Re: Java & Netscape security [NOISE]
On Fri, 17 Nov 1995, Dr. Dimitri Vulis wrote:
m5@dev.tivoli.com (Mike McNally) writes:
Frederick B. Cohen writes:
This is baloney. When you work for Netscape or Sun and speak about your company's products, you are representing the company whether you disclaim it or not.
Baloney.
Fred is right. I used to work for Goldman Sachs & their internet usage policy stated that when you write to Internet or Usenet from a GS account, it will reflect on the firm no matter how you disclaim it.
I think this is true, and is where we start to get into reputations and trust. If someone from Goldman Sachs posts to a Usenet group discussing abortion or gun-control, and says that: "These opinions are my own and not my employers." Then, we can accept that, no matter how silly their opinions are. But there is a difference in the way we look at it if someone from Goldman Sachs posts to misc.invest.stocks instead and says that the Goldman Sachs Strip Coupon Fund is better than the one from Merrill Lynch -- that it's safer and produces higher returns because Goldman uses cubic spline interpolation methodologies to interpolate the yield curve, while Merrill Lynch doesn't. There is a difference here. In the first case, the poster is not commenting about anything to do with their work, -- it really is just one man's opinion -- while in the second they are actually commenting upon something their employer is selling. If the employee tries to add, "these opinions are my own, and do not reflect the opinion of my employer" then we have a huge credibility problem. You really can't have it both ways. You can't post officially and unofficially at the same time, unless it really does have nothing to do with your work. If you post from Sun Engineering, and you are posting to a group that focuses on Sun, and you are talking about a Sun product, then people are going to take your comments as an official statement from Sun. You are that product's spokesperson, whether you disclaim or not, and should act accordingly. No matter what, that's the way people are going to see it. It's a huge responsibility ... it's not like speaking candidly at an open Member's table at the Rideau Club or anything, like that. Sun and Netscape and AT&T should know this. Alice de 'nonymous ... ...just another one of those... P.S. This post is in the public domain. C. S. U. M. O. C. L. U. N. E.
Alice de Nonymous writes: [dlv]
Fred is right. I used to work for Goldman Sachs & their internet usage policy stated that when you write to Internet or Usenet from a GS account, it will reflect on the firm no matter how you disclaim it.
[alice]
I think this is true, and is where we start to get into reputations and trust.
If someone from Goldman Sachs posts to a Usenet group discussing abortion or gun-control, and says that: "These opinions are my own and not my employers." Then, we can accept that, no matter how silly their opinions are.
Unfortunately, most employers won't accept this. A couple of years ago Sun Micro fired Philip Stromer for posting homophobic jokes to Usenet. A good friend of mine was fired from Microsoft for sending politically incorrect articles to a Ukrainian mailing list. (He was born in Ukraine.) Someone complained to MS and he was axed. Interestingly, most of his offensive messages came from his CompuServe account; only a couple of tamer ones were from his microsoft.com address. The complainer and Microsoft apparently felt that since he was known to work for Microsoft, it didn't matter that he posted mostly from Compuserve. I think Goldman's policy on Internet use is pretty reasonable. I'm attaching at the end a couple of interesting e-mails that explain their philosophy.
But there is a difference in the way we look at it if someone from Goldman Sachs posts to misc.invest.stocks instead and says that the Goldman Sachs Strip Coupon Fund is better than the one from Merrill Lynch -- that it's safer and produces higher returns because Goldman uses cubic spline interpolation methodologies to interpolate the yield curve, while Merrill Lynch doesn't. There is a difference here.
Hmm... If it looks remotely like marketing, it'd better carry the usual disclaimers that past returns are no indication of future returns etc. :)
In the first case, the poster is not commenting about anything to do with their work, -- it really is just one man's opinion -- while in the second they are actually commenting upon something their employer is selling.
Even in the first case, the poster is using a Goldman e-mail address, which is comparable to using Goldman stationery to write a personal letter. If he says something pro- or anti-gun/abortion that might antagonize a potential client and cause him not to do business with GS, then GS is right not to like this.
If the employee tries to add, "these opinions are my own, and do not reflect the opinion of my employer" then we have a huge credibility problem.
I think these disclaimers are just silly and can't be taken seriously. If he posted an article to alt.sex.pedophile discussing his desire to have sex with children, surely this would reflect on Goldman no matter how he disclaimed it, and he would deservedly be in trouble.
You really can't have it both ways. You can't post officially and unofficially at the same time, unless it really does have nothing to do with your work.
Goldman's policy seems to indicate that if you post from a commercial ISP and don't claim to speak on behalf of Goldman, they don't care what they say. This is better than some... But consider this hypo. Joe Shmoe, an analyst with GS Research, posts an article to misc.invest.* saying that he likes stock XYZZY. He posts from another ISP and doesn't mention that he works for Goldman. But one of the many kooks that invest misc.invest.* recognized Joe and shouts: *LOOK! THIS IS JOE SHMOE FROM GS RESEARCH! *. At which point, the readers take Joe Shmoe's postings much more seriously, and Goldman asks him whether he's put XYZZY on the restricted list. (Disclaimer: I definitely don't speak for Goldman and am just supposing what might happen in a situation like this :)
If you post from Sun Engineering, and you are posting to a group that focuses on Sun, and you are talking about a Sun product, then people are going to take your comments as an official statement from Sun. You are that product's spokesperson, whether you disclaim or not, and should act accordingly. No matter what, that's the way people are going to see it.
I would venture as far as to say that if you post from Netcom, but are known to work for X, then you have much more crediblity speaking about X's products or future plans that some unknown person. Your reputation is thus both enhanced by X and partially owned by X. X would be within its right to ask you not to speak about X's affairs in public. The readers would have the right to assume that you know more about X's affairs and deicision-making than someone from the street. Greater credibility carries with it greater responsibility, both to X and to the readers. If you want a reputation that's independent from X, you could get an ISP account under an assumed name, or post via an anonymous remailer, and build a reputation from scratch. Here are a couple of quotes regarding Goldman's Internet usage guidelines: ----------------------------------------------------------------------------- Date: Wed, 10 May 1995 12:35:49 -0400 Resent-From: dimitry.vulis@nyapps01.gsam.gs.com (DLV) From: Gary Schermerhorn <gary.schermerhorn@nyapps01.gsam.gs.com> Subject: Internet GuideLines To: gsamit@athena.fi.gs.com Message-Id: <199505101635.MAA27299@nyapps01.gsam.gs.com> Mime-Version: 1.0 X-Mailer: Z-Mail (3.2.0 06sep94) X-Mailer: Mozilla/0.96 Beta (Windows) Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Many of you have asked me for the firm's Internet Guidelines. I have attached them below. Call me or Hans if you have any questions.
[Image] Internet Access (including Internet mail)
------------------------------------------------------------------------
The Firm has clear policies on the appropriate usage of computer resources listed in a pamphlet entitled "The Keys To Information Security". This pamphlet is distributed to all new employees during their New Employee Orientation on the first day of employment. The policy in part:
Goldman Sachs' computers and software should be used for business purposes only. Software and data created on Firm systems or by Firm employees are the property of Goldman Sachs. Only authorized use of the systems is permitted.
You should be aware that unauthorized use of the systems may result in disciplinary action by the Firm, possibly including termination.
------------------------------------------------------------------------
Q: What does "for business purposes only" mean?
A: It means that except for de minimis personal use, you should only use the Internet (including Mosaic and Internet mail) for tasks related to your job function.
------------------------------------------------------------------------
Q: Does this mean I cannot browse the Internet unless I know what I'm retrieving?
A: The Internet is a resource beyond comprehension; even some of the Firm's veteran Internet surfers do not know about most of it. Browsing the Internet while looking for business-related resources is acceptable. Browsing the Internet with the intent of looking for non-business-related resources (such as the latest copy of Tetris) is not acceptable. Using the Internet to retrieve recreational pictures and other non-business items is not acceptable.
------------------------------------------------------------------------
Q: What if I have an Internet application I want to use that isn't currently supported?
A: Consult with the Information Security group (unix@is.gs.com).
------------------------------------------------------------------------
Q: How does anyone know what I look at on the Internet?
A: All Internet services leave an audit trail which is kept by the Information Security group. This logfile can be requested by your manager.
------------------------------------------------------------------------
Q: Why is the Firm concerned about Internet access?
A: There is a charge to the Firm for the Internet use time. Other than de minimis personal use, non-business use constitutes theft of Firm property.
In addition, many Internet applications (especially Mosaic) can potentially consume large amounts of network bandwidth. This has a significant impact upon your environment and can consume limited shared resources such as bandwidth and CPU. Heavy recreational usage of Internet services could consume bandwidth needed to deliver critical business data.
Furthermore, certain accessed materials such as sexually-oriented materials may be offensive to others whom it is visible.
Finally, when you send mail or news out to the Internet from a Firm system, you not only leave a trail throughout the Internet with the Goldman's name on it, but you also provide people on the Internet with an impression of Goldman, regardless of how you disclaim it. Plainly put, do not use the Internet (including email and news) for non-business related work.
------------------------------------------------------------------------
Q: How does this apply to Internet mail?
A: Internet mail follows the same guidelines as Internet connections. You should not use Internet mail for purpose not related to your job function. One example of an appropriate usage would be for a system administrator to use a mailing list to learn more about a particular software package, such as Kerberos.
An inappropriate use would be if you joined a list of bicyclists in the area and had that mail sent to your email account at work. Such mail is not related to your job-function (unless you happen to be the Goldman Investment Research Analyst assigned to bicyclists on the Information Superhighway).
------------------------------------------------------------------------
Q: So is it okay to correspond with clients through Internet mail?
A: Communicating with clients is carefully controlled by the Compliance people in for your business unit. You should obtain the same internal approvals when sending email to clients over the Internet as you get when sending paper mail to them. If you have any questions, check with your Compliance person first; do not send email to a client with the intention of resolving these issues later.
------------------------------------------------------------------------
Q: What about Usenet news and mailing lists?
A: When you post to Usenet news or send mail to a mailing list, you are providing an impression to the world of Goldman. Even if you "disclaim" what you are saying as "only your opinions", anything you say will continue to reflect on the Firm. Do not use news and mailing lists for personal or non-business purposes.
------------------------------------------------------------------------
Q: I really want to play with the Internet without all these constraints, what should I do?
A: There are dozens of business that provide personal connections to the Internet for a very low cost (between $10 and $30 / month). If you want to explore the Internet, purchase a membership for one of the these services and explore the Internet on your own time, without using Firm computers or networks.
------------------------------------------------------------------------
Q: Where should I go if I have more questions?
A: Your supervisor can help you determine what Internet resources may or may not be related to your job function.
------------------------------------------------------------------------
Unix Information Security Staff / webmaster@is.gs.com
----------------------------------------------------------------------------- Date: Mon, 08 May 1995 12:09:27 -0400 From: Gary Schermerhorn <gary.schermerhorn@nyapps01.gsam.gs.com> Subject: Internet Usage To: gsam.all@athena.fi.gs.com Message-Id: <9505081209.ZM11783@itpc01> Mime-Version: 1.0 X-Mailer: ZM-Win (3.2.1 11Sep94) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7BIT Just a reminder about Internet usage policy; Please read the 'Internet Access Policy' statement, which is available on the GSAM Home page, or email me and I will send you a copy. ALL World Wide Web accesses are monitored against a list of known servers and keywords which are understood to be inappropriate. This list is available to me each month. You should all avoid Web access that will end up on this list. Inappropiate use of the Web is equivalent to inappropriate phone usage (e.g., 900 numbers). Please read the Internet Access Guidelines. Encourage your staff, particularly new staff, to read them also. The spirit of the guidelines is very clear. Thanks. -- Gary Schermerhorn (scherg@gsam.gs.com) Goldman Sachs Asset Management (212) 902-3344 (phone) (212) 902-1384 (fax) --- Dr. Dimitri Vulis Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
I'm not sure where the policy of whether posts from foo.com should be considered policy of foo.com but they certainly are considered in that manner. Rather than have this discussion here how about people read up the threat in Hal Abelson's course on Ethics of the Electronic frontier? http://swissnet.ai.mit.edu/6095/on-line-discussion/topic-1/ One point to be made is that at Universities we all have university accounts because people realise that there is no connection between our views and institute policy. The freedom to hold unpopular views being part of what universities are all about. On the other hand there is no such assuption concerning posts from foo.com. I suspect that even in the UK one could sack an employee for making stupid statements from an Internet account. Particularly if they might lead a person to doubt the sanity of the person concerned. On Phil Stromer, I don't think the Internet posts were the only point at issue. He was very offensive however, it was not merely the views he posted but the manner in which he made them that caused offense. He also made a lot of assertions concerning other posters which might have led to legal action against Sun. Phill
hallam@w3.org writes:
One point to be made is that at Universities we all have university accounts because people realise that there is no connection between our views and institute policy. The freedom to hold unpopular views being part of what universities are all about. On the other hand there is no such assuption concerning posts from foo.com.
People who realize this, and use a University account to make "politically incorrect" statements, may be in for a rude surprise. Examples are posted way too frequently to alt.censorship.
On Phil Stromer, I don't think the Internet posts were the only point at issu He was very offensive however, it was not merely the views he posted but the manner in which he made them that caused offense. He also made a lot of assertions concerning other posters which might have led to legal action against Sun.
It was definitely dumb of Stromer to have posted from a Sun account. However I'm sure that if he had posted from something like Netcom, and if he were known to work for Sun, some guardians of political correctness would have complained to Sun anyway. When I was in grad school, people used to complain to the grad school about my politically incorrect writings coming from this BBS, which is not affiliated with the school in any way (some of them were even forged :). Since I've bothered digging up the following quote, I might as well post it: ============================================================================ Philip H. Stromer: Contrib. post: He was another hate-filled bigot who posted rants about homosexuality. He became obsessed with the idea that anal sex would wear out the muscles of the digestive tract, causing incontinence; he also posted long gloating messages about "AIDS-infested faggots". Eventually, Sun Microsystems fired him for breach of contract, for posting messages which were intimidating and harassing to other employees. He sued them, and lost. Appeared again from some commercial site or other, but soon sunk out of view. A salutory lesson to those who believe that the Internet is a license to spew bigotry. -- Oh yeah. I've read this clown's rantings from time to time, and the one thing that occurs to me is that he and little Danny Karnes may be the same person. This isn't a _claim_ that they are, mind you, but you'd hardly know any better from their posts. -- (from the Business section of the San Jose Mercury News, Friday, July 31, 1992) "Email epithets spark Sun lawsuit" by Brandon Bailey By his own admission, Philip Stromer liked to push the boundaries of good taste when he sent out jokes and political statements on his employer's electronic mail network. But according to a lawsuit filed this week in Santa Clara County Superior Court, Stromer pushed too far. The 32-year-old technical writer says he was fired by Sun Microsystems in April after he sent a series of email messages that were anything but politically correct. The messages were posted on an electronic bulletin board used by Sun workers to exchange jokes and running commentary on a variety of topcis unrelated to their jobs. "I was just trying to make conversation," Stromer said in an interview. "I would normally take whatever position was unpopular." His electronic broadsides ranged from pro-Israel and anti-abortion arguments to jokes about AIDS and graphic epithets about gays. Eventually he signed on to a nationwide computer network using his terminal at Sun and typed what he described as "some very extremely nasty stuff" on a bulletin board used primarily to exchange sarcastic insults and vitriolic humor. A Sun spokeswoman said the company would not comment. The case raises interesting questions about the increasing popularity of electronic bulletin boards and message systems on which users can type all kinds of outrageous statements without having to look their audience in the eye. Stromer says he always signed his own name to his messages and never meant to threaten anyone personally. But several legal experts say that anti-discrimination laws require management to step in when employees create an atmosphere that is hostile or intimidating to any group. "An occasional joke, maybe," said Patricia Shiu, staff attorney at the non-profit Employment Law Center in San Francisco. "But if an employer (allows) that kind of thing repeatedly, he exposes himself to liability for allowing a discriminatory environment." In his lawsuit, Stromer claims his bosses violated his right to free expression. He said he was just trying to liven up the conversations that Sun employees routinely conduct on a variety of email bulletin boards. And he compared himself with comedian Lenny Bruce. (Stromer said he had been scolded before but he drew his first written reprimand from Sun for a joke about AIDS and Magic Johnson, and another about AIDS and anal sex.) "This type of exchange... is deemed by Sun management to show poor judgment and blatant disregard for the feelings of coworkers," said the reprimand. By Stromer's account, he was fired after he used his work computer to hurl messages including graphic epithets at gays across a national network. The network automatically identified the messages as coming from a Sun computer. Stromer is acting as his own attorney. He said he sought help from the American Civil Liberties Union and a conservative foundation but both told him his employer had a right to regulate his speech on company computers. = = = [Typed in by sf at dec and reposted w/o his permission, which is why I'm leaving his name off / JBL] -- Aha. So _that's_ the reason he ceased to infest alt.flame! I just thought that his net access had been stripped, like a kook of a different stripe (I'm referring to the dreaded David J. Rasmussen, of course), but I probably just ran into his post-Sun output instead. One does wonder how working for a company justifies the posting of such crapola via a system the company owns. Ah well... ============================================================================ --- Dr. Dimitri Vulis Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
participants (3)
-
anonymous-remailer@shell.portal.com -
dlv@bwalk.dm.com -
hallam@w3.org