OT: Re: [SQU] Terms and Conditions

----- Original Message -----
From: "Colin Campbell" <sgcccdc@citec.qld.gov.au>
To: "Ben M" <bmckellar@optushome.com.au>
Cc: "Squid-Users@Ircache.Net" <squid-users@ircache.net>
Sent: Wednesday, December 20, 2000 12:20 PM
Subject: Re: [SQU] Terms and Conditions

> Hi,
>
> On Wed, 20 Dec 2000, Ben M wrote:
>
> > Hi,
> >
> > I run a proxy in an organisation with approx 50 users. Management wants
the
> > terms and conditions explained to each user when they open up Internet
> > Explorer. I currently log all sites visited with authentication by
> > username.
> >
> > Is there a way through the proxy i can make it start on a certain page
all
> > the time, that overides the default homepage? Any other ideas about
listing
> > the terms and conditions of surfing the internet.. e.g so they know
they
> > are monitored.. ??
>
> Why not explain to management that trying to solve people problames with
> technology is stupid. What you should be doing is
>
> 1) print T+C and put on user's desk
> 2) get them to read and sign copy of T+C
> 3) do not give them access until you have the signed copy of T+C in your
> hands
>
> That way the users have no excuses, cannot avoid it and you are saved a
> lot of hassles.
>
> Colin
>

I don't think that using technology to assist in solving people problems is
stupid. It's just not the _only answer needed_.

the 1 2 3 process you have outlined above has fallen down in US courts (no I
can't quote case numbers) due to the users 'not knowing the policy' - but
this exact same viewpoint was discussed on firewall wizards recently, and in
more detail. If the users are not kept up to date with the T&C, and not
continually educated, and reminded, you cannot be sure they remember them.
Displaying the latest changes, and reminding the users on a regular basis is
needed. Can you remember your ISP's AUP? No? well forgetting could get you
dropped off the net. This is the same issue.

Having said that, any approach needs to tie in with (not a comprehensive
list)
* a signed acceptance of the corporate AUP; T&C; private information
disclosure policy.
* regular reminders of changes to any related policy (could be
email/photocopy/popup on screen/first page seen each day/....)
* Continual user education about security & risks.
* frequent regular auditing of logs and enforcement of the AUP/T&C. If you
don't enforce it every time, then users can claim "I thought that was ok. I
did it for seven months" when you come to enforce the most recent case. You
can of course just send a warning and leave it at that.. just as long as you
do.

But back to my point. Technical solutions do assist with people problems.
The law in most countries says its illegal to steal, and by living in your
country you accept the law of that country. So why do you lock the door of
your house and why do you have a password on your usercode for your ISP
account? These are technical solutions to a people problem...

Rob

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html