Friday, June 20, 2008

Assumed Guilty, then Fired and Ostracized: It's Time for an IT Code of Ethics

The problem isn't a new one. "Quis custodiet ipsos custodes?" is how Juvenal put it, a little shy of 2 millenia back. Judging from what got in the news this week, quite a few organizations should start asking "who watches the guardians?" And, coming with good answers.

I think it's time that IT (Information Technology) departments start behaving themselves.

A man, about my age, lost his job and nearly landed in prison because there was child pornography on the laptop computer that his employer had told him to use.

About a year after he was accused and fired, someone who knew about computers took a look at the laptop. Now, the Massachusetts Attorney General's office decided that he wasn't corrupt, his employer's anti-virus software was.

A spokesperson for the man's former employer, the Department of Industrial Accidents (DIA), said, 'We stand by our decision,' a position that wouldn't encourage me to work for that outfit.

The man, whose wife describes him as "computer illiterate," thinks that someone in the DIA's IT department was having fun, and forgot to clean up the laptop.

He could be right. If you thought that someone in Information Technology was snooping around in your files, you could be right. about one in three IT staff make improper use of their special access privileges.

Three news items, two about the Massachusetts kiddie porn debacle, one about what IT staff do with their time and privileges:
    "A Misconfigured Laptop, a Wrecked Life"
    PC World (June 17, 2008)
    • "When the Commonwealth of Massachusetts issued Michael Fiola a Dell Latitude in November 2006, it set off a chain of events that would cost him his job, his friends and about a year of his life, as he fought criminal charges that he had downloaded child pornography onto the laptop. Last week, prosecutors dropped their year-old case after a state investigation of his computer determined there was insufficient evidence to prove he had downloaded the files.
    • "An initial state investigation had come to the opposite conclusion, and authorities took a second look at Fiola's case only after he hired a forensic investigator to look at his laptop. What she found was scary, given the gravity of the charges against him: The Microsoft SMS (Systems Management Server) software used to keep his laptop up to date was not functional. Neither was its antivirus protection. And the laptop was crawling with malicious programs that were most likely responsible for the files on his PC...."
    • The article includes an interview with Mr. Fiola.
  • "Probe shows kiddie porn rap was bogus"
    BostonHerald.com (June 16, 2008)
    • "A child porn possession charge lodged against a Department of Industrial Accidents investigator fired for having smut on his state-issued laptop has been dismissed because experts concluded he was unwittingly spammed.
    • " 'The overall forensics of the laptop suggest that it had been compromised by a virus,' said Jake Wark, spokesman for Suffolk District Attorney Daniel Conley.
    • "Nationally recognized computer forensic analyst Tami Loehrs told the Herald Michael Fiola’s ordeal was 'one of the most horrific cases I've seen.'
    • " 'As soon as you mention child pornography, everybody’s senses go out the window,' she said...."
  • "One in three IT staff snoops on co-workers: survey"
    Reuters (June 19, 2008)
    • "FRANKFURT (Reuters) - One in three information technology professionals abuses administrative passwords to access confidential data such as colleagues' salary details, personal emails or board-meeting minutes, according to a survey.
    • "U.S. information security company Cyber-Ark surveyed 300 senior IT professionals, and found that one-third admitted to secretly snooping, while 47 percent said they had accessed information that was not relevant to their role.
    • " 'All you need is access to the right passwords or privileged accounts and you're privy to everything that's going on within your company,' Mark Fullbrook, Cyber-Ark's UK director, said in a statement released along with the survey results on Thursday.
Don't get me wrong: I'm not against IT people. In the company I used to work for, I was the IT department for the last ten years.

4 comments:

Anonymous said...

This is a truly guilty until proven innocent story. It calls to mind the case of a highschool teacher, who had a troubled marriage and one child, a daughter.

To make a long story short 3 years after he was sent to jail for molesting his daughter she confessed that she and her mother made the story up. In fact, she had been sexually assaulted by the mother's boyfriend, a boyfriend that her father didn't even know existed. The reason for the subterfuge was that the mother wanted to be sure she got custody of the daughter when they divorced.

The man's home, finances, family life, professional life, reputation and emotional health were ruined. When he was finally released from prison where he had been attacked and disfigured by other prisoners, he was assaulted by a gang of street youth who stole the money he had been given when released from prison.

Brian H. Gill said...

timethief,

Unhappily, that sort of thing does happen. Generally, those perversions of justice don't get the attention that the Duke debacle and this little incident did.

I hope they're rare.

L. Venkata Subramaniam said...

Definitely we need a code of conduct. But we need to be careful, IT has a lot of positive effects, and so far despite examples like the ones you gave, by and large things have been going pretty well for the millions of users.

Brian H. Gill said...

L. Venkata Subramaniam,

I'm glad you left your comment. Thank you.

Agreed without reservation. Today's information technology (lower case) has, as you said, a lot of positive effects.

On a personal scale, information technology made it possible for me to keep a sequence of jobs for over twenty years, that would have taken perhaps a dozen people back when I was growing up.

The IT I was referring to in this post was Information Technology (capitalized). Your comment made me realize that this is possibly an Americanism. In American English, IT or Information Technology is the department, or the group of people, who run an organization's data network, computers, and other information technology devices and software, and provide technical support for the people who aren't so tech-savvy.

Thanks for the reminder that my dialect of American English uses words and phrases that aren't widely understood. I'll try to be more careful in the future.

("The department that builds and maintains computer systems." is the way that California State University, Monterey Bay, defined IT. There's a selection of definitions for "it," "IT," It!," and so forth at Google" )

Unique, innovative candles

Visit us online:
Spiral Light CandleFind a Retailer
Spiral Light Candle online store

Pinterest: From the Man Behind the Lemming

Top 10 Most-Viewed Posts

Today's News! Some of it, anyway

Actually, some of yesterday's news may be here. Or maybe last week's.
The software and science stuff might still be interesting, though. Or not.
The Lemming thinks it's interesting: Your experience may vary.
("Following" list moved here, after Blogger changed formats)

Who Follows the Lemming?

WebSTAT

Family Blogs - Blog Catalog Blog Directory