I work in a rather large cumbersome beaurocracy with extensive rules for everything from how to enter timecards to how many squares of TP are to be used for each visit to the can. Today's subject is the corporate policy that states (paraphrased): Thou shalt not connect non-corporate-issued devices to the corporate network.

We have windows PCs. We do not have the admin password. As such, we can not install anything that alters the registry. I have an iPod, and although it can't transfer data between itself and the PC without a driver (presumably iTunes), it will charge when connected via usb. Someone spotted me with the wire connected to the PC and turned me in (that's a whole other story). Here is the conversation that subsequently transpired over several days.

HR:      Corporate policy states: Thou shalt not.... You have violated this policy.
Me:      The policy is intended to prevent viruses from being introduced into the network. 
         Since I don't have admin privileges, I can't install the driver required for the    
         PC to see the device. Accordingly, no file transfers are possible. It's simply charging
HR:      Corporate policy states: ...
Me:      Yes, but you have to understand what it means...
HR:      (Borg-like intonation) You are in violation...
Me:      I'd like to speak to a manager please
Mgr:     I understand there is some confusion regarding your adherance to the corporate 
         policy regarding...
Me:      *repeat explanation of what happened and why it's not a problem*
Mgr:     That seems to make sense, but policy is clear...
Me:      Blind obedience to something you don't understand doesn't make sense.  
         Let's talk to somebody on the technical side, from whence the policy came
Tech:    snoofle is correct; without admin privileges, the required software can not be 
         installed, so there is no danger
HR:      But he is still using bandwidth
Me+Tech: If no data is being transferred, exactly what bandwidth is being used?
Mgr:     What you're saying makes sense, but the policy says ...
Me+Tech: Yes, but that's not what it means
HrM:     Then the policy must be rewritten to be clear...

The really sad thing is that this isn't the first time I've run into this stupidity, but HR keeps rotating their drones, and it needs to be explained over and over.

God, I hate bean-counters...

 Get a power connector for it so you don’t have to plug it into your USB port.

 Yes, that makes sense,  but you violated the policy.

 

Couldn't you have said "No, I did not violate the policy." and then left him to respond. Simple replies for a simple mind, see.

This does not violate the intent of the policy, and is perfectly safe.  Nevertheless, had I been your manager, I'd have asked you to stop doing it, because if people see you plugging your iPod in, it will weaken the policy.

Basically, you can't rewrite the policy to allow for charging of devices via USB without making the policy too confusing for your non-technical staff.  And a security policy staff can't understand is one they're not going to follow.

frymaster:

And a security policy staff can't understand is one they're not going to follow.

 

Sometimes -- but only sometimes -- I don't like how you can leave out "that/which" in many an English sentence.

A staff can't understand is one!

I like how they follow your advice to consult with a tech, but just ignore what he says.

Although the case for rewritting the police to be clear is quite evident.

snoofle:

Thou shalt not connect non-corporate-issued devices to the corporate network.

You can set an iPod up to act as a USB drive which can be interfaced to your computer without the use of iTunes. I am not sure if connecting a USB drive to a Windows PC is allowable under your security settings, but if it is then the objection to your actions is valid.

snoofle:

HR: But he is still using bandwidth

I actually laughed at this one. WTF... Tell them you've brought some bandwidth from home and you're refilling the computer by pushing it in through the floppy drive slot.

Oh and who's the prat that turned you in? I want to hear that story.

 

OzPeter:

You can set an iPod up to act as a USB drive which can be interfaced to your computer without the use of iTunes. I am not sure if connecting a USB drive to a Windows PC is allowable under your security settings, but if it is then the objection to your actions is valid.

I used to do this, i.e. use my iPod as an external drive without installing iTunes. Windows XP recognised it without installing any drivers. Although I did have admin privileges on the machine so that might have made a difference.

I would agree with the solution of buying a plug-in charger for your iPod!

HrM: Then the policy must be rewritten to be clear...

Tech: Sure, how about "Thou shalt not connect non-corporate-issued devices to the corporate network, unless we say it's okay"

Behold the Policy.
Praise the Policy.
The Policy shelter us.
The Policy protect us.
The Policy guide us.
Let none threaten the almighty Policy.

DOA:

Oh and who's the prat that turned you in? I want to hear that story.

Agreed - your tales are well written and funny, I'm sure this would be no exception!  Please do tell.

The policy does need to be rewritten to be clear.  Specifically, it needs to be clarified that IT policy is to be enforced by IT and only IT. 

I'll bet there were people like you in Gomorrah.

Lot: God says thou shalt not covet another man's wife.
Snoofle's Great great great great...: The policy is intended to prevent jealous husbands 
     from going round killing covetters. Since her husband doesn't know, and he's away 
     all weekend, no-one's getting hurt. Accordingly, no covetter killing is possible. I'm 
     simply having a bit of fun.
Lot: God says...
That chap: Yes, but you have to understand what it means...
Lot (sounding like he's in a Cecil B De Mille film): God won't be happy...
That chap: I'd like to talk to a city elder
City elder: I understand you've been playing away from home...
That chap: *Yes, but her husband isn't going to find out*
City elder: That seems to make sense, but policy is clear...
That chap: Blind obedience to something you don't understand doesn't make sense.  
     Let's talk to somebody on the religious side, from whence the policy came.
Angel of Death: (Rains down fireballs, for God is not to be messed with).

The policy was phrased in simple terms precisely so that _everyone_ could understand it - which is clearer:

• Thou shalt not connect non-corporate devices to the corporate network

or

• Thou shalt not connect non-corporate devices to the corporate network except for ipods, and then only for charging; and headphones; or those cute little usb fans; or toasters; except on the last day of term, when anything goes really.

???

TRWTF is that you thought diluting the policy simply to suit your own selfish ends would be a good idea. Worse, you just thought that you'd circumvent it without even asking whether it would be OK before doing it. Had you asked, you'd have been able to say that the sysadmin says it's OK, go and whine at him.

drbhoneydew:

I'll bet there were people like you in Gomorrah.

Lot: God says thou shalt not covet another man's wife.
Snoofle's Great great great great...: The policy is intended to prevent jealous husbands 
     from going round killing covetters. Since her husband doesn't know, and he's away 
     all weekend, no-one's getting hurt. Accordingly, no covetter killing is possible. I'm 
     simply having a bit of fun.
Lot: God says...
That chap: Yes, but you have to understand what it means...
Lot (sounding like he's in a Cecil B De Mille film): God won't be happy...
That chap: I'd like to talk to a city elder
City elder: I understand you've been playing away from home...
That chap: *Yes, but her husband isn't going to find out*
City elder: That seems to make sense, but policy is clear...
That chap: Blind obedience to something you don't understand doesn't make sense.  
     Let's talk to somebody on the religious side, from whence the policy came.
Angel of Death: (Rains down fireballs, for God is not to be messed with).

The policy was phrased in simple terms precisely so that _everyone_ could understand it - which is clearer:

• Thou shalt not connect non-corporate devices to the corporate network

or

• Thou shalt not connect non-corporate devices to the corporate network except for ipods, and then only for charging; and headphones; or those cute little usb fans; or toasters; except on the last day of term, when anything goes really.

??? TRWTF is that you thought diluting the policy simply to suit your own selfish ends would be a good idea. Worse, you just thought that you'd circumvent it without even asking whether it would be OK before doing it. Had you asked, you'd have been able to say that the sysadmin says it's OK, go and whine at him.

 

 

Equivocation of violation of a spiritually-mandated law of morality from a supreme being with plugging in your iPod to charge it.

You win the internet sir.

I've been thinking and I've reached the conclusion that everyone should get corporate-issued iPods to prevent cases just like this.

drbhoneydew:

I'll bet there were people like you in Gomorrah.

Lot: God says thou shalt not covet another man's wife.
Snoofle's Great great great great...: The policy is intended to prevent jealous husbands 
     from going round killing covetters. Since her husband doesn't know, and he's away 
     all weekend, no-one's getting hurt. Accordingly, no covetter killing is possible. I'm 
     simply having a bit of fun.
Lot: God says...
That chap: Yes, but you have to understand what it means...
Lot (sounding like he's in a Cecil B De Mille film): God won't be happy...
That chap: I'd like to talk to a city elder
City elder: I understand you've been playing away from home...
That chap: *Yes, but her husband isn't going to find out*
City elder: That seems to make sense, but policy is clear...
That chap: Blind obedience to something you don't understand doesn't make sense.  
     Let's talk to somebody on the religious side, from whence the policy came.
Angel of Death: (Rains down fireballs, for God is not to be messed with).

The policy was phrased in simple terms precisely so that _everyone_ could understand it - which is clearer:

• Thou shalt not connect non-corporate devices to the corporate network

or

• Thou shalt not connect non-corporate devices to the corporate network except for ipods, and then only for charging; and headphones; or those cute little usb fans; or toasters; except on the last day of term, when anything goes really.

??? TRWTF is that you thought diluting the policy simply to suit your own selfish ends would be a good idea. Worse, you just thought that you'd circumvent it without even asking whether it would be OK before doing it. Had you asked, you'd have been able to say that the sysadmin says it's OK, go and whine at him.

I completely disagree with this. Little USB fans are not cute.

Zecc:

I've been thinking and I've reached the conclusion that everyone should get corporate-issued iPods to prevent cases just like this.

Win.

 

 I'll need to see if I can dig up the security policy for where I am now. 

In addition to the no USB policy (which is silly because much of the companies code is on USB hard drives) the policy prohibits insecure devices such as I-phones*, camera phones, and digital cameras.  Not just for hooking to the machine, but 'in the building' (no it's not enforced). (*how it was spelled in the document)

 It touts the importance of 'secure'* windows passwords on unencrypted drives. *secure meaning letters and numbers etc. Meanwhile loading a linux live cd would bring full access to everything.  Additionally passwords must be changed every 25 days, you can't have the same password you used the last 15 passwords, you can't change your password more than once a day etc. And it starts giving you daily reminders when your password is 3 weeks from expiring.

It stresses the importance of using e-mail for sensitive documents instead of share drives (it's an external unencrypted e-mail system).

Also under a strict interpretation using of the document sending eachother e-mail or using the internet is prohibited.  (All of their work is web related)

-MBirchmeier

drbhoneydew:

I'll bet there were people like you in Gomorrah.

I'll bet the people he talked to were like you, following corporate policy as divine commandments.

MBirchmeier:

 I'll need to see if I can dig up the security policy for where I am now. 

In addition to the no USB policy (which is silly because much of the companies code is on USB hard drives) the policy prohibits insecure devices such as I-phones*, camera phones, and digital cameras.  Not just for hooking to the machine, but 'in the building' (no it's not enforced). (*how it was spelled in the document)

 It touts the importance of 'secure'* windows passwords on unencrypted drives. *secure meaning letters and numbers etc. Meanwhile loading a linux live cd would bring full access to everything.  Additionally passwords must be changed every 25 days, you can't have the same password you used the last 15 passwords, you can't change your password more than once a day etc. And it starts giving you daily reminders when your password is 3 weeks from expiring.

It stresses the importance of using e-mail for sensitive documents instead of share drives (it's an external unencrypted e-mail system).

Also under a strict interpretation using of the document sending eachother e-mail or using the internet is prohibited.  (All of their work is web related)

-MBirchmeier

Hey, that sounds just like my older job! Except some of those rules were actually enforced.

USB pendrives were restricted, that is, you couldn't bring one unless you had an access permit signed by the area director, and even then it required god knows how many signatures for that. Of course, USB drives being so small, they didn't even activate the metal detector and thus were kind of overlooked. However, if security got its hands on your USB drive while inside the building, it would be retained by them. Ugh.

The other devices they didn't allow were basically anything programmable: laptops, harddrives, and even smartphones. (This is also the reason I didn't buy a BlackBerry until I switched jobs.) All of them bound by the "God-allowed permit" rules ... which by the way, had a 5-day maximum validity.

Even with the USB "tolerance", I once got berated by my boss because I plugged in a Bluetooth dongle on my PC; my boss was extremely paranoid on that point, so I backed down. Still, I found it funny that the IT head of security's laptop showed up in my BT device scan...

Anyway ... I usually plugged in my reliable W300 to the USB port, as it served both as a USB drive and for charging! I do the same with my BlackBerry now, but the difference is that we don't have Borg rules over here. Oh, by the way, most of those restrictions have been dropped in my former job.

To Various: I do have a wall-charger at home (see below) 

Zagyg:

DOA:

Oh and who's the prat that turned you in? I want to hear that story.

Agreed - your tales are well written and funny, I'm sure this would be no exception!  Please do tell.

The rule was always "don't plug anything from home into the network", but the techies who enforced the rules realized that nobody plugged in their iPods to use as drives because everyone has flash drives, and (mostly) abided by the no-plug-in (flash drives) rule. As such, plugging in the iPod was an inoffensive violation and overlooked. In all the years of iPods existence, not one issue was ever encountered.

Our company recently got bought out (deservedly so) by a much Much MUCH larger entity  beaurocracy cluster-WTF. Now they have peons walking around looking to see what people are doing. I just happen to sit in a semi-visible place. As for the rule, my boss laughed it off and told HR to get a clue. Of course, I brought in my wall plug.

I am now awaiting the complaint that I am using corporate resources (electricity) for personal use. You know, if all 200+K of us did it, it would be a several KW of power in addition to the tens of MW the company already uses... (Yes, I know that's sort of a realistic argument, but in the grand scheme of things around here, it's like complaining that I spent 2 cents extra for pleasure when the total bill was several $million)

 

snoofle:

Now they have peons walking around looking to see what people are doing.

 

I am adding "Do you have peons walking around looking to see what people are doing?" to my list of "if you answer yes to this, I am not going to work here" questions to ask in interviews.  Thanks.

This reminds me of a story where someone littered a bunch of USB sticks outside a bank before lunch time to test the security. And sure enough, a few employees picked up a stick and proceeded to unwittingly install trojans on the bank's PCs.
Ofcourse, those PCs were probably all running on administrator privileges. But running on user priviliges is no guarantee that the machine cannot be compromized.

SpoonMeiser:

I like how they follow your advice to consult with a tech, but just ignore what he says.

 

Because scum like these are not interested in the truth, just the status quo in their fantasy world.