Enterprise IT Watch Blog

Jul 7 2010   5:38AM GMT

IT Professionals are not above the law

Guest Author Profile: Guest Author

Editor’s Note: Ever feel like you’re crossing a line with something your boss has asked you to do? Joshua Garick, a lawyer in Boston, MA., explains why you might need to think twice before installing the latest spyware on employee computers, particularly if you’re a bit dubious about what the boss is snooping on. Also, read his first guest post on why you should be wary of extended warranties. -Michael Morisy

There has been a buzz as of late as to whether IT professionals should be held criminally liable if they perform a technical task results in criminal activity. An example is the Lower Merion Township case where the school district’s IT department equipped school-issued laptop computers with webcams that took over 56,000 images of unsuspecting students in their homes.

The FBI and U.S. Attorney are presently investigating the matter to determine whether charges should be filed.

The IT professional should view cases like this as a warning. IT professionals, like anyone else, will be held liable for their criminal acts. You are hired powerful skill set which, if used inappropriately, could have devastating consequences. You should not use your skills in an illegal or immoral manner. This is akin to Superman using his x-ray vision to garner a look at Lois Lane.

Let me explain why you will be arrested if you break the law:

A recurring argument against imposing criminal liability is that the IT professional is simply performing a technical task for his employer. This is not a valid defense. Under civil law this might be true, but not for criminal law. example, I am accidently struck by a UPS truck when I cross the street, UPS – and not the driver – would likely be vicariously liable for my injuries under a legal principle known as respondeat superior – which means “let the master answer.” This, however, does not apply to criminal prosecutions or should it. If the UPS truck driver’s boss ordered him to drive his truck into a pedestrian, the driver must draw from his moral compass and recognize that he is about to engage in criminal activity. Societal norms suggest
that a victim’s right to not be struck by a speeding truck is greater than the driver’s right to his job. If the truck driver is fired because he refuses to follow this order, at least there isn’t an injured pedestrian on the side of the road.

This analogy holds true in the IT world. Criminal laws evolve over time and change based on societal norms. The latest trend is to combat privacy and other issues resulting from advances in online technology. These problems can only be created by you – the IT professional. If you are asked to do something that is illegal, you have an obligation to us non-technical folks to abstain. This is not to suggest that the IT professional should fear the unintended consequences of his work. Like the UPS driver accidentally hitting a pedestrian, if you do not have the requisite criminal intent to create an illegal technology, you will likely not be charged with a crime.

Consider the fallout from Google Map’s collection of personal data obtained during its search for unsecured wi-fi networks. If you believe Google’s explanation that any data obtained was an unforeseeable accident, the IT professional who created the technology would probably not be subject to arrest.

What is important, however, is that you keep abreast of the law. Years ago, identity theft, data breaches, dissemination of personal information, online bullying, etc., did not exist. Now most jurisdictions have laws on the books in response to these growing problems. Do you know them? Remember the old adage: ignorantia juris non excusat – ignorance of the law does not excuse. Though certainly a daunting task, there are many resources that can assist you and help save your hide. Most companies have (or should have) internal processes to ensure legal compliance. Question your legal counsel or your company’s management to make sure your project isn’t criminal. If you are dissatisfied with your general counsel’s advice (or you don’t have one), you can always discuss the matter with your own attorney. erhaps the best advice is to appeal to your own sense of morality. If you are asked to do something you are uncomfortable doing, don’t do it. Under whistleblower protection laws, your job may be protected if you notify the authorities about illegal or suspected illegal activities in lieu of carrying them out. Make sure to consult with an attorney in your state to understand your rights.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: