Sergey Dryga wrote:

>>> Why not? Let's look at this from a moral POV. The objective of the
>>> department that set up the web traffic cop is clear: they want to
>>> prevent employees from browsing non-business related sites. As a side
>>> effect they severely harm the work of employees who need to browse
>>> sites as part of their job function. Now one of those harmed employees
>>> finds a technical way to improve the browsing capabilities and uses it
>>> only for job-related browsing. Where is the moral problem?

> Even reasonable people might not realize the impact on business operations
> immediately.  

Right. I don't know, but Mike said that it's been several months and that
he did talk. That was my point (one of them) -- suggesting to him to talk
seems to be trying to break open an open door. And it seemed that talking
didn't solve the problem.

> In addition, there may be other factors influencing their decision, such
> as (i) lack of time - poor excuse but very real; (ii) other issues that
> cannot be discussed with everyone; (iii) fear/unwillingness to challenge
> HR rules due to litigation environment, etc.

Exactly. Which brings us back to why talking may not help sometimes and a
technical solution may be the only possibility to change the quality of
internet access in some cases.

> The moral problem with the technical solution is this: Who decides (proves) 
> that rogue VPN is used for job-related activities?  

I think you're mixing things up here. Morality doesn't need proof; in fact,
you can't prove morality. Mike decides what he uses the VPN ("rogue" is
already implying a value, but that's what we're discussing, isn't it?) for.
If he uses it only for legitimate purposes, it's all ok, morality-wise, I
think. If he doesn't, there may be a morality problem, depending on your
moral axioms. But that's not a moral problem; that's, if it is one, a legal
problem or a responsibility chain problem or whatever... just not a moral
problem.

As Richard said: "provided the intent of the rule is not broken," it's hard
to construct a moral problem, with whatever (reasonable) moral axioms you
want to use.

> In every company I have been, sys admin will scream, or take the head
> off, of anybody who sets up unauthorized service on internal network.
> And they are absolutely right. It is sys admin's job to keep internal
> network operational and safe.  A rogue VPN does not fit in any
> definition of safe.  

I agree with that. But that has to do with the sys admin's job, not with
morality. And you said correctly that it: is their job to keep the network
not only safe, but also operational. And what Mike is saying is that
they're not doing their job on that end.

> Now, I am not saying that all these laws are great, but they are laws and
> why one would set himself up for potential prosecution is beyond me.  

You may have a point that there are legal implications. I don't know about
that aspect, and agree with you -- I wouldn't want to risk legal
prosecution for something like that. But my point was about the morality of
the story, not the legality. The two are not necessarily the same.

> This problem should be solved using bureaucratic means. 

That's of course the best solution, but as we all know not always a
possible one. It's like it is with engineering: many problems "should" be
solved the "right" way, but a number of constraints require shortcuts and
second-choice (by whatever priorities) solutions.

Gerhard

-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist