Commentary
8/5/2010
12:51 PM
John Foley
John Foley
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail

Government Technologist: DoD Must Confront Child Porn Issue

In the wake of an Inspector General report, John Foley argues that the Defense Department must take aggressive steps to prevent access to child porn on government PCs and review its policies for dealing with the problem.



An Inspector General report detailing more than a dozen investigations of suspected child porn at the Department of Defense deserves an aggressive response. The scope of the problem, which extends to DoD computers and networks, warrants a full-scale review of IT policies and processes to block this offensive garbage.

The 94-page IG report, released in response to a Freedom of Information Act filing by the Boston Globe, provides a seldom-seen look into the who, what, where, when, and how of child porn access by employees and contractors of the U.S. military. In several of the cases involved, it appears that more rigorous IT governance might have identified problems earlier or even prevented them. Keep in mind that there's risk associated with this nasty problem -- government systems may be exposed to malware, and the perpetrators are vulnerable to blackmail and threats.

DoD launched its investigations, most of which took place between 2007 and 2009, in the wake of an Immigration and Customs Enforcement (ICE) probe, known as Operation Flicker, into child porn Web sites. Combing through the transaction records of those sites, ICE agents turned up the names of 5,000 customers, including those using .mil e-mail addresses or the ZIP codes of military post offices. ICE shared its findings with the Defense Criminal Investigative Service (DCIS), which launched its own investigation.

In one case, an Oracle employee with top secret clearance and under contract to the National Security Agency was identified as a subscriber to the child porn Web sites under investigation by ICE agents. On the same day that a search warrant was issued for that person's home computer, it appears that he traveled to his office and tampered with work computers. A second search warrant resulted in the discovery of child porn on an office computer and, in March 2008, he was indicted on possession of child porn. (It's unclear from the IG report, which is heavily redacted, if the offices involved were those of NSA, Oracle, or another employer.) The suspect fled and is thought to be hiding in Libya.

In another case, the Defense Contract Management Agency, which works with DoD suppliers, seized a government computer used by a contract worker. Forensic analysis revealed 40 thumbnail images suspected of being child porn, and the employee admitted having a thumb drive with 2,700 images that he said might "raise some eyebrows." During the course of the investigation, he admitted to playing online games on his work computer for an average of three hours during the work day.

That guy got off the hook. The U.S. Attorney's office declined to prosecute him based on an inability to verify the ages or identities of the young people in the photographs and the fact that a majority of the images didn't constitute child porn. The DCMA tried to recoup $20,000 in back wages, based on the time spent gaming, but the effort was unsuccessful, and the case was closed. His only penalty was a 30-day suspension for misuse of government time and resources.

There are also the examples of a Navy non-commissioned officer who downloaded child porn while stationed on the U.S.S. Mason, a destroyer class ship, and of a DARPA program manager whose computer, during a routine virus check, revealed what appeared to be child porn and lots of it.

Possession or distribution of child porn is a felony, but not all of the cases documented in the IG report resulted in prosecution. A civilian contract employee within the Office of the Secretary of Defense, and with top secret clearance, turned up in the Operation Flicker investigation, but 14 months passed from the time his work computer was requested in July 2007 and the time it was secured by Defense investigators. (It appears that the person's employer, apparently Lockheed Martin, may have held the laptop during the interim.) No child porn was recovered, and the case was closed.

Many of the examples contained in the report illustrate the complexities of proving child porn possession even when the evidence points to it: Law enforcement authorities must work across jurisdictional boundaries; search warrants and equipment seizures take time, giving suspects a chance to cover their tracks; and the ages and identities of victims can be impossible to establish.

That's all the more reason for IT policymakers at DoD and elsewhere in federal government to be rigorous in establishing and enforcing policies aimed at prohibiting child pornography. A starting point is to bring together IT managers, HR reps, and agency lawyers to make sure everyone is working from the same set of rules and responses. The problem of child porn in the workplace is well recognized -- the private sector grapples with it, too -- and CIOs know that education on what constitutes child porn, Web filtering technology, policy enforcement, and organizational readiness to respond are all part of the answer.

If nothing else, IT managers at the Defense Department must learn from past experiences. Their policies and oversight must extend to government contractors; state-of-the-art Web filtering and virus scanning technologies must be fully implemented; warning signs must be acted upon; and internal investigations shouldn't wither on the vine due to lack of fortitude in dealing with them.

As they pay closer attention, it's critically important that IT personnel know what to do if they encounter child porn on workplace computers. In 2002, two PC administrators working at New York Law School were fired after discovering child porn on a professor's laptop. The professor, Edward Samuels, was convicted, but the IT admins were dismissed by their employer, Collegis, for other reasons.

DoD must confront this issue head on. Defense investigators were forced into action by ICE's Operation Flicker, not through their own initiative, and details of their investigation might have remained buried if it weren't for The Globe's FOIA request. Even now, the IG report is so heaving redacted that many details are missing.

I have asked DoD repeatedly in the past week whether it's pursuing any new IT policies as a result of the Operation Flicker investigation, but so far, no response. Let's hope Defense officials are busy preparing a course of action, not ignoring their responsibility to sexually abused children.

Recommended Reading:

"Worst-Case Scenario"

"Technology And The Fight Against Child Porn"

"Work/Life: When Things Go Wrong"

Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2021 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service