In one of the articles in this issue of eSecure, namely 'Best practice in document and records compliance'
Advocate Willem Heath is quoted as stating that "Corporate governance is a simple practice if you practice it in practice," suggesting that whilst there is an inherent complacency in business generally, regarding ethical behaviour, the importance of ethics in business cannot be understated. As the article relates it, Heath went on to ask his audience whether anyone believed that their business was "intentionally operating in a criminally negligent fashion".
In the fidgety silence that followed, and with a wry smile on his face, he then noted that by being ignorant of what the law requires, most of us are de facto committing a crime. He went on to say that "your practice with regard to document management is probably illegal. Non-compliance in document management security is a weak point in your application of sound corporate governance."
So what is new? Legislation changes. Political agendas change. The game changes.
It is an interesting turn of phrase that .. 'game changing.' For as with all games, there are players, playing fields, rules, tips, best practices, referees. But what happens if the game really does change? What happens if the rules change, the players do different things, unexpected things, and the essence of fair play is compromised?
Well, an interesting story by Jim Rapoza, East Coast technical director at Ziff Davis caught my eye recently, highlighting as it does the impact that poorly drafted legislation can have on our business decisions, leaving one with the sense that the essence of fair play has been compromised. Rapoza reports that "as of this moment, the security level of the Internet has taken a big hit. And it is not because of a new worm or some nefarious hacker collective; it is because of a set of badly conceived laws that have been passed by several US states."
"These measures, referred to as Super DMCA laws are badly designed laws promoted by the Motion Picture Association of America. Super DMCA legislation has already been passed in Colorado, Delaware, Illinois, Michigan, Oregon, Pennsylvania and Wyoming. Now Super DMCA has claimed one of its first victims, the award-winning open-source application LaBrea, which is designed to stop the spread of worms such as Nimda across the Internet. Tom Liston, the developer of LaBrea, has stopped distribution of the program for fear of prosecution under the Illinois version of this law.
"Why would a program that stops harmful worms from spreading run afoul of a law that is on the surface intended to stop cable theft? Because, like the less-damaging federal DMCA law, Super DMCA is overly broad and lacks common sense."
Ah, now that sounds familiar.
Says Rapoza, "One of the common aspects of these laws is that they make illegal any device or program that can 'conceal or to assist another to conceal from any communication service provider or from any lawful authority the existence or place of origin or destination of any communication'. Aside from LaBrea, this makes a whole set of common IT programs and hardware illegal, from firewalls to VPNs to privacy applications.
"So if you live in one of these states, you are now breaking the law if you run a firewall. And if you are an IT admin that has all of your internal systems running on NAT, you could face as much as five years in prison and up to a quarter-million-dollar fine."
Whilst the DMCA legislation does not affect us (in SA) directly, other legislation does. So. Get cracking. The law sometimes has ways of making criminals of us all, but compliance to legislation need not be an act of grudging compromise. Real business value can be found. Good governance is measurable. To comment on any of the articles in this issue of eSecure, contact me directly on email@example.com
Managing Editor - eSecure