FRAMINGHAM (07/06/2000) - On March 23, the U.S. Department of Justice began a criminal investigation into the disappearance of thousands of e-mail messages, sent to and from the White House between August 1996 and November 1998, and subpoenaed but never delivered during congressional and judicial inquiries into the Lewinsky scandal and Clinton administration fund-raising activities.
Although the law requires the White House to archive all incoming e-mail messages, the mislabeling of one of four Lotus Notes servers kept those e-mails out of the White House's automated record management system. Thus, when technicians ran subpoena-mandated searches, one-quarter of all incoming e-mail messages never surfaced. And, according to White House Counsel Beth Nolan, without two years of work and US$3 million, they never will.
What the White House is calling a "computer glitch" was, according to Nolan, "entirely unintentional," and she may be right about that. But there's more to the story.
In May 1998, computer technicians working for Northrop Grumman, a contractor charged with managing the White House e-mail system, discovered the programming error and, according to their testimony during hearings in March, reported their findings to White House officials the following month. They were told, they allege, by White House officials awash in the Lewinsky scandal, that if they mentioned the missing e-mails to their bosses or even their spouses, they would wind up in jail.
Today's IT workers, unlike their predecessors, are privy to a great deal of information. While the White House e-mail scandal seems more like the stuff of a made-for-TV movie than a real-life happening, as IT professionals working with clients or in-house, you may well discover activities you believe to be illegal, or at least unscrupulous. What do you do with your potentially damning knowledge? You were hired to update a system, not police an organization, but can you check your conscience at the door?
What should you do with illicit information you discover on the job? This thread began less than a week after the White House e-mail scandal became front-page news on March 29, and the responses to this topic varied widely.
Here's a sampling of the comments and concerns that I received. You can respond to me by e-mail at email@example.com or via the Web at comment.cio.com. (The next Sound Off will follow up this article with the question: Should IT professionals be in the ethics business?) Given the current legal environment, your ques-tion is a no-brainer. You must report the incident or be an accomplice. Having given that answer, we are left with an additional problem. Many companies today are very uncomfortable with the level of access that IT personnel have to their sensitive information. Some companies, my own included, have even attempted to restrict certain information sources, even from their own IT personnel. This makes it nearly impossible to accomplish our jobs.
This brings me to the real question: Should there be a law mandating the confidentiality of IT information on the part of IT professionals?
Psychiatrists and priests need this confidentiality between themselves and their clients in order to do their jobs. And I believe IT professionals have the same need to provide a level of trust to their clientele. Wayne P.
Whitfield IT Manager Saxon Publishers Norman, Oklahoma. firstname.lastname@example.org When you discover this type of information, you are just acting on behalf of the company that hired you; so it is your duty to turn this information over to corporate security, HR or the people who hired you. Let them handle it. They have a much broader perception of what to do with this information that you have uncovered. Klaus Schulz CIO BrainGem Wireless Enterprises Boston email@example.com I believe that if you call yourself a professional data processor then you have an ethical responsibility to report any illicit information you encounter to your company's corporate officer as well as your manager. And then for your own protection, clearly document that you have done so. If the corporate officer is silent about the information, then your course of action depends on the circumstances. David Baumgart Director, IS John Morrell & Co. Springdale, Ohio firstname.lastname@example.org There are several ways to reform bureaucracy; one of them is to be the whistle-blower. It is not a popular thing to do, but it needs to be done. It is our responsibility as citizens to hold our government accountable. Our president and his administration just keep covering up illicit activities without being held accountable. This needs to stop. Anonymous Senior Communications Analyst Most companies have some sort of compliance officer who is in charge of reporting internal policy violations. Depending on the nature of the problem, the compliance officer can help you document and report it the right way.
I agree with one of the other commentators who said that documenting all of your findings and getting at least one coworker involved makes it more difficult for the company to discredit you or take action against you.
It's not easy turning in your boss or coworkers, but it saves the company headaches down the road. James Hall Legal Operations Manager Occidental Petroleum Co. Los Angeles email@example.com Moral issues aside, the best protection for the employee is to raise the problem internally, and if it is not handled correctly, to go to the appropriate legal authority. Depending on the employee's position and the law being broken, that employee may be legally pursued by agencies like the Securities and Exchange Commission for not coming forth or for what may be considered concealing information. Fred Chasson IT Manager PacifiCare Dental Administrators Anaheim, California. firstname.lastname@example.org WHAT WOULD YOU DO? Want to sound off on this or other topics? Join the ongoing debates at comment.cio.com.