touchy subject -> sniffit

rleonard rleonard@aprnet.com
Wed, 26 Jul 2000 02:08:01 -0700 

<salt>
For the most part i would agree with your comments,  the key component imho
is a well written and implemented AUP  (acceptable use policy).  About 5
years ago i setup a major Las Vegas entertainment companies internet
connection, prior to enabling the users to access the net, we recommended to
management that they have an AUP vetted by thier attorney's, which they
declined to do, stating that they did not want to be "big brother".  The
first month thier overtime shot up 65%, i had logging enabled, and was able
to show management where and what thier employees were doing while they were
working overtime.  It was at this point that an AUP was implemented and
users were properly instructed as to it's contents and consequences.
Needless to say the next month overtime was back at it's normal levels, it
was necessary to terminate the employment of a few people who violated the
AUP, but they were properly warned.</salt?
<garlic>
Another issue to consider is maintaing a work place that is conducive to
work.  I have been called out numerous times to monitor and investigate the
internet habits of workers on the internet.  While i'm definately not a
prude or extreme conservative some of the email/cache files i've seen have
definately not been work related, and if left unchecked could leave the
company(ies) open to major harassment suits.  Also it's extremely difficult
to maintain a level of service (ie.bandwidth and network resources) required
for business transactions, when you have a few people that like to d/l
inappropriate mpeg's of nekkid contortionists.  And i wont even get into the
security aspects of this behavior.</garlic?
<onions>
While our primary duty as network admin's is to maintain access to network
resources (Jim Dennis-Linux Systems Administration), it is also to provide
guidance and experience to management as related to issues involving or
related to technology, this is what sets us apart as professionals and not
little jimmy the 3l337 hack who installed redhat 3 times on his home
computer and is now pimping himself out as a network admin.  This is where
your comment on proper documentation comes into play,  when i make a
recommendation i always send it to more than one person, that way it cannot
be as easily buried, and i do keep archives of all my company mail off site.
</onions>

<cheese>
http://thomas.loc.gov/cgi-bin/query/z?c106:H.R.4908:

This is an interesting bill, which will if passed require employers to
disclose
    `(1) the form of communication or computer usage that will be monitored;

    `(2) the means by which such monitoring will be accomplished and the
kinds of information that will be obtained through such monitoring,
including whether communications or computer usage not related to the
employer's business are likely to be monitored;

    `(3) the frequency of such monitoring; and

    `(4) how information obtained by such monitoring will be stored, used,
or disclosed.
    `(c) EXCEPTION- An employer may conduct electronic monitoring described
in subsection (a) without the notice required by subsection (b) if the
employer has reasonable grounds to believe that--
    `(1) a particular employee of the employer is engaged in conduct that--

          `(A) violates the legal rights of the employer or another person;
and

          `(B) involves significant harm to the employer or such other
person; and

        `(2) the electronic monitoring will produce evidence of such
conduct.
</cheese>


robert....


as seen elsewhere
("Honey, what's this 'OC-3' bill?")