------------------------------------------------<snip - Go to
bottom>----------------------------------------------------
Clark Morris wrote:
On 16 Jun 2009 16:31:00 -0700, in bit.listserv.ibm-main you wrote:
As a US citizen living in Canada, I would strongly urge Canadian companies not
doing business in the US to also not keep any personal data on US computers
because of Patriot Act implications.
Even if they're doing business in the US, I would strongly recommend keeping
Canadian data in Canada.
A couple of years ago, George W got the clearing houses in Belgium (I believe)
to cough up information from any/all members of that international consortium.
While security for the US is important to the US, it does not give them the
right to trump another country's security.
Another example is that the US now requires all the security information of any
flight to/from/within Canada to be supplied to them, if the flight path happens
to cross over any US air-space.
I agree with you on the latter and hope Canada reciprocates the
request for information. Where this discussion is relevant is in the
provision of service and policies each of us might consider advising
our employers about implications. When I am contracting on the
applications side, much of the time in order to do my job I need to
have access to confidential information to verify that the requested
change/fix/enhancement works and that data is properly validated.
Control of who has access to what is a very interesting challenge. The
laws surrounding the protections on the data and on outside
contractors use/misuse of it are interesting. Of course an
organization may not want to hear about concerns. I know it was
interesting addressing security issues at one shop (a situation that
has changed since I left).
The main reason that this topic may be off topic is that most of us
are (or in my case were since I am retired with a willingness to take
contracts) not in a position to effectively raise this type of issue.
As a Canadian, I find this a little hard to swallow.
This is the last I'll say (publicly) on this issue, since it has drifted
off-topic.
-
Too busy driving to stop for gas!
-------------------------------------------------<unsnip>-----------------------------------------
There's a very fine line between security and paranoia; when do we
decide that it's been crossed?
Seriously. What constitutes a "Security Measure", as opposed to a
disturbing invasion of privacy? When does my aftershave, properly
packaged in the original container, become a potential "liquid
explosive"? Or the bottle of water that I'm drinking? When does my
shotgun cease to be a valid bird-hunting gun and become a "terrorist
weapon"?
My point is this: we need to think, realistically, about what
constitutes a threat and how do we defend against that threat. I'm sure
that we can all develope serious threats in our own minds, and some may
be very real. But let's evaluate threat possibilities with a couple of
pounds of realistic thinking. Between reality and dollar signs, most
management teams are capable of learning. It's up to us, as realists and
technicians, to help management learn the realities. Slowly but surely,
we have to wean them away from the "Airline Magazines" that so many seem
to be enamored of, and help them see a bit of the real world.
Reality can be a real "BITCH"; but it's still reality!!!!!
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
