Firewall Wizards mailing list archives
RE:Vulnerability Scanners ( was: concerning ~el8 / proje ct mayhem )
From: Paul Robertson <proberts () patriot net>
Date: Mon, 26 Aug 2002 12:13:20 -0400 (EDT)
On Mon, 26 Aug 2002, Behm, Jeffrey L. wrote:
What mechanism won't have flaws?
That's where a good lawyer[1] gets their money though. There also may be other mitigating circumstances, such as first ammendment rights for state college professors (Urofsky vs. Allen)
could be more liable for the things that get through than you are if you don't try. Suddenly you've placed yourself in the position of an editor,You are only the editor if you are editing...what about subscription services that provide "block lists"...are you still considered the editor, when you are only blocking categories, and not individual URL's?
That's a good question, and one that I'd encourage folks filtering to discuss with their legal counsel.
and legally, not trying and not failing is different than trying andfailing. To me the above argument applies if you are an ISP, but not a non-ISP corporation.
ISPs didn't get common carrier status, a company *IS* an ISP to some extent in regards to its employees. That's why it's a legally slippery slope.
People seem to forget that businesses are not democracies, and the employee doesn't have the same rights as he/she would have in the "real world." See the "No expectation of privacy" clause in the email/Internet policy of prudent corporations.
"No expectation" gets you past ECPA, but liability for content and filtering isn't part of ECPA.
I thought in order to protect in the case of lawsuits, a company can show they were making "reasonable" attempts to prevent such activity from occurring. Who can say they are completely effective in being able to stop "folks like Jim" without disconnecting from the Internet.
The bar for "hostile workplace" seems to be high enough that filtering won't make any difference in a defense if it's not present: http://www.ftrf.org/work_jb.html Seems to have a good bit of info, even if parts of it are library-specific. Jacksonville Shipyards has been the "standard" citation in discussions I've had in the past, and I wasn't aware that the case hinged upon verbal harrassment in conjunction with the pictures, that certainly changes my outlook on what I have to worry about. Sexually hostile speech seems to need to be part of the work environment to be actionable *and* must rise to a level sufficiently severe to create an abusive workplace[3].
Agreed on both counts. Not taking action can be very expensive though.....As important as taking action is *when* you take action- and preemptive strikes can cost you in court where post-event action won't.If you continue to ignore the issue and take no pre-emptive measures, then post-event-only action may cost you as well. This mindset would potentially (and in my opinion, doubtfully) only work on the VERY first case at one's company. What Judge is going to believe you "didn't know you were supposed to keep the garbage out by filtering/blocking?"
Filtering/blocking doesn't keep that stuff out- therefore the argument that you "didn't know" is specious- all the filtering in the world will make the connection business unfriendly (heck, I've gotten about 150 bounces from *this thread* from content filters- think blocking this discussion is useful?[2])
Even so, all other cases would then require pre-emptive action, or the Judge could say "Don't you (the company) get the hint? You need to stop this activity for ALL employees, not just those that are being reported. Don't let me see you in this court-room again, without having taking any precautions about preventing this."
Hasn't happened yet AFAICT. Harrassment *isn't* just about seeing a picture from what I've read, and you're only going to lose if the environment is condusive to it- that's other things in conjunction with picture viewing. So, more likely the judge would have something to say for the lawyers who keep brining specious cases.
About the only preemptive action that seems to have not landed anyone in hot water is training.Training? What training? ;-)
Every time they send me to harassment training, I tell them I don't need training, I'm already very good at it ;) Paul [1] Oxymoron for sure. [2] Hrm, maybe a bad example ;) [3] Caviness, 105 F.3d- Winsor, 79 F.3d- Harris v. Forklift Sys Inc, 510 US 17 (1993)- Meritor Savings Bank, FSB v. Vinson, 477 US 57 (1986) ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE:Vulnerability Scanners ( was: concerning ~el8 / proje ct mayhem ) Behm, Jeffrey L. (Aug 26)
- RE:Vulnerability Scanners ( was: concerning ~el8 / proje ct mayhem ) Paul Robertson (Aug 26)