1996-09-18 - PGP in the workplace

Header Data

From: Rick Osborne <osborne@gateway.grumman.com>
To: cypherpunks@toad.com
Message Hash: 7636d8d5881e2fbdcb7fee325d34dbe88b5c9d861d007ad43a4d6c015aded865
Message ID: <3.0b16.32.19960917232055.005410c0@gateway.grumman.com>
Reply To: N/A
UTC Datetime: 1996-09-18 06:37:44 UTC
Raw Date: Wed, 18 Sep 1996 14:37:44 +0800

Raw message

From: Rick Osborne <osborne@gateway.grumman.com>
Date: Wed, 18 Sep 1996 14:37:44 +0800
To: cypherpunks@toad.com
Subject: PGP in the workplace
Message-ID: <3.0b16.32.19960917232055.005410c0@gateway.grumman.com>
MIME-Version: 1.0
Content-Type: text/plain

Here's one I figure you all would just love:

Yesterday afternoon, I was told by some higher-level associates of mine
(not Management level, mind you, just people higher on the food chain) that
my use of PGP in the coporate environment was not appreciated and could
result in my being looked upon *very* unfavorably by the managerial crowd.
Without even delving into security reasons, I politely explained to them
that due to my job (which has several crypto-related applications) I needed
PGP to communicate with people and list-bots in the outside world (or they
could gladly pay for my formal training).  The just shook their heads and
said "be careful, you've been noticed".  I was then told to stop 'messing
around' in my shell account.  I asked what was meant by this, and
apparently it had been noticed that I had done a few things, which I had
done to simply check the security of my account, which could be viewed as
'inappropriate'.  You know what they were?

1. I checked to see if the passwd file was available to anyone (was it
shadowed, etc.).  This was seen as an attempt to GET the passwd file, and
thereby have access to sensitive data.

2. I change my password regularly (once a week).  Now this may seem
excessive (it apparently did to them), but you must understand that the
entire IS department is extremely buddy-buddy here.  Over half of the users
have root passwords on any given system.  I don't feel like sharing,
horrible me.  I guess my regular chaning of passwords was seen as a strain
on the system (ha!), as they didn't elaborate *why* I had been flagged for

Upon explaining to them that I was simply trying to make sure of my own
security, I was told that I was to just assume that I was secure, and that
*any* 'poking around' was found to be "highly aggravating" and could only
only "exascerbate the situation further."

Luckily, I had to get to class, so I cut the conversation before it could
get any more out of control.

Now, seeing as I'm fairly new to the Corporate world, but is this something
common?  I know when I was at college, poking around was expected and
encouraged, as it helped find and plug holes in the system.  But this is
almost like some kind of protection racket here!

Rick Osborne                     osborne@gateway.grumman.com
"Yes, evil comes in many forms, whether it be a man-eating
 cow or Joseph Stalin, but you can't let the package hide
 the pudding!  Evil is just plain bad!  You don't cotton to
 it.  You gotta smack it in the nose with the rolled-up
 newspaper of goodness!  Bad dog!  Bad dog!" - The Tick