What price will society pay for forcing workers to spy on one another?
The closest I've ever come to being drafted--other than in Little League--was several years ago when a guy from my company's building-services department left me a message saying I'd been appointed to the Weather Advisory Task Force. Our charter, he said, was to help set guidelines for when snow emergencies should be declared and to think about and devise plans for other weather-related contingencies. While understandably humbled and thrilled at this calling, I never attended any meetings and was soon dropped from the task force. I incurred no penalties, and the net impact on me was zero.
A very different sort of impact, however, could be in store for thousands of IT workers in South Carolina under the legislation discussed in our cover story. Under the new law, any IT worker in the state who becomes aware of child pornography within that company's computer systems is required to report the users to law-enforcement authorities. They're not being asked to do this, they're not being encouraged to do this, they're not being urged to do it--they're being told to do it, or they could be sent to jail under penalties expected to be adopted next year.
What's going on here? Who dreamed this up? Who will enforce this? Where does the responsibility end--if front-line IT workers can be prosecuted for this, what about IT managers? CIOs? CEOs? And in these days of ubiquitous computer usage and information sharing, just who is an "IT professional," particularly in the eyes of legislators who have not the slightest hesitation in deputizing thousands of employees without their knowledge or consent?
Some have said the road to hell is paved with good intentions; clearly, the intentions here are good. If there is a more detestable and loathsome activity than the making, selling, and consuming of child pornography, I certainly hope I never hear about it. But is this the right way to attack this despicable industry--by forcibly requiring people who have no training in and no special perspective on this whole matter to become agents of law enforcement? To become arbiters of what is and is not pornography? To have to make the decisions on whether a possible but not definite example of such filth merits turning in a person who might be innocent, or whether to remain silent but risk a criminal record by not turning in that person?
Imagine you're the CEO at a shoe company in South Carolina, and you have 1,000 workers using PCs and networks with Internet access. You hear about this new law and assess your company's potential vulnerability. Do you brush it off and figure it'll blow over? Do you tell your IT team to keep a vigilant lookout for stuff flying through the transom, but don't go on active searches? Or do you look to pre-empt any potentially harmful problem by ordering your IT teams to actively root through every server and hard drive and Web site and attachment in your entire company? What if the search turns up off-color jokes? What if it reveals some employees are engaged in an office betting pool on baseball or basketball or football or hockey?
What about the head of HR who knows that a couple of employees have come to him or her to arrange for confidential counseling related to, say, spousal abuse? Well, we need to wipe out spousal abuse, so let's turn in those people, too. What if we find that some employees have visited Web sites that have links to other sites that are connected in some way to child pornography--do we bust them, too?
I'm not given to conspiracy theories or crazed images of a world gone mad. But I don't think the questions and scenarios I've posed are unthinkable in the context of this law. If we're willing to codify that, then where do we draw the line? This is about steps into the unknown that technology is spawning. It's about ethics and privacy and personal responsibility; it's about the role businesses play in building a better society; it's about defining acceptable levels of governmental activism in the private sector; and it's about tackling profoundly complex issues in a time when everything around us is changing. It's about what is right and what is wrong, and if it's taking place today in South Carolina, it can happen tomorrow all across the country.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.