Re: Java & Netscape security [NOISE]
On Tue, 21 Nov 1995, Dr. Dimitri Vulis wrote:
Hmm... If it looks remotely like marketing, it'd better carry the usual disclaimers that past returns are no indication of future returns etc. :)
In the first case, the poster is not commenting about anything to do with their work, -- it really is just one man's opinion -- while in the second they are actually commenting upon something their employer is selling.
What I'm trying to say is that if someome posts from watson.ibm.com, and IF they are talking about OS/2, we will not accept that they are not speaking independantly of the knowledge they have garnered from watson. It just doesn't work that way. In the same way, someone who writes from Netscape.com or AT&T, or Sun and tries to disclaim that they are speaking for the company, when they step out as an employee of a company is deluding themselves. When in the press have you seen a reporter claim as a source, an "unnamed Senator"? Alice de 'nonymous ... ...just another one of those... P.S. This post is in the public domain. C. S. U. M. O. C. L. U. N. E. P.P.S. I just sent email to Steve Bellovin from AT&T. I thought I'd settle the question once and for all, as to whether he IS reading this mailing list or not.
Alice (or someone representing themselves as Alice) said:
What I'm trying to say is that if someome posts from watson.ibm.com, and IF they are talking about OS/2, we will not accept that they are not speaking independantly of the knowledge they have garnered from watson.
And that is understable.
In the same way, someone who writes from Netscape.com or AT&T, or Sun and tries to disclaim that they are speaking for the company, when they step out as an employee of a company is deluding themselves.
This is a complete non sequitur. See if you can follow this: only those authorized by the company to speak for the company are authorized speak for the company. There is a genuine difference between a corporate officer saying The Amalgamated Widget corporate policy on stong crypto is ... and some engineer from Amalgamated Widget saying My private opinion on strong crypto is ... The consequence of every statement by every employee being taken as company policy is that every employee (except for public relations) will be prohibited from contributing to any public forum or even answering apparently innocuous questions on the net. This would not be a desirable outcome. Still speaking for myself, PK -- Philip L. Karlton karlton@netscape.com Principal Curmudgeon http://www.netscape.com/people/karlton Netscape Communications
Alice (or someone representing themselves as Alice) said:
What I'm trying to say is that if someome posts from watson.ibm.com, and IF they are talking about OS/2, we will not accept that they are not speaking independantly of the knowledge they have garnered from watson.
And that is understable.
In the same way, someone who writes from Netscape.com or AT&T, or Sun and tries to disclaim that they are speaking for the company, when they step out as an employee of a company is deluding themselves.
This is a complete non sequitur. See if you can follow this: only those authorized by the company to speak for the company are authorized speak for the company.
This is not correct, at least according to legal precident. If someone who is from Sun representes themselves as being from Sun (i.e., a Sun.Com email address in their signature line), then when they speak (or email) about Sun, its products, its policies, etc., they represent Sun.
There is a genuine difference between a corporate officer saying
The Amalgamated Widget corporate policy on stong crypto is ...
and some engineer from Amalgamated Widget saying
My private opinion on strong crypto is ...
There is indeed a difference, but it's not as big as you might seem to think. Even more importantly, there is a difference between the person from Amalgamated Widget speaking on strong crypto and the person from Sun speaking on Java.
The consequence of every statement by every employee being taken as company policy is that every employee (except for public relations) will be prohibited from contributing to any public forum or even answering apparently innocuous questions on the net. This would not be a desirable outcome.
In fact, employees represent the company any time they use company names, symbols, stationary, return addresses, etc. If the Netscape legal staff and corporate security board haven't made this clear to management and employees, that's pretty bad. If the officers of Netscape haven't taken appropriate policy measures to notify employees of this potential liability (it appears that at least they haven't notified Phillip), then negative consequences could result in personal liability to the officers (a shareholder lawsuit would be the most common cause of such liability). As a Netscape employee, you should immediately point this out to the corporate person you report to, and do so in writing. This sort of lapse is a strong indicator that inadequate IT audit has been done in Netscape. In a comprehensive IT audit, such policy lapses should be identified quickly and changes in corporate policies should follow very closely.
Still speaking for myself,
You are still speaking for Netscape, but hopefully after reading this message, you and your company will realize it.
PK -- Philip L. Karlton karlton@netscape.com Principal Curmudgeon http://www.netscape.com/people/karlton Netscape Communications
-- -> See: Info-Sec Heaven at URL http://all.net/ Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
fc@all.net (Dr. Frederick B. Cohen) writes:
This is not correct, at least according to legal precident. If someone who is from Sun representes themselves as being from Sun (i.e., a Sun.Com email address in their signature line), then when they speak (or email) about Sun, its products, its policies, etc., they represent Sun.
Yes. On the positite side, the readers are likely to take more seriously someone who's known to work for the company whose products he's discussing. E.g., if someone writes from Netcom about Java, and I happen to know that he works for Sun (even in a totally unrelated division), I'll suspect that he may know more about Sun products than someone whose affiliation I don't know, and I'll pay a little more attention to his writings. The periodic Usenet post _What is Usenet? A second opinion_ by Edward Vielmetti <emv@msen.com> says: ]- Disclaimers are worthless. If you post from foobar.com, and put a note ] on the bottom "not the opinions of foobar inc.,", you may satisfy the ] lawyers but your corporate reputation still will be affected. To maintain ] a separate net.identity, post from a different site. I agree that disclaimers are worthless. I don't agree that they would satisfy the lawyers. --- Dr. Dimitri Vulis Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
I don't want to ruin a nice thanksgiving by starting a flameware. So let me just say that whether a post from a Tron.com address by a person saying "I don't speak for tron corporation" would be held to be a valid disclaimer is complicated, fact-driven, and (unless there is a state statute that speaks to the question) a question of what it was reasonable for an average reasonable recipient to think under the circumstances. Anyone who says "precedent says X" on this subject is oversimplifying. For one thing there are 50 states. They may not all have the same answer for given facts.... A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin@law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's warm here.
Alice de Nonymous writes:
What I'm trying to say is that if someome posts from watson.ibm.com, and IF they are talking about OS/2, we will not accept that they are not speaking independantly of the knowledge they have garnered from watson.
I fully agree. I'm not arguing with you.
In the same way, someone who writes from Netscape.com or AT&T, or Sun and tries to disclaim that they are speaking for the company, when they step out as an employee of a company is deluding themselves.
If you meant "disclaim that they are NOT speaking for the company", then that's what I was saying too. Moreover, I think that if someone known to work for Sun posts from Netcom about Sun products, policies, and future plans, s/he'll have both higher credibility and higher responsibility to the readers than a proverbial person from the street. (Sorry for not being able to take this to e-mail.) --- Dr. Dimitri Vulis Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
Dr. Dimitri Vulis wrote: | Moreover, I think that if someone known to work for Sun | posts from Netcom about Sun products, policies, and future plans, | s/he'll have both higher credibility and higher responsibility to | the readers than a proverbial person from the street. Could I suggest that people who are in this situation create a nym-key, work through remailers, and we drop the thread? :) Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
participants (6)
-
Adam Shostack -
anonymous-remailer@shell.portal.com -
dlv@bwalk.dm.com -
fc@all.net -
Michael Froomkin -
Phil Karlton