn’t do the work. The sad part is that there is a sleaze out there who will do the work just for the cash. Let them deal with the issues and bad drama that will definitely ensue. Good job and may you be blessed with 100 new clients for your good deed..

  • Howard Rubin says:

    Had a customer today, dropped a computer at my home without calling first. There was a note attached: “Stopped working two days after you saw it, don’t fix it, please call me Wednesday evening and tell my wife the parts are not available. I’m giving her a laptop as a surprise for Christmas!”
    Checking the machine, it had a blown power supply. I called him and told him I didn’t sell parts, if he wanted me to fix it, I could get everything installed, no problem, but he should find someone else to lie to his wife, I run a business here. He is picking up the machine Tuesday morning without paying me. (He´s a pastor at a local mission!)

  • Anon says:

    I’d like to comment on this.. My story is similar, but different circumstances. I was called in to a local business in town, because the owner wanted me to take a look at one of his employee’s laptop. He asked me to see if and what he has been doing on it, as his employee has been “unproductive” for a long time. I agreed, although I was apprehensive about it.

    Well, I sat down in his office (the employee hadn’t come to work that day) and it was apparent he was up to no good. Had torrents running in the system tray, opened his personal folder, found porn, chat logs, mp3s, movies… His boss is over my shoulder the whole time. I felt very uncomfortable doing this all, (for awhile, I thought I even knew the employee I was narcing on. That was a miscommunication though, it was someone else.)

    He asked for evidence of his activites, and I printed screenshots of folders, pics (showing datestamps and ownerships). He will likely be fired over this, it sounds like he was on his way out anyways.

    What do you guys think? Was I wrong to do it? I’m not even sure if it’s legal… Keep in mind, this is the business’ laptop, the equipment this guy was supposed to be using for the company, not his personal needs.
    Feedback appreciated on this one

    Anon (regular poster here at TN, just staying under radar this time. ;)

  • Anon,

    I think you were right in what you did as Bryce was right in what he did. You were brought in by the owner of the company and the computer to see what an employee was doing with company time and property. No Problem.

  • MHCG says:

    Anon,

    Employees using a business computer have no expectation of privacy. The laptop is the property of the business and the business owner has every right to know what the employees are doing unless he’s given them reason to believe their activities are private. Even if he did do that, it’s not the business of the technician to figure out whether his employees know he’s checking up on them.

  • Brendan says:

    Anon,

    As a former Union member, I can tell you that you are in a gray area, and probably in a good way.

    The employer does have a right to view the contents of the computer, but if they didn’t make it clear to the employee that they would be monitoring their computing practices, what you did would (more than likely) be illegal under labor law in the U.S. because the employee wasn’t there for the search.

    If the employer did have such a policy stating employee computing is monitored, then you are in the clear, as you were aiding the employer in the implementation of such policy.

    I hope this helps.

  • Blogsdna says:

    Bryce Whitty,

    Indeed right decision from your side, i myself have done some thing like this unethical in my past but then at end feelings inside my heart are not so good.

  • Bobby says:

    Quoting Brendan:

    “As a former Union member,”
    Unions are a significant contribution to the financial crisis.
    The business owns the computer, period. the “boss” is allowed to check *HIS* computers anytime. It does not have to be in writing…the laptop does not belong to the employee. The laptop is not his property, and I am sure that there is a written policy that the laptops will not be used for personal things, except for perhaps email.

    The boss had every right to have someone check the computer.

  • Very smart decision indeed. And you did very smooth move rejecting her with great excuse, so she don’t suspect. The bad thing is that she will eventually find someone who will do the job, but it’s most important that you can sleep peacefully.

  • Brendon

    It has been my understanding that Unions are supposed to protect workers rights. Does this include non productive workers? The business owner suspected his employee was not doing his work. So he enlisted Anon to see what this individual was doing on the laptop, since there was an issue with them being non productive. I personally think the business owner was perfectly within his rights to monitor his employee’s computing habits on his company property.

    I recently, like 2 days ago had a new client ask me for the same kind of information. Apparently, her grown nephew was looking at porn on her computer. She wanted proof. Like Anon, I was able to provide dates and time stamps. Now I have to lock the PC down with both a Bios password and an admin password. Do I feel bad? I felt sorry for the guy and his inability to use the one and only computer in the house, but hey, the owner enlisted me to do a job on HER computer. Its no different than a car. Even in business. You can use it as long as you 1. Follow the rules, and 2. use good judgment. Misuse of a thing that doesn’t belong to you (or even is some cases that does belong to you)can lead to consequences. Adults understand this.

  • If the employer owns the computer I don’t see a problem. The employee was not only unproductive but behaving in a manner that compromised the security of the network and possibly opening the business to a lawsuit for copyright infringement.

    I agree with your decision Bryce, not to bypass the log in. In California all assets obtained during the marriage are community property and the wife would posses equal ownership if it was a personal machine, and not one provided by his employer. That said, why get involved in a spousal dispute? It could end up with you getting sued especially if your laws are different than ours in California.

  • AlexCapownt says:

    The problem with your solution bryce it that the client is GOING to get onto that laptop. The demand to get into the laptop still exists.
    Now I’m not saying what you did was wrong, i don’t think that just lying and telling her that you weren’t aware of any software helps anyone but yourself. So, since you made the decision to not help her, and you’re doing it for moral reasons, i think you should have gone a little further. Explained why you were against what she wanted done and tell her about the legal implication and possible whiplash.
    All respect Bryce.

  • JRoss says:

    Really tempting to drop the husband an anonymous tip.

  • Fahad says:

    Good choice on your part. If the situation had gone to court then you would surely have been charged with quite hefty charges. Better to be safe!

  • SoJo says:

    I agree with AlexCapownt.
    The user is going to figue a way to do this. It might have been helpful to the client if you explained why. I would told her “You do know it is illegal to install Spyware/Monitoring software without the consent of the user? Have you spoken to a lawyer about this?”

    It may be different if it’s a shared computer.

    My 2 cents

  • Shawn says:

    Lucky you didn’t get involved in trying to hack into this computer… unless you had a contract the size of Canada (Paper Thickness wise) and even then you used your common sense.. it’s bad business getting involved in situations like this… the only way this could of been borderline legal is if she would of bought the darn thing herself and have the receipt in her name… ethical definitely not… and I’m sure like me you care more about your integrity than a few extra bucks…

  • Brendan says:

    In response to some of the queries about what I said, I strictly was relating to my experience with labor laws where I have worked in the past, and from experience regarding an incident in which I had to represent a union member.

    My comment was strictly based on the fact that, even if it is their property, and they provide no disclaimer, than whatever they find is may or may not be admissible for disciplinary action, depending on circumstances and contractual or local law, from what I have been taught. It’s the same as searching an employees assigned locker. If the employer does it with the employee or the employees representative there, it is a legal search, no questions asked.

    Also Bobby, I never made economic remarks. I wanted to stick strictly to the ethical and legal implications. There are differing laws in “Right to Work” states in the U.S. and “At Will” states, and the differences are very significant.

    But since the pot has been stirred, unions have made many concessions, unlike corporate CEO’s and the other white collars, who still milk companies for millions of dollars/pounds/euros, etc. What can also be taken from your statement is that you also blame the firefighters and law enforcement personnel, a good deal of whom are also unionized, for our downturn. Please be careful of what and how you say what you say. You offered no proof to back up your statement. Please feel free to look at the Caterpillar (and more recently GM, Chrysler, and Ford) contracts from recent years to really see just how much union members have sacrificed. Also take note of how little the American worker has in time off and pay compared to other workers in other developed countries around the world, and make another attempt at your argument.

  • Fireddog says:

    As someone who was raised by a union member .. I agree 100% with Brendan. The big financial crisis definitely was not caused by unions. It definitely was not helped by the greed exemplified by wall street over the last 20 years. The huge Ceo bonuses the outlandish ceo and executive salaries and all their crazy perks are a far greater issue that needs to be rectified.

    Hopefully our current administration can really work hard to curtail that stupidity.

  • Jimmy James says:

    I carry around on my usb stick a keylogger (not to spy on clients…) because I find some parents like to spy on their children and make sure they know who they’re talking to. I don’t actually install it, I run the program and get everything setup, then ask the client to press the ‘Install’ button.

  • Boz says:

    “In Texas you are supposed to have a private investigator’s license to work on a computer ”

    FYI, this is not correct – most of the time. If you’re doing computer forensic work as part of an investigation, then yes, this is an issue. If you’re just doing work on a computer but are NOT doing an investigation/etc, then you’re ok. This was on the blogs a while back, but as bloggers often do, they misunderstood it and took it out of context. Especially boingboing.

    @howard – I think you could have handled that one a little better. :)

  • Sinny says:

    I work in Texas and I think I can clarify the “P.I.” issue. You have to have a P.I. license to do forensic work or (and this is BS) data recovery. I know this because a data recovery company I do business with recently had to get all their techs P.I. licenses. The law came out of nowhere and all the companies were struggling to get their techs up to snuff. Because of that the price for data recovery in Texas skyrocketed for awhile. It may not be true but that is what one of their reps. told me.

  • Tony says:

    I’ve actually ran into a similar issue where a member of a car club that I’m a member of came to me with a problem, her computer had some software installed by a 3rd party *ex husband* who decided he wanted to see everything she was doing at any given time, well i had to load the system into Linux to recover the deleted pictures from their vacation and i had to use the UBCD4WIN to remove the password from the admin account on her computer, it turns out that someone at geek squad installed for her ex husband a “net nanny” program and an unnamed Key logger, it took me and another guy about 3 hours to fully remove and patch the system, i didn’t charge her because she was having a tough time, but she did buy us dinner that night, last i heard no more issues were evident on the system, but the ex is now in trouble with yahoo for tampering with her e-mail and geek squad had to let the tech go that installed the software, i just hope that more techs stand up for the morals and at least use probing questions to get an idea of what this software is being used for if asked