Leadership investigate

New legislation would require IT pros to report child abuse


IT professionals could soon join doctors, counselors, and teachers as professionals that are legally required to report child abuse and neglect, according to a new AP story in USA Today

At least five states — Arkansas, Missouri, Oklahoma, South Carolina, and South Dakota — require computer technicians to report child pornography. Connecticut and California are considering legislation that would go a step further, adding technicians to the list of "mandated reporters" who notify authorities about any type of child abuse and neglect.

"Computer usage is a very real part of our culture and daily activities," said New Britain Police Sgt. James P. Wardwell. "Laws must change and evolve to reflect this ever-changing technological advancement."

You could say that this is a natural part of technology playing a greater role in society and IT gaining a higher profile as a profession. However, the concern for IT pros is that legislation like this also puts personal legal liability on their shoulders. Connecticut would fine IT pros $500 per incident for not reporting known cases of abuse or neglect. California is proposing $1,000 and a misdemeanor charge that could result in six months in jail. These penalties are consistent with what other professionals such as doctors and counselors face. CompTIA is advocating on behalf of IT professionals to make sure that the new legislation does not place any unfair burdens on tech workers or have unintended consequences. 

I don't have a problem with this legislation. If IT pros uncover information that could help prevent violence and exploitation, then they should absolutely report it. The only thing that I worry about is that this could become a slippery slope, since the IT department has access to so much information about the individuals within a company. Because of that far-reaching data access, I worry that this could open the door to other legal burdens for IT pros that don't affect other professions. In the process of fixing and repairing hardware and software, IT pros come across all kinds of information about employees that could have legal ramifications. If and when this important new legislation gets passed, I just hope it doesn't get abused by lawyers as a precedent for holding IT pros legally responsible for a host of illegal or objectionable behaviors that they may come across when dealing with employees. That could force IT pros to become moral/ethical watchdogs. 

I know multiple IT pros who have discovered pornography on employee computers (and in several cases, the boss's computer) and have had to wrestle with the ethical dilemma of if and how to report it. So my question is this: Regardless of the result of the current legislation, should IT departments adopt their own policies about IT pros reporting suspected child abuse and neglect? Should the policy include the necessity to report pornography found on company computers? Join the discussion.

About

Jason Hiner is the Global Editor in Chief of TechRepublic and Global Long Form Editor of ZDNet. He is an award-winning journalist who writes about the people, products, and ideas that are revolutionizing the ways we live and work in the 21st century.

29 comments
stuffinator
stuffinator

A possible problem with the this? If a slippery slope argument holds, then professionals would have a lot of reason not to trust techies with their stuff.

Bizzo
Bizzo

If a "person" has that kind of content on their machine I'd find it very difficult to call them a professional.

jdclyde
jdclyde

What someone views would not change the possible quality of their work otherwise. Remember that you can't spot the person with this content just by looking at them. It is a reflections on their morals and culture, but not on their work professionalism. don't confuse the two.

Bizzo
Bizzo like.author.displayName 1 Like

I agree with what you're saying about someone's quality of work and their chosen viewing material, I don't dispute that. And although I agree that I cannot determine a persons morals by looking at them. Nor can I determine a persons professionalism by looking at them. I'm probably taking the word professional a little too general here by including all aspects and qualities of the person. But, would you consider a doctor who has that kind of material a professional? Professional with regard to qualifications, yes. But not with regard to conduct surely?

Tig2
Tig2

But we should be doing as much with regard to what you may access and why, in general throughout the enterprise. I want to understand in very precise terms how CT presumes to KNOW, sufficiently to fine a technician, what that technician has seen. I want to see an unambiguous definition of "knowledge" of an event. Neglect is a difficult point because it can be defined in so many different ways. I may see lack of parental engagement to be neglect while another thinks that sending a child to school with no coat is neglect and yet another sees that failure on the parent's part to keep a child from experimenting with drugs is neglect. So what gets reported? How about porn? It is my, not entirely objective opinion, that decides that it is porn and that the players do not APPEAR TO ME to be adults. So what, finally, is the definition? Let's go to abuse. Hitting a child repeatedly or with an object is obvious. How about wrestling with your child? How about discipline? I think that you clearly understand the challenge here. I read your earlier comment to a poster about trying to template this. A good first step, but we need to consider differences across State lines and determine what standard will be managed to. I think an effective start is to piggy back this effort on to existing security policies in place for companies that manage customer data. Those policies tell us clearly what may be accessed and by whom. By leveraging the access issue and combining it with "work only on work computers" we have a start. Not a solution, a start. Now to define what constitutes abuse, neglect, and pornography.

w2ktechman
w2ktechman

what about those tech's among us who deal with home systems? How will it be implemented on those people, as those tech's would be most 'at risk' because there are no company policies for their personal use. This would ned to be defined very well, or all tech's may be at risk of being fined and/or jailed for actions out of their control. Personally I think that it is bad legislation as, like most of us have agreed to so far, we do not go looking through peoples personal or work data to find this stuff. And how they plan to determine what we may have found at any time??? Honestly, I believe that we would need to see the rough draft in order to determine better how this affects us properly. There are way too many things that can go wrong with it.

Tig2
Tig2

I can write policy to protect my business techs. I can only suggest that home techs write such a policy and give it to their customers. Or define it in the work plan. At the end of the day, the free-lancer will end up taking it in the shorts, as it were.

HAL 9000
HAL 9000

Child Abuse is a no brainier for me and as I already work in an area where this is Mandatory to report and the people who report incidents of this are covered by legal protection I personally don't have a problem with any of this. However by the same token unless specifically asked I don't go looking either as I don't have the time to waste. Porn is something totally different again and something that I've seen way too much abuse of the system of from some stupid Police Officer bringing charges against a newsagent for selling posters of David as the officer was offended and considered this as Pornography. Then on the other hand I used to work Medical and saw a lot of pictures of human antimony which I didn't like one little bit but they where valid Medical Pictures that where used in teaching and ranged from something as simple as Skin Cancers to sex change operations. Now in a position like that who's going to call these Teaching Medical Photos which also included cases of Child Abuse as anything other than what they actually are teaching photos for Medical Practitioners? I'm at a total loss as to how you would justify Neglect either as what exactly is it and how can anyone claim that something is actually neglect? That's a dangerous slope that I'm not interested in getting involved in, in the slightest. I do a lot of Data Dumps but very rarely look at the contents of the data dumps as I don't have the time to waste looking. Before you can report something you have to see it and if you don't go looking there is no chance of you seeing this type of thing. Others may have hours to waste looking at every picture on a customers computer but they are few and far between as you don't get paid to spend your time looking. While if I came across anything that even vaguely represented Child Sexual Abuse I wouldn't have a second thought about reporting it you also have to maintain a Chain of Evidence otherwise you are breaking whatever chance was there to have a successful prosecution achieved. So on the rare occasions when I see stuff like that which isn't directly connected to Teaching Medical Institutions I don't have a problem in reporting it and then allowing a police officer to come out and do what is necessary. Porn on the other hand is something that I'm just not interested in even attempting to get involved in as I'm certainly no one to judge what is considered as porn this is a purely personal decision and what one person may find objectionable another may call art. Sorry but that one is way to vague fore me to even consider being involved in. The same applies to Neglect as I do not know the full story so I can not possibly consider it proper to report something that I have no idea of what it is. Unless these requirements are laid out in a very specific manner and enacted within legislation I'm not one to judge what is considered as either Porn or Neglect as I'm not qualified to offer any opinion on either of these subjects. Col

jasonhiner
jasonhiner

Neglect would need to be specifically defined if it ever becomes part of the law. As far as porn being ambigious, that's another important point and it's something that IT departments will need to grapple with if they put a policy in place that bans it from corporate machines.

mjd420nova
mjd420nova

Besides being a major source of income for a majority of people, reporting abuses found on users computers is a matter of conscience. I do not look for these offenses, I don't open obvious personal folders or photos. What I do report is physical abuse that I witness first hand, be it children, elders or even pets. I have cleaned tons and tons of porn from sers machines in the process of trying to clean out worms, trojans and spybots, but too much of that is there not by the users intent moreover, it can not be proved the user is responsible. I have witnessed many cases of animal abuse, not whippings, beatings or clubbings, but just the conditions alone constitute the abuse. I do not delve into others affairs as I respect their privacy. Toss in some states who are now adding "spanking" as a form of child abuse and you can really get in over your head fast. I submit to the belief that a mans home is his castle, and what he does in that privacy is his own business. Now, that being said, I won't ignore outright violations and would most likely try to do so privately and with out giving my name as by a tip line or such. I would feel much worse should a case go unreported and something serious happens than reporting what I see as a violation and being found wrong. The rock and a hard place become very uncomfortable but ignorance can have a way of biting back.

jasonhiner
jasonhiner

New legislation in California and Connecticut seeks to require IT pros to report child abuse and neglect, in the same way that doctors and teachers are required to report it: http://blogs.techrepublic.com.com/hiner/?p=456 Whether this legislation passes or not, should IT departments require tech workers to report illegal behavior such as child abuse and neglect, if they discover it in a user's data?

joseph.escue
joseph.escue like.author.displayName 1 Like

This is only more evidence in support of the theory that we are moving toward a "Big Brother" type government or at least a police state. The KGB did the same type thing in Russia. I think that each IT department should set its own policies and also beleive that most honest IT workers would automatically report anything they found that is clearly illegal, dangerous or harmful to children. I would! Wouldn't you? But making IT workers legally liable is a big mistake. That basically would allow law enforcement and intelligence to manipulate IT people under the threat of jail or stiff fines. You also know that sometimes things are not as they appear. We are not SPYS and DETECTIVES!! This just isn't right. Its another attempt at control by the law enforcement and intellignece communities. Such legislation would be like giving those folks persistent wiretaps on every computer in the country. I can see a lot of people being setup by someome who didn't like them by placing suspect data on their computers. Most of us would be able to figure out what was going on, but your average jurer or judge wouldn't understand. No, I see too many problems with this idea. Next WE will need malpractice insurance and bonds to protect us in our work. No, Its a bad idea!

devils_advocate
devils_advocate like.author.displayName 1 Like

This is not a good idea. Most folks will report behavior obvious child abuse - but it's not always obvious. Which is why trained case workers and police officers miss this stuff. IT pros need to respect privacy - that's why most corporations now have stringent privacy policies - not go looking for stuff they don't know how to identify.

mike.workman
mike.workman

IT professionals might also find themselves on the wrong end of a defamation suit should the accused be found not guilty. The double bind this places tech workers in is unreasonable, in my view.

w2ktechman
w2ktechman

Yes, we should at a minimum contact a manager if illegal items are noted, and document it. This can take the burden from your hands and allow the company or more qualified people handle the details. I rarely come up with illegal items on someones computer, but I do not look either. I do not open their photos, etc.. Under the laws being proposed, if I was working on the computer, and it had illegal behavior, but I did not notice it, would I still be fined/imprisoned for neglecting to access someones personal data? Is IT going to become the super-cops which scare everyone by nazi tactics? I do believe that these things should be reported, at least to management so that the proper people can be brought into the picture (HR, Lawyers, IT Security, etc.) for their investigation. But forcing every tech to look for data like this is a bad idea. Besides, who is going to say that I did/did not accidentally stumble across this information?

jasonhiner
jasonhiner

will IT pros be held accountable if they service a machine that has illegal material but they never came across it when working on the machine?

w2ktechman
w2ktechman

This should be a big concern for everyone in IT on the support side. Because often you are logged in as the customer, not yourself when doing the work.

Fred123456
Fred123456

Granted I agree with most that we should report it, but lets look at another scenario. Since I can see why they would be proposing this type legislation for situations like this. Let say I'm a local PC consultant trying to get my business off the ground. I have clients ranging from small offices, to Lawyers, to personal support work for home PC's. I have a client who is paying me 80 dollars an hour to come in weekly and back up his data. This account alone is making me 320 to 400 a week. One day I notice that in a folder he has a ton of porn that looks like its child abuse/under age stuff. Now if I report him and end up being wrong. Meaning, its just porn that is made to look like under age teens. I have just lost my biggest account and pissed of someone who may hurt my business. If I turn him in and he was engaged in illegal activity I still loose my biggest client. With this legislation I could be held partly accountable for the illegal activity if they can prove I had seen it and done nothing about it. Protection of our kids is paramount and I would rather err on the side of safety, but their will be people out their who won't agree.

sgt_shultz
sgt_shultz

but if i saw something that make my neck prickle i WOULD look and i WOULD tell. and i am not a nazi or even somebody who usually gives a dang where you take yourself on your computer (no counting my networked pc's, naturally)

w2ktechman
w2ktechman

but if the laws pass, and we can be jailed or fined, how many techs Would look at personal data and seek illegal activities, or even report false offenses to keep oneself safe? If it went to this, IT would be looked at as computer nazi's.

Fred123456
Fred123456

Required should be a mute point. If anyone encountered data of sorts that revealed the user of the PC was engaged in child abuse of some sort. I would expect morally they would contact the authorities.

bwalker
bwalker

This is where there's a slippery slope. If the company has a distinct policy against certain activities, like viewing pornography on work computers or using work computers for specific other purposes, the company should require IT workers report this stuff. Should there be laws requiring IT workers to report pornography? No. Illegal activity, yes, but not simply "morally questionable" stuff. Again, that should be guided more by company policy.

jasonhiner
jasonhiner

What kinds of behavior does it state that IT pros must report? I totally agree with what you're saying. However, the details can start to get challenging when you sit down to write a policy like this.

Michael Jay
Michael Jay

Love my customers (not users) even though they do not pay me directly I do my best to protect them from themselves. You know people are just people and to just report them for policy violations would get them canned. Much better to amplify the policy directly to them so they know. The policy also covers music and even personal pictures such as your wedding shots, and I must tell them that these too are taboo. Recite the mantra work stuff only on work computers.

jasonhiner
jasonhiner

That's very a respectable approach, Michael. It sounds like you have a strong rapport with your users.

Michael Jay
Michael Jay

but it is not specific to anything other than non business content. I am a tech, not a cop but if I did find child porn my ethics would require me to report what I had found. I have discovered pix that could be called porn (adult porn) but have not reported them as I feel that would be a violation of the tech customer relationship, (does such a thing exist) what I do is point out that this material is in violation of the policy and can get you fired without question. They always agree and I feel that I am doing the right thing. But child porn, I would report without question.

jasonhiner
jasonhiner

Would you be willing to send me a copy of the policy (with all identifying and private information removed, of course)? I'd love to take a look at it and potentially turn into a TechRepublic template that others could download to build their own policy. I might be interested in having you write an article about the policy as well, if you're interested. We'd pay you a freelance fee. If you're interested, click "Send message" in my profile to contact me.

Fred123456
Fred123456

Well... I'm in the public sector, specifically the courts system and yes their are policies in place that this subject material would fall under. Since we are dealing with Judges as well as line staff their is a strict policies in place on what IT is allowed to view and what happens if during normal maintenance questionable material is seen or detected.