[techtalk] Sick of surf and porn addicts

James Sutherland jas88 at cam.ac.uk
Thu May 31 10:14:45 EST 2001


On Wed, 30 May 2001 Martin.Caitlyn at epamail.epa.gov wrote:

> Hi, James, and everyone else,
>
> Actually, you're both guilty here.  In some posts you didn't specify, and
> both of you have pontificated as if you are talking about some sort of
> universal law.  I called "Penguina" on it, so I'd be remiss if I didn't do
> the same to you.

Sorry about that; the laws I'm referring to are EU (they vary slightly
from country to country, so it's the UK variant I mean, although the
general concept is common to the EU). The underlying philosophy, though,
is one I support globally: other nations may not respect these rights, but
IMHO they SHOULD.

> > Certainly not true in countries where citizens have rights (instead of
> > the free-for-all corporate lets-screw-the-public-fest you seem to enjoy).
>
> I cannot speak for New Zealand, as I have never lived there or even
> visited, but I can say that I fully disagree with what you are saying, and
> I must say you managed to be just as disrespectful of opposing views as she
> was.  I have had the privilege of living in two different countries (I'm a
> dual national) and of having travelled the world and conducted business in
> countries with greatly varying amounts of freedom.  The US falls into the
> category of "free-for-all corporate lets-screw-the-public-fest" by your
> definition, and I honestly feel we have more freedoms here, and more
> guarantees of our freedoms, than any other place in the world I have been.

Yes, in general - the US constitution does a much better job of protecting
your rights from government interference than our ECHR. (Actually, one
flaw in the latter is that member governments can suspend almost all
rights if they feel a need to. Oops.)

> I would rate our Bill of Rights specifically, and really our Constitution
> as a whole, as a model for guaranteeing the rights of individual citizens.

Protecting their rights from the government, yes. Not from private
interference, though - if rewriting the Constitution now, I hope that
would be rectified...

> Having said that, there are times when societal or corporate rights must be
> balanced against individual rights.  The US Supreme Court has recognized
> this.  The most famous example is that free speech is limited:  you do not
> have the right to scream "Fire!" in a crowded theatre, nor do you have the
> right to incite a riot in the US.  I think these are good limitations on
> individual rights.

Sometimes, yes. The ECHR does go too far here, IMO; it contains a whole
raft of blanket exceptions for governments. In the privacy case, for
example, the government is actually exempt from the restrictions I've
mentioned here!

> What you are defending (the right to surf porn sites on company time)

That is *NOT* what I am defending. I'm defending the right to privacy.
Spying on your staff will certainly uncover some misbehaviour, but that
doesn't justify it!

> is theft, plain and simple.  If I am a business owner (as I once was)
> and an employee does this, my rights are being trampled on and my
> funds being stolen.  I am glad that the court will take my rights into
> consideration, and not just my employee's.

If someone is abusing your bandwidth to the extent it compromises normal
usage, of course you can investigate - but spying on everyone on the
offchance you'll catch someone doing something wrong?!

> Also, you are really getting high and mighty about privacy rights in the
> EU.  I notice you live in the UK, a country where you put surveillance
> cameras on street corners and in the tube.  I read recently that a typical
> Londoner using public transportation is photographed an average of 400
> times on their commute to and from work.  Isn't that an gross violation of
> privacy?  IMHO, it is, and I am much more comfortable with the United
> States or Israel where that simply isn't permitted or legal.

Hrm. It's illegal to monitor people in public, but it's OK to monitor them
in private?! The cameras you refer to are mostly government owned, anyway,
and the government is exempt from our data protection laws.

> > Not if you want to keep your company it isn't; recording phone calls is
> > restricted by law even in the Unregulated States, though many states are
> > still pretty lax about it.
>
> Not so.  It is a matter of state law, and different states have different
> procedures.  Also, before you call us the "Unregulated States" you really
> need to read our federal, state, county, and municipal laws, rules,
> regulations, and ordinances.  I think you are in for quite a surprise.  I
> suspect we are every bit as regulated as you are, if not more so.

Oh, you have lots of laws - you just seem rather lacking in privacy
protection.

> >> If the EU has its head so far up its hindquarters that it doesn't
> >> allow private employers to monitor and regulate the use of company
> >> infrastructure, then no wonder the EU is so far uh..."behind."
>
> > Behind... yep, our bubble's much smaller than your bubble. Which means
> > you've got further to fall...
>
> Actually not.  The EU as a whole and the US are directly comparable in size
> and population.

The EU is significantly larger, but I was referring to the economic
bubble.

> > i.e. don't mention it to the people whose human rights she's violating,
> or
> > the employer who'll fire her for doing so, or the police who would fine
> > the company into the ground for allowing her to do so?
>
> You have a very broad definition of human rights, don't you?

I'm using the same definition our government uses - the ECHR. Privacy has
an article all to itself, giving it the same status as the right to life,
freedom of speech and freedom from torture.

> In fact, if you really look at this, you are defending corporate and
> societal rights.

How so? Individuals have the right to privacy. Any individual or company
violating that privacy is breaking the law: you don't have any rights over
other people.

> Bravo!  You have come full circle.  Now, reevaluate what you are
> saying and realize that you, too, are advocating a balance between
> individual and societal rights.  Now we have common ground to continue
> the discussion from in a civilized way.  Oh, and yes, I agree with
> your point, just not the choice of the wording "human rights".  To me,
> that has always meant individual rights.

I used that term because one of the laws concerned is the European
Convention on Human Rights, and associated legislation.

> > Better that than a culture where employers feel entitled or even obliged
> > to spy on their staff, rather than TRUSTING them to do the jobs for which
> > they are paid...
>
> I think you have a very unrealistic view.  We have such logs where I work,
> In theory, this e-mail I am writing could be scrutinized.  However, unless
> I give a reason to believe I am untrustworthy, nobody will ever look
> through my stuff or the relevant logs.  If I go to a site deemed
> inappropriate, our web filter will send out a nastygram and management will
> be copied.   I'll get a friendly reminder of policy.  If I continue to
> willfully violate policy *then* I assure you that my work will be
> scrutinized, and those logs could be used to build a case for termination
> against me.

Violating that policy shouldn't be grounds for dismissal. Failure to do
your job effectively, yes. Gross misconduct (committing any criminal
offence in relation to your job, for example), yes. Wasting time, no.

> Most companies *do* trust their employees.  Most companies do not spy on
> them.

You just said your company DOES keep logs? You regard this as OK, but
cameras as an invasion of privacy - I have the opposite view.

> Unlike the London Underground, I do not have to fear from hidden
> cameras here.  However, if a company wants to get rid of me for cause
> (i.e.: theft of services, which is what we are discussing, or wanton
> violation of policy) they need evidence in the case of a wrongful
> termination suit brought by me.  The logs provide that evidence.  Without
> those logs I could rob them blind with impunity.

"Rob them blind"?? You could waste a proportion of their bandwidth, yes.
For that matter, you could just type "dd if=/dev/zero of=~/junk" and waste
disk space that way...

To me, this looks like attacking the symptom, not the root problem. If
you're employing a waste of space who just eats your bandwidth, you'll
know it with or without logs. Gather evidence he/she's a waste of space,
and fire him/her for that.

> > Think about it. Your justification is that excessive surfing harms their
> > productivity - are you honestly trying to claim the only way you can
> > measure an employee's productivity is to spy on his/her personal
> > communications?
>
> Nope.  As an employer or manager, I can judge his or her output.  However,
> because of the legal protections offered employees in this country (which
> are a good thing, IMHO), I need to be able to document why his or her
> productivity is down.  If that employee, for example, is suffering from a
> serious illness, they are covered by the Americans with Disabilities Act
> (ADA) and may have a legitimate reason for reduced productivity.  I have no
> right to fire them in that case, though I can insist if things get really
> bad that they go on disability until they are well.  However, I may have to
> live with reduced output.  OTOH, if their productivity is down because of
> theft of services (like excessive web surfing) I have a right to right to
> terminate them for cause.

There should be a better way than this. Presumably you have regular staff
performance reviews? (Our govt agencies do, for staff development and
security reasons.) If someone's work has been below expectations, raise it
at this review. Ask what reasons there are, and see what improvements can
be made. If their performance does not then improve, you have documentary
evidence to terminate them for non-performance.

> > If they have a proper job, you should be able to tell
> > whether or not they are working properly without that sort of measure!
>
> Yes, I can.  What I cannot do is *prove* in a court of law that I was
> justified in my actions.  By being able to produce such logs I can.
>
> In order to get and keep this job, I had to go through a National Security
> background investigation.  I am subject to such things periodically.  They
> are a *gross* violation of privacy.  They can look into every detail of my
> life going back to my childhood.

Yes, there's a similar system here in government agencies. Very few people
have problems there, though; the last one I can remember was an idiot who
forged documentation to get a rail discount card. (Now THAT's what I call
a detail background check...)

> However, as an administrator of any number of mission critical
> government servers with sensitive data on them, I recognize that the
> collective rights of the nation do, in this case, outweigh my
> individual rights.  By permitting this invasion of my privacy I am
> insuring that anyone hired into a sensitive position is not terribly
> likely to do something improper or illegal with the data I am, in
> effect, entrusted with, and in doing so, violate someone else's
> individual rights. Nobody held a gun to my head when I took this job.
> I had two other offers. I liked this one best, so I accepted the job
> knowing full well that I would have to yield some of my individual
> right to privacy.  Once again, it was a matter of balance between the
> collective society, which is composed of many individuals, and just
> one individual, in this case me.  My personal rights lost out, and I
> decided to accept that.

That isn't really an infringement of your rights, IMO - do you consider
the US version of the Official Secrets Act to infringe your freedom of
speech? Or, for that matter, any commercial NDA? Your employer can expect
you to respect confidential material related to your job. Now, if an
employer suddenly decided to make you all sign waivers prohibiting posting
on Usenet, or ban you from political involvement, THAT would be infringing
your rights...


James.





More information about the Techtalk mailing list