Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sun-barr!lll-winken!telecom-request From: abvax!iccgcc.decnet.ab.com!herrickd@uunet.uu.net (HERRICK, DANIEL) Newsgroups: comp.dcom.telecom Subject: Re: AT&T Employee Makes Private Phone Records Public!! Message-ID: Date: 9 May 91 14:41:57 GMT Sender: Telecom@eecs.nwu.edu Organization: TELECOM Digest Lines: 43 Approved: Telecom@eecs.nwu.edu X-Submissions-To: telecom@eecs.nwu.edu X-Administrivia-To: telecom-request@eecs.nwu.edu X-Telecom-Digest: Volume 11, Issue 345, Message 6 of 11 In article , sichermn@beach.csulb.edu (Jeff Sicherman) writes: > Note that I don't hold PAT morally responsible for having 'printed' > it, but Mr. Moderator, were you asleep at the switch? I would think > your background, attitudes and dedication to weeding out articles > would have raised an alarm in your mind. I spent some time thinking about Pat's position with this little imbroglio. My first thought was that Pat could have kept things less drastic for his informant by just returning the posting saying he could not publish such a thing. However, this action would have left both of them open to blackmail - Pat for possession of contraband, his informant for having extracted it and then tried to coverup. Pat would never be able to demonstrate that he had destroyed all copies, and he sent a receipt for the original. Second possibility. Pat could have told his informant his action was improper and passed the information on to some authority in AT&T (postmaster@host is one possibility), while not publishing. This introduces the possibility of the informant being taught some wisdom without being fired. However, the story would have leaked out. There would have been screams of a coverup. AT&T lower-middle management might have tried to suppress the event without dealing with the systemic problem of inadequate controls on sensitive data. Third possibility. Pat does what his informant asked him to do when he submitted the contraband. Publish it to the world. And pursues whatever private action he considers appropriate. The informant has to be fired. Pat is not responsible for this event. comp.risks will have a new topic. AT&T will have to answer publicly for bad design and controls. The fallout will include non-technical management at many companies noticing that they should understand the safeguards on sensitive data. Summary. Pat had an ethical choice. All paths he could have chosen had undesirable results. I think the one he chose was well chosen. dan herrick herrickd@iccgcc.decnet.ab.com