by Randy Cohen, who writes the Ethicist column in The New York Times Magazine, answered a question today from an “Internet technician” who discovered pornography belonging to his company’s president while “installing software on [the] company’s computer network”. Some of the images seemed to depict underage teenagers. He asked whether he should call the police, mentioning that he feared for his job.
Cohen’s response was that the technician’s fear for his job had nothing to do with the ethical situation, but that he should not come forward. “The situation is too fraught with uncertainty. These photographs might depict — legally — not children but young-looking adults. The images could be digitally altered. Your boss may have acquired free (albeit illegal) images rather than bought them and provided a financial incentive to those who harm children. Someone other than your boss may have downloaded the pictures.”
Cohen suggests that the penalty for simple possession of child pornography is too great for the employee to turn in his president with so little evidence of wrongdoing. “Since you have no reason to believe your boss has had improper contact with children, you should not subject him to such ferocious repercussions for looking at forbidden pictures.”
As a professional system administrator, I have other ethical questions about this incident. As part of our jobs, we have to deal with others’ data frequently; sometimes, that requires that we keep quiet about what we observe and not take action based on these observations. But our first responsibility is to keep from seeing others’ data in the first place whenever we can.
Of course, I don’t know the particulars of the letter-writer’s job, but I have trouble imagining a situation in which installing software would result in a sysadmin seeing images stored on a user’s computer. Graphical file-explorer programs like the Mac’s Finder and Windows’ Explorer can be configured to display previews of images as their icons (in fact, on the Mac and on Windows this is the default), but features like that should be turned off when working with others’ data. We need to limit our exposure to content when content is not what we are working with.
It’s also important, when you do come across private content that belongs to one of your users, to resist making assumptions about its nature. For all you know, the company president was working with the company’s lawyers to deal with another employee’s possession of pornography, and, not being a computer expert, simply dragged the images from the employee’s directory to his own. Or maybe that email you saw in diagnosing a server issue, the one announcing a massive upcoming layoff, was some sick manager’s idea of a joke, sent just before a meeting where he could say “just kidding”. As sysadmins, we have our hands in everything; our exposure to our business’s functions is very broad, but except within IT, it isn’t very deep. Assuming you know everything is a character flaw pretty endemic to sysadmins. 😉
Besides the ethical issues, there’s also the business perspective to consider. At most any site of reasonable size, there is always illicit activity going on on the network, whether it’s copyright infringement, pornography viewing, pilfering, moonlighting, or just plain time-wasting. System professionals could spend all their time at work being the morality police if they wanted to. I’ve seen it happen from time to time; sysadmins on their own initiative searching the network for MP3’s, videos, or games installed on company machines. Such sysadmins usually don’t last long in their jobs; whether or not they actually tracked down illegitimate use and did not finger the wrong people, such activity just isn’t in their job descriptions, and rarely adds value to the company. It’s already far too easy for sysadmins to be seen as “walking overhead”; you don’t need to add to that perception by going out of your way to find tasks not in your job description that are mostly downside for your business. (Yes, legal compliance is an important part of any company’s business; but that’s not your job. If the company lawyers ask for your assistance, then you do, but there’s no need to go out on fishing expeditions on your own.)
Not to mention, if you avoid contact with content whenever possible, you avoid putting yourself into these ethical dilemmas.
What do you think? Was Cohen’s advice correct? Do you take technical measures to avoid seeing content when you can, or do you assume that when you’re in “superuser mode” you can mentally filter out anything you shouldn’t see?