From: tcmay@got.net (Timothy C. May)
Date: Wed, 18 Sep 1996 19:29:30 +0800
To: cypherpunks@toad.com
Subject: Re: PGP in the workplace
Message-ID: <ae64d1c30c021004635b@[207.167.93.63]>
MIME-Version: 1.0
Content-Type: text/plain


At 3:20 AM 9/18/96, Rick Osborne wrote:

>Upon explaining to them that I was simply trying to make sure of my own
>security, I was told that I was to just assume that I was secure, and that
>*any* 'poking around' was found to be "highly aggravating" and could only
>only "exascerbate the situation further."
>
>Luckily, I had to get to class, so I cut the conversation before it could
>get any more out of control.
>
>Now, seeing as I'm fairly new to the Corporate world, but is this something
>common?  I know when I was at college, poking around was expected and
>encouraged, as it helped find and plug holes in the system.  But this is
>almost like some kind of protection racket here!

Sadly, this is common. Anybody taking undo interest in security "must have
something to hide."

Be aware that the effects can be a lot worse than just "being noticed," or
even of being dismissed. Companies have been known to call in the police.
(And since you are posting with a "Grumman" account, this could trigger
visits by the DIA and other such agencies.)

This happened in a well-publicized case up north, and I am convinced (from
reading some of the details) that the programmer was not doing anything
criminal. Even many who worked with him have expressed the same views, that
he was just an unusually curious and attentive security expert. Some of
them tell me they--and their employer!--were surprised the case actually
went to trial.

But the DA decided, for whatever reason, to prosecute on felony charges. I
can only speculate about the pressures, the desire for publicity in a
trendy new area ("computer crime"), and about the relative importance of
this employer to the local economy.

So, don't get too curious. Don't change your passwords more than your
neighbors do (or at least not more than 2.13 standard deviations more often
than is the statistical average of all employee-units within 7 cubicles of
you in all directions). And whatever you do, never, never, never point out
security flaws. This is a sure sign of your guilt. Or your smarty-pants
attitude, which is actually worse.

(Never cast perls before swine.)

(All of this is explained daily in "Dilbert," of course.)

--Tim May

We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."