This article is more than 1 year old
BOFH: Here in my car I feel safest of all. I can listen to you ... It keeps me stable for days
Yep, read the licence again
Episode 10 "It's a clear-cut case of licence blindness," I say to the Boss.
"What now?" he chips back.
"Licence blindness. It's a term based on software licensing. Like when you're installing some software or another and a window appears with a scrolling box full of text in the background and underneath the box there's a checkbox saying 'I have read and agree to the licence terms and conditions.' You're going to click the box, and you're not going to scroll down and read all that licence palaver."
"Back in the day it used to say 'I understand and agree to the licence terms and conditions' - but no one really reads the terms so they just dropped the 'understand' bit because it gave them a far stronger legal position," the PFY adds.
"Yes, but..."
"I mean NO ONE is going to read through all those pages of legalistic bumpf just to install some product that they have no real interest in."
"OK, but..."
"And they bloody KNOW that no one will read it all, but to make it seem like they WANT you to read it all they'll grey out the Agree button until you've scrolled down to the bottom of the blurb."
"Uh huh, but I don't know how thi..."
"I mean if they were really SERIOUS about you actually READING the licence conditions there'd be a test at the end," I add. "You know, multichoice like what the fines might be like or what year the law was passed etc."
"I DON'T CARE!" the Boss fumes. "And I don't know what the hell this has to do with the door problem."
"THE PROBLEM," I say, "is that security now gives new staff 12 pages of instruction on how to use their access card when a 30-second video would be better. More importantly, all the useful information about security is near the end of the instructions when people have stopped reading."
Long story short, the company has had a social engineering security-audit scare.
"It's all important information," the Boss blurts.
"It's not!" I retort. "You present your card, type in your PIN and press the green button - THAT'S IT. What the staff NEED to know is:
- Don't punch a hole in the card;
- Don't try and use it when its sandwiched into a bunch of other prox cards; and
- Don't give your card to some bloke at reception who says he just wants to nip outside for a smoke before the auditors get here but he left his card on his desk upstairs!"
"They found more issues than that," grumbles the Boss.
"Yes, yes," I reply. "They told us that our public wireless is less secure than James Dean's seatbelt and that we have no protection against drones spying on us through our unshaded windows. That said, completely changing our security system isn't going to help unless we change the way people use it."
"The new system is great!" the Boss burbles. "It has 1024-bit encryption, biometric measurements with user history and a dashboard on your phone to let you know about security issues."
In a stunning turn of events, the Boss - a mediocre IT manager at best - has convinced the Board to replace the company security system, triggering the immediate resignation of the Head of Security.
To add insult to idiocy, the Boss also convinced the Board he could do both roles until a successor is appointed.
"But it will still be used by idiots," I say. "Did you get the contract?"
"Of course," the Boss responds.
"And read - and understood - it?"
"The company lawyers looked it over before I signed it.." he mutters.
"THIS company's lawyers?"
"They look over all our contracts," the Boss says defensively.
"They looked over my contract," I reply, "- completely missing the addition of clause 85e about my daily onion bhaji entitlement."
"Yes." the Boss sighs, all too familiar with the after-effects of that.
"Or my clause 85e where I get two basement carparks, one in which I can park a van to use for central city storage," the PFY adds.
"What's your point?" the Boss snaps.
"The POINT is that if you write a document in the right way you can induce licence blindness," the PFY replies.
"You never put anything controversial in the first half of the document, when people are alert," I say. "And you never put anything dodgy on the last 2-4 pages. But somewhere around 2/3rds of the way into the document you start putting in clauses that are almost word-for-word copies of clauses on the previous page - but just with tiny changes to justify the additional clauses," I say.
Warming to my theme, I add: "Like: you have a set of 10 clauses where you itemise that the client will not reverse-engineer a software product, will not reverse-engineer a hardware product, will not reverse-engineer a firmware product.. etc. THEN you have another set of 10 clauses where the client will not allow others to reverse-engineer etc, etc, and another 10 clauses about always informing the vendor if someone has attempted to reverse-engineer a software product, a hardware product, a firmware product, etc.
- BOFH: Oh for Pete’s sake. Don’t make a spectacle of yourself
- BOFH: When the Sun rises in the West and sets in the East, only then will the UPS cease to supply uninterrupted voltage
- BOFH: I'm so pleased to be on the call, Boss. No, of course this isn't a recording
- BOFH: But we think the UK tax authorities would be VERY interested in how we used COVID support packages
"Before the reader knows it they're dropping off to sleep and aren't really sure which page they were on before they got drowsy."
"Yyyyyessss?" the Boss says uncertainly.
I continue: "So they read it again, lose their place - and their will to live - again, then get to a new set of 10 clauses about how the client will, I dunno, pay for the software licence on or before some day; pay for the hardware licence on or before some day; pay for the firmware licence on or before some day. Then get another 10 clauses about how the client will pay interest at the bank rate plus 2 per cent for late payments on the software licence on or before some date; how they will pay interest at the bank rate plus 2 per cent for late payments on or before some date; how they will buy us both new cars on or before some day; how they will not replace the existing security system on or before some future date; how they will reinstate the Head of Security with full backpay on or before some day, etc."
"Is that what we signed?" the Boss sighs, having recognised some familiar clauses in my monologue.
"Oh yes."
"So there's no new security system?"
"Oh no."
"And there was no security audit?" "No. But I will be needing that new car..."
"Actually, we both want vans," the PFY adds. ®