Alice (or someone representing themselves as Alice) said:
What I'm trying to say is that if someome posts from watson.ibm.com, and IF they are talking about OS/2, we will not accept that they are not speaking independantly of the knowledge they have garnered from watson.
And that is understable.
In the same way, someone who writes from Netscape.com or AT&T, or Sun and tries to disclaim that they are speaking for the company, when they step out as an employee of a company is deluding themselves.
This is a complete non sequitur. See if you can follow this: only those authorized by the company to speak for the company are authorized speak for the company.
This is not correct, at least according to legal precident. If someone who is from Sun representes themselves as being from Sun (i.e., a Sun.Com email address in their signature line), then when they speak (or email) about Sun, its products, its policies, etc., they represent Sun.
There is a genuine difference between a corporate officer saying
The Amalgamated Widget corporate policy on stong crypto is ...
and some engineer from Amalgamated Widget saying
My private opinion on strong crypto is ...
There is indeed a difference, but it's not as big as you might seem to think. Even more importantly, there is a difference between the person from Amalgamated Widget speaking on strong crypto and the person from Sun speaking on Java.
The consequence of every statement by every employee being taken as company policy is that every employee (except for public relations) will be prohibited from contributing to any public forum or even answering apparently innocuous questions on the net. This would not be a desirable outcome.
In fact, employees represent the company any time they use company names, symbols, stationary, return addresses, etc. If the Netscape legal staff and corporate security board haven't made this clear to management and employees, that's pretty bad. If the officers of Netscape haven't taken appropriate policy measures to notify employees of this potential liability (it appears that at least they haven't notified Phillip), then negative consequences could result in personal liability to the officers (a shareholder lawsuit would be the most common cause of such liability). As a Netscape employee, you should immediately point this out to the corporate person you report to, and do so in writing. This sort of lapse is a strong indicator that inadequate IT audit has been done in Netscape. In a comprehensive IT audit, such policy lapses should be identified quickly and changes in corporate policies should follow very closely.
Still speaking for myself,
You are still speaking for Netscape, but hopefully after reading this message, you and your company will realize it.
PK -- Philip L. Karlton karlton@netscape.com Principal Curmudgeon http://www.netscape.com/people/karlton Netscape Communications
-- -> See: Info-Sec Heaven at URL http://all.net/ Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236