Re: sendmail

From:
Date: 10/21/02 

Date: Mon, 21 Oct 2002 22:06:23 +0100

Christopher Browne <cbbrowne@acm.org> writes:

[snip]
>> For the contractor to know that somebody is sending personal e-mail on
>> time work, the content of the message is not needed at all, but just
>> origin, destination and date.
>
> The computer belongs to the company.
>
> The network belongs to the company.

And the user ... does NOT belong to the company. They're what's known as an
individual, with rights.

I firmly believe in a utilitarian form of ethics here - if there's a better
way in which something could be achieved, you can't morally justify the
action. So in this case, where all that's needed is a (who_from, who_to,
when, size) tuple, storing the whole body content makes it wrong.
Also, the lack of mention of alerting the users to the company's policy
needs rectifying. Seriously so.
I'd go as "far" as to say that there should be a possibility of
unprejudiced opt-out as well.

> And it's more than likely that the company could be liable for legal
> sanctions if the company /doesn't/ have some way of monitoring
> corporate email.
>
> After all, someone in the company could:
> - Send confidential information to a competing company;

First you trust people, then you suspect them, then you gather individual
proof. Copying everyone's emails "just in case" is bull***.

> - Introduce the next "ILoveYou" virus to the world;

So you run a few virus-protection racket^Wsystems, and you educate your
lusers, and you make them clean up their own damaged systems.

> - Send out email containing potentially offensive or illegal material
> such as sexually explicit material.

Neglecting the small facts that offence is in the eye of the reader not
some third-party intercepting stuff, and that the media seems to dictate
what constitutes `offensive', focussing as it does one minute on one thing,
another on another.... Well maybe. Something illegal would bring the
company into disrepute, and we can't really be having that.

Again, the problem is not a technological one; it's the company's problem
if it hires people it subsequently dislikes, and it's only to be expected
that if you make a human work in a zoo, it produces monkey-*** for output.

> It is quite common, for company computers to have, as part of the
> personal authentication process when you log onto the network, some
> disclaimer about the possibility of your actions being recorded.

That's a step in the right direction.

> It doesn't require an outright "Orwellian" scenario for it to be
> necessary to do some monitoring.

That's also a step in the right direction.

~Tim 

-- 
   21:58:50 up 18 days,  2:44,  8 users,  load average: 0.15, 0.35, 0.30
piglet@stirfried.vegetable.org.uk |Ideologies come, ideologies go
http://piglet.is.dreaming.org     |A waste of words, and endless flow

Loading