Ethical question.

[mm]

To answer the point of invasion of privacy.
You have no expectation of privacy if you hand your
laptop to someone.

You may well be right about this. If I sent my diary in to have it
rebound, and the bookbinder read it, well if I kept a diary I wouldn't
send it to a bookbinder.

What exactly did you find on this computer?

I forgot about child abuse. That's even worse than naked poses of a
child, which is all I had in mind that I called pornography.

To the others, if the OP had no reason to suspect a crime and he
snooped just because he was nosy, yes, that's unethical, but his
unethical behaviour doesn't mean he has to hide in the corner after he
found something bad. If the right thing to do for a perfectly ehtical
person, who only found this stuff because he needed to verify that the
..jpg viewer was working, and he chose a picture named NiagraFalls
because he thought it wouldnt' be personal, if the proper thing to do
for him is to go to the police, then it's the proper thing for a
snooper to do too. If the OP were a murderer, it would still be the
proper thing to do. Everyone has failings; some are even criminals;
it doesn't mean they're not allowed to turn in other people who commit
crimes. Rather, they have the same moral obligations the rest of us
do.

 

[William Sommerwerck]

OTOH, how can a customer be so stupid he takes the

computer in if it contains anything illegal?

In this case, the machine wouldn't boot.

If one has material one does not wish others to see -- legal or illegal --
it should be stored on an external drive. One can then hand the computer to
a serviceman without worry.

Though the temptation to snoop can be overwhelming, an ethical serviceman
will resist the temptation at all times. No one expects him to "play
police", and no reasonable person would condemn him for not prying, even in
cases of child molestation or murder.

It's NOT his business to spy on his neighbors and report unacceptable
behavior. The Constitution protects our privacy, and though that protection
doesn't generally apply to snooping by neighbors, an ethical person will
respect that protection.

 

[[email protected]]

Customer brings in a lap top. "Won't boot"

So you do the usual amount of diagnostics
and knock a little sense back into the machine.

Being nosy of course, you check out the
pictures folder to see what their kinks are.

Oh, my definitely a bozo no no there.....

So what do you do?
(Some answers giving below are tongue in cheek
for the humor impaired.)

Act like nothing happened?

Congratulate them on their tastes?

Wipe the drive with something like bcwipe and
give it back to them?

Spin up the drive separately and bang it against
the desk repeatedly until you knock a head loose?

Make copies for yourself?

Hand it over to the local police?

Give it back to the customer and turn them in
after a few weeks?

Charge the customer extra and demand payment to
keep quiet?

The two things that bother me the most are the
police have a terrible track record on anonymous
and the lawyers like to claim that YOU put it
there.

So, what to do?

Jeff

Ethical as what? A businessman or a human being? The fact that you
were snooping 'of course' casts doubt upon your ethics as a
businessman. And it doesn't say much for your character either.

What was it? Hidden camera videos of the cutomer boffing a series of
adults of either gender? 'Snuff' porn, 'crush' porn, or some local
politician in drag? The same answer applies - give the computer back
to the customer, collect your usual fee (less 10% to remind yourself
to behave next time).

If it was genuine kiddie porn - an adult abusing a pre-teen, you have
a chance to prove your qualifications as a decent human being. Call
the police, show them what you found, and prepare to suffer the
fallout.

PlainBill

 

[PeterD]

I'll assume you found some child porn. If it were me I would hand it over
to the cops.

Assuming child porn, he may not have an option, but be required to
hand it over or face possible legal concequences. Consider this, a
week later, the guy is busted for something else, and the porn is
discovered... What are the odds that he will say "Wasn't on my
computer before I took it to ABC for service, they must have dropped
that suff on the drive, not me!" and when the authorities come to you,
what are you going to say? You didn't report it? That's a crime in
many places. You didn't do it? Try to prove it!

 

[PeterD]

The customer brought in the computer to be repaired -- not to be searched by
a nosy serviceman. You are obliged, if only by common courtesy, not to poke
your snout where it doesn't belong.

I will say that when I teach law and ethics in the university where I
teach, this is one thing we do cover. You don't snoop on anyone's
computer for any reason unless the owner has explicitly approved it.

Then again, I've seen some idiots with stuff like this on their
computers and still say something like "it is ok to look on my
drive..."

Not everyone has a brain and knows how to use it!

Unless you have good reason to believe someone's life is in danger, you
should keep your trap shut.

If this is kiddie porn, you might contact the police anonymously and ask
them what they recommend doing.

Excellent advice.

 

[D Yuniskis]

Assuming child porn, he may not have an option, but be required to
hand it over or face possible legal concequences. Consider this, a
week later, the guy is busted for something else, and the porn is
discovered... What are the odds that he will say "Wasn't on my
computer before I took it to ABC for service, they must have dropped
that suff on the drive, not me!" and when the authorities come to you,
what are you going to say? You didn't report it? That's a crime in
many places. You didn't do it? Try to prove it!

IANAL. But, ...

Technically, the burden of proof that you *did* it lies with
the authorities (though that doesn't mean to say you're not
going to be in for a lot of headache, etc.). E.g., you can
*kill* an intruder in your house, here -- but, be prepared
to spend a year in the court system defending your actions
(and who knows how much exposure to civil suits you might have!)

[note that you are still, potentially, in this predicament
even if you didn't *know* there was something "illegal" on
the machine]

Proving you were unaware of it can be tricky. Most systems
track accesses to files -- in several different ways. Some
filesystems track "last access time". Many applications
maintain MRU lists. And, presentation layers might also.

I.e., if you used *his* machine to view *his* files, the
machine can attest to the fact that "someone looked at this"
at some particular time (he can then claim you had physical
possession of the device at the time in question).

Of course, you can cook all of this data in the machine
and make it *claim* anything you want (i.e., last accessed
20 years ago -- before the laptop was even manufactured! :< ).
Though you then leave yourself open to suspicion for simply
*knowing* how to do these things!

However, if you have *told* anyone about this, then you (and
they!) are complicit.

I stand by my original comment: *looking* is your first mistake!
When you're in business, you are always at increased risk for
"problems" because you typically deal with a variety of people
about which you know very little (this is why I only service
computers of friends/neighbors/relatives).

 

[D Yuniskis]

I will say that when I teach law and ethics in the university where I
teach, this is one thing we do cover. You don't snoop on anyone's
computer for any reason unless the owner has explicitly approved it.

That depends on how you define "snoop". Gratuitously poking around
at things you don't *need* to see vs. *innocently* using things that
are "on-hand" to test the machine's operations...

[BTW, I recommend Forester & Morrison's "Computer Ethics". A bit
dated but brings up lots of issues that are worth considering
wet the ubiquity of computers in our society]

Then again, I've seen some idiots with stuff like this on their
computers and still say something like "it is ok to look on my
drive..."

Not everyone has a brain and knows how to use it!

It is alarming how naive/ignorant most folks are re: technological
issues. Whether it is "personal privacy" or more insidious issues.

I have a friend who tends to be obsessive about privacy and takes
often extraordinary measures to safeguard his. Yet, was stunned
(decades ago) when I told him that his use of "800 numbers"
compromised his privacy. Nowadays, cell phones being *personal*
items (vs. *shared* items) makes this even moreso.

[I was able to document my (ex)brother-in-law's "philandering"
just by examining his cell phone and charge/banking records.
"How do you know that I wasn't at work on this date? And,
how can you claim that I was at the No-Tell Motel at that
time? *And*, that I was with that particular girl??"]

Excellent advice.

There is no "anonymously". Your call *will* be recorded.
If the information is "actionable", you can bet the "closest
squad" will be diverted to your location.

Someone used one of the computers at the local library to send
an "anonymous" (threatening) email to <mumblemumble>. Police
simply took the computer away as evidence. Guy was arrested
a few weeks later...

 

[mm]

I have a friend who tends to be obsessive about privacy and takes
often extraordinary measures to safeguard his. Yet, was stunned
(decades ago) when I told him that his use of "800 numbers"
compromised his privacy.

In what way? Do you mean because *67 won't hide your phone number
from them? MOst people don't know that. They know it about 911 but
there is no organized method of telling anyone about 800 and 866
numbers and it's not surprising he didn't know.

Nowadays, cell phones being *personal*
items (vs. *shared* items) makes this even moreso.

[I was able to document my (ex)brother-in-law's "philandering"
just by examining his cell phone and charge/banking records.
"How do you know that I wasn't at work on this date? And,
how can you claim that I was at the No-Tell Motel at that
time? *And*, that I was with that particular girl??"]

If it's kiddie porn, they'll tell you to give them your address and
they'll come over that day, or they'll send someone, and not to return
the computer yet, and that is the right thing to do, subject maybe to
my distinction in another post.

There is no "anonymously". Your call *will* be recorded.
If the information is "actionable", you can bet the "closest
squad" will be diverted to your location.

Someone used one of the computers at the local library to send
an "anonymous" (threatening) email to <mumblemumble>. Police
simply took the computer away as evidence. Guy was arrested
a few weeks later...

You can still make a phone call from a pay phone. Or your
(ex)brother-in-law's phone, maybe.

 

[D Yuniskis]

In what way? Do you mean because *67 won't hide your phone number
from them? MOst people don't know that. They know it about 911 but
there is no organized method of telling anyone about 800 and 866
numbers and it's not surprising he didn't know.

The conversation in question happened in the early 80's.
I just told him that the called party gets a list of
phone numbers that placed calls *to* their number as
part of their billing arrangement. Nowadays, that
information is "live" -- e.g., call to "authorize"
your newly received credit card and the device on
the other end of the line is comparing the phone number
from which you are *currently* calling to the one that
they have on file for you.

The point of my comment is that there are lots of ways that
communications/transactions are "tagged" that even a "savvy"
user may not be aware of.

E.g., your IP address can be used to tie "who you are" to
"what you say (i.e., *post*/email/etc.).

"Ah, but I go to the local coffee bar and use their *wireless*
so the IP address isn't tied to *me*!" [Yes, but your MAC
is! :> )

"OK, so I'll change network cards. Or, hack the firmware
so that I can generate 'random' MACs (and rely on probability
to ensure I don't accidentally pick one that is in use)?
[yes, but your browser has a footprint that can be used
to narrow down "who you might be"]

"OK, so I will reload software each time and pick different
browsers, option configurations, etc." [yes, but you have a
certain "style of writing"...]

Etc.

I.e., don't do anything that you wouldn't do "non-anonymously".

Nowadays, cell phones being *personal*
items (vs. *shared* items) makes this even moreso.

[I was able to document my (ex)brother-in-law's "philandering"
just by examining his cell phone and charge/banking records.
"How do you know that I wasn't at work on this date? And,
how can you claim that I was at the No-Tell Motel at that
time? *And*, that I was with that particular girl??"]

Unless you have good reason to believe someone's life is in danger, you
should keep your trap shut.

If this is kiddie porn, you might contact the police anonymously and ask
them what they recommend doing.

If it's kiddie porn, they'll tell you to give them your address and
they'll come over that day, or they'll send someone, and not to return

I have no idea. I don't put myself in these sorts of situations
because I don't want to have to deal with them :> (I've got
enough stuff that I *must* do without looking for *other*
things to put on my plate! :> )

A friend had a *box* of cash delivered to her doorstep.
I recall talking with her at the time about what she
should do. Of course, she would have loved to just
*keep* it (~10K IIRC).

Aside from the moral issues, my advice to her was that
she *had* to report it to the police. It is no doubt
"dirty" money (how many folks ship boxes of cash??).
And, if someone sent it to your house intending it
for the previous resident -- or, perhaps transposed
two digits in the address -- what do you do when/if
they knock on your door (with a crowbar!) asking
for their money back??

the computer yet, and that is the right thing to do, subject maybe to
my distinction in another post.


You can still make a phone call from a pay phone. Or your
(ex)brother-in-law's phone, maybe.

Sure! Though the call is still recorded (so it could
be proven to be *your* voice) and can still be traced
to identify where *you* are at this moment.

As I said, don't do anything that you wouldn't do "non-anonymously".
If you don't have the cajones to do/say it when folks KNOW who
you are, relying on "anonymity" is eventually going to leave you
disappointed/surprised!

 

[Jeffrey Angus]

I remember several years ago, something similar happened to Pete
Townshend of "The Who".

Uh-huh, Community service. Right. If it had been any of us,
we'd still be in prison.

BTW: to keep this on topic... What was the problem with the laptop
that made it not boot?

Actually the topic is ethical question.
But since you asked, video driver for a web cam. wrong
one, crashed the machine on boot.

And while I originally posted "tongue in cheek" about
snooping, the original problem was the web cam driver.
When I brought up the correct one to make sure it
worked, I took a picture, and it dropped it into the
"Bozo no no" zone where I went to check that it worked
properly.

Jeff

 

[PeterD]

IANAL. But, ...

Technically, the burden of proof that you *did* it lies with
the authorities (though that doesn't mean to say you're not
going to be in for a lot of headache, etc.).

Current law enforcement in the USA no longer works that way. You are
required to prove your are innocent or else you are considered guilty.

E.g., you can
*kill* an intruder in your house, here -- but, be prepared
to spend a year in the court system defending your actions
(and who knows how much exposure to civil suits you might have!)

[note that you are still, potentially, in this predicament
even if you didn't *know* there was something "illegal" on
the machine]

Proving you were unaware of it can be tricky.

Proving you didn't put the porn on the customer's computer would be
nearly impossible. The assumption will be that you are guilty in most
locations.

Generally speaking convictions are so easy (because of the emotional
aspect mostly) that proof needed is minimal. It is NOT worth the risk.

Most systems
track accesses to files -- in several different ways. Some
filesystems track "last access time". Many applications
maintain MRU lists. And, presentation layers might also.

I.e., if you used *his* machine to view *his* files, the
machine can attest to the fact that "someone looked at this"
at some particular time (he can then claim you had physical
possession of the device at the time in question).

Of course, you can cook all of this data in the machine
and make it *claim* anything you want (i.e., last accessed
20 years ago -- before the laptop was even manufactured! :< ).
Though you then leave yourself open to suspicion for simply
*knowing* how to do these things!

However, if you have *told* anyone about this, then you (and
they!) are complicit.

I stand by my original comment: *looking* is your first mistake!
When you're in business, you are always at increased risk for
"problems" because you typically deal with a variety of people
about which you know very little (this is why I only service
computers of friends/neighbors/relatives).

Looking was a major blunder. Violated ethics and privacy laws. That we
can easily agree on!

 

[PeterD]

I talked to a friend of mine who does computer service, about this. He says
that virtually every machine he sees has 'dubious' material on it, but he
disputes that the argument that "the stuff was put on there by the guy that
repaired it" would ever wash, as he says that there are download dates and
so on, deeply embedded in the files, that any forensic computer expert
working for the police, could easily dig out. and use to prove exactly when
the material was placed on the machine. However, he says that in all the
years that he's been doing it, he has never seen a machine come in for
repair, with CP on it.

Arfa

One major issue here is that we still have many investigators who are
so computer illertate that they can't find this type of information.
Things are getting better however and they will eventually be able to
understand computers, file information, etc.

But it still presents a major risk to the service people, and (as
mentioned) looking was a major ****-up on the technican's part.

 

[Geoffrey S. Mendelson]

"Touch" utilities have been around since the dawn of computing
and can alter the file dates at will.

Anyone who can use a search engine can find a bootable disk image/USB stick
image of disk utilites that let you read all sorts of disks, in all sorts
of condition. They allow you to look at files without setting access flags
and dates, etc.

Someone mentioned using Acronis True Image to image a disk, that leaves
no records and then if you were to make the image onto a permanent medium,
such as a DVD, you can then make a copy of the file off of the image and no
record is made on the image of the access.

The repair person having possession of the computer
queers the chain of custody.
If I was on a jury hearing this, I'd consider the whole case suspect.

What chain of custody? This is not an episode of CSI, my giving you a computer
to fix, and having a recipt for the the computer or a repair is not a chain
of custody. It's evidence that you had it and I did not. Evidence is not
proof and it's certainly not any evidence that once I gave it to you, you kept
control of it.

Yet another unethical snooper.

That I agree.

Geoff.

 

[Baron]

I remember several years ago, something similar happened to Pete
Townshend of "The Who". He brought his computer into a shop for
service and the tech squealed on him because there was some child
abuse photos on there.

FWIW. That was the store manager trying to take advantage of free
publicity when it was realised who the owner was !

 

[PeterD]

The customer may have bought the laptop used on eBay or elsewhere and
may be totally unaware of its contents.

That has nothting to do with the problem and what to do.

 

[PeterD]

It certainly does. He may have great difficulty proving his
innocence.

The original post wasn't based on the 'owner' proving innocence or
not, only the ethical issues, and to a certain extent the legal issues
WRT the repair shop. We can save that issue for a later thread perhaps
(Say titled "My Friend Bought a Notebook on eBay and it Has Porn On
It")

 

[JW]

Current law enforcement in the USA no longer works that way. You are
required to prove your are innocent or else you are considered guilty. [...]
The assumption will be that you are guilty in most
locations.

Troll status confirmed.

 

[PeterD]

Current law enforcement in the USA no longer works that way. You are
required to prove your are innocent or else you are considered guilty. [...]
The assumption will be that you are guilty in most
locations.

Troll status confirmed.

You're admitting you are a troll? Or that the entire thread was a
troll (which is likely)? Claiming I'm a troll? <g> Or is it that if
someone posts something you don't agree with a troller?

 

[JW]

Current law enforcement in the USA no longer works that way. You are
required to prove your are innocent or else you are considered guilty. [...]
The assumption will be that you are guilty in most
locations.

Troll status confirmed.

You're admitting you are a troll?
No.

Or that the entire thread was a
troll (which is likely)?
No.

Claiming I'm a troll? <g>
Yes.

Or is it that if
someone posts something you don't agree with a troller?

No.

 

[PeterD]

No.

Wrong on that point, troll boy.

No.

Wrong on that point, troll boy.

Yes.

Wrong on that point, troll boy.

No.

Wrong on that point, troll boy.

Wow, totally wrong... Why am I not surprised?