Simon Owens of Bloggasm (with two g’s) tends to cover online media. Simon interviewed me the other day for a piece on PZ Myers death threat, the Holy Crackers! scandal and the issue of posting emails one receives. His write up on this is now out, I’ve just read it, and I recommend it.
I’d like to expand on a couple of points.
Simon mentions that I think the IT department at 1-800 Flowers may be more responsible for the Kroll mess than M. Kroll herself. I want to make sure that you understand what I’m saying here. (Simon did a fine job at reporting … I’m simply using this mention as a segue for the following rant.)
First, we don’t really know what happened. There is evidence, as I’ve already posted, that the Krolls, or The Kroll, or someone using a Krollish computer somewhere in New York State may or may not be entirely as represented via email and internet postings. But let us assume that there is a Mr. and a Mrs, and that Mr K posted the death threat on a shared computer and that the email was sent via Mrs K’s account.
IF that is true, then one has to ask: Why would the very remorseful Mr K have done that? The best answer is probably: By accident.
We now have a situation where Mrs. K seems to have been fired because she ‘allowed’ someone other than herself to use her email account. However, this may not be the case at all. It is quite possible that she did not “allow” something to happen any more than the IT department of the company she works for “allowed” something to happen. (Caveat: We don’t know. This is speculation.)
If I turn on my wife’s laptop (which I don’t) and opened up a Firefox window and typed “comcast.net” in the URL box and clicked on Email, AND IF she has previously been using her Comcast email account and did not log off last time, then suddenly I’m in her Comcast email (I think). If I’m distracted and/or not paying attention and click “new email” and use that window to send PZ Myers a death threat .. well, the rest would be history. He’d probably drive down Route 10 and kick my ass.
But you see the point. If a company has people working at home, sets them up with VPN or some other way of connecting to a company server, then this is a risk the company is taking. The best way to manage this is to provide and manage the home computer (which I doubt happened here) and tell the worker that no one else should use this computer (which, by the way, is one reason I would not turn on my wife’s laptop … it is her school computer and I do not go near it. Besides, it runs some zany operating system I try to avoid.)
But, companies will not provide their employees with computers, or if they do, they will make sure to take the old used ones and send them to workcamps in China before they de-assess them and allow them to filter into possession of the employee’s families (so that everyone has cleaner access and all become more computer savvy), or they will fail to provide adequate safeguards on the home system to minimize mistakes by the employee, or they won’t provide adequate training.
I’m not picking on 1-800-Flowers here. Most institutional or corporate entities fail to do what in the long term would benefit both employees and the company when it comes to IT resources. It is quite possible that this is one of those instances, and frankly, I’m rather annoyed that many of the otherwise wonderful and invaluable IT people who read and comment here on this blog are very comfortable with the formula “IT Policy Violated = Fire the person at the keyboard” when in fact, it may be the policy makers who are truly at fault.
Go read: The ethics of hate mail: Should bloggers post email correspondence without permission?, by Simon Owens at Bloggasm.