How do you handle privacy, illegal documentation?

Tony_Scarpelli

Tony_Scarpelli

Rest In Peace Tony
Reaction score
26
Location
Wichita, Kansas U.S.A.
Hi,

Over the years I have enjoyed working with many lawyers and while working on their projects I often update my knowledge for running my business. Recently I picked up a new Lawyer client who was a Judge, now back into practice. She handled both Criminal and civil cases.

I told her that my long time policy towards my customers is to respect their privacy, instruct my employees to not go looking for trouble but if it became so obvious we couldn't ignore it, popped up during the normal course of our working on their system then bring it to my attention, I'd make a determination at that point how to handle it.

First, if I am not sure it is illegal, I'd ignore it.
Second, if I am positive it is illegal is it a felony or misdemeanor?
Third, we do not use, install or reinstall illegal software...ever.
Fourth, sure, known felonies need to have something done about them, particularly the type that hurt children.

We give the customer every presumption that their property is legal unless it is obvious it can not be.

What could be illegal?

Someone having a hundred ISOs of software?

What definitely is illegal?

And asking you to install it with crack software.

What could be illegal?

Someone having what seems to be unlicensed music or other copyright materials?

What definitely is illegal?
Porn that has children in it.
Papers talking about a plan to hurt someone.
Papers/plans to break the law.
Diagrams of a bomb? Not illegal in themselves but what should you do?

So the next big question for us as IT, Do we have a legal obligation to honor any privacy of my clients?

Her conversation with me revealed this:

Yes, we have a obligation of privacy and even if I turned in someone for something illegal we could get into trouble. They likely could win a judgement, but even if they cannot they might make life tough through legal costs.

With regards to the worst of felonies that physically hurt people such as Child Porn, she recommended telling an attorney (they are all officers of the court) or enforcement officer anonymously. That is enough for the legal system to know that person and get warrants and catch them with the evidence.

So, what ideas do you guys have about these subjects?

I really do not fancy myself as Microsofts cop but I won't be brought into doing something illegal for a customer. That doesn't mean I will notify anyone of illegal software I just wont reload it. If there is no COA and it is loaded, I may work on it on the assumption it is legal.

I've never had child porn but I would definitely turn that in.
 
Tony_Scarpelli said:
Second, if I am positive it is illegal is it a felony or misdemeanor?
Click to expand...

Is this you making the determination or the 'system'? We, as private citizens do not make this determination, as it is the purview of the government, or prosecutors. We can make an informed guess as to what it would be categorized as, but in the eyes of the world means nothing.

Im not questioning what you put here, and have had similar conversations in passing with those in law enforcement and the court system. Ive happened across all manners of porn in my work. Lots of it is pretty harmless, but there is an element that is just disgusting and vile, like child porn.

In my previous position at another company, we came across a few cases where we suspected it was child porn. In such cases, we had a clear policy and a relationship with the State Police Special Investigations Unit, that focused on computer crime. They would come out, take a statement, and sometimes look at what we found. A few times, they declined to pursue the issue as they could not determine if the images actually constituted child porn. More often or not, they would confiscate the machine, and go off and arrest the owner. Many of these instances were discovered because someones hard drive crashed and decided they needed some file recovery. One would be amazed at what a pagefile contains.

Once, I had a guy come in that wanted to buy a new computer. He brought his old one in, and insisted that I do a DOD wipe of his old computer. He was very specific that the computer could not boot up into Windows, and I could only boot it up with a floppy to do the wipe. And he insisted on watching to make sure. The owners were uncomfortable, and thats a bad sign considering they were somewhat shady themselves. In any event, I ended up giving in to the demands and wiped the hard drive, and even reinstalled Windows. We made a mention to one of the regular State Police troopers about the customer and found out he was a registered sex offender, and pretty well known in the law enforcement community. He made a note of it, and about a year past before the trooper came back in. Turns out, the guy got busted a few weeks before with terabytes of sick stuff. He was discovered because he decided to take a few computer courses at the local community college. Apparently, he left a filthy flash drive in a computer and someone else picked it up.

In the end, if I find something thats blatant, I make two calls: First to my lawyer, and then to the State Police. I let the police do their job. I have no problem doing my part, but Im not going to do something unethical or illegal because of a vibe.

I keep my clients privacy as my top concern.
 
When I was working as a bench tech in Florida I came across 2 or 3 client machines that had child porn on their computer. I immediately notified my manager and all cases where reported to the Sheriffs office. Detectives came and picked up the pc's etc. All those cases led to convictions against said client. I think in these cases we have an obligation to society and our children to keep them safe from these types of individuals. Did I get into any trouble for reporting it? No. Could I get into trouble? I have no idea but I dont regret doing it.
 
teksquad said:
I think in these cases we have an obligation to society and our children to keep them safe from these types of individuals.
Click to expand...

While individuals and organizations exist that perpetrate these kinds of crimes, statistically speaking, child molesters and child pornographers are often perpetrated by relatives and caretakers.
 
To answear this questions for my part, Computer tech company had to inform any child porn pics, movies or any type of crime, but however for my part I am in Iceland and I dont follow the law in USA World Cop, If someone come with a computer with cracked software I ignore them, thats not my business if someone has illegal software but I advice them to get legal software but here in iceland legal software is so expensive.
 
To make it clear, I would turn in any child Porn.....

I would turn in plans to hurt others, I might even turn in plans/diagram for a bomb.

Short of things that really directly hurt people, my interest and participation falls rapidly after that.


Network Techs, how do you handle it when a client with 5 or 10 computers has one copy of Office (that you know of) and each time you install a new computer they bring you the same cd and coa?

Do you notify the owner?
Do you refuse to install it but tell them what they do is their business when you leave?
Do you demand they get into conformity with open license or drop them as an account?

What is your exposure if they get busted and you were their IT guy for the last 6 months?
 
Tony_Scarpelli said:
To make it clear, I would turn in any child Porn.....

I would turn in plans to hurt others, I might even turn in plans/diagram for a bomb.

Short of things that really directly hurt people, my interest and participation falls rapidly after that.


Network Techs, how do you handle it when a client with 5 or 10 computers has one copy of Office (that you know of) and each time you install a new computer they bring you the same cd and coa?

Do you notify the owner?
Do you refuse to install it but tell them what they do is their business when you leave?
Do you demand they get into conformity with open license or drop them as an account?

What is your exposure if they get busted and you were their IT guy for the last 6 months?
Click to expand...


I have one copy of Office 2010 and it is on over 2000+ computers just in my area. It is on over 8000 in other areas.

All that said, we aren't using the Multiple Activation Key (MAK). We are using the Key Management Server (KMS), and it is volume licensed. I work for a Government Agency with an Enterprise Agreement (EA) to do it though. We actually have our own, exclusive licence terms negotiated with Microsoft though they are still pretty typical/cookie-cutter... pretty much the same deal Healthcare, Education, and other larger entities get on the pricing.


Sure, we could install it from any volume licensed media and not even enter a key, but we don't... It is on an SCCM Distribution Point at each site... advertised to a collection with ALL our computers.


If a computer is joined to our domain, in a very short period of time, Office 2010 magically appears installed.

*********************

For a small business with 5 to 10 computers, they are breaking the law ==> Unless it is volume licensed, which they CAN get with as few as 5 PCs.


Another thing I encountered doing some side work is a company that pulled out Student/Teacher media... Well they weren't in education, tutoring, or any related field. They were a small financial firm. I refused & ultimately got fired. I sent them my bill for travel and the minimum fee, which they refused to pay.

I got a letter stating that refusing to do what asked was insubordination and I did not do the work required. I sent it to my lawyer (I have pre-paid legal), and in short order he collected the money.


Apparently, they contracted by signing my agreement, which included a minimum and travel. He explained I could not do what was requested because it was illegal and to pay up or he is taking it to court.

After I got paid, we reported them to the Business Software Alliance & Microsoft. By the time they are done paying settlements and sanctions and enjoying their inspection, they will know never to pirate software or refuse to pay someone for technical services.
 
We kind of have this debate every couple of months and the results are always the same.

I don't believe you are likely to get into trouble for failing to report licencing transgressions. Depending on where you are located, they are not even illegal but a matter of contract between the publisher and user. I'm not about to start reporting people for dodgy copies of films, music or software because I reckon about 3/4 of my clients have some of this on their PCs. I also personally don't find it to be particularly morally repugnant. I don't install it or provide it but I'll work on it.

Serious crime is another matter. You are legally and morally obliged to report it. You can become an accessory if you don't. People can really get hurt if you don't. Therefore if I find child porn, major drug deals, plans for a murder etc obviously I'm gonna report it.

No doubt there is a grey area in the middle. Since it never comes up I'm not going to spend too much time worry about it. I see people breaking minor laws all the time outside of computing and I don't report them - smoking weed, driving using mobiles, littering, dogs fouling footpaths and so on.

Re: paperwork - I make no guarantees of privacy. My terms say that I try not to see personal data but I might do in the course of my work, and if that bothers them then they should remove it or encrypt it. As far as I'm concerned that about covers it.
 
All i get people to do is sign that I'm not responsible for their data. I worked for years in very confidential and highly secure environments so I'm used to 'seeing' documents and images without digesting them. I've yet to see any child porn but if it was clearly in my view I would report it, pretty much anything else I wouldn't even see.
 
From my terms:
"That I am fully responsible to create and maintain a full copy of all software and data contained on any computer hardware for which Services are rendered upon or to be likely affected by such Services when rendered; that I have, and will produce upon demand, a valid license or other officially-provided and valid document for each and every IT Item that normally is issued one; that any and all illegal data or hardware found while Services are rendered can and will be reported to the appropriate authorities; that I give NK permission to fully comply and provide appropriate authorities with any information requested; that other than appropriate authorities, NK and Client shall not disclose to any third party any information not generally known or readily ascertainable by any third party;"​

For those that seem to think that software licenses are illegal and somehow a crime of actual law, they are not. You are breaching a contract. That nifty little EULA that you have to agree to when you install something is the contract. It allows them to sue you and take other, civil, actions based on operation of contract law and the terms of the contract itself.

Saving that, my company is not going to get sued, so *I* don't install things under my company's name without a valid license. Until and unless Microsoft personally employs me to go trolling through people's computers for valid license keys then I'm not getting paid to be their license cop. In the rare case that they ever come after me for something a client has on their computer that I worked on, my terms say that they state that they have valid software.

As far as actual criminal activity, the above terms spell it out quite nicely. They are agreeing to the representation that I can and will report illegal activity found while working on their computers and are actually giving me permission to release that information. I'm covered. As far as client privacy, the last line in the terms above is the basic and most general form of a non-disclosure agreement (NDA). The strongest NDA's are equilateral protecting both parties from discloure. The stronger the equality of rights between both parties to non-disclosure, the more protected by law it is. So stated simply: if it is not something generally known or something someone can readily find out, you keep it quiet.

I do not provide my clients information to others and depending on if its bad press such as a sour client that thinks I did them wrong, I can actually sue them for violating the agreement for anything true that they say and libel/slander for the things that aren't true. Doubt I'll ever use it, though. Clients that have asked me about privacy like the terms' simplicity and absoluteness.
 
You must log in or register to reply here.

Similar threads

D
How are you folks handling Scam Popups
Replies
10
Views
1K
Markverhyden
Markverhyden
Fred Claus
Removing Google My business reviews
Replies
12
Views
1K
NviGate Systems
NviGate Systems
britechguy
How do you advise executors (or those under their direction) with regard to computers of decedents?
Replies
3
Views
840
Blues
Blues
Markverhyden
Protecting your business and property.
Replies
1
Views
476
Gegen Stück
Gegen Stück
HCHTech
Alerts!
Replies
10
Views
212
Sky-Knight
Sky-Knight
Back
Top