If they want to arrest you, they’re going to arrest you. That was the basic message I got from one of the sessions at the SecTor conference this week. But there’s more to it than that.
Tiffany Strauchs Rad, an adjunct professor with the University of Southern Maine teaching computer law and ethics, was talking about what happens when the authorities come after an individual with incriminating evidence on an electronic device. The short story is they can take it, and they can apprehend you. It doesn’t matter if it’s your personal laptop. It doesn’t matter if it’s a PDA, or a thumb drive. And it doesn’t matter, I learned, if you managed to stash the device in the bushes nearby. According to Rad, if they have reason to believe there’s something fishy going on, the warrant usually ends to what she called the “throw distance” around the suspect.
This immediately captivated me as an interesting metaphor to describe the impact of what happens with technology, criminal or otherwise. In fact, it’s the non-criminal activity that probably preoccupies most IT managers. When a company sets up a new electronic repository, no one pays attention to the data that still resides in archaic legacy systems – the ones that most users continue to access regularly. Online channels are often established and those customers who prefer interacting in alternate ways, say by phone or surface mail, are simply ignored. Some enterprises are deploying virtualization or cloud computing products without realizing the impact it has on their infrastructure as a whole.
For me, the throw distance is that periphery that the IT department (and their counterparts in other departments) ignore either wilfully or out of neglect, typically with disastrous consequences for projects and companies. It’s the place we leave our dirty business behind, hoping that no one will catch us. Sometimes, it’s just an outdated page on an old Web site that can still be found if you know where to look, or stumble upon it. In other cases it may be the bad URLs that link to online customer records or other personal information. Most of the time it’s the outdated policies that haven’t kept up with the technology being used.