Re: [fw-wiz] Blocking Google Talk



On Tue, 27 Jun 2006, James wrote:

Does anybody know of legal implications associated with this kind of
filtering ? A lot of organisations now allow users to bank online via
the orgs internet infrastructure as it is benefical to both parties.

They depend heavily on jurisdiction, policy, notification and regulation.
(I'm not a lawyer, I don't play one on the 'Net...)

If you are doing analysis on a mitm ssl stream you will potentially
collect every users banking credentials. Would you have to redirect
ssl connections to a web page that advises them of this ? I could see

So long as your policy spells this out and users (including visitors,
contractors, etc.) have all seen the policy, you're generally covered.

If you have traders, my understanding is that you're mandated to monitor
all wire traffic by the SEC.

that the banks would also like to be advised if you are planning to do
this and they more than likely will block access from organisations
partaking in this strategy. Banks are just the primary example.

As far as I know, nobody's applied a two-party consent state's laws to
Internet monitoring. It's likely though that such an effort would fail,
given the long-term implications such a decision would cause. In any
case, the company owns the equipment and network, so I'm not sure the bank
would have a case in attempting to tell the company what it could and
couldn't do with its own equipment and networks. End-user or
consultant-owned equipment should be handled by policy and/or contract
(preferably contract for enforcability IMO.) My current pet legal theory
is that making the policy a requirement for network access gives it enough
consideration to fall under contract law, hopefully we'll never have to
find out...

My clients generally end up with a policy review fairly early on, and I
usually end up re-writing a lot of it, then they have their counsel review
it and if they're following my recommendations, all employees sign and
return a copy of the policy. We make efforts to ensure that the policy is
applied correctly and that exceptions are handled as needed to be sure the
organization has the right sorts of protections in place. My views are
US-centric, since I've only dealt with US-based clients for policy writing
and US and Canadian clients for policy issues.

I've just spent a fair amount of time going over personal use issues with
one of my clients, rewriting their policies to account for it (where
management was at least a little worried that allowing it in policy could
hurt them- the opposite of reality IMO.) We didn't get any push-back from
the lawyers, and so far everyone's been accepting of the new policy, as it
was explained rationally and reasonably as they were provided with copies
to sign.


Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@xxxxxxxxxxxx which may have no basis whatsoever in fact."
http://fora.compuwar.net Infosec discussion boards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: Time to print money?
    ... "It is the policy that dare not speak its name: ... Up pops Spencer Dale, the Bank of England's chief economist, as if on cue, ... Central bank money could pass via the government to the public ... and taking needed funds from the central bank. ...
    (uk.politics.misc)
  • Time to print money?
    ... "It is the policy that dare not speak its name: ... Up pops Spencer Dale, the Bank of England's chief economist, as if on cue, ... Central bank money could pass via the government to the public at large. ...
    (uk.politics.misc)
  • Re: Did libertarianism cause the debt crisis?
    ... with a central bank because it was in their self interest. ... crucify the working man (who didn't buy gold ... as bad as the Great Depression which your favoured policy created. ... Do you really not know the difference between a policy and a market? ...
    (talk.politics.libertarian)
  • Malaysia Likely To Hike 2 More Times
    ... CENTRAL BANK WATCH: Malaysia Likely To Hike 2 More Times ... KUALA LUMPUR --Malaysia's central bank tightened monetary policy ... Nine economists polled by Dow Jones Newswires recently forecast Bank Negara ...
    (soc.culture.malaysia)
  • Re: Inflation? Thats not inflation....
    ... That's the down side of a commodity ... >> That is one downside of a commodity currency, ... >> force an inappropriate monetary policy. ... For that reason the actual management of monetary policy tends to be handed to a Quango, In the US the Federal Reserve, in Britain the Bank of England in the Euro zone the European Central Bank. ...
    (rec.arts.sf.fandom)