Child Porn: Why One Man's Innocence May Worry IT Managers

Computer security news out of Massachusetts this week could be a sign of big troubles to come for IT managers in enterprises, government agencies, and SMEs, in the U.S. and around the world. It's not a virus or worm or Trojan as such, although they may be involved. No, it's a case in which an innocent man lost his job and his reputation, and may now win a landmark suit against his former employer. Why? Because he was fired for having child pornography on his company laptop without adequate forensic evidence that he put it there.

The case of Michael Fiola could become a landmark of sorts, although some observers seem to have missed the point I'm going to make: Any employer considering taking action against an employee, based solely on what is 'found' on an employer-issued computer, must have solid forensic evidence to justify that action, and preferably be in a position to justify the action on additional, non-forensic grounds. Why? Because failure to do so could have serious consequences.

Legal Precedent, the CIO/CISO Remit, and Indian Affairs

Q. Have you spent much time at the U.S. government's Bureau of Indian Affairs web site lately?

A. No.

I didn't think so. Because, when you go to www.bia.gov it's not there. According to a recent news story that may be about to change, but don't hold your breathe. There hasn't been a web server at bia.gov for most of the past 7 years. Why? The short answer, which I consider to be highly instructive to Chief Information Officers and Chief Information Security Officers everywhere--inside the government and out--is this: "Because the judge just said No."

Allow me to elaborate. Back in 2001 a judge told the BIA to take its site off the Internet because it was not secure. And, in a judgment that strikes me as a brilliant application of commonsense, he added: "Don't put it back until it's secure."

How does a judge determine if a web site is secure? The same way that the Federal Trade Commission does: submit it to examination by an objective, independent third-party who is suitably qualified, such as a CISSP (Certified Information System Security Professional). And that's what the BIA did, in 2003, and again in 2004. Basically, the BIA kept reworking its systems to try and achieve a standard that I like to call "secure enough." That means the site can withstand all of the obvious, predictable and realistically feasible attacks.

And that pretty much sums up the real world standard used by site like Amazon.com and BankOfAmerica.com. For example, a site won't fail the "secure enough" standard just because it's encryption could be defeated by a brute force attack that would take $50 million super-computer to execute. A site will fail if it is found to be vulnerable to a known cross-site scripting attack or a SQL-injection hole that was patched six months ago.

Well now there is a Court Order permitting Internet reconnection for Indian Affairs and the agency is "on the path to full reconnection to the Internet." Note that this is not happening because the judge's security experts gave the site a clean bill of health. On the contrary, the United States District Court for the District of Columbia Circuit and agreed with the agency that the judge was out of line when he issued the Consent Order Regarding Information Technology Security that suspended the site back in December, 2001. So, the court gave permission for the "information technology systems of the Bureau of Indian Affairs (BIA), the Office of Hearing and Appeals (OHA), the Office of the Special Trustee for American Indians (OST), and the Office of Historical Trust Accounting (OHTA) to be reconnected to the Internet." It will be interesting to see how long that takes, and how secure the site proves to be, in a real 'real world' test.

In the meantime, companies might ponder how they would fare if all Web sites had to pass a security review before they were allowed to go live.

Anti-spam: A Stephen Cobb Podcast

A couple of months ago I recorded a 15 minute, interview-style podcast with Brian Kraemer of TechTarget on the subject of spam, then I promptly forgot about it. Well, today I remembered and figured I would embed it in a blog post.



For those who prefer a direct link to the original MP3 podcast file, all 14 megabytes of it, here it is: Cobb on Anti-spam.

I hope you find it useful listening. The target audience was mid-market CIOs (that is, Chief Information Officers at companies with 100-5000 employees or revenue up to $1 Billion). But I think it would be of interest to most SMEs (that is, small-to-medium sized enterprises). Finally, here's a link to the podcast on the TechTarget site.

Freelancers Unite! A way to get health insurance and a voice

If, like me, you've worked as a freelance writer (or coder, developer, editor, consultant, etc.), then you know the pain of trying to get affordable health insurance for yourself and your family, of trying to get paid on time, and generally trying to get the respect you deserve [to say "America runs on freelance labor" would not be an exaggeration].

Now there's an organization that is uniting freelancers to get action on some of these items, most notably health insurance. It's called the Freelancers Union and actually has been around since 1995 when Sara Horowitz, a former labor lawyer, founded Working Today. This was renamed Freelancers Union in 2003 to better reflect its expanded role, which includes lobbying on issues of concern to freelancers (the union received 501(c)4 status in 2007). The original focus was to serve freelancers in New York City but the group is now on a national membership drive. The timing could not be better, with a lot of people being laid off from salaried jobs and rates for individual health insurance is now higher than house payments in many states.

That's right, according to the Census Bureau, the median monthly housing cost was below $1,200 in 20 states in 2006 and $1,200 which the monthly premium we were paying for basic husband/wife BlueCross coverage, no dental, no optical, limited hospital benefits, with a large deductible and hefty copays; that was until we dropped our coverage because we couldn't afford it, which is not unusual for many baby boomers who are now in the health insurance 'dead zone' i.e. too young for Medicare but old enough to have acquired a few health problems and thus really hammered by rising premiums.)

Checking over the web site it appears that Freelancers Union's health insurance rates are about half those for individual plans. Definitely worth checking out if you freelance.

The End of the Internet As We Know It?

Could the day be approaching when blogging about how much you dislike the Church of Scientology or a certain political candidate gets you knocked off the net? Or worse, a heavy knock on the door?

Love it or hate it, the Internet of old appears to be on its way out. A few years from now, two recent news items, when taken together, may reveal a turning point. Most recent was the agreement of several major ISPs to censor Internet traffic. New York Attorney General Andrew Cuomo has coaxed Verizon, Time Warner Cable and Sprint into dropping the long-accepted notion that ISPs are immune from liability for content posted by users, much the same way that phone companies have eschewed liability for what people say in phone calls and, to get historical about it, printing machine makers took no responsibility for what was printed with their presses. This principle, that the carrier is not responsible for what is carried, is even established in law, notably under the 1996 Communications Decency Act.

But as David Kravets, writing at Wired.com observes, under the Cuomo deal, "the ISPs seem to acknowledge a moral role in policing the internet."

An Historic Night for America, Great Hope for the Future

One month shy of the 44th anniversary of the signing of the first civil rights act, the headline from New York Times says it all: Obama Claims Nomination; First Black to Lead a Major Party Ticket.

We've come a long way! And we need to acknowledge that a lot of younger voters are a big part of what made this happen, and that really is a welcome dose of hope for the future.

Radio Paradise Rocks (and soothes and cheers)

When times are tough (and I think we can all agree they are tough right now*) you sometimes need a way to escape, something to take your mind off things, or onto better things. I'm finding Radio Paradise does just that, and it's free as long as you have a broadband connection. Of course, donations are accepted I have been moved to give, it's just such a deliciously eclectic stream of good listening.

Sometimes they throw in some themed sets for fun and these can be quite amusing. Also, I recently found a cool gadget you can place on your Google home page that shows what is currently playing on Radio Paradise, along with album art (just search among the gadgets at Google/ig. You have to believe that this station is boosting CD sales for a lot of artists that people would otherwise not hear.

* Just for the record, on the "tough times" assertion:
  • Largest collapse of real estate values in recorded history
  • Real incomes falling, costs rising, budgets squeezed, jobs lost
  • Potential mega-flation fueled by soaring energy prices
  • World food shortages (again)
  • Middle East in crisis (again)
  • Oppression in far too many countries
  • Impending environmental disaster
  • Health care system in disarray

Sydney Pollack: A great maker of movies

Just wanted to note, with considerable sadness, the death of Sydney Pollack, at the relatively young age of 73.

Pollack's body of work is enormous and impressive (he racked up what must be be one of the longest IMDB listings there is).

Yet, in a business too often tainted by a wealth of unpleasantness, Pollack always seemed like a genuinely nice guy with a good sense of humor and a lot of heart. He directed one of the funniest movies of the last thirty years (Tootsie) and some of the most compassionate (The Electric Horseman and They Shoot Horses Don't They). But he could also nail a cold-blooded and subversive thriller, as in Three Days of the Condor. As a producer and executive producer he helped get some very important and challenging films into theaters (Michael Clayton and The Quiet American). All that and a darn actor to boot! You could always rely on him to get it just right. His craggy face and wry smiles will be missed.

Unseemly In Any Context: One angry video sets Hillary straight

I can't say I'm a fan of Keith Olbermann, the host of "Countdown" on MSNBC, because I've never watched the show. But I might start watching him after viewing this video of his reaction to Clinton's assassination remark (this link takes you to The Fix at the Washington Post where you can watch the clip without ads).

Billed as a "Special Comment" and delivered in the spirit of Edward R. Murrow's opinion pieces criticizing Senator Joseph McCarthy, this was a blistering, high energy critique of Democratic presidential candidate Hillary Clinton. And it wasn't all wind and fury. Olbermann deftly referenced previous assassination allusions made by candidate Clinton, reinforcing the impression that this was not a 'slip of the tongue' or 'out-of-context' anomaly, but rather a simple window into the way her mind works: "I'm going to keep campaigning into June, after all Obama could be dead by then."

I'm not saying that she thinks like that in the sense that she;s actually wishing something bad happens to her opponent, but rather she's wedded to a way of thinking about politics that hopes for the worse if that's what serves your agenda best. Given that the Clintons are already heavily identified with that mindset, you'd think Hillary would try harder to disavow it, or distance herself from it, but instead we keep getting flashes of it, suggesting a flame still burns that is more about personal ambition than public service and the public good. This is not someone I want to see in the White House.

(About the only thing that I didn't like about Olbermann's piece was his final remark, "Good night and good luck." That belongs to someone else and although this "comment" piece came close to the spirit of Edward R. Murrow, I think there are plenty of other ways to sign off without borrowing his.)

Worst Executive Decision Ever? American Airlines goes for broke

When your industry is in trouble and times are tough, the time may come for an executive to make tough decisions. After all, that's why they've been paying you the big bucks all these years, right? So how much is the following idea worth? Charge people who choose to travel on our planes $15.00 for every bag they check.

Consider the following top ten ramifications:

  1. The toll it takes to collect the $15 per back toll (time, resources, aggravation, goodwill).

  2. The strain on gate agent staffing and potential fraud in handling the cash, check or charges.

  3. The chore of promulgating and enforcing rules and arrangements for travelers who arrive with a ticket but say they can't pay for the bag check.

  4. The carry-on baggage explosion? Mayhem in the boarding area as passengers battle to be first onboard in order to grab overhead space.

  5. The regulation of the secondary market in cabin luggage space? For example: "I'm traveling light, I'll put your bag under my seat for $5?"

  6. The added flight delays because it already takes a long time to figure out that the overhead is full and there are three bags that are going to have to be checked. Now we will argue about whose three bags it will be, because the losers have to pay.

  7. The longer security lines and times as more passengers try to get more stuff into their carry-on quota (there's a whole bunch of stuff that is verboten in carry-on bags like more than 3 fluid ounces of most liquids, baseball bats, golf clubs, pool cues, ski poles, big screwdrivers, etc.).

  8. The number of flight attendants who decide it's not worth the aggravation and quit, or worse, carry on working with an even sourer attitude than before.

  9. The effect of people packing more stuff into a single checked bag, leading to more weight surcharges and the resulting time spent arguing and collecting, followed by more muscles pulled by ground crew, health insurance and disability claims, not to mention errors in load distribution as average per checked bag weight shifts.

  10. The lasting damage to public perception of your airline as the one who started this whole mess.


Wouldn't you love to have been at the meeting when they decided this was a good idea? And who supplied the research that said Americans will continue to fly in large numbers regardless of how unpleasant the experience becomes. I already see people doing the math on journeys you can do in a day of driving, like New Jersey to Detroit or Chicago, which is cheaper than flying if there is more than one person in the vehicle. Plus you can pack anything you like in the trunk, no hassles, no surcharges, no security lines. Heck you can even have a 32 ounce big gulp in the passenger cabin. With executive decisions like this one, American Airlines could single-handedly revive the Great American road trip.