Firewall Wizards mailing list archives

Re: What about Traffic Analysis?

From: Ted Doty <ted () iss net>
Date: Fri, 07 Aug 1998 10:09:04 -0400

At 09:01 PM 8/6/98 -0400, Bennett Todd wrote:

In my own experience, if you are ready to read other peoples' email and

act on

what you find, traffic analysis will turn up plenty of questionable stuff ---


Define questionable (that'll be a fun exercise).  Make sure that you're
thorough, which means let your mom review it when you're done (if she
doesn't understand particular issues, go back and re-define them).  Now get
your corporate lawyers to review them.  NOW get your CEO to sign off on them.

At this point, you're ready to distribute to everyone in the organization.
Probably you need to get them to sign a form stating they read and
understood the guidelines (e.g. don't email resume.doc to headhunters).

A special note to people who actually want to do this.  Ask your lawyers
how they expect to defend the organization against the inevitable lawsuits
that will result (wrongful dismissal, if nothing else).  One group I know
defined the threshold for employee dismissal for downloading pornography at
work to be anyone who downloaded more than 1000 pix.  The argument was that
this would be considered *so* egregious that it would hold up in court, or
at least deter suits.

If your management isn't willing to pay the on-going cost of the analysis
(which will be high, since at least several people will be involved), if
your management isn't willing to accept the loss of high performing
employees who refuse to go along with Big Brother proceures like this (is
emailing resume.doc an actionable offence?  *Should* it be?), if your
management intends to duck and cover the first time someone sues the
organization (count this as more expense for Spin Doctors), if your
management is likely to be nervous about Loss Of Reputation from these kind
of lawsuits (I remember the Alana Shoars vs. Epson America incident) then
Don't Go Here.  This is not an exercise in technology, it's flat out politics.

ObDisclaimer: I probably would not want to work in a place that was
successful in defining criteria of acceptable use; I certainly wouln't work
in a place that implemented this without defining any criteria.  Your
mileage, as always, may vary.

- Ted

-----------------------------------------------------------------------
Ted Doty, Internet Security Systems          | Phone: +1 678 443-6000
6600 Peachtree Dunwoody Road, 300 Embassy Row | Fax:   +1 678 443-6479
Atlanta, GA 30328  USA                       | Web: http://www.iss.net
-----------------------------------------------------------------------
PGP key fingerprint: 362A EAC7 9E08 1689  FD0F E625 D525 E1BE

Current thread:

What about Traffic Analysis? Adam Shostack (Aug 06)
- Re: What about Traffic Analysis? Bennett Todd (Aug 07)
  - Re: What about Traffic Analysis? Ted Doty (Aug 07)
  - Re: What about Traffic Analysis? Henry Hertz Hobbit (Aug 07)
- Re: What about Traffic Analysis? Ted Doty (Aug 07)
  - Re: What about Traffic Analysis? Adam Shostack (Aug 07)
- <Possible follow-ups>
- Re: What about Traffic Analysis? Ryan Russell (Aug 07)
  - Re: What about Traffic Analysis? Stephen P. Berry (Aug 07)
- RE: What about Traffic Analysis? Jeff Sedayao (Aug 07)
- RE: What about Traffic Analysis? Peter Mayne (Aug 11)