![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Sarbanes-Oxley and content filtering
Our company recently installed the Barracuda Spyware Firewall, ostensibly to block spyware and web pop-ups. But as it turns out, it also does content filtering:![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-userinfo.gif)
shannon_a's game reviews. But eblong.com is ![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-syndicated.gif)
zarf's personal web site; he does have a lot of game-related stuff there, but it seems wrong to ban his entire site: what if we wanted to use Zymb, his Python Jabber library?
Anyway, the overzealousness of content filtering is just one of many reasons why it's obviously stupid (others being that it's incomplete—http://boardgamegeek.com/ is not blocked—it's easy to work around—tunnelling, proxying, or even just the Google cache—and why should they care what sites I visit, as long as I'm getting work done?). So my guess was that we didn't realize that a Spyware Firewall would come with content filtering turned on by default, or that maybe we knew it but hadn't gotten around to figuring out how to turn it off. According to the systems guy I asked, this is roughly the case, and they are planning to relax some of the restrictions. Why not all? and why "planning to"? Apparently they have to discuss the changes with HR, because there's something related to the Sarbanes-Oxley Act about the workplace environment. This was news to me, and rather surprising. Has anyone heard anything about this before? The only allusion I could find on the net was in an article about content filtering:
Does the Barracuda Spyware Firewall also perform content filtering? How does content filtering work?I found this out because browsing http://rpg.net/ and http://eblong.com/ result in the following message:
Yes, the Barracuda Spyware Firewall uses one of the most extensive databases covering some of the highest risk Web sites on the Internet for its content filtering. Our database is divided into many different categories for easy management and administration. Categories include sites containing offensive material, personal Web sites, Web-based email sites, and other categories that might reduce productivity in the workplace.
The link you are accessing has been blocked by the Barracuda Spyware Firewall because it contains filtered content, the content belongs to the category of: game-playingI suppose it's reasonable to consider rpg.net a game-playing site; I go there to read
shannon_a's game reviews. But eblong.com is zarf's personal web site; he does have a lot of game-related stuff there, but it seems wrong to ban his entire site: what if we wanted to use Zymb, his Python Jabber library?Anyway, the overzealousness of content filtering is just one of many reasons why it's obviously stupid (others being that it's incomplete—http://boardgamegeek.com/ is not blocked—it's easy to work around—tunnelling, proxying, or even just the Google cache—and why should they care what sites I visit, as long as I'm getting work done?). So my guess was that we didn't realize that a Spyware Firewall would come with content filtering turned on by default, or that maybe we knew it but hadn't gotten around to figuring out how to turn it off. According to the systems guy I asked, this is roughly the case, and they are planning to relax some of the restrictions. Why not all? and why "planning to"? Apparently they have to discuss the changes with HR, because there's something related to the Sarbanes-Oxley Act about the workplace environment. This was news to me, and rather surprising. Has anyone heard anything about this before? The only allusion I could find on the net was in an article about content filtering:
Some companies are drawn to Web-filtering solutions by a lack of perceived control, especially in the wake of new regulations like HIPAA and Sarbanes-Oxley, which are meant to protect customer privacy and oversee financial dealings.Is this just general paranoia (and ignorance) about Sarbanes-Oxley restrictions, or is there really something in there that could be interpreted to mean "companies must filter web content in their employees' browsers"?
no subject
no subject
I can see it evolving, though -- you reading a game review might not offend anyone, but it could be construed as inappropriate use of business resources (your time and the company's computers/bandwidth). Yes, it's silly from a techie point of view, but techies aren't on the jury, or the BoD. It's HR's job to be paranoid, and it's the filtering software publisher's job to continually expand their blocking capabilities in order to sell more software.