Ride the Lightning
Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.
SHOULD GEEK SQUADS BE INFORMANTS?
August 18, 2008
Sassy title, but this was part of a question from a reader. I’m not sure whether he wished to remain anonymous, so I won’t name him, but he asked what he must report to law enforcement as an IT person with a private company.
Do you give up all right to privacy when you take your computer in to be repaired? I actually had to put on my thinking cap a bit, because the average citizen is not held to the same standards as a practicing attorney. As Joe Citizen, I would think that if you truly stumbled across evidence of a felony, whether it be murder, a threat against the President, or a terrorist conspiracy, you have an ethical duty to report it. But this is not generally (and I’m willing to be corrected here if someone knows more than I) a legal duty. There are a couple of states which have oddball exceptions to this, but nothing major. I thank my paralegal Nicole who researched this for me.
However, if you run across child pornography while a machine is in your possession, you are instantly guilty of a federal crime (no joke, even an attorney has been arrested for having CP in his possession under the protection of a state court order). The “affirmative defense” to this crime is that you reported it to law enforcement and gave access to the evidence. In essence, you must report or risk being charged yourself. Once that report is made, the police then have probable cause and don’t need a warrant. The law, by the way, may be found at http://www4.law.cornell.edu/uscode/uscode18/usc_sec_18_00002252—-000-.html
It is for this reason that when computer forensics here turns up CP, we put in a call to a Fairfax City detective who comes over to determine whether or not it is CP and to refer it to the proper jurisdiction if it is CP. Happily, the detective is a friend as well as a professional colleague, so his visits are always pleasant – for us. Not so much for the person who placed the CP on the machine.
Should the tech squad guys be snooping around in machines? Of course not. If they do, my reader asked, is it actionable? You’d have to prove it, and I suspect that would be problematic – in some manner or other, the technician would say that he/she stumbled across it – difficult to disprove. And, since you would then be facing federal charges on the possession of child pornography, you would likely be somewhat preoccupied.
We, of course, get paid to snoop on the computer forensics side of our company, so the scenario there is somewhat different. However, on the IT side of our company, a consultant who snooped around the data of the law firms we service would be fired instantly.
This same reader posed another question we often hear – what can customs officials do with my laptop? Most lawyers we know are appalled by what we tell them in answer to this question, but this post is long enough. More on that alarming subject shortly.
Listen to the Podcast
