Re: sendmail

From: Christopher Browne (cbbrowne@acm.org)
Date: 10/22/02 

From: Christopher Browne <cbbrowne@acm.org>
Date: 21 Oct 2002 22:16:05 GMT

In the last exciting episode, Tim Haynes <usenet@stirfried.vegetable.org.uk> wrote::
> Christopher Browne <cbbrowne@acm.org> writes:
> [snip]
>>> For the contractor to know that somebody is sending personal
>>> e-mail on time work, the content of the message is not needed at
>>> all, but just origin, destination and date.
>>
>> The computer belongs to the company.
>>
>> The network belongs to the company.

> And the user ... does NOT belong to the company. They're what's
> known as an individual, with rights.

Inherent and unalienable rights to use the company's computers and
network resources?

The user can presumably do whatever they like, so long as "whatever
they like" doesn't involve the company's assets.

> I firmly believe in a utilitarian form of ethics here - if there's a
> better way in which something could be achieved, you can't morally
> justify the action. So in this case, where all that's needed is a
> (who_from, who_to, when, size) tuple, storing the whole body content
> makes it wrong. Also, the lack of mention of alerting the users to
> the company's policy needs rectifying. Seriously so. I'd go as
> "far" as to say that there should be a possibility of unprejudiced
> opt-out as well.

The "unprejudiced opt-out" is probably going to involve deciding to
not use the company's computers, and, more than likely, deciding not
to be employed by the company.

>> And it's more than likely that the company could be liable for
>> legal sanctions if the company /doesn't/ have some way of
>> monitoring corporate email.
>>
>> After all, someone in the company could:
>> - Send confidential information to a competing company;

> First you trust people, then you suspect them, then you gather
> individual proof. Copying everyone's emails "just in case" is
> bull***.

Apparently you don't understand security where the underlying
assumption needs to be "trust no one."

>> - Introduce the next "ILoveYou" virus to the world;

> So you run a few virus-protection racket^Wsystems, and you educate
> your lusers, and you make them clean up their own damaged systems.

If it's an effective /next/ ILoveYou virus, the virus-protection
racket won't be effective against it.

>> - Send out email containing potentially offensive or illegal
>> material such as sexually explicit material.

> Neglecting the small facts that offence is in the eye of the reader
> not some third-party intercepting stuff, and that the media seems to
> dictate what constitutes `offensive', focussing as it does one
> minute on one thing, another on another.... Well maybe. Something
> illegal would bring the company into disrepute, and we can't really
> be having that.

What does the "media" have to do with this? The media doesn't lay
charges. The media doesn't decide what a judge or jury decides as
damages. The media doesn't decide what comes as a result of an
out-of-court settlement.

> Again, the problem is not a technological one; it's the company's
> problem if it hires people it subsequently dislikes, and it's only
> to be expected that if you make a human work in a zoo, it produces
> monkey-*** for output.

The volume of HR regulations that companies are inundated with combine
with the burden of the legal implications of the court cases that get
decided. And mean that big companies haven't vast freedom of hiring
whomever they "like." If they hire people they "like," they'll get
sued for discrimination.

>> It is quite common, for company computers to have, as part of the
>> personal authentication process when you log onto the network, some
>> disclaimer about the possibility of your actions being recorded.
>
> That's a step in the right direction.
>
>> It doesn't require an outright "Orwellian" scenario for it to be
>> necessary to do some monitoring.
>
> That's also a step in the right direction.

That's not a "step" in /any/ direction - that was merely an
observation. 

-- 
(concatenate 'string "cbbrowne" "@ntlug.org")
http://cbbrowne.com/info/oses.html
"Power tends  to corrupt and absolute power  corrupts absolutely."  
-- First Baron Acton, 1834 - 1902

Loading