Slashdot Mirror
How IT Pros Can Avoid Legal Trouble
snydeq writes "InfoWorld's Peter S. Vogel reports on the kinds of inadvertent transgressions that could land IT pros into legal trouble without realizing it. From confidentiality and privacy negligence, to copyright and source code violations, IT staff are legally liable for a lot more than they might think — in some cases because the law will not stop at your employer, instead holding individual IT employees responsible for violations even if the individuals are just 'doing their job.' Worse, as the recent case against Terry Childs has shown, judges and juries are often not technically savvy enough to understand what IT pros do. 'That lack of understanding can lead them to conclude you're at fault or should have known better,' Vogel writes. 'After all, many people think anyone technical is a whiz kid or brainiac on any topic.'"
What legally questionable scenarios have cropped up at your job?
When someone at work has a blackberry, they are set up on the Blackberry enterprise server, which manages all their contacts and emails and calendar and such.
If they leave, or are terminated, we are told to send the kill command to their BES account. This will delete any emails off their phone AND their contact details. In some cases, a person will be let go - our IT staff will be let known first so their account can be disabled for security reasons. Then that recently laid off person has lost all of their contact details - including Mom and Dad and sweet Great Aunt Gertrude.
We haven't faced any legal suits yet - but it happened a couple times where people have gotten angry. As a precaution - we've started informing people that this happens - so anyone with a blackberry needs to back up their contacts constantly.
Here's one: I worked for one of the top national retail firms. Their POS systems were booted using PXE, and there was no firwalling between the stores and corporate HQ. In other words, the network topology was completely flat. Setup a PXE server at any store, distribution center, or headquarters, and you could respond to PXE requests sent by the POS systems. The store's location was coded into the DNS RR, and followed an easy to understand naming convention -- they also were powered down every evening. Which means, you had about a 10 minute window each day where if you disabled or DDoS'd the one PXE server on the network, you would be able to send a bootable image to every POS server in that timezone.
They fired me three days after reporting this flaw, calling me a security risk.
#fuckbeta #iamslashdot #dicemustdie
I have often been either asked to use pirate copies of software (Borland Turbo C in the 1980s), or accept license agreements personally, where a corporate license would have been more fitting. Neither of these have occurred at my present place of employment, thankfully.
In other areas, I was once asked by a low-level manager at a client company of our contracting firm for my SSN for a "background check". I was told this person had a reputation of committing identity theft in the name of contractors, obtaining credit in their name, and threatening to insist they be removed from the assignment if they complained. I don't know if that was true, but did insist that any "background check" would be done by a recognized neutral party. I was requested removed from the assignment, and let go for lack of other work.
On the pirate software issue, I simply licensed my own copies, and took them with me when I left (well, wiped them off my work computer). Borland's license would let me use their compiler on any machine, even let someone else use it, one at a time.
The bottom line is that if your employer asks you to break the law, find another job... fast.
In Liberty, Rene
I can't tell you how many shops I've worked at where it was obvious that all the software was cracked. My favorite was a print vendor who would encourage his staff (college interns) to "bring in" some of their school software/plugins to "test in a real-world environment". Anytime someone had to send a job to print, all the workstations would have to be disconnected from the network or else there would be licensing conflicts with all the cracked warez. This was more than a decade ago, and the vendor in question has been out of business for a long time. Scumbag-- everything he did somehow reeked of illegality.
I remember I came in once (this was right after I started) only to find the entire staff (except the interns) had quit without warning. Everyone from the production managers to the secretaries-- gone. I soon followed, natch!
Do to cut backs he was the only guy on the job 24/7 and lot of the people there did not have a clue at all. And giving the out the network pass word over a open phone call in a big meting room?
From what I gathered, Childs (a) broke the law, (b) didn't do the right thing (specifically, the city was in real trouble if he got hit by a bus), and (c) tried to run away, suggesting he thought he'd be in trouble.
Lack of criminal intent and good intentions go only so far in mitigating breaches of the law, and my common-sense injection would have been that Childs had gone over the line and should be convicted. Had Childs provided for the possibility of his sudden demise, I'd feel a lot better towards him, and I'm not at all sure he'd have been convicted.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
I agree, but I'd go further - and my comments apply equally to free and commercial software.
We're a small shop and part of my job is to keep on top of licensing. After doing this job for some years, I have reached an inevitable conclusion.
You are not supposed to get it 100% right. Indeed, you are being set up for failure .
While some licenses are fairly straightforward, enough of them are sufficiently complicated that it is wholly unrealistic to expect any organisation to be entirely perfect. Whether this is by accident or design I wouldn't like to say, but I am dead certain that there is no organisation on God's sweet earth that would come out of a BSA audit without at least something wrong.
I've seldom worked at a place that didn't pirate software. From fortune 500 to mom and pop shop, they all do it. The annoying part is I actually purchase mine, and in 3D that's not cheap. Ive spent easily 30K in the past 3 years keeping 'legal' with my software only to be underbid by these pirate shops. Now I am contracting at one because I can't win a bid against these pirates as their overhead is much lower than mine because of this.
My favorite part is negotiating my rate for a contract and I stipulate that it's cheaper if I can work from home because I have full support of my fully paid for software. They almost never get it at first, but when I mention my one caveat of not supporting or bug fixing/debugging scenes made with pirated versions. That wakes them up every time. Mostly because the first two weeks are at a preset lower rate while we get used to eachother. Only after those two weeks I am privy to all sorts of info (such as pirating) and then they are often afraid not to hire me in case I rat them out. It's a shitty system with a couple perks.