Email porn flooding into work computers

While police investigators face the sober task of probing more than 300 employees accused of knowingly exchanging email porn, thousands of New Zealand businesses receive and store child pornography and other objectionable electronic material every day without realising it.

"If everyone who is sent unsolicited child porn images or suddenly finds them stored on their computers called us about it, the phone would never stop ringing," says Martin Kleintjes, the e-crime national manager for the police.

Kleintjes says businesses often receive and unwittingly store images of child porn and other objectionable material on their networks when electronic criminals find a weakness in the online security of the network and exploit it.

Viruses and other malicious software can then be released into the network, but e-criminals also use the storage capacity of the network to hide illegal images.

Kleintjes says that if businesses find such images and immediately delete them, a police investigation is unlikely to follow.

"About a year ago we found this stuff on a school server that had been compromised by an open proxy loophole. While people from the outside were using the server as a porn repository, there was no one to prosecute at the school because no one [there] had committed an offence," he says.

Because child pornography offenders try "the-spammer-did-it" line in court, Kleintjes says police don't move until they have hard evidence on an individual that points to personal involvement. This isn't always difficult to get - Kleintjes says heavily addicted offenders often cling to their child porn and don't get rid of it even during a well-publicised crackdown.

So what should a business do if, like the police, it finds its employees are knowingly storing or exchanging illegal or objectionable images?

The police investigation followed a preliminary audit of the department's computer systems late last year which uncovered disturbing images. As a result, technicians copied everything they found on the police email system on one day and found that, between them, 327 staff had 5000 sexually explicit images.

Bell Gully lawyer Anthony Drake says this type of email policing is a fraught area. Problems include the need to safeguard people's privacy while at the same time taking responsibility for a safe, harassment-free workplace for others.

"Employers can be held liable if they have not taken adequate measures to prevent sexual harassment or investigate a complaint. Having a clear email policy and monitoring employee usage are ways to ensure those preventative requirements have been met," Drake says.

But employers have to tread softly if they decide to monitor email.

"Employers can find themselves liable for breach of [Privacy Act] principles. Computer programs that filter emails for offensive language and images may provide a [better] solution."

Although those police employees under investigation are unlikely to take legal advice to ensure their privacy rights haven't been breached, employees of ordinary businesses might if they find their email has been monitored.