At 15:38 20/09/00 -0400, Paul D. Robertson wrote:
>This is a dangerous precedent to set, especially in the US. Setting an
>expectation of privacy makes all sorts of legitimate troubleshooting and
>analysis potentially illegal.
yes, I realized that my wording was inadequate. it's more about trust than
about privacy.
>[snip]
>This isn't necessarily true, there's an old security addage "Trust but
>verify" which has held itself in good stead over the years. The reason
>that major spy cases happen is that the trust boundary is too
>impermeable.
I am ok for the trust and verify, but the question is how to verify. if you
can do
it without "polluting" the environment, then it's ok.
>Obviously .fr has different liability laws than .us. How would you feel
>if your fiancee/mother/spouse/significant other had to deal with a
>co-worker physically making themselves "feel better" while viewing porn
>in the office?
There are differences, but they are ont relevant here as I was talking
about someone
watching porn, not telling people to do it. Note that I didn't say "sending
porn",
as that would be a legal problem (which is a problem in .fr too).
I don't think that the US law prohibits watching porn, as far as there's no
abuse
(such as children abuse or sexual harassement). and abuse is illegal in .fr
too.
so while there are some differences, they are more cultural than legal
(there are
legal diffs however).
while I am in, I have a qestion for those who "know the laws". suppose an
employee
visits prohibited material. Isn't it sufficient to keep the logs and show
them to the police
in case of suit? let's forget about the fact that logs aren't ecure and
other stuff, but isn't
this a way to make the employee responsible instead of the company?
If this is true, then it somewhat solves the legal part of the question.
>Ah, but resource utilization by e-mail has nothing to do with that. When
>you have >20,000 users and 30% of your traffic is "joke lists", "dancing
>baby programs" and things like that, the company shouldn't have to pick up
>the extra disk space, bandwidth and loss in productivity should it?
that's reasonable, but the "noise" seems to be part of the "modern"
internet-working.
how would the employees feel if all their friends have these funny stuff
(though after
time, one gets enough of receiving the same jokes) that their company forbids.
There are companies who provde a budget for employees "confort". I consider
that
the noisy stuff may be considered confort. I understand that today the noise is
out of control but I don't think this will be solved in the coming years.
so yes, there is
a concern, but then I prefer that the problem stay open than use a bad
solution.
>Or there is too much invalid usage by employees who should be doing their
>jobs instead of {Wedding planning, car buying, stock trading,
>porn-surfing...}
I understand your opinion. In any case, I suspect things won't change in a
near future. am I pessimistic?
>For the set of companies that I've seen bandwidth and latency problems,
>it's been related to "inappropriate or recreational usage of network
>resources" 99.99999% of the time (a single problem with a provider's ATM
>backbone in the years I've been doing this.)
The problem I see here is tha "inappropriate" is too general. If I search
the web to find
a book or some, then I'll probably spend more time than I should (you look
for something,
you see something else that seems interesting, so you follow links and
links...). I
consider that part of the inappropriate use, but avoiding it would require
a hardly
supported discipline.
Also, many problems may be due to inadequate configurations (such as
misconfiguration
of an MTA, or not enough resources...).
>In >80% of the cases it's pretty easy, a grep through the proxy logs makes
>it pretty obvious who's doing real work and who's running a mail order
>business from their desk, or executing stock trades all day.
the problem is who will do that. I'd prefer if the one who does that has no
hierarchical
relation with the looser. I understand if the admin plays the role of
telling people that they
should stop or he will take adequate action. but do admins wanna have this
role?
>Some of this should fall under acceptable use, as far as self-education
>time is budgeted. How much work didn't get done while you were satisfying
>your curiosity is probably astounding though ;)
yes, but I think the loss is inevitable. without restating the stupid 80/20
pseudo-principle,
I'd say that one needs rest anyway, so "following one's curiosity" may be
considered as task
switching. you're right, much time is "lost", but much of the time we live
is lost after all.
but I disgress....
>[snip]
>This is not a good way to engineer networks or companies. By the time you
>let something become acceptable enough to be a problem you'll never stop
>it without firings or formal issues with otherwise good employees.
there is however a distance between saying what is acceptable and imposing it
by watching the employes.
cheers,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
