Child Pornography and You

On May 19, 2008, the U.S. Supreme Court upheld PROTECT (Prosecutorial Remedies and Other Tools to End the Exploitation of Children Today), placing those who sell or possess child pornography in criminal jeopardy.  (For other posts on this subject, click here, here, here, and here.)

You probably have an Internet use policy that says, among other things, an employee can’t have pornography on his/her computer.  You have this policy to prevent employees from creating a hostile work environment and engaging in sexual harassment.  There’s another, often overlooked, reason that relates to the Supreme Courts’s recent decision.

If you discover child pornography on one of your employee’s computers, investigate the matter, fire the employee, and destroy the pornography, you may be guilty of a crime.  Because child pornography was on the company’s computer, you possessed it, and then you destroyed evidence of a crime.  PROTECT applies to any “person” (defined as a human or an organization).  The penalty for possession of child pornography is up to 10 years in jail. 

Your Internet use policy says you’ll monitor employee emails and computer usage.  If you find what could be child pornography, you must act quickly.  Immediately consult with a computer forensic expert–for at least two reasons.  First, he/she can help determine whether what you’ve found is child pornography (a person in a porn video isn’t always clearly a minor).  Second, he/she can help you determine whether:  the employee has sent the porn to other employees; the employee is actively posting porn to Internet sites; the employee has the porn only on his/her workstation computer or has placed it on PDAs, floppy drives or other removable media; the employee saved the porn to other parts of the network; and the employee has encrypted, hidden or renamed the porn.

Once the above questions have been answered, the safest option is to go to the FBI, which has an entire unit of agents who take child porn seriously.  If you indicate by your actions that you also take it seriously, you’ll be off the hook.  If you allow the porn to stay on your system while you’re debating what to do (because you’re concerned about potential bad publicity, etc.) or just stick your head in the sand, the C-Suite needs to figure out who’s going to jail–if the porn turns out to be child pornography.  If you go to the FBI, you’ll become a good citizen.  The agency will cooperate to make sure that no proprietary information is compromised.  Any investigation will be done discreetly.  If law enforcment is tipped off by one of your employees or a third party, you’ll have a raid on your hands that will have nothing discreet about it.

PROTECT has now been determined by the court of last resort to be enforceable.  You can, therefore, be guilty of a child porn crime without being in the child porn business.  If this is new to you, it’s time to meet with IT, security, and legal.