Wednesday, June 8, 2011

Paranoia: How Protective is Too Protective (when it comes to inconveniencing computer techs)

Yesterday, I had done work at a client that believe that the last person she had hired stole information from her.  My partner and I found some evidence supporting this, like a VB script that was emailing data to his address unbenounced to her, and the fact that the former tech had the login information to their backup service.  However, there wasn't anything solid to say that he was committing identity theft or anything similar.  He could have informed the client of this system of his, and she agreed without fully understanding what he was doing.

In this day in age, a.k.a. post-9/11 world, a.k.a. the time pedophiles can stalk kids over the internet, a.k.a. the Facebook is stealing my privacy age, a.k.a. not quite Y2K but still widespread ignorance-induced panic over technology, the average person has very little idea of digital privacy.  The truth is, they are legitimately right to be suspecting of anyone who knows computers more than they do.

As a network administrator, it's very scary to realize how power I had over my clients.  My last company would install domain controllers, and completely overhaul their network not so much to make their lives easier, but to make ours easier.  This was all done solely to give us almost complete control of their network.  Mind you, this was done with pure intentions, and to help us troubleshoot for our customers faster and easier, which in the end did make their lives easier in byproduct.

But you need to understand that we have complete access to their information.  We could view anything and everything our clients kept in digital form.  For private schools, we knew names, address, phone numbers, even the religion of their students.  We'd also have everything there is to know about the faculty, and every letter and document they write.  If they had a email server they bought from us, we could view them too.  That's not even the half of it.  At anytime, I could have damage any one of your clients.  Actually, scratch that.  I could have destroyed any one of them.

At best, I could easily and instantly erase all of your information, including your backups.  Even if you didn't have our email services, I could also prevent you from using it in your office.  I could remotely uninstall programs on your machines.  I could even delete your OS directory.  I could make your work a living nightmare.  I could remote in any of your workstations and change your desktop background to porn or something that said, "I SUCK DICKS UNDER THE UTOPIA UNDERPASS AT NIGHT".  Hell, I could remote in while you were working and do something humiliating or compromising and make it look like you were doing it yourself.  I couldn't have just ruined your business, I could have ruined you.

But I can't really describe more, not just of respect for our clients, but because I've actively avoided finding out such information whenever I could.  You see, I'm a very private person.  So private that not only do I divulge little about myself to others, but the very idea of finding out other people's private information makes me feel awful.

But the other thing is was that is was necessary.  We need administrative access to do anything significant.  We need to know the ins and outs of your network in order to help you if something on it was malfunctioning.  And while we don't need to know exactly where you and your staff lives or what was on that memo you wrote last week, but if something happened to it and you asked us for help retrieving it, there's nothing stopping us from reading it if we find it.


Post a Comment