Network World

The WSJ article was somewhat tongue in cheek. Your's is more of a diatribe that is going no where. One of the problems with "ethics" is that your ethical standards may not be that of the wider community.

For example, your assessment of porn as really bad and gambling as the lesser "sin". While surfing porn sites at work is bad, I'd regard gambling as worse.....

Education of users is critical; starting to moralise and impose your own values is the quickest way to switch them off - or even to actively circumvent good policy. Explaining the personal value of good security is much more likely to achieve results than the self righteous tone you are adopting.

You assume that "Bob" is a slacker who wants to goof off instead of working. While this certainly does happen, just as likely, in my experience, "Bob" is a conscientious employee just trying to do his job, who has run into a site incorrectly marked "pornography" or "hacker tools" or "leisure site" or suchlike that he needs to access in order to properly to do his job (or some similar "one size fits all" restriction).

"Bob" may also have previously tried to go through channels to gain the access he needs to complete the task he has been assigned. Perhaps he's clicked on the "if you think this message was in error" link and seen his request fall into a black hole. Perhaps he has enlisted the services of his supervisor, and been told "that list comes from an outside service, and we don't have any resources available to get it changed."

So what's the ethical thing for "Bob" to do??? Try and do his job, or just give up because the IT department can't be bothered to help?

I am actually rather apalled by the widespread assumption that "users" are some sort of lower form of life who need to be kept in the dark, spoon-fed as little accurate information as possible, and treated as potential layabouts and malefactors.

Somehow, this assumption doesn't seem to pass your ethics test, either...

It's all too black and white. Cut and dried. Either or. The real world is much more gray!

If the employee we are talking about is an hourly employee -- the IT equivalent of a burger flipper --- then the case presented makes some amount of sense. But, I am hard pressed why they have a fully functional browser, and expensive hardware.

I think the more interesting case is when you apply this to what I will classify as "knowledge workers". They present a tougher case in what's acceptable use. Proper leadership would know when the people were being productive and then trying to micro mange what people do by AUPs -- which never work, especially with smart motivated people -- would be unnecessary.

While we are talking about following rules, the rule maker's hands are not always that clean. Sometimes there are different AUPs for the AUP-makers. AND, then we have msny organizations, who want knowledge workers to provide off hour support from home without compensation, wanting to enforce an AUP. Seems like the rules are used when they are convenient.

Bottom line: Everyone must tread very carefully. And, keep notes on what is "current practice". They'll be useful when you negotiate your severance or can be used as evidence at your trial. AUPs are another gotcha from the Ebenezer Scrooge School of Overseer Management!

Ferdinand John Reinke
Kendall Park, NJ 08824
Webform that creates an urgent email => http://2idi.com/contact/=reinkefj
Web page => http://www.reinke.cc/
My blog => http://www.reinkefaceslife.com/
My blog's rss feed => http://fee