Its a precedent that has gone on for over 200 years, dating back very nearly to the founding of the country.
I personally dont like Judicial Review either (and for the exact reason you pointed out) but legally, they cant be "wrong" in their interpretation of the constitution even if they are "wrong" in a common sense fashion.
Pretty sure "didnt consent to a warrantless search" is not cause for an arrest. I mean, they can do it, but that just gives you some juicy ammo for when it hits court.
You're right that there is a potential for abuse, but this is not what its being made out to be.
Every law limits someone's liberties, yes. The civil rights act PROHIBITS people from doing certain behaviors that would impact others based on their race. I would call a prohibition a curtailment of rights, absolutely.
Obviously its worth it in many cases, but any time a law says "you cannot", it is a restriction. Arguing that it "just" brings you under threat of restraint or violence from the state is a pretty weak argument, as well; technically it doesnt make it so that you CANT perform those actions, but it does assign consequences to them.
Thee clerk has a (crappy) job to do. You should be ashamed for yourself for venting about corporate policy decisions to a clerk who has nothing to do with them.
The Supreme Courts rulings are considered to be the correct interpretation of the Constitution. Have a problem with it, take it up with the 1802 Supreme Court.
The Supreme Court by definition (according to Marbury v Madison and the principle of Judicial Review) cannot violate the constitution with one of their rulings, either-- however they decide is considered to be the correct interpretation of the Constitution.
Not only that, I believe there is a principle that makes judges immune to prosecution for a ruling that they give.
Why even post something like that? Is uninformed cynicism what passes for a constructive comment these days?
The location of the gigafactory has not yet been announced, but Musk said it would include lots of solar and wind to power it, leading many analysts to assume somewhere in the southwest U.S., such as New Mexico.....
You're basically saying that there should be additional warnings because the user may not realize that their connection is secure. That is an opinion, and there is merit to it, but I would say that the user has no cause to assume any specific privilege to or privacy on an employer network. Absent any specific allowance, they technically shouldnt even be doing anything personal on it; not that most employers are that strict, but the ability to check your bank account at work is a privilege and an allowance, NOT a right.
Whether the user understands the implications of packet capture isnt something that can be remedied in the context of an AUP, but generally as I recall they include language making it clear that everything I do is under surveillance. If the user doesnt understand what that means, they should ask, rather than assuming that there are exceptions.
I would also note that there are still laws governing what can be done with that data. If a tool were run on top of that to extract passwords, that might be illegal, and if an admin abused their access to personal data it would almost certainly be illegal.
But maybe I also see the legal/HR perspective. And maybe my position on this issue is motivated not by the arrogance of the naive young employee you seem to think I am
I may have been wrong to assume that you were unfamiliar with this sort of thing, but you are absolutely incorrect when you say that most people do not think the "my network my rules" attitude is wrong, or that network surveillance with a notice in the AUP is legally insufficient. You will find that MOST places do that kind of surveillance, with just a notice in the AUP, and that in most countries surveillance is legal when a notice is given.
Maybe I've concluded that this is a silly problem that is almost entirely created by institutional arrogance and personal egos in management/IT,
Then I would hazard that there are a number of scenarios which justify surveillance that you have not gone through. For example: spambots on the network getting you listed on SpamHaus; detecting network viruses that may sneak by your scanner; detecting rogue network access; detecting unauthorized network equipment; detecting attempts to leak highly confidential / proprietary data outside of the network; etc.
You mention court cases where courts did not support these policies: can you clarify? Ive heard of cases where a rogue admin abused his access to personally benefit from the surveillance (spying on employees, particularly at home), but never of a case where network packet interception was, in itself, an issue.
If you tell someone "we are tapping everything sent in and out of our network", I would be astonished if you could get a judge to even consider a "wiretapping" claim. I have EVERY right to tap everything in and out of my equipment, and as long as I have made you aware of that theres really nothing you can say about it.
The analogy breaks down in a whole bunch of ways; it would be more like if there were a sign in a 7-11 saying "CC TV monitoring in use."-- which is completely legal and very common. You can say that the sniffing is "illegal" all you want, I will just point out that it happens in just about every company once you hit a certain size (like 100 or more users).
This type of monitoring is generally allowed where the employer owns the computers, terminals, network, and Internet access. Depending on the country or legal jurisdiction and the specific methods of surveillance used, there may be additional requirements to notify the employee of the monitoring or monitoring policy to be legal.
You are correct that some countries are more strict about this, but I would be astonished if you could find a country where it was illegal under any circumstances / even if you notified your employees. Certainly it is not in the US; certainly every federal agency does it to their own employees.
Most workplaces (at least those ive been to) have a computer use policy. Generally it allows for personal use of the internet, but will generally note that any and all use is both monitored and that you are responsible for how you use it.
Generally they do this because they can be held liable if for example a DDOS originated from their network, for example.
And really, I dont see why you think you get to set the rules on someone else's equipment. You're right that reasonable people understand that people have to do personal stuff at work; thats why they generally make those allowances. That doesnt mean its "do whatever you want" on the network; there are still standards and there has to be a way to ensure compliance. If you want to affect policy, you should probably get a degree or work experience in IT so that you can make informed recommendations. Otherwise I recommend you leave that to those who have done so.
Are you aware of what a Computer Acceptable Use Policy is, or that most insitutions have one? Are you aware that you almost certainly agreed to one if you attend a university or are employed by a medium-or-larger sized company? Or that they almost universally mention that you may be monitored?
? It's a very stupid situation for almost zero extra convenience
Its not "stupid", and it doesnt remove all protections. If an attacker is controlling your switch and / or firewall, you are boned unless you are very technically skilled and very knowledgeable. They could, for instance, intercept all requests for "www.gmail.com" and proxy the response; your browser would never get redirected to the HTTPS site to begin with, so you wouldnt establish a secure session. Instead you would get an HTTP connection to the proxy, who would forward your credentials on to gmail, and now they have your password. You would have to be very vigilant to see the missing HTTPS on every site you might want to look at. Or they could inject content into the non-ssl components of your bank website which screen-scrape your password; it is not uncommon for there to be mixed content on a SSL site, but it can be difficult to detect.
Every company Ive been at has an acceptable use policy, as did (if I recall) all the universities ive been to. They tend to be pretty explicit that your communications are monitored.
More fundamentally, you have no expectation of privacy as you are not on your own equipment; you are on equipment and network owned by the company who has not only the right but the duty to monitor their connections. If someone is running a botnet C&C server from the company network over SSL, who do you suppose is liable for it?
In fact this very thing comes up often regarding spambots. When spam originates from your network, it is your IP that gets blacklisted. You therefore have the responsibility to monitor and filter illegitimate SMTP out.
The majority of my experience is with private sector businesses. This kind of monitoring is pretty standard once they hit a certain size. And you'll note that my post was not an exhaustive list of reasons; there are others such as legal CYA and preventing the leak of proprietary and / or customer information, or even something as simple as controlling run-away abuse of internet privileges.
I truly do wonder how many of the people raising objections are actually involved in network IT; I would hazard that they are not, as most who are are aware of how common this is.
It may seem simple to just say "explain it to the employees" but that takes time and effort, and may give someone the idea that if they can mitigate our concerns then they are OK to violate policy. A lot of the time things like "no personal devices on corporate email" arent JUST about "we dont trust you individually", but "trying to have a separate policy for each individual is too much administrative work, and for auditing / compliance reasons it is far more manageable to say no". Explaining this kind of thing to an HR person with no IT expertise is just a waste of the company's time and theirs, and may give them an opening to argue with something that is a non-negotiable.
Certainly I have never heard it explained to me why i cant do the things I cant do at work; as an IT person I understand some of them, and as I know the security team I am able to ask about others, but the fundamental reason is that I am both employed by my employer and I am replaceable. Its really not my business how they choose to run the company; my job is to provide the expertise I was hired for, and to comply with their policies. If those policies are a PITA, well, Im sure its a PITA to deal with several thousand users who each think they know better, and the job isnt there to make my life simple.
...Until one of your employees does something that could bring liability on you (like bringing proprietary information over from their last job, especially if it was federal --> private sector), and you have no way to prove that you werent complicit.
This stuff happens ALL OF THE TIME. Chris Christie is dealing with it right now. "Non-repudiation" is a pretty important thing when it comes to business communications.
Slashdot Mirror
The only thing im encouraging is that people not post nonsense if they dont know what theyre talking about.
Its a precedent that has gone on for over 200 years, dating back very nearly to the founding of the country.
I personally dont like Judicial Review either (and for the exact reason you pointed out) but legally, they cant be "wrong" in their interpretation of the constitution even if they are "wrong" in a common sense fashion.
Posts like yours are a ray of hope in a bleak and ignorant landscape of slashdot posts.
Thanks for being informed and succinct.
They cant "find" anything until they have a consent, or a warrant.
Your reasoning is circular.
The other guy was arrested for a street robbery. If Occupant B was a suspect, she likely would have been arrested as well no matter what.
Pretty sure "didnt consent to a warrantless search" is not cause for an arrest. I mean, they can do it, but that just gives you some juicy ammo for when it hits court.
You're right that there is a potential for abuse, but this is not what its being made out to be.
Every law limits someone's liberties, yes. The civil rights act PROHIBITS people from doing certain behaviors that would impact others based on their race. I would call a prohibition a curtailment of rights, absolutely.
Obviously its worth it in many cases, but any time a law says "you cannot", it is a restriction. Arguing that it "just" brings you under threat of restraint or violence from the state is a pretty weak argument, as well; technically it doesnt make it so that you CANT perform those actions, but it does assign consequences to them.
Thee clerk has a (crappy) job to do. You should be ashamed for yourself for venting about corporate policy decisions to a clerk who has nothing to do with them.
The Supreme Courts rulings are considered to be the correct interpretation of the Constitution. Have a problem with it, take it up with the 1802 Supreme Court.
No, you didnt. A judge CANNOT commit treason by way of a ruling.
Every law that is ever passed "erodes freedoms".
The Supreme Court by definition (according to Marbury v Madison and the principle of Judicial Review) cannot violate the constitution with one of their rulings, either-- however they decide is considered to be the correct interpretation of the Constitution.
Not only that, I believe there is a principle that makes judges immune to prosecution for a ruling that they give.
He was correct to criticize your use of treason.
This is about when someone consents to a search.... youve never needed a warrant for that.
Save your outrage for when it matters.
Why even post something like that? Is uninformed cynicism what passes for a constructive comment these days?
The location of the gigafactory has not yet been announced, but Musk said it would include lots of solar and wind to power it, leading many analysts to assume somewhere in the southwest U.S., such as New Mexico.....
---The Motley Fool
You're basically saying that there should be additional warnings because the user may not realize that their connection is secure. That is an opinion, and there is merit to it, but I would say that the user has no cause to assume any specific privilege to or privacy on an employer network. Absent any specific allowance, they technically shouldnt even be doing anything personal on it; not that most employers are that strict, but the ability to check your bank account at work is a privilege and an allowance, NOT a right.
Whether the user understands the implications of packet capture isnt something that can be remedied in the context of an AUP, but generally as I recall they include language making it clear that everything I do is under surveillance. If the user doesnt understand what that means, they should ask, rather than assuming that there are exceptions.
I would also note that there are still laws governing what can be done with that data. If a tool were run on top of that to extract passwords, that might be illegal, and if an admin abused their access to personal data it would almost certainly be illegal.
But maybe I also see the legal/HR perspective. And maybe my position on this issue is motivated not by the arrogance of the naive young employee you seem to think I am
I may have been wrong to assume that you were unfamiliar with this sort of thing, but you are absolutely incorrect when you say that most people do not think the "my network my rules" attitude is wrong, or that network surveillance with a notice in the AUP is legally insufficient. You will find that MOST places do that kind of surveillance, with just a notice in the AUP, and that in most countries surveillance is legal when a notice is given.
Maybe I've concluded that this is a silly problem that is almost entirely created by institutional arrogance and personal egos in management/IT,
Then I would hazard that there are a number of scenarios which justify surveillance that you have not gone through. For example: spambots on the network getting you listed on SpamHaus; detecting network viruses that may sneak by your scanner; detecting rogue network access; detecting unauthorized network equipment; detecting attempts to leak highly confidential / proprietary data outside of the network; etc.
You mention court cases where courts did not support these policies: can you clarify? Ive heard of cases where a rogue admin abused his access to personally benefit from the surveillance (spying on employees, particularly at home), but never of a case where network packet interception was, in itself, an issue.
If you tell someone "we are tapping everything sent in and out of our network", I would be astonished if you could get a judge to even consider a "wiretapping" claim. I have EVERY right to tap everything in and out of my equipment, and as long as I have made you aware of that theres really nothing you can say about it.
The analogy breaks down in a whole bunch of ways; it would be more like if there were a sign in a 7-11 saying "CC TV monitoring in use."-- which is completely legal and very common. You can say that the sniffing is "illegal" all you want, I will just point out that it happens in just about every company once you hit a certain size (like 100 or more users).
Rather than just argue with you about this with my own authority, I would point to this:
http://en.wikipedia.org/wiki/C...
This type of monitoring is generally allowed where the employer owns the computers, terminals, network, and Internet access. Depending on the country or legal jurisdiction and the specific methods of surveillance used, there may be additional requirements to notify the employee of the monitoring or monitoring policy to be legal.
You are correct that some countries are more strict about this, but I would be astonished if you could find a country where it was illegal under any circumstances / even if you notified your employees. Certainly it is not in the US; certainly every federal agency does it to their own employees.
Most workplaces (at least those ive been to) have a computer use policy. Generally it allows for personal use of the internet, but will generally note that any and all use is both monitored and that you are responsible for how you use it.
Generally they do this because they can be held liable if for example a DDOS originated from their network, for example.
And really, I dont see why you think you get to set the rules on someone else's equipment. You're right that reasonable people understand that people have to do personal stuff at work; thats why they generally make those allowances. That doesnt mean its "do whatever you want" on the network; there are still standards and there has to be a way to ensure compliance. If you want to affect policy, you should probably get a degree or work experience in IT so that you can make informed recommendations. Otherwise I recommend you leave that to those who have done so.
Are you aware of what a Computer Acceptable Use Policy is, or that most insitutions have one? Are you aware that you almost certainly agreed to one if you attend a university or are employed by a medium-or-larger sized company? Or that they almost universally mention that you may be monitored?
? It's a very stupid situation for almost zero extra convenience
Its not "stupid", and it doesnt remove all protections. If an attacker is controlling your switch and / or firewall, you are boned unless you are very technically skilled and very knowledgeable. They could, for instance, intercept all requests for "www.gmail.com" and proxy the response; your browser would never get redirected to the HTTPS site to begin with, so you wouldnt establish a secure session. Instead you would get an HTTP connection to the proxy, who would forward your credentials on to gmail, and now they have your password. You would have to be very vigilant to see the missing HTTPS on every site you might want to look at. Or they could inject content into the non-ssl components of your bank website which screen-scrape your password; it is not uncommon for there to be mixed content on a SSL site, but it can be difficult to detect.
Every company Ive been at has an acceptable use policy, as did (if I recall) all the universities ive been to. They tend to be pretty explicit that your communications are monitored.
More fundamentally, you have no expectation of privacy as you are not on your own equipment; you are on equipment and network owned by the company who has not only the right but the duty to monitor their connections. If someone is running a botnet C&C server from the company network over SSL, who do you suppose is liable for it?
In fact this very thing comes up often regarding spambots. When spam originates from your network, it is your IP that gets blacklisted. You therefore have the responsibility to monitor and filter illegitimate SMTP out.
The majority of my experience is with private sector businesses. This kind of monitoring is pretty standard once they hit a certain size. And you'll note that my post was not an exhaustive list of reasons; there are others such as legal CYA and preventing the leak of proprietary and / or customer information, or even something as simple as controlling run-away abuse of internet privileges.
I truly do wonder how many of the people raising objections are actually involved in network IT; I would hazard that they are not, as most who are are aware of how common this is.
It may seem simple to just say "explain it to the employees" but that takes time and effort, and may give someone the idea that if they can mitigate our concerns then they are OK to violate policy. A lot of the time things like "no personal devices on corporate email" arent JUST about "we dont trust you individually", but "trying to have a separate policy for each individual is too much administrative work, and for auditing / compliance reasons it is far more manageable to say no". Explaining this kind of thing to an HR person with no IT expertise is just a waste of the company's time and theirs, and may give them an opening to argue with something that is a non-negotiable.
Certainly I have never heard it explained to me why i cant do the things I cant do at work; as an IT person I understand some of them, and as I know the security team I am able to ask about others, but the fundamental reason is that I am both employed by my employer and I am replaceable. Its really not my business how they choose to run the company; my job is to provide the expertise I was hired for, and to comply with their policies. If those policies are a PITA, well, Im sure its a PITA to deal with several thousand users who each think they know better, and the job isnt there to make my life simple.
That doesnt protect you from stack overflows in other parts of the code.... which is what this article is about.
Shouldn't it be considered perfectly normal and appropriate to look for another job?
On company time, company network, and computer? Id call that the height of foolishness, and the company would be right to throw a fit about it.
There could be a lot of valid reasons for that, particularly if any of the work you do involves clearances.
I love it when slashdotters complain about how boneheaded policies are without having the faintest clue of the reasons behind them.
...Until one of your employees does something that could bring liability on you (like bringing proprietary information over from their last job, especially if it was federal --> private sector), and you have no way to prove that you werent complicit.
This stuff happens ALL OF THE TIME. Chris Christie is dealing with it right now. "Non-repudiation" is a pretty important thing when it comes to business communications.