Domain: computerfraud.us
Stories and comments across the archive that link to computerfraud.us.
Comments · 7
-
Re:Nuke it from orbit
I assume that was intended as an analogy but I can't come up with any link between that and what we are talking about...
There was plenty of other stuff in my post for you to dwell on. The point was, it isn't your crap, it is owned by someone else, You do not get to decide when or how what is done unless the employer/owner gives you permission first.
That sounds like a very poorly structured work place data infrastructure. There shouldn't be any important data on desktops and workstations in the first place.
Or a very poor employee and perhaps a dishonest employee who is making deals to take with him or even taking the client lists or trade secrets. No one has cleared this employee and designated them uber honorable or anything. Wanting to destroy any traces of his computer usage definitely has a different sound to it then "I don't want them knowing my log on to to site X that they could have found out at any time if they wanted over the last 10 years".
Employee issued systems can't be trusted with any data of significance and as such it shouldn't be significant if one is lost.
If the employee is competent and trust worthy.
Systems get corrupted and wiped routinely in normal operations so it shouldn't matter if an employee wipes a system.
Your right, it shouldn't if it is done at the direction of the owner of the computer. However, an ex employee is not the owner of the computer or the data on it.
Your security policy should work from the assumption that employee systems are untrusted and implement infrastructure level controls that don't depend on software on that system or preventing local administrative access to the employee.
In an ideal world, but the world is far from ideal. What should be done is often replaced with how much is it going to cost and you simply cannot get around that in a lot of situations. It doesn't matter because in the real world, data does sit in a lot of places and it as well as the computer belongs to the employer not the employee.
But hey, don't just take my word for it, here are some links where people who believe like you ended up believing like me after a costly and painful experience.
http://news.cnet.com/Police-blotter-Ex-employee-sued-for-deleting-files/2100-7348_3-6171274.html
http://www.tomshardware.com/reviews/top-10-lawsuits-2006,1884-3.html
http://www.sgrlaw.com/resources/trust_the_leaders/leaders_issues/ttl17/827/
-
Pulte vs. LIU
Just this past summer the 6th Circuit Court of Appeals found that a union could be held liable under computer hacking laws (Computer Fraud and Abuse Act) for doing exactly this -- using a combination of auto-dialing and member phone calls to protest an action, and thus filling up the business' voicemail and making the lines unavailable for a period of time:
-
Re:Got it wrong in one
Here's a good read as to what the union was up to:
They were "fighting back" and were (likely) more damaging to their voice mail system than their email system. So, this isn't just about emails - Slashdot likes to redact info for the sake of clicks.
Finally, this ruling IS completely dependent on the apparent intention of the Union - which was, indeed, malicious.
No surprise - look at how certain Verizon employees, and union members, have sabotaged Verizon services over the last week or so.
-
Re:Got it wrong in one
They did in fact use an outside robo-dialer to flood the phone system with voice mails. http://computerfraud.us/articles/can-a-labor-union-be-sued-under-the-computer-fraud-and-abuse-act-for-spamming-an-employer%E2%80%99s-voice-and-email-systems
As long as they did it in compliance with federal and state laws, then I don't see a problem with it. If they didn't, then that's the law that they should be pursuing them under, not some computer crime law. If they were in compliance, then I don't think they really have a case.
-
Re:Got it wrong in one
They used an auto-dialer to bombard the phone system.
from linky:
(1) The union “instructed its members to send thousands of e-mails to three specific Pulte executives;
(2) many of these e-mails came from . . . [the union’s] server;
(3) . . . [the Union] encouraged its members to “fight back” after Pulte terminated several employees;
(4) . . . [the union] used an auto-dialing service to generate a high volume of calls; and
(5) some of the messages included threats and obscenity. And although Pulte appears to use an idiosyncratic e-mail system, it is plausible . . . [the union] understood the likely effects of its actions–that sending transmissions at such an incredible volume would slow down Pulte’s computer operations. . . .
[The Union’s] rhetoric of “fighting back,” in particular, suggests that such a slow-down was at least one of its objectives. Id. at *6.
It's pretty clear the 'intent' here was to disrupt them, not to prove a point. And preventing the business from operating (which is entirely separate from a strike) *is* illegal. you can picket outside but you can't block access...which is what they did here. -
Re:Got it wrong in one
What if the individual senders didn't know or have reason to know about the limitation of the recipient? I know when I send an email I don't think to myself "hmm, I wonder how big their inbox is and if it's full?... Maybe I'd better ring them before sending the email to make sure there's room".
You can't call them, that's hacking too. FTFA "because it asked members to email and call an employer many times"
Another source: "The calls clogged access to Pulte’s voicemail system, prevented its customers from reaching its sales offices and representatives, and even forced one Pulte employee to turn off her business cell phone."
Since you don't know who else is calling or emailing them you could be contributing to "hacking". -
Re:Got it wrong in one
If they were using a bot to mass-spam them with the intention of crashing their systems, I'd agree with you.
They did in fact use an outside robo-dialer to flood the phone system with voice mails. http://computerfraud.us/articles/can-a-labor-union-be-sued-under-the-computer-fraud-and-abuse-act-for-spamming-an-employer%E2%80%99s-voice-and-email-systems