Alastair’s Place

Software development, Cocoa, Objective-C, life. Stuff like that.

Corporate Legal Nonsense

I just ran a whois query, and, yet again, my senses were assualted by Network Solutions' voluminous legal mumbo-jumbo. Apparently,

By submitting a Whois query, you agree to abide by the following terms of use:... etc etc”

Personally I fail to see how this would ever be enforceable. For one thing, you see it after you have submitted your query, not before, and for another, if you are using a whois server other than Network Solutions', it is quite possible that you won't see their legal boilerplate unless you look-up a .com domain (for example).

Where has common sense gone? This rubbish wastes over half a screen of my scrollback buffer, is unenforceable by virtue of the fact that you cannot agree to terms that you have yet to see and is totally unnecessary. If Verisign wish to publish terms of use for their Whois server, fine… but they should put a URL in the output. In fact, this URL would do nicely.

Similar logic applies to corporate e-mail. Why, oh why do corporate IT managers insist on tacking-on some huge unnecessary boilerplate (often two or three times larger than the actual e-mail) to inform us that we shouldn't take any opinions expressed in it as the opinions of the company, that we perhaps shouldn't have read it in any case (remember, for the most part these legal boilerplates are tacked-on at the bottom of the message), and that given that we shouldn't have read it, perhaps it'd be better if we deleted it and forgot about the whole thing?

Do they not realise how embarrassing it is for their employees? That they don't trust their employees to make sensible comments, or even to send messages to the right place! Yet employees of most companies are free to write letters without the company adding a boilerplate. Even on company headed paper, if they want.

And then there's the dilemma of what to do with the wretched things when they end-up as posts on mailing lists. Or, worse still, in the mailing list archives. Technically speaking, the bit about not being the person to whom the e-mail was written probably applies. So we should delete them, right? D'oh!

Then there's the latest pet hate of IT directors… Instant Messaging. Employees might actually communicate with the outside world…shock, horror, we didn't realise that. Better put a stop to it before all of our sensitive information leaks to our competitors. No, no, no! Your employees can leak information to your competitors much more easily without using IM programs, and, equally, there are much easier ways for your competitors to obtain such information without snooping on your data traffic (which, by the way, is actually quite difficult… much harder than, say, bribing an employee, tapping a telephone line or even just walking into your building and taking it!).

Employees use IM the same way they use SMS messages on their mobile telephones, to communicate with their friends. The only convincing argument against IM software is that it might circumvent your firewall, but there are ways of dealing with that.

In any case, I think the IT world is coming at the problem from entirely the wrong angle. It's very easy to be influenced by the media, who have a vested interest in over-hyping things (because it sells newspapers, right), into taking an altogether too draconian approach to IT security. Indeed, some of the companies who operate in this area are also guilty of hyping it up (well, it does sell their products, after all).

I propose a better, entirely novel solution: trust. Trust your employees. If you're uncomfortable about doing so, then call a meeting and tell them that you're going to try trusting them, just to see how it feels. Tell them that they will have to take responsibility for their actions (so, if they say something stupid that gets the company in hot water, then they'll have to explain themselves), but let them know that it is their responsibility.

People aren't machines, and they don't appreciate being treated as such. Sure, they make mistakes, but everyone understands that (even the courts). Give them enough rope to hang themselves, and, if they don't, then you'll probably have more productive staff.

Put an end to Corporate Legal Nonsense, while we still can.