May 2nd, 2007

Should the law deputize computer technicians into nabbing child abusers?

Posted by David Berlind @ 11:42 am

Categories: General, Government, Legal, Security

Tags: Technician, Computer, David Berlind

The states of Connecticut and California are considering legislation that essentially deputizes comptuer technicians into joining war against child abuse and pornography. According to an Associated Press report:

Computer technicians would be obligated to report child abuse just like doctors, teachers and others who work closely with children, under measures being considered by lawmakers in two states….At least five states — Arkansas, Missouri, Oklahoma, South Carolina and South Dakota — require computer technicians to report child pornography. Connecticut and California are considering legislation that would go a step farther, adding technicians to the list of "mandated reporters" who notify authorities about any type of child abuse and neglect.

As a father of three children, I simply can't imagine the sort of cowardice or the mind it takes to physically abuse children or exploit them sexually. Few types of news reports can regularly bring tears to my eyes (as well as those of my wife) the way reports involving children as victims do. Wars, fires, rape, abuse, etc. It's all a horror. But when it involves children, it feels to me as though it's the absolute darkest side there is to the human race. But I'm equally troubled by the idea of computer technicians being "obligated" to join the fight.  Not because fighting child abuse and porn doesn't need all the help it can get, but because of the damage that can be done as a result of a "false positive." 

Potentially incriminating material can end up on a computer in any number of ways that have nothing to do with a deliberate request for questionable content.  Even worse, the range of expertise among computer technicians varies enough that you could conclusively say that not all such technicians have the skills to distinguish between deliberately accessed content and that which may have found its way onto a system through other means (spam, malware, another user, etc.).  It's a recipe for disaster when you consider how being accused of child porn/abuse usually turns into a guilty-until-proven-innocent scenario of the sort that can destroy lives and families. 

I covered this issue (here's the follow-up) in 2004 shortly after a ZDNet reader informed me of his plight — one where he swears pornographic content was loaded onto his system in an deliberate attempt by co-workers to railroad him. Now, despite an innocence he insists on, his life is pretty much ruined. While I mean no ill will to the community of computer technicians out there, I cannot imagine a worse "posse" to deputize into the role of reporting child abuse or child porn. It's like passing a law that the foxes will now be in charge of watching all hen houses. Of all people, computer techs are ones with the sort of carte blanche system access that's necessary to frame another user for a henious crime. It only takes one bad apple — and the bad apples are out there — to destroy someone's life. 

Very shortly after one of our children was born, my wife and I were assembling a bed and in a freak accident, I moved a rail of the new bed directly into the path of her leg while, with our child in her arms, she was maneuvering to get out of the way. She fell and the net result was that our son ended up with a broken leg. At the hospital, we were visited by an unusual number of doctors (six to eight if I recall) and nurses, all of whom had a great bedside manner and all of whom very casually elicited a replay of what happened. They would says something like "Oh, you must feel awful. Did you just trip over something?" 

At some point, I left the examination room (for what, I can't remember) and there, down the hall in a huddle, were all of the medical personnel who had engaged us in discussion. They were having a very quiet conversation that I later learned was part of the hospital's protocol for identifying potential child abuse cases. They were comparing notes the way cops compare notes looking to see if there were any inconsistencies. They were trying to determine if something didn't add up. They were professionals who were trained and trained very well to follow a specific protocol designed to minimize the number of false positives (given how damaging a false positive can be). 

A hospital's reason for existence is the well-being of people. Where children are potentially victims of abuse, it's practically within a hospital's charter to intervene which is why it's sensible for medical professionals to be a part of that detection system. But the well-being of children is not within the professional charter of computer technicians. And if states are going to obligate computer technicians to join the fight, are they then also prepared to foot the bill to train them and come up with a standard protocol that employers must bear the expense of implementing? For the most part, medical personnel aren't dealing with co-workers either. In other words, with medical professionals, personal agendas are less likely to play a role in the positive identification of a potential child abuser or consumer of child-pornography than within a business where computer techs are primarily dealing with co-workers. I'm not saying the medical "setup" is fault-free. But I am saying the computer technician "setup" is far more ripe for abuse.

As one ZDNet reader wrote, it's a double-edged sword. What do you think?

[poll id=13]