Sadly, as management gets more cautious about legal repercussions, lawyers get a voice in decisions in which they not only have no expertise (such as IT), but in customer-facing initiatives, as well.
Sony's aggressive spyware approach to DRM smells to high hell of the kind of good-intentions-turned-cognitive-dirty-bomb so many Legal-inspired projects descend into.
This is an interesting opinion that I think is only potentially applicable to situations where the lawyer in question is representing the company's explicit interest. I haven't seen this happen in general though--particularly where the corporate lawyers are addressing issues that are _not_ in regards to the company interest (e.g. privacy law).
For the most part, I have seen these lawyers define a very low bar for a company to meet. The same tendency for lawyers "tend to wield power disproportionate to their duties" (I would use the word "influence" instead of power) leads to these proclamations to be interpreted to mean that the company should only meet the minimum bar. These lawyers are not in the business of suggesting what the company _should_ do, only a minimum of what it _has_ to do. Laws aren't necessarily sufficient or detailed enough to ensure that they are complied with, however. I have had several situations where lawyers have undone good security work because they proliferated the fact that the law didn't require the proscribed procedures, even though those procedures were in place to uphold that law. Lawyers seem to wield more influence than security folks though so who do you think was listened to?
No comments:
Post a Comment