If you're an IT staffer in the US, it may be time to add a yellow sticky to your monitor. No, not another password, but the phone number of your company's in-house lawyer.
Why? Because if a new South Carolina law gathers steam in other states, you just might be tapped to monitor whether your fellow employees are looking at child pornography on their computers. The recent case in which the Texas owners of a child pornography site (officials claim the company had 250,000 subscribers) received lengthy jail time should underscore that online child pornography is a serious and traceable crime. In addition, 100 subscribers were arrested. The most we can hope for is that they accessed the site from home computers rather than from work. That's because the new South Carolina law stipulates that IT pros who see child porn on an employee's computer must report the name and address of the owner or user.
But the law begs the question: Whose responsibility is it, anyway?
Are IT professionals like bartenders, who must watch the behaviour of the people they're serving?
Sonia Arrison, director of the Center for Freedom & Technology in San Francisco, says it doesn't make sense to turn IT folks into ethics monitors. "Going around looking at people's hard drives shouldn't be the responsibility of IT personnel," she says. "HR, lawyers or people who know the law would be better."
Most IT personnel are employees, not officers of a company, and they're rarely covered by corporate insurance. What happens if someone mistakenly reports a worker and is sued for defamation? Will IT departments have lawyers to determine what's permissible on computers? If you outsource IT functions, what happens if an employee's name appears on a third-party computer on which illegal material is found?
Many websites grab names to bolster marketing efforts. What if your name, along with a company email address, pops up and is found by law enforcement officials on a database of a pornography site? Is it the IT department's job to clear your name if the FBI comes calling?
Many banks and investment firms have surveillance software to monitor email and where employees go online. But the South Carolina law places the onus on geeks to sniff out perverts.
IT workers shouldn't have to police other people's computers. They aren't trained to enforce the law, they don't have insurance protection if they make mistakes, and they won't appreciate being the thought police.
Finally, IT workers shouldn't be held responsible for other people's illegal behaviour. Imagine being prosecuted as an accessory because you knew about child porn on a computer but didn't want to be a rat.
Fox is Computerworld US' West Coast bureau chief. Send email to Pimm Fox.