by Christopher Paul on July 10, 2006

By accident, I stumbled upon some sensitive information found in the personal laptop of one of my colleagues. By accident, I mean snooped around for, and by stumbled upon, I mean saw the obvious sensitive files in question in plain site on the user’s Desktop. The file in question was a diary of sorts dating back over two years where the guy – who handles money for the company – admitted to being unstable.

He admitted to being a cocaine addict, a womanizer, a binge drinker and eater. He also talked about his emotional problems and how he can’t seem to keep it together. He mentioned a few times the troubles he was having at his other places of work. He wrote as if he was using stream of consciousness to pen it and it felt very erratic. His browsing history showed he visits escort sites every night – can’t tell if he’s giving them “business” or not. He just seemed to be losing it as he wrote it all.

Now I’m in a quandary. Do I keep the guy’s cocaine habit a secret? Do I silently offer to see he gets help in rehab (if he still has this problem)? Do I talk to my boss and let him deal with the guy? Do I keep quiet because I shouldn’t be going through his personal files anyway? Does it matter that it was a personal laptop that the guy asked me to look at (to clean a virus off of it).

For those who don’t know, I’m the sys admin for a very small company – less than 25 people – and everything funnels through me. I know everyone’s passwords (although I’m trying to change that). I know the contents of their hard drives – personal and professional. I track their browsing habits and filter content all while keeping a log of that activity. I monitor IM conversations for illegal activity using random searches on keywords (thankfully, the software does that for me so I can trust the randomness). I fix personal laptops and I travel to their homes to fix personal computers. I’ve removed spy ware and I’ve even been asked to remove someone’s porn so their significant other didn’t find it. I am truly master of my IT domain and I see everything – and they try to hide it too. But I see questionable emails and other content through my security systems.

I know that under the law and under company policy that all electronic transmissions are considered property of said company and are not considered private. Most techies would agree with me that there is no anonymous activity on the web or at work anymore (if there ever was in the first place). Sure, you can fake or hide a little but the bottom line remains this: don’t do anything you don’t want someone to find out about. Period. And as the admin, I can – and do – scan for activities that government regulators would take offense to. I make sure some employees don’t steal intellectual property by emailing files out over the unsecured internet. You get the idea.

If the content were of child pornography, the answer would be obvious. I’d report it to my superiors and the cops would be called in to take the guy away. But I didn’t find that. I found someone’s diary and read it. And it was scary shit. I don’t feel safe around the guy believing he could lose it at any moment – that he could come back from a binge and be high on coke. I also worry that a certain amount of money is entrusted to him and he, not thinking clearly, could lose a large portion of it easily.

So my question is this: What is the greater good? Philosophers have been battling that question for ages and although many have tried, no one has come up with the answer. There may never be an answer but I can’t think about that now. My greatest good question has to be answered. Is it better to respect one’s privacy – which I value very much as a person and as an American – or better to protect the firm and, quite possibly, the guy in question from himself? Should I rat the guy out and tell my boss, I’ve got this guys confession and admit I snooped through his shit? Should I try to talk to the guy myself? Or should I respect the guy’s property and privacy and let it be?

Now I don’t feel comfortable being around the guy anymore but I don’t think he’s prone to violence. It’s only if he’s under the influence that I worry about my safety and the safety of my coworkers. I also question the safety of these “escorts” if he does frequent their, um, companionship. But it could turn out to be a red herring – nothing at all to worry about – and I could be looked upon as a snitch or a snoop; I am and comfortable about that. But I want to make sure that if I expose that fact, I’m doing it for a really good reason.

Is this a good enough reason? What would other admins do? What is the greater good? The guy’s privacy or the other stuff I talked about? Are the safety, money, reputation, and the guy’s career less important than privacy? Or is, in this case, it worth telling others about the spying and exposing this person’s behavior for the firm and its people while sacrificing his right to personal privacy on personal equipment?

What is the more ethical way to handle the situation?

Previous post:

Next post: