[ISN] Pixar Animation Hack (payroll/ethics/condientiality)

From: mea culpa (jerichoat_private)
Date: Fri May 01 1998 - 00:16:14 PDT

  • Next message: mea culpa: "[ISN] Review: RSI Denial of Service Database"

    Forwarded From: 7Pillars Partners <partnersat_private>
    Posted To: IWAR list <iwarat_private>
    
    Posted at 7:49 a.m. PDT Monday, April 27, 1998 
       
    Survey: Collision of technology, ethics seen
    
       BY DEL JONES
       
       USA TODAY
       
       At Pixar Animation Studios earlier this year, someone broke into the
       payroll database and spun off companywide e-mail listing the
       compensation of all employees.
       
       Adding insult, the intruder tried to make the message appear as if it
       came from Pixar CEO Steve Jobs. The culprit has yet to be found.
       
       At Digital Equipment, workers have invaded the computer files of
       co-workers to make electronic copies and claim the work as their own.
       Others, having let deadlines lapse, blamed the computer for losing their
       work.
       
       Such are the high crimes and misdemeanors of the computer age. A new
       study being released Monday shows the expanding use of technology and
       eroding business ethics may be on a collision course in the modern
       workplace. These two powerful forces are converging to present new
       ethical dilemmas for workers and challenges for businesses. Companies
       are scrambling to re-write policies and develop security methods that
       work.
       
       Forty-five percent of workers say they have committed at least one of a
       dozen actions over the past year that are either unethical or fall into
       a gray area, according to the survey of 726 workers. The survey was
       sponsored by the American Society of Chartered Life Underwriters &
       Chartered Financial Consultants and the Ethics Officer Association.
       
       The ethical abuses range from the relatively minor -- 13 percent of
       workers say they have used company computers to shop the Internet -- to
       the potentially catastrophic -- 4 percent of workers say they have done
       something to sabotage the computer system or data of their company or
       co-workers.
       
       Other actions fall somewhere in between: 6 percent say they accessed
       private computer files without permission; 5 percent listened to a
       private cellular phone conversation; 13 percent copied company software
       for personal reasons; and 11 percent reported to work, logged on and
       searched the Internet for another job.
       
       In response to these new challenges, more than a third of major
       companies believe they have little choice but to monitor telephone voice
       mail, computer e-mail, Internet access, even individual strokes on the
       keyboard in a Keystone Cops way of attempting to control what technology
       makes uncontrollable. Major companies that never dreamed of warehousing
       their regular mail, save every byte of e-mail for three to six months,
       said Raytheon Ethics Director Pat Rodgers.
       While a few employees have always stolen trade secrets, it has become
       easier to do. Once it took enough moxie and muscle to haul documents out
       in boxes. A few years ago, it simply required slipping a computer disk
       into a pocket. Today, a password and the click of a mouse is all that's
       needed, said Jim Settle, former head of the FBI's computer crime squad.
       
       Companies, not wanting customers to know of their vulnerability, report
       few incidents. But security experts estimate that at least 75 percent of
       sabotage comes from inside a company, not from outside hackers.
       
       Omega Engineering of Bridgeport, N.J., has lived the nightmare. The
       company, which does work for NASA and the U.S. Navy, suffered $10
       million in productivity losses after someone unleashed a software
       program known as a ``logic bomb'' that deleted critical computer files.
       
       Timothy Lloyd, who worked at the company for 11 years, has pleaded not
       guilty to charges of destroying company data. His lawyer, Jaime Kaigh,
       calls it a ``hyper-technical case.'' He said the culprit could just as
       easily have been a computer virus known as Little Red. Lloyd faces up to
       15 years in prison if he's convicted at a trial set to begin later this
       year in U.S. District Court in Newark, N.J.
       
       In this new hyper-technical world, companies have but one easy call:
       Block sex Web sites. They have no business application, can spur sexual
       harassment suits and can be largely stopped with software costing $1,000
       to $5,000 a year.
       
       But other actions are far from clear cut. Weyerhauser usually permits
       workers to use the Internet to help their children with school projects,
       but bans playing computer games.
       
       Most companies say they frown on workers doing personal Internet
       shopping, but pause when asked if they'd rather have them dashing off to
       the store. Sports scores? Stock quotes? Not encouraged, but rarely
       forbidden if work is getting done.
       
       Chevron now said its attempt to measure nonbusiness use of the Internet
       last year ended in utter failure. At first the company was stunned to
       learn that 46 percent of visited sites had no business application, but
       then decided it was impossible to know the business needs of its 10,000
       workers with Internet access. It now concentrates on blocking sex sites
       and all but ignores the rest.
       
       Indeed, when it comes to techno-ethics, there is so much gray area that
       corporate policies, still being formulated at most major companies, are
       little more than pleas for employees to use common sense and do the
       right thing.
       
       It's tricky to limit abuse, ``without coming across as Gestapo,''
       Rodgers said.
       
       One problem is that ethical abuses spurred by technology range
       enormously in gravity. At one end is sabotage and theft of company
       secrets. At the other is the prankster like the one who recently had his
       co-workers at Northern Telecom picking up telephones that they only
       thought were ringing.
       
       The prankster tape recorded the sound of a ringing phone, then
       programmed it into the computer network so that the ring rotated from
       the speakers of one computer to another. The stunt got laughs, no
       complaints and is the kind of thing Nortel Ethics Director Megan Barry
       said the company hesitates to discourage in its quest to stimulate
       creativity.
       
       But pranksterism is a hairbreadth from trouble. And, everyone is a
       potential victim. Someone from a nearby desk or office can sneak onto
       your computer and send out harassing e-mails under your identity. Or
       they could change the autocorrect spelling function so that when you
       type the first name of your boss it becomes something insulting.
       
       Most techno-ethical dilemmas land somewhere between sabotage and
       pranksterism. For example:
       
       -- At Weyerhauser, a traveling worker called in fuming when his laptop
       was frozen for an hour after he downloaded an e-mail Valentine sent by a
       co-worker.
       
       -- A Texas Instruments worker who belonged to an investment club thought
       he was being helpful when he posted to an Internet chat room some
       company financial information that had not been released to the public.
       He was potentially breaking insider trading laws, Ethics Director Carl
       Skooglund said. Other Texas Instrument workers have sent out politically
       charged messages with company e-mail suffixes, creating the impression
       that it may be a company-sponsored position.
       
       -- Raytheon is among companies that often finds workers running side
       businesses from their work stations. It used to be Avon sales over the
       phone. One of today's favorites is income tax preparation. Companies
       auditing worker e-mail have uncovered mountains of personal financial
       information flooding in.
       
       Victory may soon be declared in the war on sex-site visits. That gets
       the most media attention, but just 5 percent of workers say they have
       made such a visit in the last year. The percentage is the same for men
       and women.
       
       But even here, many companies are delicate in their responses. The memos
       Nortel sends to sex-site abusers warns them that they might want to
       guard their passwords more closely because their computer has been
       frequently used to access pornography.
       
       ``We do not accuse workers, we accuse the computer,'' laughs Barry.
       
       Fifty-five percent of workers say they do manage to stay above the fray
       and have committed no techno-ethical violations in the past year. Dallas
       sales agent Linda Milton maintains her ethical standards to the point
       that she never forwards the barrage of jokes that arrive via e-mail.
       
       Companies consider employee sabotage the biggest techno-ethical threat,
       and the FBI warns that it's just a matter of time before the twin forces
       of technology and eroding ethics bring a company to its knees.
       
       Since suffering its data losses, Omega Engineering said it has taken
       steps so that it would require a ``conspiracy'' of several key employees
       to wreak havoc on its system, not just one acting alone. Beyond that,
       said Omega's human resources director Al DiFrancesco, ``My first line of
       defense is not to discuss it any further.''
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Dimensional Communications (www.dim.com)
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:52:18 PDT