Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

How IT Pros Can Avoid Legal Trouble

Soulskill posted more than 4 years ago | from the don't-listen-to-michael-bolton dept.

The Courts 230

snydeq writes "InfoWorld's Peter S. Vogel reports on the kinds of inadvertent transgressions that could land IT pros into legal trouble without realizing it. From confidentiality and privacy negligence, to copyright and source code violations, IT staff are legally liable for a lot more than they might think — in some cases because the law will not stop at your employer, instead holding individual IT employees responsible for violations even if the individuals are just 'doing their job.' Worse, as the recent case against Terry Childs has shown, judges and juries are often not technically savvy enough to understand what IT pros do. 'That lack of understanding can lead them to conclude you're at fault or should have known better,' Vogel writes. 'After all, many people think anyone technical is a whiz kid or brainiac on any topic.'" What legally questionable scenarios have cropped up at your job?

Sorry! There are no comments related to the filter you selected.

Liability (5, Funny)

nhaines (622289) | more than 4 years ago | (#32956022)

I'm liable for first posts.

Re:Liability (0)

Anonymous Coward | more than 4 years ago | (#32956124)

I regularly kill processes.

Re:Liability (5, Funny)

skids (119237) | more than 4 years ago | (#32956180)

As long as you caught them forking children, I don't think anyone will mind.

Re:Liability (1, Funny)

Maarx (1794262) | more than 4 years ago | (#32956334)

And me without mod points.

Re:Liability (0)

Anonymous Coward | more than 4 years ago | (#32956798)

Think of the children! dont fork them

Terry Childs was NOT an IT pro (4, Insightful)

Anonymous Coward | more than 4 years ago | (#32956034)

He was a petulant child.

This narrative that this ruling could affect non-sociopaths is FUD.

Re:Terry Childs was NOT an IT pro (1)

ushering05401 (1086795) | more than 4 years ago | (#32956230)

I don't like that site, but I clicked through long enough to see if this was a Childs centric article... and it isn't.

Anyone currently putting utility boxes in the wild that allow passive bridging for diagnostic captures could be affected by what is being described in the article (just the first common example that comes to mind). Any entry-level Linux hacker doesn't need to veer out of the repos to install their way to diagnostic tools that could violate federal wiretapping charges if set up with the wrong cat5 off the rack at work.

Re:Terry Childs was NOT an IT pro (5, Insightful)

Toonol (1057698) | more than 4 years ago | (#32956350)

Terry Childs is a terrible poster child for IT professionals. He did all sorts of things professionally and ethically wrong, and probably legally wrong, as well. I certainly would have pressed charges if he had been my employee.

However, there are some legal traps that even a well-behaved IT pro can fall into. For instance, monitoring too much can be a privacy invasion, monitoring not enough can be negligence. Because the IT word scales up so much, sometimes a minor mistake can end up with millions of dollars of consequences.

Licensing (5, Informative)

CaptSlaq (1491233) | more than 4 years ago | (#32956050)

It's such a gigantic PITA to track all of the licensing for everything that I weep for any small to medium sized shop that can't afford to have a dedicated person/dedicated people for it.

Re:Licensing (2, Insightful)

h4rr4r (612664) | more than 4 years ago | (#32956340)

The solution to that is to not buy such software.
If it is not free or simply licensed, just do not use it.

Re:Licensing (4, Insightful)

toastar (573882) | more than 4 years ago | (#32956436)

The solution to that is to not buy such software.
If it is not free or simply licensed, just do not use it.

... tell that to my boss.

Re:Licensing (1, Insightful)

h4rr4r (612664) | more than 4 years ago | (#32956594)

That is your job. You are his technical resource.

Re:Licensing (5, Insightful)

Brandee07 (964634) | more than 4 years ago | (#32956780)

Your job is to keep his copy of Microsoft Office working, not to tell him that he should switch to OpenOffice.

In my limited workplace experience, if you answer "Fix my software" with "Use this other software instead," you will either be ignored or fired. (I found myself ignored, but instilled with a profound desire to not attempt to be helpful again.)

Re:Licensing (2, Interesting)

h4rr4r (612664) | more than 4 years ago | (#32956826)

No, my job has no MS software involved. Helpdesk can go handle that.

We as a company have moved all non-managers over to openoffice. Money talks.

Re:Licensing (2, Insightful)

Anonymous Coward | more than 4 years ago | (#32957126)

Your job is to keep his copy of Microsoft Office working, not to tell him that he should switch to OpenOffice.

In my limited workplace experience, if you answer "Fix my software" with "Use this other software instead," you will either be ignored or fired. (I found myself ignored, but instilled with a profound desire to not attempt to be helpful again.)

Depends on how your phrase the question. Say "Switch to OpenOffice" then you've already failed. Talk about reducing company wide 10-year Licensing Fees by 100% and you have them hooked. IT has no place for ideals sadly, so I just sell them at their game.

Re:Licensing (1)

Sponge Bath (413667) | more than 4 years ago | (#32956936)

You are his technical resource.

Jeez, nothing dehumanizing about that title.

Get your boss to sign off on it (1, Interesting)

Anonymous Coward | more than 4 years ago | (#32957190)

Get your boss to sign off on it. But seriously, the best (in fact ONLY) way to avoid legal trouble that the article is talking about is to do nothing but ask your boss for access to a solicitor to sign off on work.

The article is like asking "How do you avoid legal problems with a video compression algorithm that you think has no patented by anyone else?". The answer: you can't. As MPEG-LA know, since they don't indemnify against other people's patents.

Re:Licensing (1)

chrpai (806494) | more than 4 years ago | (#32957416)

The solution to that is to not buy such software. If it is not free or simply licensed, just do not use it.

... tell that to my boss.

Simply buying less software doesn't solve the problem. I work in a development environment where sdk's, runtimes, libraries and so on that we don't "buy" are the hardest technologies to keep track of in terms of license compliance.

Re:Licensing (2, Insightful)

Actually, I do RTFA (1058596) | more than 4 years ago | (#32956494)

The solution to that is to not buy such software.

If it is not free or simply licensed, just do not use it.

If your word processing and checking your e-mail, fine. But some of us have real jobs. Jobs that require using the same tools as your customers, or simply access to specific applications.

Re:Licensing (0, Flamebait)

h4rr4r (612664) | more than 4 years ago | (#32956616)

In that case good luck. I offered a solution, not every solution will handle every use case.

If you have to use a specific application to do some task, you had better hope that company survives forever, cause they have you by the short and curlies.

Re:Licensing (5, Interesting)

Dr Herbert West (1357769) | more than 4 years ago | (#32956404)

I can't tell you how many shops I've worked at where it was obvious that all the software was cracked. My favorite was a print vendor who would encourage his staff (college interns) to "bring in" some of their school software/plugins to "test in a real-world environment". Anytime someone had to send a job to print, all the workstations would have to be disconnected from the network or else there would be licensing conflicts with all the cracked warez. This was more than a decade ago, and the vendor in question has been out of business for a long time. Scumbag-- everything he did somehow reeked of illegality.

I remember I came in once (this was right after I started) only to find the entire staff (except the interns) had quit without warning. Everyone from the production managers to the secretaries-- gone. I soon followed, natch!

Re:Licensing (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32956664)

What's more interesting is in the little time after you started they didn't even bother to tell you what they were doing.

Speaks volumes my man.

Re:Licensing (1)

HeronBlademaster (1079477) | more than 4 years ago | (#32957362)

I worked at a place where they had N licenses for $EXPENSIVE_PROCESSING_SOFTWARE. This software was business-critical. In order to meet processing demand, this software was installed on at least 3N machines... including all our desktops.

Plus most of the computers were running "legitimate" ("it's just a backup copy of our volume license disc", he promised) copies of Win2k and MS Office. At least the data servers were running Linux...

I did my best to avoid license violations while I worked there. I used my own laptop (until he banned it) for Windows-specific things (as far as I'm aware, the business-critical Win3.1-era software we used regularly was actually legit), and ran Linux on my work desktop for everything else.

Re:Licensing (2, Informative)

ultranova (717540) | more than 4 years ago | (#32957274)

The solution is simple: use only GPL- or BSD-licensed stuff. Problem solved.

Using proprietary software at all is asking for trouble.

Re:Licensing (4, Interesting)

jimicus (737525) | more than 4 years ago | (#32957348)

I agree, but I'd go further - and my comments apply equally to free and commercial software.

We're a small shop and part of my job is to keep on top of licensing. After doing this job for some years, I have reached an inevitable conclusion.

You are not supposed to get it 100% right. Indeed, you are being set up for failure .

While some licenses are fairly straightforward, enough of them are sufficiently complicated that it is wholly unrealistic to expect any organisation to be entirely perfect. Whether this is by accident or design I wouldn't like to say, but I am dead certain that there is no organisation on God's sweet earth that would come out of a BSA audit without at least something wrong.

How IT Pros Can Avoid Legal Trouble (4, Insightful)

Michael Kristopeit (1751814) | more than 4 years ago | (#32956064)

not post in this thread.

Terry Childs the new Mitnick? (2, Insightful)

bsDaemon (87307) | more than 4 years ago | (#32956066)

Are the same people claiming that Childs is some sort of mis-understood hero the same people who had "Free Kevin" schwag back in the day? If not, I'm not sure I get the mentality, because from what I know of the situation (maybe not enough), he did sort of grossly overstep the bounds. Maybe he didn't deserve jail time, but I'm not about to go emulating my career after him.

Re:Terry Childs the new Mitnick? (3, Insightful)

FooAtWFU (699187) | more than 4 years ago | (#32956198)

Whether Childs was ultimately right or wrong, I think the case *did* highlight concerns that "judges and juries are often not technically savvy enough to understand what IT pros do." So. There you go.

Re:Terry Childs the new Mitnick? (5, Insightful)

Anonymous Coward | more than 4 years ago | (#32956394)

Umm no. I disagree entirely. Are we forgetting there was a network engineer on the jury? Seriously? This is exactly the sort of thing that SHOULD happen. A jury of his "peers!"

It was described to the engineer, and he was the de-facto explainer for the group, but seriously Childs was working for the gov't too long and had too many bad habits of "fiefdom" creation that are everywhere in city and state organizations. He created a world, then he took the keys away from everyone and didn't give it up. He's not the first, nor will he be the last, but the lesson here should be to all comers "hit by bus strategy... always." Otherwise, things that together could be suspect or could be best practice BECOME suspect without a backup and recovery plan.

And no, an encrypted that's tattoo'd to an admin's ass doesn't count. Especially if there's a likelyhood of a flame thrower being involved at some point.

Do to cut backs he was the only guy on the job24/7 (3, Interesting)

Joe The Dragon (967727) | more than 4 years ago | (#32956502)

Do to cut backs he was the only guy on the job 24/7 and lot of the people there did not have a clue at all. And giving the out the network pass word over a open phone call in a big meting room?

Re:Do to cut backs he was the only guy on the job2 (1)

rilles (1153657) | more than 4 years ago | (#32956666)

If your boss tells you to give out the password on a phone call... guess what you do? That being said... what if your boss then says email all the city system passwords to tasteless-rag-newspaper.com?

Re:Do to cut backs he was the only guy on the job2 (2, Informative)

h4rr4r (612664) | more than 4 years ago | (#32956690)

You quit, explain why you are quiting then give it out over the phone call.
Is that the right answer?

Re:Do to cut backs he was the only guy on the job2 (3, Insightful)

Altus (1034) | more than 4 years ago | (#32956772)

I get where you are coming from, and I totally agree that Childs was a toolbox and could easily have handled the situation better if he had any desire to do so.

However, if your boss tells you to violate the state policies on passwords and mail them off to someone (or provide them to a room full of people) and then something bad happens because of that, it is quite possible that you will be held legally liable for the damages caused. Just following orders may not be enough of an excuse.

Re:Terry Childs the new Mitnick? (4, Insightful)

XanC (644172) | more than 4 years ago | (#32956568)

That network engineer, IIRC, said here something to the effect that he didn't think Childs had any criminal intent, and that he was doing what he thought was right for the city. The only reason for the conviction was that the letter of the law appeared to be against him.

This was a case where a fully informed jury should have acquitted, but unfortunately juries are not fully informed. A jury has the right, nay the responsibility, to judge the LAW as well as the FACTS.

Basically, put yourself in Childs' situation. You did what you thought was right. (Let's assume that's the case, since I believe that's what the juror said.) Wouldn't you hope that somebody would inject some common sense at some point rather than robotically reading the law?

That's why we have juries. But judges tell them all they can do is robotically read the law. It's awful.

http://fija.org/ [fija.org]

Re:Terry Childs the new Mitnick? (2, Insightful)

spire3661 (1038968) | more than 4 years ago | (#32956632)

Good intentions rarely excuses malfeasance and is usually non-exonerating. You can have the best of intentions and still be found guilty. The law does take intent into account, but it isnt a free pass.

Re:Terry Childs the new Mitnick? (2, Insightful)

XanC (644172) | more than 4 years ago | (#32956678)

It certainly can be, depending on the situation. Especially in cases where the law and the situation are both so convoluted, like this one, that the defendant had no reasonable way to know ahead of time that he was committing a crime.

If it takes the jury more than a half hour to determine that a crime was even committed, and the defendant was in good faith attempting to fulfill all his obligations but struck a different, but still reasonable, balance from the one the jury would have picked, I don't see how anybody can possibly convict.

Re:Terry Childs the new Mitnick? (0)

Anonymous Coward | more than 4 years ago | (#32957110)

Re:Terry Childs the new Mitnick? (3, Interesting)

david_thornley (598059) | more than 4 years ago | (#32956978)

From what I gathered, Childs (a) broke the law, (b) didn't do the right thing (specifically, the city was in real trouble if he got hit by a bus), and (c) tried to run away, suggesting he thought he'd be in trouble.

Lack of criminal intent and good intentions go only so far in mitigating breaches of the law, and my common-sense injection would have been that Childs had gone over the line and should be convicted. Had Childs provided for the possibility of his sudden demise, I'd feel a lot better towards him, and I'm not at all sure he'd have been convicted.

Both wrong. (3, Informative)

Anonymous Coward | more than 4 years ago | (#32957390)

Both wrong.

(a): there was no law demanding he hand over the keys unsecurely
(b): he did the right thing. If he'd been hit by a bus, they could reset the passwords by getting an engineer out to the sites.

Terry did the RIGHT thing according to law and the thing demanded by his employment contract. That contract stated who he could give the passwords to, where and who could override those orders.

A general cannot order a Private on Guard Duty (assigned as such by the Duty Officer) to leave his post. Doing so would be a court martial offence (potentially one that could see him shot, if it's a war zone or in time of war). The General may or may not be able to order the Duty Sergeant to order the private to leave his post. But if the general is not the Base Officer, OD can demand that the correct channels be used and the Base CO would have to order the Duty Officer to order the Private (note: even the Base CO cannot order a private off Guard Duty at his post).

Similarly, the captain of a ship outranks any officer on board ship, even a Port Admiral. At port, the captain can be removed from command by the Port Admiral. This is why Barratry is such a severe offence in the Navy.

But short version: both your statements are wrong.

Re:Terry Childs the new Mitnick? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32957214)

The only reason for the conviction was that the letter of the law appeared to be against him.

then that jury failed in its duty to set precedent against bad law.

Re:Terry Childs the new Mitnick? (1)

phantomfive (622387) | more than 4 years ago | (#32956468)

Really? One of the members of the jury was an 'IT pro.' It may be true that often judges and juries are not technically savvy enough, but I don't think that case was a very good illustration of that point.

Re:Terry Childs the new Mitnick? (4, Insightful)

bws111 (1216812) | more than 4 years ago | (#32956486)

Why is it a "concern" that judges and juries don't understand what IT pros do? Judges are supposed to understand the law. Period. Juries are supposed to be unbiased. Period. Is it a "concern" that judges and juries don't understand what police detectives do? Doctors? Hospital ethics boards? Accident reconstruction experts? Corporate officers? Accountants? Fund managers? Etc, etc. If the judge or jury needs to understand any of those things it is up to the parties in the case to educate them. There is nothing special about IT that makes it any more or less difficult to explain than anything else.

Re:Terry Childs the new Mitnick? (2, Interesting)

MightyMartian (840721) | more than 4 years ago | (#32956738)

Childs was a petulant prima dona with delusions of grandeur, and he paid the price, and so it should be. I know some folks seem to want to make the guy some martyr, but he was a complete twit, and I wouldn't hire the guy to wipe out floppies, let alone manage a large network. Not because he isn't skilled, but because he's a self-important ass hat.

Re:Terry Childs the new Mitnick? (1)

Itninja (937614) | more than 4 years ago | (#32957002)

Childs was a petulant prima dona with delusions of grandeur....he's a self-important ass hat.

I don't think any of those things have 'price' to 'pay'. In fact, toss in ambition, and you have a nearly perfect description of the traits needed to be blindly successful (professionally anyway). I am pretty sure he 'paid the price' for being a scofflaw and (eventually) a convicted felon.

Re:Terry Childs the new Mitnick? (1)

tool462 (677306) | more than 4 years ago | (#32956796)

Nonsense. The things I do are difficult, challenging, and require a vast intellect to understand. The things everybody else does are so simple and obvious a child could do them. /me removes tongue from cheek.

Re:Terry Childs the new Mitnick? (1)

_Sprocket_ (42527) | more than 4 years ago | (#32956928)

Are the same people claiming that Childs is some sort of mis-understood hero the same people who had "Free Kevin" schwag back in the day? If not, I'm not sure I get the mentality, because from what I know of the situation (maybe not enough), he did sort of grossly overstep the bounds. Maybe he didn't deserve jail time, but I'm not about to go emulating my career after him.

Mitnick's following wasn't because he was a swell guy. It was an issue of overzealous prosecution and inappropriate detainment (i.e. a belief he could launch nuclear missiles by whistling in to a prison pay phone). In the end, he was little more than a white-collar thief and con-man who was reported as being, and consequently treated as, a supervillian master-mind. Some people took offense to that.

Childs is interesting in a lot of ways. He's been portrayed as a criminally-minded digital tyrant holding a city hostage. And he's been portrayed as both genius architect and lone defender of the network fending off a horde of incompetence and mis-management. As the dust settled, I began to suspect that the truth lies with a combination of those two portrayals (although perhaps not the whole of them).

My first reaction was to think that Mitnick and Childs are entirely different cases. But as I think about it - there is at least one similarity; both involve an overzealous prosecution. The cases garner sympathy because many of us find ourselves in environments where what we do isn't well understood. We deal with incompetence and ignorance on a frequent enough basis to give us pause. And it is easy to look at these cases and ponder whether there but for the grace of God go us.

Obvious (1)

Locke2005 (849178) | more than 4 years ago | (#32956082)

Change jobs.

Re:Obvious (1)

yincrash (854885) | more than 4 years ago | (#32956126)

Of course, why didn't I think of that sooner?!

Re:Obvious (1, Interesting)

Anonymous Coward | more than 4 years ago | (#32956256)

That was my answer. As a DBA at a company that handled credit card transactions I could see where our internal application could easily be fooled into spilling its very valuable guts. After pointing this out to Mgt. and having it verified by an external auditor, they refused to fix. I'm not voluntarily sitting on that kind of time boom so I left. They haven't been hacked yet, they may never be. But it's not my problem now.
AC

Re:Obvious (0)

Anonymous Coward | more than 4 years ago | (#32956504)

Steve wont step down, else we could!

[/fanboi]

Re:Obvious (0)

Anonymous Coward | more than 4 years ago | (#32957318)

like the company that can't switch away from badly licensed software due to management idiocy, the average employee has financial obligations of his own. he can't simply quit every time his boss asks him to do something some law does not allow. this is especially true when the current state of affairs basically demands that every 'IT pro' have a fucking masters in law. it's not reasonable at all. this situation is just another case of the top of the hierarchy passes off responsibility to the bottom tiers, and then passes judgement and punishment.

Premeditated murder (5, Funny)

Peach Rings (1782482) | more than 4 years ago | (#32956098)

I'm a medical equipment technician at a California corrections facility. My boss routinely asks me to kill people in cold blood, and I've been doing it for a few years now... there's a lot of paperwork and everything, but I'm not entirely sure it's legal.

Does anyone else have experience with being ordered to kill somebody as part of their IT duties?

Re:Premeditated murder (2, Funny)

DWMorse (1816016) | more than 4 years ago | (#32956218)

You get to do what Batman cannot!

Re:Premeditated murder (1)

DIplomatic (1759914) | more than 4 years ago | (#32956288)

Does anyone else have experience with being ordered to kill somebody as part of their IT duties?

I... well, it's complicated.

My boss will routinely design intricate dream levels and then ask me to enter the dreams of a rival and extract corporate secrets. I haven't run in to any legal trouble yet but I do have to watch out for the dreamer's projections. They get very hostile if I take to long in the dream world.

Does this help you? I'm sorry... I'm having a lot of trouble focusing right now...

...Have we met before, or was I dreaming??

Re:Premeditated murder (2, Interesting)

cosm (1072588) | more than 4 years ago | (#32956354)

I'm a medical equipment technician at a California corrections facility. My boss routinely asks me to kill people in cold blood, and I've been doing it for a few years now... there's a lot of paperwork and everything, but I'm not entirely sure it's legal.

I can't tell if your're trolling or serious. Are you responsible for the lethal injection equipment? Or are you Therac-25ing cons to oblivion during simple 'treatment' procedures? I guess the key piece of missing information is the 'medical equipment' in question.

Re:Premeditated murder (1)

Thinboy00 (1190815) | more than 4 years ago | (#32957154)

I read that as suggesting the "people" are in comas or worse, but whatever.

Blackberry Enterprise Server (4, Interesting)

Monkeedude1212 (1560403) | more than 4 years ago | (#32956100)

When someone at work has a blackberry, they are set up on the Blackberry enterprise server, which manages all their contacts and emails and calendar and such.

If they leave, or are terminated, we are told to send the kill command to their BES account. This will delete any emails off their phone AND their contact details. In some cases, a person will be let go - our IT staff will be let known first so their account can be disabled for security reasons. Then that recently laid off person has lost all of their contact details - including Mom and Dad and sweet Great Aunt Gertrude.

We haven't faced any legal suits yet - but it happened a couple times where people have gotten angry. As a precaution - we've started informing people that this happens - so anyone with a blackberry needs to back up their contacts constantly.

Re:Blackberry Enterprise Server (0)

Anonymous Coward | more than 4 years ago | (#32956226)

Why are your employees using personal BB's on your companies BES? If your company requires mobile access to email, then should the company not be providing them with the hardware to perform this task? That is what the company I work for does. Then there is no gray area, the BB, and its contents are entirely company property.

Re:Blackberry Enterprise Server (1)

h4rr4r (612664) | more than 4 years ago | (#32956388)

Then they can read all your sms or email, even non-work related stuff.

Here we just pay the cost of the plan, and tell people to backup their contacts.

Re:Blackberry Enterprise Server (0)

Anonymous Coward | more than 4 years ago | (#32956532)

And? its company property and company servers, you really shouldn't be doing anything personal on them anyways. and it doesn't matter if the BB's are the employee's property or the companies, the admins will still have access to get into their mailboxes.

Maintain separate phones for work and personal. When i get home the work phone sits on the desk at home till the next morning when i go into the office. im not paid to be on the clock 24/7. im sure as hell not going to be reachable by the company 24/7. If there is a dire emergency that needs my attention the proper people have my personal number

Re:Blackberry Enterprise Server (1)

Lunar_Lamp (976812) | more than 4 years ago | (#32956700)

its company property and company servers, you really shouldn't be doing anything personal on them anyways.

In many places I've worked (all in the UK) it's been a clear perk of the job that "reasonable" usage of a work-provided mobile phone for personal calls was acceptable.

Re:Blackberry Enterprise Server (4, Insightful)

grasshoppa (657393) | more than 4 years ago | (#32956566)

If the device is hooked up to a corporate BES server, then they can already read all of your sms / email.

Always better for the corporation to completely own the device, from start to finish, to prevent confusion.

Re:Blackberry Enterprise Server (4, Funny)

Shakrai (717556) | more than 4 years ago | (#32956634)

If the device is hooked up to a corporate BES server, then they can already read all of your sms / email.

I pointed this out to a friend that uses her personal blackberry to access her company e-mail. Her response was "So what?" Then I asked her, "Don't you use text messaging to order that dried up plant material that's illegal in all 50 states?"

She bought a droid the very next day.....

Re:Blackberry Enterprise Server (1)

h4rr4r (612664) | more than 4 years ago | (#32956638)

Which is why I just do not use a blackberry. If I am going to have a smartphone it might as well be a decent one.

Re:Blackberry Enterprise Server (0)

Anonymous Coward | more than 4 years ago | (#32956748)

a device other than blackberry isn't going to protect you, the latest versions of exchange/outlook will also backup the contacts, txt messages, emails from the mobile device. The backing up of TXT messages and accessibility of them though outlook on the desktop is something. I believe this was introduced in exchange/outlook 2010, but maybe in the 2007 version. Im going to guess that likely your WinMo, Android, or iphone is using exchange push mail right?

In the end keep work and personal separate, no good can come of mixing the two

Re:Blackberry Enterprise Server (1)

h4rr4r (612664) | more than 4 years ago | (#32956872)

I do not use exchange nor outlook either.

My android phone is using imap idle for pushmail. We are using a competing mail server product, that is much cheaper and so far much less troublesome.

Re:Blackberry Enterprise Server (1)

jobugeek (466084) | more than 4 years ago | (#32956800)

If these are company blackberrys then you are probably screwing up by telling people to back up their contact information. Many times IT departments are informed first, so that kind of information can not be backed up, particularly in cases of sales personnel or anyone who could take those contacts/emails to a competitor

Re:Blackberry Enterprise Server (0)

Anonymous Coward | more than 4 years ago | (#32956938)

If they leave, or are terminated, we are told to send the kill command to their BES account. This will delete any emails off their phone AND their contact details.

Not always the best choice. There are some odd cases where information on the blackberry doesn't get synced back to the BES, but you've just wiped it.

It's easier to just remotely change the password on the blackberry, and make sure your IT policy encrypts the contents (which you ought to do anyway).

We haven't faced any legal suits yet - but it happened a couple times where people have gotten angry. As a precaution - we've started informing people that this happens - so anyone with a blackberry needs to back up their contacts constantly.

It's company property. If they are storing personal information on company property, you're on very safe legal grounds.

You're kidding... (4, Insightful)

Un pobre guey (593801) | more than 4 years ago | (#32956110)

What legally questionable scenarios have cropped up at your job?

You have got to be shitting me. This isn't phishing, this needs a new term all its own.

Re:You're kidding... (1)

bsDaemon (87307) | more than 4 years ago | (#32956192)

like "snitching," "informing," "dropping dimes," etc?

Re:You're kidding... (1)

kindbud (90044) | more than 4 years ago | (#32957234)

No it doesn't. The old term "dragnet" is perfectly applicable here.

Har Har (4, Funny)

poliscipirate (1636723) | more than 4 years ago | (#32956208)

'After all, many people think anyone technical is a whiz kid or brainiac on any topic.'

Obviously, they've never visited slashdot.

Re:Har Har (1)

Un pobre guey (593801) | more than 4 years ago | (#32956528)

Yeah. Suckers!

It's not that hard... (1, Funny)

Anonymous Coward | more than 4 years ago | (#32956216)

Just make sure you never try to run an illegal instruction!

The BSA does not go after the techs but paper work (1)

Joe The Dragon (967727) | more than 4 years ago | (#32956234)

The BSA does not go after the techs but they are a paper work b* and will hit for not having the paper work they want and some times it's not what you think you need to have.

Ever spy on the courts? I was asked to. (1)

Jailbrekr (73837) | more than 4 years ago | (#32956236)

We were in creditor protection (Canadian version of Chapter 11 Bankruptcy), and the owner asked me to essentially spy on the Court appointed monitors and send him any email they sent or received when they were on site and using our computer systems. Thankfully, I had the presence of mind to know how wrong that was, and went to the Accounting controller to inform him of that request. In the end the courts were not told of his transgressions as that would have caused him a pile of trouble (he most probably would have been fired from his own company), and the accounting controller talked a bit of sense into him.

Legally questionable scenarios? (4, Interesting)

girlintraining (1395911) | more than 4 years ago | (#32956274)

Here's one: I worked for one of the top national retail firms. Their POS systems were booted using PXE, and there was no firwalling between the stores and corporate HQ. In other words, the network topology was completely flat. Setup a PXE server at any store, distribution center, or headquarters, and you could respond to PXE requests sent by the POS systems. The store's location was coded into the DNS RR, and followed an easy to understand naming convention -- they also were powered down every evening. Which means, you had about a 10 minute window each day where if you disabled or DDoS'd the one PXE server on the network, you would be able to send a bootable image to every POS server in that timezone.

They fired me three days after reporting this flaw, calling me a security risk.

Re:Legally questionable scenarios? (3, Funny)

Frequency Domain (601421) | more than 4 years ago | (#32956586)

At first I thought POS meant "Point of Sale", but as I read through your post I realized it actually stands for "Piece of..."

piece of... (1)

Dogbertius (1333565) | more than 4 years ago | (#32957326)

At first I thought POS meant "Point of Sale", but as I read through your post I realized it actually stands for "Piece of..."

...software?

its both (1)

RobertLTux (260313) | more than 4 years ago | (#32957376)

as anybody that actually works in retail above the McD register level knows BOTH are correct.

Re:Legally questionable scenarios? (2, Insightful)

Anonymous Coward | more than 4 years ago | (#32956596)

Here's one: I worked for one of the top national retail firms. Their POS systems were booted using PXE, and there was no firwalling between the stores and corporate HQ. In other words, the network topology was completely flat. Setup a PXE server at any store, distribution center, or headquarters, and you could respond to PXE requests sent by the POS systems. The store's location was coded into the DNS RR, and followed an easy to understand naming convention -- they also were powered down every evening. Which means, you had about a 10 minute window each day where if you disabled or DDoS'd the one PXE server on the network, you would be able to send a bootable image to every POS server in that timezone.

They fired me three days after reporting this flaw, calling me a security risk.

Maybe you shouldn't have informed them via a custom Windows splash screen...

Re:Legally questionable scenarios? (1)

AnonymousClown (1788472) | more than 4 years ago | (#32956644)

I developed retail POS software years ago and I don't doubt what your saying. The system I worked on was real bare bones and so were the competitor's systems and I can't say too much more than that other than it was DOS right on top of Ethernet - no TCP/IP. Retail software has to work in a very small memory footprint on the cheapest machines you can imagine. Stores have to buy hundreds or thousands of them at a time and retailers want cheap, cheap, cheap!

That company was rather stupid for canning you. Actually, very stupid. They should have brought up the security risk to the vendor. We used to talk to retailer's IT people all the time.

But here's the thing, way back when I was working on that stuff (1996-1998), the regional office would have phones lines that the store server called: yep a modem. There wasn't anything over the internet - then anyway because they couldn't: no TCP/IP. Some companies had leased lines. Then again, considering how cheap retailers are, I wouldn't put it past them to move all that data and everything over the internet to save on the cost of phone lines or leased lines. That's assuming that the POS vendors have incorporated TCP/IP stacks into their systems.

Re:Legally questionable scenarios? (3, Insightful)

idiot900 (166952) | more than 4 years ago | (#32956768)

They fired me three days after reporting this flaw, calling me a security risk.

What a brilliant idea by whoever fired you - producing a disgruntled former employee who knows how to steal money from the company.

Re:Legally questionable scenarios? (2, Insightful)

FelixNZ (1426093) | more than 4 years ago | (#32956960)

Wow, that's incredible, unless you were a contractor, I am extremely glad to be in a country that has sane employment law right now.

Re:Legally questionable scenarios? (1)

_Sprocket_ (42527) | more than 4 years ago | (#32957036)

Whatever happened to TJ Max anyway?

Re:Legally questionable scenarios? (0)

RichardJenkins (1362463) | more than 4 years ago | (#32957130)

What was your job?

Let Me Tell Ya 'Bout the Time We ... (3, Funny)

eldavojohn (898314) | more than 4 years ago | (#32956282)

What legally questionable scenarios have cropped up at your job?

I'm a software developer for one of the big automotive companies and we almost got into some legal trouble a while back. We had another team that would test the embedded code we put in there and we were always playing pranks on each other between the two teams. So one time, I wrote a procedure that cause the accelerator to randomly speed up with no user interaction. It was very very rare that the procedure would trigger and then I called it right in the middle of the main block of the embedded code. Anyway, they run a bunch of tests a day and on the like the fortieth day, John drove his car right through the wall of the testing facility! Oh my, what a hoot, I haven't laughed so hard since they air lifted him out. But then there was all this legal BS about somebody getting hurt and this and that. Those law-talking guys have no sense of humor. So I realized I had to go in and comment out that procedure. So all I did was go in and comment out the signature block ... or at least I think that took care of it, but maybe it was that fancy ECC crap the smart guy put in ... I wonder if anyone ever went back in there and totally cleaned it up? Oh well ... dodged a bullet there ... am I right?

Has it shown that really??? (3, Informative)

stephanruby (542433) | more than 4 years ago | (#32956308)

Worse, as the recent case against Terry Childs has shown, judges and juries are often not technically savvy enough to understand what IT pros do. 'That lack of understanding can lead them to conclude you're at fault or should have known better,'

Has it shown that really??? I recall the foreman of the jury for the Terry Childs case was a pretty smart IT guy. Also, the resumes of the other jurors were not all that bad technically either. If anything, I really do think that Terry Childs was judged by a jury of his peers (even if this doesn't always happen in other cases).

Terry Childs case not a good example (4, Insightful)

linebackn (131821) | more than 4 years ago | (#32956326)

Worse, as the recent case against Terry Childs has shown, judges and juries are often not technically savvy enough to understand what IT pros do

As I recall, when the details finally came to light about what he did and how he went about it, the judge and jurry WERE technically savvy enough to understand what he did. It was all the people jumping to uninformed conclusions here on Slashdot that didn't understand.

I have no doubt there are plenty of cases where judges and juries fail to understand the facts at hand, but I don't think this was one of them.

how about makeing EULA that non legal types can re (1)

Joe The Dragon (967727) | more than 4 years ago | (#32956360)

how about makeing EULA that non legal types can read and under stand not all work places have the means to take the time for legal to look at all of them.

Re:how about makeing EULA that non legal types can (2, Informative)

Anonymous Coward | more than 4 years ago | (#32956464)

Most EULAs aren't actually that difficult to read. They're just long and boring...

Re:how about makeing EULA that non legal types can (1)

cjb658 (1235986) | more than 4 years ago | (#32957172)

Because then some people might figure out what they're actually agreeing to and stop buying their software?

Asked to use pirate software (4, Interesting)

Rene S. Hollan (1943) | more than 4 years ago | (#32956372)

I have often been either asked to use pirate copies of software (Borland Turbo C in the 1980s), or accept license agreements personally, where a corporate license would have been more fitting. Neither of these have occurred at my present place of employment, thankfully.

In other areas, I was once asked by a low-level manager at a client company of our contracting firm for my SSN for a "background check". I was told this person had a reputation of committing identity theft in the name of contractors, obtaining credit in their name, and threatening to insist they be removed from the assignment if they complained. I don't know if that was true, but did insist that any "background check" would be done by a recognized neutral party. I was requested removed from the assignment, and let go for lack of other work.

On the pirate software issue, I simply licensed my own copies, and took them with me when I left (well, wiped them off my work computer). Borland's license would let me use their compiler on any machine, even let someone else use it, one at a time.

The bottom line is that if your employer asks you to break the law, find another job... fast.

How about legally liable for the PHB and other hig (2, Interesting)

Joe The Dragon (967727) | more than 4 years ago | (#32956442)

How about legally liable for the PHB and other higher up people at the work place who don't know about IT but they buy stuff on the golf course buy they fail to buy the right licenses and they they tell the techs that proper license are done / the buying department took care of it.

In some places the IT guy do not buy any thing they just tell some what they need and hope to get it.

Unions (0)

Anonymous Coward | more than 4 years ago | (#32956750)

I work in the medical field and I am so thankful I have union representation to clarify legaly questionable requests from management.

People may speak ill of unions, but from my end they have literally been life savers.

Requirements vary by jurisdiction (2, Insightful)

HikingStick (878216) | more than 4 years ago | (#32956786)

One problem I see is that requirements may not be the same from state to state (in the US), and there are few formal resources available for IT professionals to know exactly what requirements apply. This is especially true for IT pros in smaller, or privately held firms that don't fall under the authority of some of the big bills that have been enacted. None of the college programs in my area even has a course addressing these issues, except for specific courses dealing with things like HIPPA. This seems to be a big gap, and I know I'd love to find a course (or even a website) that deals with specific requirements both at the State and Federal levels.

Legal tangles (1)

Sta7ic (819090) | more than 4 years ago | (#32956968)

I haven't run afoul of any laws, writing software, but I'm always tangling with copyright readers and software licenses whenever I start up a project (which happens every year or two). Open source licenses especially, since the standing rule is that 'copyleft is bad, because we want to keep control of our work'.

Software licenses come up every couple months, but the shop does a good job keeping the site licenses for the software that we use, and personal software is discouraged. I have a couple sets of VS8/9/10 discs that I pass to the interns and new FTEs, but have the license codes squirreled away separately -- if the site license doesn't pick them up, it's IT's problem. I've had a license expire, which was inconvenient, but had the project money for the latest version.

Code plagiarism is another concern, but a pretty easy one ~ either don't copy it, or contact the original author. Pretty straightforwards.

the president of the company (2, Informative)

Anonymous Coward | more than 4 years ago | (#32957138)

asked for a reprint of the customer listing. A couple of days later the two vp's asked for the same thing. The company was shut down about 3 months later and I was the only one hired by the parent company.

About two months later I was called in the attorney's office. I was asked if I distributed any unauthorized customer lists.

Damn.

Re:the president of the company (1)

pclminion (145572) | more than 4 years ago | (#32957170)

Maybe I'm missing something... What would be bad about giving the president of the company a list of the company's customers? Huh?

Patents, open licences and cyberspace laws (1)

Yvanhoe (564877) | more than 4 years ago | (#32957332)

I live in France so software patents, in theory, do not exist. But I have American and Japanese clients. What happens then ?

I offer (freely) some web services like IRC or forums. If someone infringes a silly law from a silly country by saying something illegal in either the country I live in, the country where the server is located or the country where the user is, how are the responsibilities split ?

Some of the code I develop at my work is open source (BSD). But BSD has no French translations and no transcription for French law. Cecil-B can work, but French copyright laws are subtly different from Americans', and the legality of viral open source licenses is an open debate here (no one cared about making a simple and quick law to clearly state they are legal).

We have a silly law named HADOPI that create an offense of "non-securization of an internet terminal" with very vague terms that don't really explain how to comply.

My biggest problem, in definitive, is that the law of my country is unadapted, inapplicable, written by persons who dismissed experts' advices. As a result, and being a law-abiding person, I tried to write to representatives and journalists, I joined the local pirate party that was mainly made from people with a technical background that understood the law were silly. But I quit as this was taking more time than coding. So now it is a matter of choice between being up-to-date with the latest sillinesses or coding interesting and useful stuff. I chose the latter, knowing that the clown-hammer of law is suspended over my head and that I am probably in a gray zone. Being legally safe is a luxury I can not afford but I do not wish to surrender to the Legalausaurus Rex. I put the little faith I still have in humanity in the hope that when the silliness of the current laws will be obvious (it is forbidden to be infected by virus ! An IP address is a proof of identity ! Linux is illegal !) they will be corrected.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?