- You are here:
- Home »
- Blog »
- MSP Management »
- Should You Report Illegal Content or Suspicious Files as a Tech?
Should You Report Illegal Content or Suspicious Files as a Tech?
A man in his mid-50s gets arrested and jailed. This is after a technician allegedly finds child pornography in his computer. It instantly creates a great divide between opinions. Was there a violation of privacy? Of course, it’s normal if you’d rather not get involved in this. It can be complicated and exhausting to deal with the authorities and local media. It could even take a lot of your time.
So you may prefer not to look into your customer’s files. But in this business, there’s always a chance you’ll face this kind of situation. What would you do?
Invasion of Privacy
Whether the privacy of a customer is violated or not stirs a lot of controversy. But what is invasion of one’s privacy? Merriam-Webster’s legal dictionary defines it this way.
“The tort of unjustifiably intruding upon another’s right to privacy by appropriating his or her name or likeness, by publicizing information about his or her private affairs… and in which there is no legitimate public interest.”
The moment your customers hand you their computer, they grant you permission to access it. While you try not to notice folder or filenames, it’s necessary for the job. It’s much like a patient being undressed for surgery. It’s part of the procedure and the doctor is not accountable for invasion of privacy when he’s performing his duty. Similarly, technicians who perform diagnostics and repair may need to open certain folders. Or even search for certain files. This is all done within the scope of the job.
You may have a “no look” policy in place. It’s a matter of only copying the folders or not looking into filenames on purpose. And after repair, you work with your clients to verify their data while they are in your shop. Generally, there is no law against a “no look” policy. There’s nothing legally wrong with this practice.
But what if you stumble upon something illegal – like child pornography. Or you discover something suspicious like a multitude of scanned credit cards. This becomes legitimate public interest. Calling the cops does not merit an invasion of your customer’s privacy. But is it the right thing to do?
Civil Responsibility
Turning a blind eye in this case may work. The authorities may have a hard time to incriminate you in the future. It would be easy to deny any involvement. And law enforcement could choose not to chase you down. So on the legal side, it’s probably safe for you to play safe.
But you have the power to end a potential threat in your community right there. Reporting the suspected illegal content now makes your place safer for you and your loved ones. Like in the case of someone having child porn in his computer. Potential victims in the future can be your children or someone you care about. Are you willing to risk it?
What about scanned images of credit cards with different owners? Of course, it raises a lot of suspicion. Is it of interest to the public? Yes it is. Those cards can be used for fraudulent transactions. This is a threat to you, and those you care about. So dealing with this early on can be the wise thing to do.
Still, it boils down to your own choice. But keeping your community a safer place also builds confidence in your customers.
Observe Safeguards
It may be true that as a technician you are given authority by your customer to access files and folders. But still, it would help a lot if you put this in writing. Use a privacy disclaimer, if you will. It’s a statement that your customers give you complete access and control over their computers. That covers you from accusations of unauthorized access later on.
Privacy is important. We all value our personal space. But this right should not be used to deflect any violation of the law. However, reporting anything suspicious is completely your personal choice. One less offender in your community makes it a safer place. One crime suspect on the loose can spell trouble too. It’s up to you to use good judgment and do what’s best for your business and your community.
What are your thoughts?
Session expired
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.
Hello Bryce,
in some provinces in Canada you MUST report any ch** por* you may detect in any circumstance.
Anyway, just watching this kind of stuff is a criminal offense and you have to prove this was by accident or that the material was not yours…
In most cases here in the U.S. there is no legal requirement to report criminal activity. In cases of a client’s employee having illegal content that subjects the business to risk, I will notify the business owner or agent.
The exception is child pornography. 18 U.S. Code § 2258A creates a legal requirement to report child pornography or electronic records of child abuse to the CyberTipline of the National Center for Missing and Exploited Children or local law enforcement. Failure to report is a crime and makes a service provider or technician almost like an accessory to the crime.
https://www.law.cornell.edu/uscode/text/18/2258A
Great topic, one that is needed in our field.
Yes….we have been faced with just this sort of a discovery. Our business policy is not to go into the folders but as mentioned, in some cases we may need too.
Basically there are all sort of reason to open files in a customers computer but….after finding things that we wish we had never seen, we make it a point to avoid opening anything files at all cost.
Our policy for finding illegal data is to first contact our attorney. Our attorney will make the decision for us on reporting the information or not. In the event that we decided to report, the attorney makes that phone call and discuses it with the authorities. We simply had over the computer and any further communication will be between the authorities and the attorney. Yes I know this is costly but when you look at all the options and possibilities that could happen in this saturation…paying for an attorney is by far the path of least resistance and will coast you less in the long term.
I had this exact same issue a few years back, and knew in the back of my mind it may happen eventually. I immediately contacted a peer who worked in a school, and advised I contact the authorities immediately, when I told him what I came across. I normally wouldn’t venture too far, but after the customer asked me to wipe his computer to factory defaults before an overseas trip, after getting viruses, I was suspicious, and when doing a validation on folder counts I came across a folder name that caught my suspicion. It’s a folder I wish I had never seen, but glad for the outcome. The short of it, a trip to the local police station, a formal statement and handing the computer over. The hardest part was the police telling me I would have to tell the customer they weren’t getting their computer back and giving him the number to call the detective who had his computer.
Turned out he was a major distributor and was travelling overseas to perform further suspect behaviour. It was pleasing to know I had stopped a major party in criminal activities. He’s been put away now for quite some time.
I’ve taken Bruces advice and highly recommend the wording in his computer business kit, which I have all my customers sign now when handing over their computers for repair. A privacy policy is a good thing to have in place.
Sean, While you definitely did the right thing in reporting the guy why would you go poking around his data when someone just asks you to reset a computer to defaults due to a malware infection? Seems like that is a reasonable request for an infected computer where data doesn’t need to be backed up. Or did he ask you to back up the data and that’s why you found it? Not really sure what a “validation on folder counts” is.
My shop has a STRICT policy on illegal activity.
Bring in a computer with pirated software? We stop work until you agree that we can either uninstall it OR you agree to pay for appropriate licensing.
Bring in a computer with torrent software and a bunch of video/music downloads? Our work consent form has a provision that says if you decide to keep it the work comes with no warranty.
If we even remotely suspect the computer is hot we call the city police for the surrounding 4 towns and the county sheriff to run the serials and description. We’ve recovered around $120,000 worth of computers over 5 years because of this.
If you are targeting small businesses running a tight ship does wonders for your reputation and bottom line.
Part of our lawyer approved CYA is our work consent, contracts and anything else a client signs to authorize us to perform a service all have hold harmless and indemnify clauses in them in the event that we disclose any of their information or data to a third party.