Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Are we liable for our clients misdeeds?


  • Please log in to reply
13 replies to this topic

#1 Naught McNoone

Naught McNoone

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Great White North
  • Local time:09:32 AM

Posted 02 March 2016 - 02:31 PM

A recent discussion, with my neighbour, about the arrest of a law enforcement office in Ontario, for child pornography, http://www.cbc.ca/news/canada/thunder-bay/opp-sergeant-child-porn-charges-1.3424164, led me to post this.

 

How liable are we, as technicians, for not reporting illegal files or activity that they find on clients computers?

 

I know that in Canada, all provinces have required reporting for child porn, and that there are at least 12 US States that mandate it, as well.  Failure to comply can leave a shop or technician subject to fines and or jail time.  And I agree with them.

 

But what about other stuff?  Such as threatening emails, (we have cyber bullying laws in Canada, as well,) evidence of drug trafficking or use, or other illegal activity?

 

What about bit torrents, downloaded videos, music, and software?  Can Microsoft come after me, as a technician, for failing to report a pirated copy of Windows?  Where do we draw the line?

 

Moreover, what are we doing, snooping through our clients personal files, when we are just asked to "fix a boot problem?"  The has to be some expectation of privacy, when you are entrusted with personal or private information stored on a clients computer.

 

Even worse, if the client is found "Not Guilty" in court, are we then open to civil suit for our actions?

 

Discussion, anyone?

 

Naught McNoone.

 

 

 



BC AdBot (Login to Remove)

 


#2 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 9,247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:08:32 AM

Posted 02 March 2016 - 08:12 PM

There is no single, comprehensive answer to your question.

 

We are, all of us, subject to the laws in force where we are practicing and at the time we are doing so.  As you have noted, there are many venues that do not mandate reporting (for computer technicians, anyway) of child porn [though I hasten to add where I to encounter this in the course of doing work I would report it out of my own sense that it's the only right thing to do].  

 

Unless your venue has reporting requirements you are under no obligation to turn someone in for any alleged/suspected criminal activity.  If it has mandated reporting for very specific things then you are absolutely obligated to report and subject to prosecution if you do not.

 

It's a matter of knowing what the law is where you provide services.  That or find out very quickly after the fact if you've encountered something you suspect may obligate you to report it.  You are generally exempt from any prosecution as a mandated reporter, even if the accusation doesn't hold up, provided you cannot be shown to have made an intentionally false report in the first place.  I don't know what these shields may be called in Canada, but they go under the common moniker of "Good Samaritan" laws/clauses in the USA.


Edited by britechguy, 02 March 2016 - 08:14 PM.

Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1809, Build 17763 

     Presenting the willfully ignorant with facts is the very definition of casting pearls before swine.

             ~ Brian Vogel

 

 

 

              

 


#3 Agouti

Agouti

  • Members
  • 1,548 posts
  • OFFLINE
  •  
  • Local time:09:32 AM

Posted 03 March 2016 - 10:42 AM

In the first place, if you mind your own business and don't snoop in your clients' computers I don't see how you can become liable for anything.



#4 Naught McNoone

Naught McNoone
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Great White North
  • Local time:09:32 AM

Posted 03 March 2016 - 10:48 AM

britechguy, on 02 Mar 2016 - 8:12 PM, said:
We are . . . subject to the laws . . . many venues that do not mandate reporting . . . where I to encounter this . . . I would report it . . . it's the only right thing to do . . .
 
Unless . . . venue has reporting requirements . . . no obligation to turn someone in . . . mandated reporting . . . you are absolutely obligated to report . . . 
 
. . . exempt from . . . prosecution as a mandated reporter . . . provided you cannot be shown to have made an intentionally false report . . .  "Good Samaritan" laws/clauses in the USA.
 
Brian,
 
No doubt, we are both in agreement on the subject of child pornography.  I would not hesitate to report ANY child abuse.
 
I believe the your state, Virginia, has mandatory reporting on sexual abuse.  Something was in the news a couple of years back about The University of Virginia?
 
People who mistakenly initiate an investigation, are not liable for criminal prosecution in Canada.  They may be subject to criminal charges or civil suit, however, if malicious intent can be proved.
 
Our "Good Samaritan Law" covers people who lend assistance in emergency.  Mostly aimed at first responders and off duty emergency services personnel.  For example, if I administer CPR to a person with no pulse or respiration, and he suffers bruises, then I am not liable.
 
Back to my original point.  What are doing, snooping around in our clients hard drive, and where do we draw the line?
 
Cheers!
 
Naught


#5 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 9,247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:08:32 AM

Posted 03 March 2016 - 11:51 AM

I don't know what you mean by "what are doing" in your last question.

 

You are correct that I gave the "good samaritan" misnomer when what I really should have said are shield laws.   If you are a mandated reporter then you are shielded from any criminal or civil liability for reporting a suspected violation in good faith.  As you said, if you're not doing it in good faith that's another matter.

 

I am also a licensed speech and language pathologist and have worked in both medical and school settings.  Mandated reporting laws include two things:  what is mandated to be reported and who is mandated to do the reporting.  Mandated reporting laws have never applied to every man or woman on the street.  Mandated reporters are typically those who are in a position of responsibility for "the care" of another individual who either cannot or probably will not speak up in instances of abuse or other issues.   A good example of how reporting laws have changed is that when I was originally a therapist working with individuals with brain injury no one other than physicians were shielded if they reported to the Virginia Department of Motor Vehicles that they felt that one of their patients posed a threat to the general public in terms of their ability to operate a motor vehicle safely.  Other members of an individual's treatment team were not mandated to report and also did not have any shield law if they did report.  That has been changed now such that anyone treating someone with significant brain injury is shielded from legal action for reporting what they believe to be significant functional impairment that would make an individual unsafe.  This was, and still is, an example of shield laws without mandated reporting.  When I worked at schools, anyone working with a child was mandated to report suspected abuse and shielded from legal action as a direct result of reporting suspected abuse.

 

In any case, as a computer technician I do not make a habit of "intentionally snooping" through anyone's computer but, at the same time, as part of dealing with repairs and even brief testing of stuff you do have plenty of opportunity to "stumble upon" something.  REVISION:  This duckduckgo search on "computer technician mandated reporting" clearly shows that there are multiple venues in the United States, at a minimum, where computer technicians are now mandated reporters for suspected child abuse of any type, which includes sexual abuse, which in turn includes child porn.


Edited by britechguy, 03 March 2016 - 12:11 PM.

Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1809, Build 17763 

     Presenting the willfully ignorant with facts is the very definition of casting pearls before swine.

             ~ Brian Vogel

 

 

 

              

 


#6 mjd420nova

mjd420nova

  • Members
  • 1,880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 AM

Posted 03 March 2016 - 12:21 PM

In the last fifty years there have been uncountable numbers of strange goings on, on clients computers.  I have to turn a blind eye and deaf ear to what I hear and see. Many corporate secrets, working conditions, safety procedures and events only cover part of my observations.  As long as none of the conditions affect my job performance or put me in harms way.  I have been in some strange places and seem equally strange things on users machines.  One client has a machine they allow employees to use on breaks, lunches, etc.  It quickly became unusable with so much pop up, virus infection and a root kit that forced a total wipe out.  I had to set the machine up with a clean install backup disk to reload every morning and wiped clean at the end of the day.  I never looked at what was on the unit, but you can just imagine.  It isn't my duty to investigate the sources of the infection, many are repeat offenders and I have tried to steer them away from the sites that are most prone to infecting your machine.  AV programs are found to be a hassle by most users of employers units, figuring it's up to the owner (boss) to fix whatever fails.  I have suspected but not actually observed any child porn on any machines but it would not have been my place to say anything.  The first clue is a page switcher, a single key that the user can either blank the screen or switch to a worksheet(etc) to avoid others viewing the questionable screen display.   Various sites are ripe with nefarious links and all manner of nasty programs waiting to get onto the system.  Most AV programs will either block and advise the user, IF it's installed correctly.  Once infected, it is possible for all manner of legal and illegal programs, pictures, movies and music to be deposited upon said unit, often unknown to the user.  Child abuse is a fine line to walk.  Child rearing traditions and public display of discipline gets many upset but it certainly looks like the rod has been spared and the child IS spoiled.  Whoever heard of  "AFFLUENCE"?????  WTF.  Never taught right from wrong, a kid drives drunk kill others and WALKS.  Even a jail term won't put that kids head right.  Mom and Dad should be jailed too. 



#7 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 9,247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:08:32 AM

Posted 03 March 2016 - 12:31 PM

@mjd420nova:  I don't think that any of us who've been "in the biz" for any period of time have not stumbled upon myriad things that we are obligated not to disclose.  I don't think that this is at all at issue or under discussion.  We could easily be prosecuted for disclosure of a number of things you mentioned.  We would also lose our businesses if we were to be foolishly indiscreet regarding the contents of another person's or entity's computer.  I consider my clients computers to be akin to their phones, whether land lines or mobile, and it is never my place to disclose the vast majority of what I might possibly find.

 

The above being said, if you are a mandated reporter and fail to report, there can be legal consequences for that.  I actually have a dear friend who's son was wrongly accused of having child porn on his mobile phone.  The accusation itself is damaging whether or not there's any truth in it, but if there were every reason to believe that this material exists, and you discover it in the course of working on the device, you had ought to know whether you are a mandated reporter in the venue where you're working.  After having watched the thoroughness of the investigation in to the allegations against this young man, including forensic analysis of his phone and computer, as well as extensive investigation in to who had access to either, even briefly, the consequences for non-reporting can be very, very steep.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1809, Build 17763 

     Presenting the willfully ignorant with facts is the very definition of casting pearls before swine.

             ~ Brian Vogel

 

 

 

              

 


#8 Naught McNoone

Naught McNoone
  • Topic Starter

  • Members
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Great White North
  • Local time:09:32 AM

Posted 03 March 2016 - 02:11 PM

britechguy, on 03 Mar 2016 - 11:51 AM, said:
I don't know what you mean by "what are doing" in your last question.

 

My mistake.  Typo.  Put it down as a senior thing.

 

Should have been:

 

"What are you doing?  Snooping around in your clients hard drive?"

 

What I mean is, we are not Crusader's.  I believe that what is on the clients HDD is the clients business.  We should only be looking for those things which we are required to fix.

 

That being said, casual snooping could lead to other issues.  A mandated reporting law could be argued in court as "acting on behalf of the crown/state.",  Without probable cause, it could have the evidence thrown out.  It may seem like a stretch, but then, lawyers are paid to be creative.

 

Naught.



#9 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 9,247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:08:32 AM

Posted 03 March 2016 - 04:21 PM

Naught,

 

          I guess I'm the contrarian, then, in that I do not consider it "snooping" in any way, shape, or form when I have interactions with a client's computer and data as a part of the diagnostic, install, repair, or verification process.   A classic "for example" for me would be a client asking me to install (the now on its way out) Picasa software from Google and configure it for them.  If one does this, and sets it up to look at their "Pictures" folder(s) or their entire machine to collect images you will see large (very large, in fact) thumbnails of images as Picasa indexes them.  I am not snooping if I am looking at that process occurring, it's a part and parcel of the task I'm doing.

 

          I have, on many occasions, been asked to port client data from one machine to another and have been known to do some scouting regarding how large various collections, e.g., documents, pictures, videos, music, etc., actually are in terms of deciding what is the best and/or fastest method to get them from one machine to another.  With large quantities of data that generally involves copying to an external drive and then copying on to the new platform - doing it over the air on a wireless network would take much, much longer than using a USB 3.0 device does.  I almost always have occasion to see *something* during that process, and it's also not by design but cannot be avoided (and I don't see why it should be - I'm not telling anyone what I've seen unless the law or my own moral sense would require such).  I've seen things that might trigger a number of "ick factor" reactions from various observers but which do not violate any laws and thus are sacrosanct as far as client privacy goes.

 

           You are right about what lawyers might try, but most mandated reporting and shield laws have stood up well in the courts over time.  In the end, my only concern is doing what's legal and what's right.  An expectation of very strict privacy should be a given.  An expectation of absolute privacy is not, at least not when you're involved with things that would trigger mandated reporter laws and are stupid enough to call in outside help that anyone with two firing neurons and a TV set should know where that combination likely leads.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1809, Build 17763 

     Presenting the willfully ignorant with facts is the very definition of casting pearls before swine.

             ~ Brian Vogel

 

 

 

              

 


#10 Chris Cosgrove

Chris Cosgrove

  • Moderator
  • 7,098 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:01:32 PM

Posted 03 March 2016 - 07:34 PM

http://www.bleepingcomputer.com/forums/t/602886/microsoft-tips-american-authorities-about-canadian-user-downloading-child-porn/

 

In this topic, a few lines further down in the Speak Easy, would you say this is an example of 'mandated reporting' ?  Certainly in the UK there have been instances where, when photographic film was widely used, film processors were known to have reported subjects of an apparently pornographic nature to the police.

 

Certainly UK law, and I presume that in other jurisdictions as well, places more stringent requirements on professionals working in a field than it does on those with a mere passing knowledge.  From time to time I find myself with other people's data in my hands but my status in regard to computers etc. is that of a competent amateur - I don't do it as a business. But if I came across evidence of child pornography on a computer I think I would be inclined to report it.

 

Chris Cosgrove



#11 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,691 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:12:32 AM

Posted 06 March 2016 - 08:18 PM

I've seen things that might trigger a number of "ick factor" reactions from various observers but which do not violate any laws and thus are sacrosanct as far as client privacy goes.

 

Same here and what consenting adults do is none of my business I am just fixing a PC, I never look at the actual contents of Photos documents ETC  , But when it comes to kids animal cruelty and terrorism I would have no problem reporting it to the police in fact I would feel obliged  do so.


Edited by NickAu, 01 July 2016 - 05:24 PM.


#12 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 9,247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:08:32 AM

Posted 07 March 2016 - 10:12 AM

NickAu wrote:
          britechguy wrote: I've seen things that might trigger a number of "ick factor" reactions from various observers but which do not violate any laws and thus are sacrosanct as far as client privacy goes.
 
Same here and what consenting adults do is none of my business I am just fixing a PC, I never look at the actual contents of Photos documents ETC  , But when it comes to kids animal cruelty and terrorism I would have no problem reporting it to the police in fact I would feel obliged  do do so.

 
I ask the following not to be snarky, but to try to understand what I see as a logical inconsistency.  How can you "never look at the actual contents of Photos documents ETC," and at the same time say, "Same here," to my comment regarding ick factor?  I don't know how one could have an ick factor opinion unless somehow the machine's folder names were suggestive/repugnant without having encountered something as far as content to trigger an "ick."
 
I am still trying to understand how those who are making the claim that they never interact with actual user content during the normal course of repairs manage to do that.  I've never found a way to make it impossible to see a lot of content during the course of my work.  Virtually anything I'm called in to do, including installing hardware or peripherals, means that I am going to have to be "in the driver's seat" for at least a few minutes on the computer in question and I can't look away from the screen that whole time.
 
As I've said earlier, I absolutely do not snoop, which to me means intentional digging into areas of the computer I have no business looking in, intentionally opening things that are not pertinent to quick testing of a fix of some sort that was made, etc.  But I have yet to find a way to be a computer repair technician and to never have any casual interaction with client content on a computer during the course of my work.  Sometimes, and I've already documented some examples, the interaction is far less than casual just due to the nature of the work itself.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1809, Build 17763 

     Presenting the willfully ignorant with facts is the very definition of casting pearls before swine.

             ~ Brian Vogel

 

 

 

              

 


#13 McGyver_

McGyver_

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Los Angeles Area
  • Local time:06:32 AM

Posted 01 July 2016 - 04:23 PM

I skipped most of the replies because my opinion was formed early on and I was eager to inflict it on all of you. 

 

If I find evidence of serious criminal conduct and I have the legal right to report it, I will.  It doesn't matter to me whether I personally hate that type of criminal conduct.  All serious crimes should be reported.  That's what good citizens should do regardless of whether there is a law that requires reporting.  It also doesn't matter whether I was snooping or inadvertently stumbled onto the information.  That is not relevant to the morality decision.

 

An interesting subject for a new thread would be a list of crimes that we think are so minor that you or I would not report them.  



#14 protjini

protjini

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 12 August 2016 - 10:12 AM

If we're led into a very complicated situation, it is best to think hard and careful about our next move. Indeed it is much safer to stay safe but there are times that our conscience will strike on us so we really have to decide which is the best; to be quite or to help others. In the end, it's still our choice.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users