The Incompetence of American Airlines and the fate of Mr. X
November 17, 2009 9:10 AM   Subscribe

American Airlines fires AA.com designer for reaching out to customer 1.) Graphic designer and blogger has bad experience with AA.com, 2.) Designer mocks up AA.com page design and blogs about it, 3.) AA.com UX designer emails blogger with info about challenges the AA.com web team faces, 4.) Blogger posts UX designer's response (anonymously), 5.) American Airlines figures out who UX designer is and fires him/her for talking.

The info that the AA UX designer shared was certainly not flattering to the company, but in my opinion at least, it was not atypical of the challenges in large IT organizations.
posted by tippiedog (156 comments total) 11 users marked this as a favorite
 
UX? Is that the new abbreviation for user interface?
posted by demiurge at 9:15 AM on November 17, 2009 [1 favorite]


User eXperience?
posted by Pope Guilty at 9:16 AM on November 17, 2009 [2 favorites]


I saw this when it was covered on Daring Fireball. It comes as little surprise to me. From the moment the designer hit "send" on that email the rest of the story is predictable. No more surprising than a high school teaching being fired for hoisting a beer on her facebook page (though, in this case, it can be argued it's less wrong).
posted by cjorgensen at 9:16 AM on November 17, 2009


Having encountered AA's "brilliant" enterprise strategy bunch back in the 90's, I have to say it sounds like the same brain trust is still in charge.

Then again, that's not the only Fortune 500 firm I've worked with, and the point Mr X makes in his response is very valid: at any very large company with multiple layers of decisionmaking, any change is very very difficult to implement.

Nobody wants to do anything that might rock the boat and cost them their job, so momentum-saving patchwork is always preferred to long-view improvement. This is why COBOL programmers are still making money.

A lot of money.
posted by rokusan at 9:16 AM on November 17, 2009 [13 favorites]


"Apparently he broke his non-disclosure agreement by publicly discussing the design process at AA internal company details."

That's grounds for termination at most companies.
posted by ericb at 9:17 AM on November 17, 2009 [8 favorites]


They found him because he sent the e-mail using their servers. Oops!
posted by grouse at 9:19 AM on November 17, 2009


This bit from the original article seems particularly poignant now:

In the same way bad designers sometimes never get better because they don't know what they're aiming for, some companies have a culture that just promotes bad taste and doesn't encourage improvement. The ideology permeates the entire organization, lowering the required level of awesomeness expected from each employee. Companies like this just float along, in the background of capitalism, exchanging goods and services for money. And that is it. They suck.
posted by roll truck roll at 9:20 AM on November 17, 2009 [9 favorites]


Typically short-sighted, penny-wise-pound-foolish, letter-of-the-law idiocy in corporate America.
posted by DU at 9:21 AM on November 17, 2009 [2 favorites]


Yes, demiurge, UX is the modern preferred term for what used to be covered by UI alone. UI is now (sadly and a bit derogatorily) considered to just be looks and on-screen widgets (the G-UI, closer to a designer's bailiwick), while UX is supposed to be the entire user experience, including IA, pageflow and responsiveness.

Back when I did this, anything the user interacted with was considered part of UI. The same job today would be called UX. UX sounds more important and one can charge more.
posted by rokusan at 9:21 AM on November 17, 2009 [9 favorites]


It was predictable in the "you are not authorized to be a public voice for this company" sense. That's why they have public relations departments - direct inquiries to them.
posted by ctmf at 9:21 AM on November 17, 2009 [1 favorite]


That's grounds for termination at most companies.

As is using company resources to pan the company. I'm not defending AA, but if this guy was as technical as portrayed he had to know they'd find him if they cared to, and he still did it while on work time from a work machine.

He took no precautions to hide his activities. I don't think he should have been fired, but at least this time I can't believe he didn't see it coming.
posted by cjorgensen at 9:22 AM on November 17, 2009 [4 favorites]


I would never diss the company I work for on a publicly readable website. Even though they're a bunch of incompetent buffoons.
posted by Electric Dragon at 9:28 AM on November 17, 2009 [26 favorites]


Electric Dragon, could you step into my office, please?
posted by electroboy at 9:29 AM on November 17, 2009 [14 favorites]


As is using company resources to pan the company...

But his response isn't really "panning the company". I read it the most important bit of the message as "a redesign is easy, getting it implemented is hard". Any company that treats the "internal business process information" disclosed in that email as confidential needs to learn the meaning of "confidential".

My read? He's not authorized to talk for the design team, the person who is got feudal over their little bit of turf, and now has done something to draw a lot more attention to themselves than they thought about when they let the axe fall.

Oops.
posted by Vetinari at 9:35 AM on November 17, 2009 [7 favorites]


I, too, am surprised at the firing of an employee who broke his contract to slag on his company on the internet. Additionally, I am also surprised when I set my hand on fire, which I know to be cold, and yet still it burns.
posted by Damn That Television at 9:35 AM on November 17, 2009 [8 favorites]


1. blogger should've gotten permission to post the email, even anonymously

2. somebody should hire Mr. X. One of you has a web design firm, I'm sure.
posted by Jon_Evil at 9:37 AM on November 17, 2009


X is not a very common last name, so it doesn't surprise me that they found him.
posted by snofoam at 9:38 AM on November 17, 2009 [58 favorites]


I think it's obligatory when talking about this to point out that the post that started all this was a douchey bit of snark that picked the lowest-hanging fruit. I could redesign the front page of any newspaper you cared to mention tonight and improve it in some way, but that wouldn't justify an attack on that paper's designers, nor would it prove a damn thing.

It also begs the question. For airlines, especially in the post-budget airline era, price is absolutely everything. Every airline executive will tell you this -- passengers will demand and tell surveys that they want better service, better in-flight meals, better equipment and so on, but it's incredibly rare that they actually vote with their wallets. When it comes to actually taking flights, it always comes down to price. "They'll scalp you over $5" was one quote I heard.

That's why it doesn't really matter how awful the website is. If they can compete on price, they'll get the business anyway. Look at the actively hostile websites of RyanAir and EasyJet, for example. RyanAir's website is so bad it's actually illegal, and they still rack up the customers.

If they can't compete on price (and it looks like AA can't), it doesn't matter if the website is the most polished piece of UX 2.0 going -- the customers will go elsewhere. The execs know this all too well. Dustin Curtis doesn't.
posted by bonaldi at 9:39 AM on November 17, 2009 [18 favorites]


My guess is that Mr. X has a pattern of showing the same judgment skills that caused him to send an easily identifiable email to a blogger who apparently hates AA.com so much that he has vowed never to fly on American again and has even made a web page about it.
In this email Mr. X actually says that the blogger is very right and that AA.com is incompetent.

The fact that AA.com fired him within an hour suggests they weren't really looking for ways to save his butt. In fact, my guess is that his managers were already displayed with him for other reasons.
posted by justkevin at 9:40 AM on November 17, 2009 [3 favorites]


displayed = displeased
posted by justkevin at 9:42 AM on November 17, 2009


The fact that they fired him within an hour means that AA is capable of getting some stuff done quickly.
posted by snofoam at 9:43 AM on November 17, 2009 [10 favorites]


Yeah, I'd say they're highly competent at rooting out employees violating their non-disclosure agreements.
posted by electroboy at 9:45 AM on November 17, 2009 [2 favorites]


Electric Dragon: I would never diss the company I work for on a publicly readable website. Even though they're a bunch of incompetent buffoons.

electroboy: Electric Dragon, could you step into my office, please?

All right! Electric company throwdown!
posted by shakespeherian at 9:46 AM on November 17, 2009 [10 favorites]


But he wasn't panning, slagging, dissing, or anything of the sort. He was writing intelligently about web design in a corporate environment. He said nothing private, he said nothing slanderous, he said nothing that couldn't also apply to a hundred other companies. But because it was he who wrote the letter and not someone at one of those hundred other companies, he was actually building quite a bit of good will for his employer. If I were his supervisor, I'd kiss him full on the lips.
posted by roll truck roll at 9:46 AM on November 17, 2009 [8 favorites]


I predict this will be the best thing to ever happen to Mr. X. Also, 12-18 months to ship the new changes? That pretty much sums up the problem right there.
posted by ygbm at 9:47 AM on November 17, 2009 [1 favorite]


This comment is the best—the then employee made AA look much better with his response.

I'm both a shareholder and a frequent flyer (Executive Platinum) on AA.

...

I've had recent contact with the AA team regarding some problems with functionality and have found their response to be less than satisfying. The letter from "Mr. X" was well written and improved my opinion of the direction of AA as a corporate entity. Firing this guy for being honest is a tragedy, and rest assured Mr. X there are people who appreciate your candid response.

Someone else pointed out how these big companies are excellent at using technology to monitor, control and fire their staff; but hostile to using technology to make their customers happy.
posted by stepheno at 9:51 AM on November 17, 2009 [14 favorites]


That's grounds for termination at most companies.

As is using company resources to pan the company. I'm not defending AA, but if this guy was as technical as portrayed he had to know they'd find him if they cared to, and he still did it while on work time from a work machine.


I think one of the big issues at play here is Internet communication can be used for casual conversation, but that those casual conversations can easily be published for everyone to see forever. You probably wouldn't get fired for casually slagging your company's policies in a private phone call or face-to-face conversation with a customer, but when it's posted in the form of an email and a bigwig sees it, there's a lot better chance that you'll see some severe consequences.

A lot of communication is dependent on audience, and one of the problems with the Internet is that your audience includes a lot of people other than the person or people you are directly having a conversation with. It could be in the form of a private email posted on a public website, or some IT drone at your company going through all of your archived email messages to dig up some dirt on your, or something else, but the end result is that the records of your conversations might end up somewhere you didn't intend them to be seen.

It will be interesting to see in the long term if these issues lead to people being more careful about what they say in Internet conversations, or if it will lead to people being more accepting of what people say in conversations that are taken out of the context of their intended audience.
posted by burnmp3s at 9:55 AM on November 17, 2009 [3 favorites]


Mr. X could easily have sent that mail from a throwaway account. Wonder why he didn't.

To everyone dissing 'corporate idiocy' and the like: It's easy to snark from the outside, and it's easy to see, from the inside, any barrier to you doing what you think should be done as idiocy. But these are problems basic to any large organization, or even a country electing a president. When you try to get lots of people to move in the same direction, it's simply hard. It's hard with even a small group, and the end result is usually something obviously mediocre and driven by compromise. We see this with every major bill trying to get through Congress. We see this when large companies try to implement sweeping changes in IT by implementing a six figure software package. We see this when a group of friends tries to pick a place for dinner. Consensus building yields compromise decisions.

Mr. X quite clearly acknowledges this, and Gruber et al miss that point (though Rokusan got it). A single designer can easily make something more striking and useful from a single perspective than a corporate driven project. But the reason the corporation/polity/group of friends don't/can't produce the same quality of decisions is inherent in the fact that it's a group. This is simply a hard issue to deal with, and no amount of snarking will change that.
posted by fatbird at 9:59 AM on November 17, 2009 [16 favorites]


All right! Electric company throwdown!

Spider-Man, no!
posted by Faint of Butt at 10:01 AM on November 17, 2009 [3 favorites]


Man, now that you mention it, AA.com looks like a sack of dog ears. Hello, 1998?
posted by notsnot at 10:01 AM on November 17, 2009 [2 favorites]


I'm sure Dustin CUrtis has worked for organizations, but apparently he hasn't noticed that leadership -- especially within a complicated "matrix" organization, especially when you're not officially the leader -- is difficult. It's hard to keep the page clean when merchandizing wants a module and the frequent flyer people need a module and we need somewhere to put the news, and the CEO's blog! We need a link to that. And what about outage notices! Everyone wants front-page real estate. Everyone does not report to the designer. The designer does not get to say NO to the Senior Vice President of Customer Support. So you work with what you have, not what you want, and you try to build consensus and sometimes, ok, usually, what finally gets built is not what you would have built yourself. Maybe it would outperform the actual result dollar for dollar. Maybe not. It's hard to know, and it's hard to be frustrated with it. Especially when the interaction requirements are due at 4:59 and you're still going back and forth with the Senior VP of Customer Support.

That's why it's work.
posted by chesty_a_arthur at 10:08 AM on November 17, 2009 [8 favorites]


Er, uh. What fatbird said.
posted by chesty_a_arthur at 10:08 AM on November 17, 2009 [1 favorite]


I sometimes wonder what percentage of MeFites actually have real jobs.
posted by Artw at 10:10 AM on November 17, 2009 [19 favorites]




As an FYI, you're not allowed to go snooping into your employee's email, even on your own server. You need Law Enforcement involved if you do... but not a lot of info-sec people know that (tho it's on the CISSP exam.) If he wants his job back, or a hefty chunk of his yearly take-home as a parting gift, he pretty much has it if he's lawyered up.... but not a lot of employees know that, either.
posted by Slap*Happy at 10:19 AM on November 17, 2009 [2 favorites]


I sometimes wonder what percentage of MeFites actually have real jobs.

I don't. I don't think.
posted by maxwelton at 10:21 AM on November 17, 2009


Now this is a good way of keeping him quiet...

Slap*Happy: Actually, employers can generally monitor email all they want unless they have a stated policy against doing so. For the most part, you have no privacy rights at work, especially not where your company-provided email client is concerned.
posted by zachlipton at 10:27 AM on November 17, 2009 [5 favorites]


Slap-Happy, what law are you reading? The default rule is exactly the opposite, as Zach says. Unless there's a counter-policy, corporate e-mail is corporate property.
posted by rokusan at 10:31 AM on November 17, 2009 [1 favorite]


As an FYI, you're not allowed to go snooping into your employee's email, even on your own server

Are you sure? In the US at least, non-work related use of systems is almost always expressly denied by most companies, in addition to a clause in IT policies stating that the company may examine or monitor email at any time. There is no expectation of privacy on any corporate e-mail system I've used.
posted by IanMorr at 10:31 AM on November 17, 2009


I remember being 23 and thinking that a perfectly designed user interface experience could trump the agendas of numerous layers of middle management, too.
posted by turaho at 10:31 AM on November 17, 2009 [4 favorites]


Man, now that you mention it, AA.com looks like a sack of dog ears. Hello, 1998?

I can price and buy a ticket in under a minute. That makes it a good airline website. UX? Bite me frequently flying ass.

When it comes to actually taking flights, it always comes down to price. "They'll scalp you over $5" was one quote I heard.

Yes, for about 70% of the people who fly in one year. These are casual flyers, and all they care about is the Marquee Price -- which is why, of course, WN quotes fares at "One Way, taxes and fees extra." And now, of course, so does everyone else.

Regular flyers are different. We pick airlines, really, on one big criteria.

1) Can I get a nonstop?

Some of the Majors, and AA in particular, have made a decision. To the 70% of the flying public who flies once a year and doesn't care about service, only price? They're now just not interested. If you want to pay the fare, great, but they're not going to gut anymore to try to get you on the plane, because, it turns out, you're not worth having on the plane.

They'd rather make the guys buying 30+ tickets a year happier than try to make you happy, because, let's face it, YOU ARE NEVER HAPPY. You bitch if it's late, you bitch about the space, you bitch about the fees -- all brought about because you will only fly an airline if the face price is a buck less than the others -- and you'll dump that airline in a heartbeat for the next one.

So, for those of us who are flying more than once a year (and I'm not quite in the "more than once a week" bucket myself....) things have actually gotten easier on AA.

As to this guy? *One Hour* after mailing it, they nail him? They were watching him -- I'll bet dollars to donuts this isn't the first time he blew his NDA.

I'm not a huge fan of the way workers in the US are treated, but let's be honest -- you bought into the idea that Unions are Evil And Must Be Destroyed. So, by and large, they were. And so was your leverage.

Breaking an NDA, using the corporate mail server? That's 87 flavors of stupid. Was this his first job or something?
posted by eriko at 10:34 AM on November 17, 2009 [23 favorites]


hey, i hate american airlines too! i didn't know there was a club
posted by jcruelty at 10:36 AM on November 17, 2009


Huh. At the place I work, we're encouraged to have blogs and twitter feeds and whatnot to evangelize the work we're doing inside the company. In fact, I have a blog that I throw bones to here and there, solely because my boss wants to see more of that stuff.
posted by davejay at 10:36 AM on November 17, 2009 [2 favorites]


But he wasn't panning, slagging, dissing, or anything of the sort. He was writing intelligently about web design in a corporate environment. He said nothing private, he said nothing slanderous, he said nothing that couldn't also apply to a hundred other companies.

He opens with "You’re right. You’re so very right. And yet…". This is in response to this vitriolic open letter by the blogger: http://dustincurtis.com/dear_american_airlines.html. Any employee with even a dotted line to marketing should know better than to respond to something like that, let alone voice agreement with it. Particularly when the original letter advises AA.com to "Fire your entire design team, if you have one."

In the second paragraph he goes on to say "our competency (or lack thereof, as you pointed out in your post)" which suggests agreement the assertion that AA.com is incompetent.

By the time Mr. X gets to his nuanced opinions on the complexities of satisfying the conflicting demands of a large corporation, he should already be shifting his butt a few feet to the left to avoid that swinging door.
posted by justkevin at 10:37 AM on November 17, 2009 [3 favorites]


In peripheral outrage, I must ask WTF is THIS?
posted by chronkite at 10:38 AM on November 17, 2009 [6 favorites]


What's wrong with AA's website. Does it not process your reservation or something?

All I see here is a pedantic nerd trying to make a name for himself and instead indirectly getting someone fired.

And did you see the difference between his redesigned website and the real one?

Yeah-- neither did I.


What a fucking arrogant idiot.
posted by Zambrano at 10:39 AM on November 17, 2009


I can price and buy a ticket in under a minute.

Well I just went there and I can't even get a price for a damn flight without logging in or signing up to some stupid system. that's dumb.
posted by ofthestrait at 10:45 AM on November 17, 2009 [1 favorite]


Breaking an NDA, using the corporate mail server? That's 87 flavors of stupid. Was this his first job or something?

He's a web designer. He was just doing that until his band took off anyway.
posted by Naberius at 10:47 AM on November 17, 2009 [7 favorites]


Wow so American Airlines FINALLY started letting black people buy tickets. Talk about coming around slow on the whole segregation thing...
posted by cbecker333 at 10:47 AM on November 17, 2009 [1 favorite]


Large Corporation: Shut up. Or else.
posted by tommasz at 10:48 AM on November 17, 2009


And did you see the difference between his redesigned website and the real one?

Yeah, it was much more intuitive and attractive; I'd be much more likely to use AA if their websi—

Yeah-- neither did I.

What a fucking arrogant idiot.
posted by Zambrano at 10:39 AM on November 1


Yeah, you sure can say that again.
posted by Optimus Chyme at 10:51 AM on November 17, 2009 [2 favorites]


I'm seconding joshwa's link above to Creating Controversy for its own Sake (and How Humility is a Rare Bird Indeed on the Web These Days). It's responding to this event in a reasonably thoughtful way. Quotes:
It’s easy to “design” when you’re unencumbered by things like metrics, creative direction, business acumen, sales experience, actual functionality, enterprise scale, or any thought about how a site with millions of page views and users has to function.

...[Zappos] shows more humility than the designer, which speaks volumes about Zappos’ corporate culture and employees, and highlights a forgotten nugget of knowledge—there are real people on the other side of those sites...

When every corporate decision you make influences the bottom line, in real time no less, you seek and destroy bad PR wherever it is found...they exist to make as much money for their shareholders as possible.
posted by dreamyshade at 10:53 AM on November 17, 2009


In peripheral outrage, I must ask WTF is THIS?

wow, that is bad.

Was this created by the same people behind McDonald's equally ill-starred 365 Black?
posted by porn in the woods at 10:56 AM on November 17, 2009 [1 favorite]


Well I just went there and I can't even get a price for a damn flight without logging in or signing up to some stupid system. that's dumb.

Huh? I just went to AA.com and searched for flights from BOS to LAX in December and received a list of 11 alternatives with prices for each.
posted by ericb at 11:04 AM on November 17, 2009


from 365black.com:

Like the unique African baobab tree, which nourishes its community with its leaves and fruit, McDonald's has branched out to the African-American community nourishing it with valuable programs and opportunities.

lmaorofl
posted by ofthestrait at 11:04 AM on November 17, 2009 [8 favorites]


...without needing to login.

Go to the front page's upper right box; select dates, airports. You can search by price or by schedule. The results page provides you with alternative flights,prices, etc.
posted by ericb at 11:06 AM on November 17, 2009


Ah. It appears that you have to select sort by price and schedule, which is not the default option. Dumb mistake. In my defense, I was trying to do it in under 60 seconds.
posted by ofthestrait at 11:06 AM on November 17, 2009


Heaven forbid that a website looks like a website
posted by wcfields at 11:09 AM on November 17, 2009


I'm puzzled by the redesign - it appears to be some pretty empty Web2.0-lite shuffling about, and doesn't seem to address how you;d go about the broad range of tasks you'd want to carry out.

I;m gonna go with "UX Designer == know nothing photoshop monkey" in this case.
posted by Artw at 11:11 AM on November 17, 2009


Wow so American Airlines FINALLY started letting black people buy tickets. Talk about coming around slow on the whole segregation thing...

Most major airlines now targetting niche markets and have set-up web sites for them.

For example, there is significant brand loyalty in the gay community when a company provides directed services for it. Every major airline now has gay travel services, sponsors gay pride events, provides financial support to causes relevant to the GLBT community, etc.
"Significantly, nearly 4 out of 10 gay consumers (39%) also stated that – quality and value of products being equal – they prefer to purchase products from companies that advertise in gay and lesbian media. However, an even higher percentage (46%) also stated they prefer to purchase products from companies that provide financial and/or in-kind support to nonprofit organizations serving the gay and lesbian community over competing products from companies that do not."
posted by ericb at 11:12 AM on November 17, 2009 [1 favorite]


American Airline also has special sites for LGBT and women.

And did you see the difference between his redesigned website and the real one?

There are lots of differences. The original design crams too much stuff into a too-narrow space the the stack of tabbed boxes with thick blue borders, light blue backgrounds, and red buttons are hard to tell apart. His redesign gives everything more breathing room and uses color better, and puts the most important item--buying tickets--in the most prominent location. (I think he's simplified too much, but it's definitely an improvement.)

Wow so American Airlines FINALLY started letting black people buy tickets. Talk about coming around slow on the whole segregation thing...

Yet they fired Mr. X, another example of The Man cracking down on the Nation of Islam.

blogger should've gotten permission to post the email, even anonymously

"I am republishing it here with permission from him, but he did ask that his name and some other minor details be withheld."
posted by kirkaracha at 11:12 AM on November 17, 2009 [2 favorites]


Folks, you're not allowed to speak about the specifics of your company's shit from your company's mail servers unless you explicitly have that authority.

Were AA assholes for firing him? Absolutely. Was he a naive idiot for doing this and then being surprised when he got fired? Absolutely, especially because AA are well-known for being draconian control-freaks.
posted by Sidhedevil at 11:12 AM on November 17, 2009




As an FYI, you're not allowed to go snooping into your employee's email, even on your own server. You need Law Enforcement involved if you do... but not a lot of info-sec people know that (tho it's on the CISSP exam.) If he wants his job back, or a hefty chunk of his yearly take-home as a parting gift, he pretty much has it if he's lawyered up.... but not a lot of employees know that, either.
posted by Slap*Happy at 1:19 PM on November 17 [+] [!]



First of all, in what jurisdiction are you referring to? During the nine years that I administered enterprise email systems for a living, the general advice I received from my employer's general counsel was as long as it was in the US, what was on the company's email server belonged to the company. Europe was a patchwork, though - in the UK an authorized administrator could read an employee's email, but in Belgium or France you could not.

You also cite the CISSP exam, and all I can tell you is that nothing of the sort was on the exam that I sat for back in 2005.

In short: link please.
posted by deadmessenger at 11:16 AM on November 17, 2009 [2 favorites]


American Airline also has special sites for LGBT...

They also have American Airlines Rainbow Vacations.

Another example of targetting a niche market: Orbitz's Gay and Lesbian Travel.
posted by ericb at 11:24 AM on November 17, 2009


I sometimes wonder what percentage of MeFites actually have real jobs.
I would venture to guess that users who predominantly utilize the site between 9-5 do, but that they have boring real jobs.
posted by edbles at 11:26 AM on November 17, 2009 [4 favorites]


I don't see how this website issue would affect the average person anyway. Doesn't your secretary or travel agent handle that part for you?
posted by caution live frogs at 11:28 AM on November 17, 2009 [3 favorites]


OMG that BlackAtlas site....

Yeah. The next time I call AA and they can't get me on the flight I need, I'm going to say okay, okay, fine, but can you please check to see if there any black-people seats available? Those will do.
posted by rokusan at 11:28 AM on November 17, 2009 [1 favorite]


I sometimes wonder what percentage of MeFites actually have real jobs.
I would venture to guess that users who predominantly utilize the site between 9-5 do.


How about those of us who flip between windows, using one of them to bitch about user-hostile design and bad HR practices, and the other to post on MetaFilter?
posted by rokusan at 11:29 AM on November 17, 2009 [1 favorite]


The hilarious part about all of this is that Dustin Curtis' redesign is terrible. It's pretty, but there's no sort of information hierarchy. If I'm looking for something on a page, it should be organized so that I know immediately which high-level element contains what I want, and then I can narrow down my search between the sub-elements of that element. The "Special Deals" box has a huge amount of emphasis on it even though it seems to be a quick fix for what would have been a big empty space. The page has two four-button menu bars with several redundant options, and then a third, more complex menu bar at the bottom that is also mostly redundant. If I wanted to do anything more complicated than buying a ticket, I'd be pretty confused as to how I might go about it. The same is true of AA's website, but at least it wasn't made specifically to show how much another website sucks.
posted by invitapriore at 11:35 AM on November 17, 2009


"being surprised when he got fired"

Was he surprised? I thought that Dustin didn't get to speak to him again, so how would we know that?

I imagine the guy had something lined up already, and just figured "Fuck it, I'm sending this email."
posted by HopperFan at 11:37 AM on November 17, 2009


... and now he's an NYPD cop?
posted by JBennett at 11:41 AM on November 17, 2009 [3 favorites]


If Mr. X did want to reply, he should have done so from home, using an anonymous e-mail. It's pretty clear that he screwed the pooch on this one.

That said, AA's public relations team would do well to monitor what people are saying about them online, and occasionally provide such thoughtful, honest responses. Even though it was well within AA's rights to fire the guy, in terms of PR, the chain of events went something like this:

-Blogger complains about AA's crappy web design, company looks bad.
-AA employee provides a thoughtful response, company looks good!
-AA fires employee, company looks monolithic and vengeful.
posted by evidenceofabsence at 11:41 AM on November 17, 2009


Cite! (This was the first google hit.)

I don't have my ISC2 study guide handy to read out the page and paragraph, but I sat for the exam this year.
posted by Slap*Happy at 11:42 AM on November 17, 2009


"As an FYI, you're not allowed to go snooping into your employee's email, even on your own server. You need Law Enforcement involved if you do... but not a lot of info-sec people know that (tho it's on the CISSP exam.) If he wants his job back, or a hefty chunk of his yearly take-home as a parting gift, he pretty much has it if he's lawyered up.... but not a lot of employees know that, either."
posted by Slap*Happy

Remember that waiver they had you sign that "eliminated any expectation that information or communications on company computers are confidential and that acknowledges the employer's right to access company computers at any time to review and monitor the contents."

Hm.
posted by HopperFan at 11:42 AM on November 17, 2009


Slap*Happy, your cite refers to 3rd party text and emails, sent from a Blackberry, for example.

We're assuming he sent this email from his workstation, though. Who knows.
posted by HopperFan at 11:45 AM on November 17, 2009


Cite! (This was the first google hit.)

The linked article states: "E-mails, text messages are private when a third party owns the data, says court."

So, if you keep your company e-mails on internal company servers, I assume you can still read your employee e-mails.

Companies are permitted to monitor voice calls, faxes, etc., since they own the internal systems.
posted by ericb at 11:49 AM on November 17, 2009


-AA fires employee, company looks monolithic and vengeful.

Welcome to Corporate America, Inc. Matter of fact, welcome to America. I don't think they've ever kept me on at a company where I dissed management, however incompetent they were. If there is one thing that people are competent about, it's firing. Lowest hanging fruit and they feel like they did some good in an expeditious manner. An internal cover-up for the remaining 99% of shit they'll never get right.

In retrospect, I worked 8 years as a consultant for companies just like AA, with arcane internal policies, politics, agendas and so on. Nothing could be more detrimental to the creative soul than working for a company whose internet strategy is based on doing as much/little as they can without being fired. Whether it's a two-person team or two hundred. If you find yourself in that position, look for another job and get out as soon as you can, no matter how much they're currently paying you.
posted by jsavimbi at 11:50 AM on November 17, 2009 [3 favorites]


"While the practice might seem like an invasion of privacy to employees, under most circumstances an employer can monitor employee Internet activity, including e-mails, browsing histories and downloaded files. When many employees are first hired by a company, they are presented with an employee handbook which details their rights and obligations while on company time. Many of these handbooks written or updated after the advent of the Internet specifically mention a "no expectation of privacy" policy when using company-owned computers, servers and printers. "No expectation of privacy" means just that; employees cannot and should not assume their electronic communications will not be examined by their employers at some point in history.

This does not mean that employers have the right to monitor employee Internet activity outside of the work environment, nor can they compel employees to produce e-mails composed on private e-mail providers such as Yahoo or Hotmail. The company legally owns all of the electronic equipment necessary to create and store e-mails on their own servers. It can also examine the caches and browsing histories of all company-owned computers. Some employers can even install special software designed to monitor employee Internet activity in real time from a remote location.

There is a difference between confidentiality and privacy where electronic communications at the workplace are concerned. The employee handbook may say there is no expectation of privacy, but there could be an expectation of confidentiality. In a typical scenario, an employer could discover an email containing very derogatory comments about an employee's supervisor. The employer most likely would not make the contents of that e-mail public, but he or she may decide to call the employee into his office to discuss the situation which prompted the e-mail. The information gathered when employers monitor employee Internet activity is considered to be the property of the company, but most employers realize that some communications are more sensitive than others."*
posted by ericb at 11:52 AM on November 17, 2009


Dustin Curtis is 8,245 days old and he thinks that American Airlines' problems are largely due to the fact that not enough people in the organisation have taste.

I have worked in a huge corporation for about a decade now, or perhaps Dustin would prefer 'more than 3650 days'. I work in what used to be called the 'change' department. I have not found one person who thinks that they are stopping progress because progress needs to be stopped. Every single person thinks they are fighting the good fight and standing up for standards that are self-evident. All 3 or 30 or 300 people who have an opinion on any change you may wish to implement are good people who want to do their best. Having the idea is the easy part. Mr X points this out quite gracefully in his mail - it's something Dustin Curtis might find himself reflecting upon later.

(I agree that Mr X was careless or naive to send from his work mail. I don't think he deserves his fate, but I do think he might have seen it coming)
posted by calico at 12:01 PM on November 17, 2009 [1 favorite]


Some time ago I consulted for a movie company, what was their big hit? Some thing like Star Battles or Planet Wars, I can't remember exactly.

In a particular instance, their home-brew advanced-science-project development hadn't worked right, and a single senior art director had executed a particularly well-reviewed effect by himself, frame-by-frame, using a program that costs about $200 for the entry level version. It's probably on your computer right now.

The making-of DVD showed some of the sexier bespoke tools being used, not mentioning that they hadn't produced any of the final material that way. (Makings-of ,BTW, are entertainment too: there is no legal requirement for accuracy or completeness.)

Wouldn't THAT little expose have made a great post for my blog, if I had one? Well, no, and I mean really, NO! I would have violated a non-disclosure, as well a Court Ordered Seal of Confidentiality, but the worst would have been to have betrayed my coworkers, and the bond all of the external consultants on this had formed. Those other consultants have given me a bunch of interesting projects since then -- it would have had to have been one hell of a timeless blog entry for that to make sense.
posted by StickyCarpet at 12:07 PM on November 17, 2009 [4 favorites]


As an FYI, you're not allowed to go snooping into your employee's email, even on your own server. You need Law Enforcement involved if you do
posted by Slap*Happy at 10:19 AM on November 17 [+] [!]

Are you sure because our company says they can in their 'sign here to agree to all of our policies".
posted by stormpooper at 12:07 PM on November 17, 2009


I'm late to the party, but:

Nobody wants to do anything that might rock the boat and cost them their job, so momentum-saving patchwork is always preferred to long-view improvement. This is why COBOL programmers are still making money.

Yeah, you're wrong. Organizations that use COBOL today are, largely, using COBOL for mission-critical systems that have been working for long periods of time. They probably cannot afford to break whatever they're using it for, and given it already works, it's very difficult (and perhaps asinine) to risk causing problems by replacing tried-and-tested engineering you've already got in place. It might take an extremely long time to migrate off of COBOL, and this stuff is hard to justify once you're talking about some kind of system that could sink your company if the rewrite doesn't go well. Rewrite is a four-letter word.

The downside is that COBOL engineers are getting harder to come by. It's not glamorous, and it's not easy. It ain't web_UI_framework_of_the_week. Given that no one is beating down a COBOL programmer's door with fame and blowjobs, no one wants to go into COBOL work, or even learn the language. But these engineers are Very Fucking Important to a lot of companies because what they do is, at this point, specialized.

That is why COBOL programmers are still making money.
posted by secret about box at 12:24 PM on November 17, 2009 [4 favorites]


You should stop, stand back, and investigate an issue before trying to find a loophole in an old news blurb.

It's on page 860 and 861 of the 4th edition of Shon Harris' exam guide, and was rammed home pretty heavily at the training course I attended (they went further than she did in letting us know this was a no-go). I did not spend a week of my life in a cheap motel in East Nowheresville for the damn bootcamp to blow a gimme question like that.*

It's much harder to go through employee email these days, a legal minefield requiring so much due care almost no organization will be able to meet the criteria in which it's allowed. In nearly every instance, it's not worth the bother, especially for something so petty. If it's really serious, involving theft or something worse, get the fuzz involved.

( *The answers were something like:

a) The Magna Carta
b) Ringo Star's Real First Name
c) ice cream tastes good
d) an organization shouldn't go through an employee's email on the server.

It was setting me up for a series of questions requiring telepathic and time travel abilities to answer, phrased in klingon.)
posted by Slap*Happy at 12:33 PM on November 17, 2009


It may be just me, but the font used on much of Mr. Curtis's site renders horribly on my computer. Much like the crappy text on the new (and much maligned) Salon.com.
posted by TedW at 12:45 PM on November 17, 2009


We pick airlines, really, on one big criteria. 1) Can I get a nonstop?

The last time I tried to fly to the US with American Airlines, they ended up sending me to Paris instead, and subjected me to a big dose of French "service". That was a bit unexpected, and I've avoided them since then.

As for the "problems" with the site, I'm not sure I get it. There's a big "book flights" thing in the center of the screen that looks exactly like the booking thing on every other travel site I've ever used, and it did what I expected. Maybe they're showing a different site to us Europeans?
posted by effbot at 12:48 PM on November 17, 2009


It's on page 860 and 861 of the 4th edition of Shon Harris' exam guide

Personally, I don't see page numbers in an exam guide written by a non-lawyer as indicative of legal reality any more than an "old news blurb." If she has citations to legal sources on page 860 and 861, perhaps you could share them. Otherwise truth by her assertion is no better than truth by your assertion.
posted by grouse at 12:48 PM on November 17, 2009 [1 favorite]


It's on page 860 and 861 of the 4th edition of Shon Harris' exam guide

I pulled out my own copy of the Gold Book after your first post, and what I found was that companies need to explicitly state in their security policy (and preferably through constant refresher training) that they may monitor all communications. I found it under "privacy" in the index of my edition. To what are you referring with pgs. 860-61?

My own boot camp was interesting because we were continually finding places where Shon Harris' guide was simply wrong. One of the participants in the boot camp was actually a former NSA cryptographer, and kept pointing out how the summary of cryptography was incorrect in the details. I kept finding little mistakes in the Access Control segment since I was at the time working with an Access Control product. Likewise other experts in their areas in our boot camp.

The thing about CISSP is that it's a good survey of a broad range of topics in information security, and learning it all is beneficial if you don't know it yet. It's an excellent introduction to a range of areas. But like all introductions, it sacrifices detailed accuracy and offers dogmatic positions for comprehensiveness and accessibility. I'm sure you'll remember this one, which got drilled into us repeatedly:

What's most critical to the success of implementing X (X = new security system, new policy, etc.)

1. Careful planning of scope.
2. Sufficient budget.
3. Thorough cost/benefit analysis as part of a risk mitigation strategy.
4. The support of upper management.

Anytime you see something about the support of upper management, that's the answer because CISSP is dogmatic on the need for anything to be actually supported by upper management. Every project is doomed to failure without full buy-in by upper management. A large part of our boot camp was just being told "this is the CISSP answer to this question."
posted by fatbird at 12:56 PM on November 17, 2009 [4 favorites]


I'm not reading through this whole thread but this is old news. This whole thing took place in the spring. I looked at the AA website today and outside of some promotional clutter it doesn't look much different than what Dustin was proposing. Maybe they took his advice after all.
posted by Xurando at 1:02 PM on November 17, 2009


Nobody wants to do anything that might rock the boat and cost them their job, so momentum-saving patchwork is always preferred to long-view improvement. This is why COBOL programmers are still making money.

Yeah, you're wrong.


Mikey-san, you say "you're wrong" but then go on to present a case wherein legacy COBOL systems are maintained because of their momentum, and due to the high cost and risk associated with changing for little to no short-term benefit. You also lay out why this is a bad long-term move, as those systems and programmers are getting more scarce and more expensive.

I admit I pulled the COBOL example out of my ass, as an example of "the way we have done things for the last 40 years, we can't change that", but your example actually supports exactly the kind of risk-averse, short-view, patch-it-for-now-and-move-on sort of approach I was talking about.

Unless you really think these companies would be proud to be running 1972 COBOL systems come 2020. If I reveal that... I'm fired, too.
posted by rokusan at 1:10 PM on November 17, 2009 [1 favorite]


(Understand, I'm a fan of don't fix what ain't broken, but the topic is why change is so painfully hard and slow to implement, even when it's desired.)
posted by rokusan at 1:16 PM on November 17, 2009


I looked at the AA website today and outside of some promotional clutter it doesn't look much different than what Dustin was proposing. Maybe they took his advice after all.

Huh? Are we looking at the same site? As far as I can tell aa.com has looked approximately the same for at least 3 years.

BTW, talking about design fail, Mr. Curtis, I don't think it's very good "UX" to link what looks like thumbnails of four screenshots to a single screen.
posted by kmz at 1:19 PM on November 17, 2009 [3 favorites]


Argh. Meant to add, aa.com doesn't look anything like the proposed redesign. I also meant to link the same page for "single screen".
posted by kmz at 1:20 PM on November 17, 2009


So, a cite's not a cite, right? Outta sight! Never saw goalposts with dual turbos and an intercooler before. Boy them suckers can move...

OK. Harken back to your bootcamp. Scope! Time! Cost! (This is called a quality triangle.) Snooping on email takes a ton of time and money in legal and training costs with no guarantee of legal vindication. Don't do it. Put the disclaimers in place in case you accidentally do, and don't take action on any accidental disclosures (from earlier in that part of the training).

Don't get me wrong, you can do it, and some organizations do find it essential to take the time and effort (due care!) to make sure they're compliant (investment banks, companies that design nuclear ray guns for the coast guard, etc). The web design department of an airline probably doesn't. (Calculate the ALE of someone blabbing interesting but inconsequential information to a blog. Now calculate the ALE of a jury deciding they don't like paying luggage fees to the airline when an employee sues.)

Is everyone done calling me a fool or a liar? Cuz' I'm getting tired of doing alla you's homework for you.

I get the impression there are a few mail admins following this who may need to modernize their policy, now...
posted by Slap*Happy at 1:21 PM on November 17, 2009


As for the AA experience, how's this fodder for strong ambivalent emotions:

I arrive at the airport absurdly late, but am able to recruit an AA agent at the airport as my personal saviour, and damn! but did she move heaven and earth to get me to the loading gate on time. By on time, I mean at 10:09 AM, and the AA confirmation letter that I have in my hand says I must be there no later than 10:10 AM.

But they won't let me board, even as I hold the letter saying 10:09 right up to their clock saying 10:10. The missed flight caused an overnight delay, an extra connecting flight, and a hotel stay on the other end for my pickup ride. Since I had a full day with nothing better to do than pursue my grievance to ever higher levels of management on the phone, a detailed investigation was conducted, and the conclusion was that without their employee to get me to the gate on time I would have been late anyway, so I should just suck it up.
posted by StickyCarpet at 1:21 PM on November 17, 2009 [1 favorite]


I have to say, nobody looks very good here. Not Dustin with his naive arrogance and snotty hyperbole ("abusive to the customers?" Seriously?) Not Mr. X, whose explanation and optimism would have been helpful if it weren't prefaced with two paragraphs of "You're right, our company sucks." Not AA, which took a perfectly reasonable approach in firing Mr. X for violating his non-disclosure agreement but nevertheless looks like the stereotypical Bad Guy Corporation with one finger hovering over the Independent Thought Alarm button.

(I also have to say that the mockup redesign kind of looks like one of those generic typosquatting sites, that very few people would think to type something like "next thursday to 6/18," and that you'd be crazy to get rid of that little calendar that you can click on to figure out your desired flight dates.)
posted by Metroid Baby at 1:25 PM on November 17, 2009 [5 favorites]


I'm 'thirding' joshwa's link above and his conclusion:

the web will still be full of arrogant, uninformed, polarizing, self-promoting, controversy-creating content that has ramifications no one wants to own up to. And consequently, the web will still be lacking in common courtesy, humility, and the admittance that most of us don’t know best. Which is sad, mostly because it’s true.

Thanks to Mr.X, I'll be more understanding about big company site design.
Mr. X - you are like Jesus of Design. Dustin is Judas. And AA the Romans.
posted by astrobiophysican at 1:30 PM on November 17, 2009


letter saying 10:09 right up to their clock saying 10:10 reverse those numbers, of course.
posted by StickyCarpet at 1:31 PM on November 17, 2009


you say "you're wrong" but then go on to present a case wherein legacy COBOL systems are maintained because of their momentum

That isn't what I did, but you seem to be arguing your perspective rather than considering real engineering concerns. What I'm saying is that you don't just throw things away that work. If you find a problem, you evaluate the consequences of fixing vs not fixing + replacing. Sometimes one wins, sometimes the other. Legacy isn't a dirty word unless you make it one.

When you see a system in place for 20 years and say, "These people should be migrating! They're so awful for thinking about their own jobs and not about the future," you should instead ask, "Most likely, this system has resisted potential replacement projects. Why?" The answers are usually more complicated than "don't rock the boat".

You said complacency and fear of losing one's job is why COBOL programmers make lots of money. That's not an (entirely, universally, at all, pick any you like) accurate statement. S'all I'm saying.
posted by secret about box at 1:33 PM on November 17, 2009 [1 favorite]


On a related note, while AA is dumb for getting rid of one of their clearly concerned UX people, what this guy did was also dumb. He should not have spoken for the company in the way he did, even if he was right. Sure, he was on-point, and his letter didn't point fingers at people in the company operating poorly, but it sets a bad precedent for other, less-enlightened employees.
posted by secret about box at 1:39 PM on November 17, 2009


ugh, "considering concerns"? fuck me, my english teachers would hate me today
posted by secret about box at 1:40 PM on November 17, 2009


So, a cite's not a cite, right? Outta sight! Never saw goalposts with dual turbos and an intercooler before.

Ericb also provided a citation to the opposite opinion, yet you did not find it persuasive. Ericb did not accuse you of moving the goalposts when you pointed this out. So you must be aware that some citations will be persuasive yet others will not. A citation to an exam guide written by a non-lawyer is not persuasive when trying to discover what is legally permissible.

Don't get me wrong, you can do it, and some organizations do find it essential to take the time and effort (due care!) to make sure they're compliant...

That is quite different from your previous categorical assertion that "you're not allowed to go snooping into your employee's email, even on your own server. You need Law Enforcement involved if you do..."

Is everyone done calling me a fool or a liar?

I haven't seen anyone call you a fool or a liar. People have said you are wrong, which is a very different thing.
posted by grouse at 1:43 PM on November 17, 2009 [1 favorite]


Sorry Dustin if you're reading, you come across as a dick


Customer experience is the new brand

I'm not referring to a brand as a logo and a typeface. I'm referring to the new kind of brand, the one is formed by the entire experience of a customer's interaction.


OK, so one could say "Customer experience is the new brand"

I mean, redesigning a corporate website with NO understanding of the history and politics involved is frankly naive.
posted by mattoxic at 1:53 PM on November 17, 2009


I get the impression there are a few mail admins following this who may need to modernize their policy, now...

I like you. You're wrong, but you're going to keep the position and call the other people wrong.
posted by cavalier at 1:57 PM on November 17, 2009 [2 favorites]


Big Brother Employer May Be Watching: Monitoring Employees' Online Communications In The Workplace (including Applicable State and Federal Law, How to Establish a Comprehensive E-mail and Internet Usage Policy, Removing the Expectation of Privacy, Code of Conduct, Training, Awareness, and Enforcement, etc.)
posted by ericb at 2:01 PM on November 17, 2009


The opinion I cited is testable in an industry-accepted accreditation, presented by a top expert in the field, in a book regarded as the best of its kind by every professional I work with, viewable through a direct scan on google books. I really don't have a bigger gun to pull.

I get the feeling I'm being trolled.

That is quite different from your previous categorical assertion...

Yup. I was being trolled. Dammit! Got me good, too.
posted by Slap*Happy at 2:02 PM on November 17, 2009


The opinion I cited is testable in an industry-accepted accreditation

Surprise! An "industry-accepted accreditation" is not the law.
posted by grouse at 2:08 PM on November 17, 2009 [4 favorites]


FindLaw: Developing a Policy to Monitor Employee E-Mail, Voice Mail, And Internet Use.

Duke Law & Technology Review: Monitoring employee e-mail: efficient workplaces vs. Employee privacy.

Employee Monitoring: Is There Privacy in the Workplace?
Is electronic mail private? What about voice mail?

In most cases, no. If an electronic mail (e-mail) system is used at a company, the employer owns it and is allowed to review its contents. Messages sent within the company as well as those that are sent from your terminal to another company or from another company to you can be subject to monitoring by your employer. This includes web-based email accounts such as Yahoo and Hotmail as well as instant messages. The same holds true for voice mail systems. In general, employees should not assume that these activities are not being monitored and are private. Several workplace privacy court cases have been decided in the employer's favor. See for example: Bourke v. Nissan, Smyth v. Pillsbury, Shoars v. Epson
posted by ericb at 2:13 PM on November 17, 2009 [5 favorites]


I get the feeling I'm being trolled.

I think you are being shown cites which counter your statements.
posted by ericb at 2:14 PM on November 17, 2009 [2 favorites]


Entrepreneur: Should You Monitor Employee E-mail?
"It might seem Big Brother-like for you to monitor employee e-mail, but there may be good reasons for doing so. You might suspect an employee is disclosing trade secrets, violating company policy, downloading pornography or harassing another employee via e-mail. Or you may want to make sure that communication with clients is always professional.

The Electronic Communication Privacy Act, also known as the Stored Communications Act, prohibits interception of electronic communications under most circumstances. However, it allows companies to monitor employees' e-mail stored on company-owned servers and in cases when employees consent to employer access to e-mail.

On top of federal law, some state courts have held that employees have a basic expectation of privacy that employers can't violate. 'The most obvious legal concern is making sure you're not setting yourself up for an invasion-of-privacy claim,' says attorney Maureen O'Neill, partner at Paul, Hastings, Jenofsky & Walker in Atlanta. To avoid that, make it clear that company e-mail is not private communication. 'Set it up so the employees have no expectation of privacy.'

O'Neill notes that a simple, practical way to do that is to put a notice on the login screen that the system is the property of the employer, and that by logging on to the employer's system, employees agree that any e-mail communications and web use may be monitored by the employer. Likewise, include a similar notice in the employee handbook."
posted by ericb at 2:18 PM on November 17, 2009


Cites from 2003 and 2006, when the very first link I cited was from a 2008 ruling that changed a lot of thinking on the topic, as reinforced by the second cite. OK, I gotta wrap this up and catch the train. You kids have fun.
posted by Slap*Happy at 2:30 PM on November 17, 2009


Man, why are some methods and tones of argument just so unbelievably irritating?
posted by kmz at 2:36 PM on November 17, 2009 [1 favorite]


Cites from 2003 and 2006, when the very first link I cited was from a 2008 ruling that changed a lot of thinking on the topic...

One case (which you cited and only applies to text messaging) does not supercede and cancel previous case law. I have been the co-founder of 4 technology companies. Trust me we currently monitor employee communications and have actually had to fire one person due to a violation of trade and corporate secrets.
posted by ericb at 2:43 PM on November 17, 2009


"...does not supercede and cancel all previous case law..."
posted by ericb at 2:46 PM on November 17, 2009


If it's so illegal to read employee email, you've got to wonder why there's such a huge market in tools to do just that.
posted by robertc at 2:56 PM on November 17, 2009 [1 favorite]


Cites from 2003 and 2006...

I suggest reading the Privacy Rights Clearinghouse's comprehensive guide on current (2009) Employee Monitoring (to which I linked above).

I also suggest you visit The National Workrights Institute's Electronic Monitoring in the Workplace. It provides current information and cites relevant case law for the very topic of e-mail monitoring.
posted by ericb at 3:02 PM on November 17, 2009 [1 favorite]


I'm can't believe this email thing is still under debate when even if you couldn't read the emails themselves, keylogging in the workplace is still legal and very much in practice from what I've been coming across.
posted by june made him a gemini at 3:16 PM on November 17, 2009


Slap*Happy, here's how you do this:

"Oh, sorry, I was wrong. It isn't illegal in the US for employers to read emails on company machines/servers, and they don't have to have law enforcement personnel with them when they do that. I guess I was misled by the study guide I used for the CISSP exam, which suggested that that was the case."
posted by Sidhedevil at 3:21 PM on November 17, 2009 [6 favorites]



In peripheral outrage, I must ask WTF is THIS?
That's.... wow. That.
posted by Bageena at 3:33 PM on November 17, 2009


I'm hazy on this because it's been a few years since I had to dig into Sarbanes-Oxley stuff, but I am pretty sure that NASD 3010 requires public/NASD-member companies to sample and review a percentage of employee email for compliance purposes. SEC/FINRA 17a3 and a4 may also require it, too? I now work in the network security/IA realm, and I wouldn't put any real faith in the accuracy of the questions/answers of any of our certifications. :/
posted by jenh at 3:39 PM on November 17, 2009


Slap*Happy, I'm sure you're a nice guy, but you have the definition of trolling messed up. See, if we refute your position politely, and you keep sticking to it anyway, because your CISSP book says so - well, that's a troll.

If you want a recent case, fine, here's one. (IANAL)

Plaintiff: Kevin Sporer

Defendant: UAL Corporation
Filed: June 6, 2008
Court: California Northern District Court

In Kevin's case, someone sent an email to him at work, and "The trial court noted that the e-mail 'contained a pornographic movie of a woman orally copulating a man in various acrobatic positions.'" No problem, yet.

"Sporer then sent this e-mail from his work computer, over United’s server, to his personal e-mail account...

A few minutes after transmitting the email to his personal e-mail account, Sporer emailed his friend that sent the e-mail: “Thank you for the spiritual lift. However, I need you to use my home E-mail address…. Apparently United Air Lines, Inc. has a strict computer security policy and these babies will get me fired.”

During a routine audit (yes, employers actually do this), United’s Information Security department came across the pornographic e-mail Sporer sent to his personal e-mail account, which eventually resulted in Sporer’s discharge for violating United’s e-mail policy."

You can read more about why the court upheld Sporer's firing here.

I assume you work in some kind of position that requires infosec knowledge, great. I would not advise that you give legal advice of any kind to upper management.
posted by HopperFan at 3:43 PM on November 17, 2009 [4 favorites]


While it may be grounds for termination, it's not actually that unusual for people to bitch about their employers on the web. People leak internal stuff to valleywag all the time, for example.
posted by delmoi at 3:51 PM on November 17, 2009


The commonly accepted definition of troll in this context is here.
posted by bearwife at 3:52 PM on November 17, 2009


Do we have a term for someone who sticks to their disproved position like a buffoon?
posted by HopperFan at 4:08 PM on November 17, 2009


fear of losing one's job is why COBOL programmers make lots of money. That's not an entirely... accurate statement. S'all I'm saying.

Fair enough. I spoke too loosely. Again, I think I actually agree with your points.

There are many reasons "old" systems are kept in place, some wise and some foolish. The one of interest to me here was a painful one, one that echoes what Mr X wrote about: a decisionmaking paralysis common in large corporations full of individuals with nothing to gain and a lot to lose from risk-taking.

One side effect of this is that hiring experts in "old" systems to keep things going "for now" is a cheap short-term choice that nobody really questions, but that same approach stretched long term can approach a point which these people and that process is more expensive than progress might be. But... nobody ever got fired for keeping the trains running, right?

Anyway, it's a small side point I probably didn't need to tack on, and I didn't mean to derail with it. I scribbled it broadly. I thought it would be illustrative, that's all.

I have nothing but the highest respect for the graybeard wizards of COBOL.

Please don't empty my bank account?
posted by rokusan at 4:15 PM on November 17, 2009


jenh, it's not public companies altogether facing a requirement, just those with impositions from HIPAA and FINRA (ex NASD), and to an extent, Gramm-Leach-Bliley. That being the case, the justification of emails being company property is well estabished; many do it to build their termination cases with the slavish cooperation of HR and IT.
posted by nj_subgenius at 4:17 PM on November 17, 2009


This sounds like an incident where a management, already afraid of shareholders, worried that an announcement like this would affect the stock price, and their ability to raise money to stay afloat.

Since 1982 they have not stood up in their own name. They are listed on the NYSE as AMR Corporation. I expect there is a stock price mania running throughout their management, and any doubt makes tens of thousands of people fear for their jobs.
posted by niccolo at 4:32 PM on November 17, 2009


This sort of thing is why businesses are out of touch with their customers.

I mean, the designer basically got fired for having the temerity to communicate with a customer. In theory, I suppose, the complaint should have been forwarded to PR, who would have undoubtedly fired off a form letter of apology in some way. The designer would have probably never knew about the complaint, the customer would never have heard about the potentially good reasons the site was the way it was, and nothing positive would be accomplished. Hell, I doubt the customer would have even had more respect for the company that way - everyone hates being form letter recipient #4239 and it's usually pretty obvious when that happens (which is usually all of the time when dealing with a large corporation.)

It's a loss for honest communication and win for useless PR doublespeak.
posted by Mitrovarr at 4:35 PM on November 17, 2009 [3 favorites]


Do we have a term for someone who sticks to their disproved position like a buffoon?

Yes. Buffoon.
posted by ericb at 4:55 PM on November 17, 2009 [3 favorites]


Slap*Happy, here's how you do this:

Not with that bottle of weak sauce. A pile-on does not a cogent argument make. Unfortunately I'm in a mood to stick to my guns unless there's a convincing argument or some semblance of informed discussion.

If you want a recent case, fine, here's one....

You can read more about why the court upheld Sporer's firing here.


Like this. Well, researched, timely, topical (airline company, no less!), well written, and re-inforces the importance of putting a good user-awareness policy in place. It also offers this link, which is good, and offers a counterpoint where the employer did not prevail, while discussing recent case law.

My response is a favorite, and a note that the linked article implies that this isn't a cut-and-dried issue, and that serious risks exist for going through employee email, depending on the situation.

I would not advise that you give legal advice of any kind to upper management.

And then you went and wrecked an awesome post with a straw-man. No favorite for you. Well, OK, it was a great link, and I'm going to send it to my instructor, maybe just one favorite.
posted by Slap*Happy at 5:04 PM on November 17, 2009


Slap*Happy: The case you cited above involves text messages. If you research further you will note:
“….Nevertheless, the City had an unofficial policy concerning pagers: When an employee exceeded the number of characters allotted to him or her by the contract with the service provider, the employee would simply pay the City for the overage. Sergeant Quon was aware of this policy and in fact had paid such charges several times. Tired of acting as a ‘bill collector,’ the officer in charge of this procedure conducted an audit that revealed Sergeant Quon's personal use of the texting feature and his often sexually explicit language when using that feature.

Sergeant Quon and others with whom he had texted sued the service provider, the City, the Police Department, and the Police Chief for invasion of constitutional privacy and related claims. The Ninth Circuit held that users of text messaging generally did not have a reasonable expectation of privacy to the phone numbers used to send the messages. These numbers were analogous to an address on the outside of an envelope, which is not protected by privacy. Users also do not have a reasonable expectation that the intended recipient of those messages will keep the content of the messages private. But there generally is a reasonable expectation of privacy in the content of the text messages against secret searches from the employer.

The court nevertheless left a large window open whereby this expectation of privacy may be diminished and employers may continue to monitor their employees' electronic communications. A principle predating this decision holds that so long as employees are put on notice that they are subject to searches of electronic communications conducted on company equipment, employers may conduct such searches. The court in Quon v. Arch Wireless Operating Company did not change that principle. It noted that had the City not exercised the unofficial policy of accepting payments for overage, its actions would not have constituted an invasion of privacy. Notably, its ‘Computer Usage, Internet and E-mail Policy’ and staff meeting would have been sufficient for putting Sergeant Quon on notice that he could not expect his communications to be confidential. The unofficial policy, however, belied the official policy and obstructed whatever notice Sergeant Quon may have had of the possibility of the search.

Employers should articulate official policies that alert their employees about the proper usage of computers and associated equipment and the employer's right to monitor all usage. But Quon v. Arch Wireless Operating Company shows that diligence cannot stop there. Employers must effectively communicate these policies to their employees and not undermine them by the reality of their practices. Mere technicalities—such as whether this reality is driven by an official or final policymaker—will not save employers from liability because courts will examine the ‘operational reality’ of the workplace to make their determinations.”
Let me repeat: "A principle predating this decision holds that so long as employees are put on notice that they are subject to searches of electronic communications conducted on company equipment, employers may conduct such searches. The court in Quon v. Arch Wireless Operating Company did not change that principle."
posted by ericb at 5:16 PM on November 17, 2009


Source/cite for the above: Labor Employment Law Blog.
posted by ericb at 5:19 PM on November 17, 2009


Not with that bottle of weak sauce

Holy fuck, you're being stupid. Let it go. You're wrong. LET IT GO.

I'm sorry your study guide misled you, and glad for you that its errors didn't result in your failing your exam, but it's wrong and you're wrong.
posted by Sidhedevil at 5:22 PM on November 17, 2009


Newsweek | July 7-14, 2008:
"In the Ninth Circuit case, the issue wasn't e-mail but text messaging. Ontario, Calif., Police Sgt. Jeff Quon sued the department and Arch Wireless, which provided service to his work-issued pager, after learning his superiors had read personal text messages he'd sent from the device, including some racy missives to his wife....Key among the many issues in the case was whether Arch Wireless violated Quon's rights by handing over the text messages to his superiors. Typically, employers have the right to access communications sent through their servers, as is usually the case with e-mail. In contrast, a user must grant permission for anyone to access electronic communications like text messages that typically are stored only temporarily, for backup purposes, by so-called third-party messaging services. The panel of judges from the Ninth Circuit, a liberal court whose jurisdiction includes California, ruled that Quon's texts—and ostensibly millions of other messages from millions of other users—are protected from employers' prying eyes."
Text messages stored on third-party servers: off limits to your employer.

E-mail messages sent to/from and stored on company-owned severs: your employer has every right to them.
posted by ericb at 5:35 PM on November 17, 2009


And that's all she wrote.
posted by june made him a gemini at 5:38 PM on November 17, 2009


It doesn't matter that this guy cared about what he does and made a rational response (arguably). As a large company, you don't really want every lowly technician feeling free to engage the enemy in debate on the Internet. Imagine if the guy had written back, "oh, yeah, numb-nuts, AA eats pieces of shit like you for breakfast, so eat a bucket of cocks."

Or even, you know, something the guy thought to be true, but wasn't really in line with what corporate's message is. How about "sorry, man, but we're trying to prioritize low ticket cost, so I can't always get the funding I need" the day before a big ad campaign starts saying "customer experience is number one!" That's why external communications should go through the PR officer. At the very least he should have written his email and sent it to PR first to ask if it was ok to send out. They may even have said yes (or edited out the critical parts).

I get that some companies are trying to encourage employees to blog and whatnot. I'm not sure why, though. Seems like a lot more potential for a embarrassing situation to come out of that than a good one.
posted by ctmf at 5:54 PM on November 17, 2009 [1 favorite]


A firing seems excessive, though. I usually turns out when that seems the case that it wasn't the victim's first run-in with The Man at that company.
posted by ctmf at 5:58 PM on November 17, 2009


BlackAtlas.com just seems odd.

Not odd at all. Just fodder for Stormfront to be able to complain about how if that was whiteatlas.com people would be screaming racism.

From the view of the marketer - an attempt to establish a connection to a market. Marketers are willing to use spam - so something like blackatlas.com is a step up for 'em.
posted by rough ashlar at 6:15 PM on November 17, 2009 [1 favorite]


CITATIONS
posted by boo_radley at 6:18 PM on November 17, 2009


Holy fuck, you're being stupid. Let it go. You're wrong. LET IT GO.


The intensity of pushback and insistence on absolutism and conformity to a consensus view on this issue is surprising and enraging. It escalated immediately into an ill-informed pile-on. The study guide is not wrong, if you bother to read it, in that it gives much the same advice as in the links provided by HopperFan - you are at risk when searching employee email, so be damn careful how, when and why. What may be in error, or at the very least contention, is the further training from other sources, which advised a LEO-only approach to searching email.

Now, if we were having a good conversation on the topic, someone wold bring up the NLRB and it's threatened involvement in delegitimizing employer-control over employee communication wrt email. But holy fuck, I'm being stupid. So I'll let it go.
posted by Slap*Happy at 6:25 PM on November 17, 2009


Just in case anyone is wondering, Slap Happy is wrong and you should probably write all work email as if your boss is going to read it.
posted by Artw at 6:39 PM on November 17, 2009


I love it. He's still holding on to it. He's going to be such a good CISIPSISPS.
posted by cavalier at 6:44 PM on November 17, 2009 [1 favorite]


"The study guide is not wrong, if you bother to read it, in that it gives much the same advice as in the links provided by HopperFan - you are at risk when searching employee email, so be damn careful how, when and why."

I can't really disagree with you there - it seems like an issue that's still being hashed out in the courts. That doesn't seem to jibe with what you said at first, though. I've never heard of an instance where law enforcement was required to be in attendance.

Also, I don't think my comment about not giving legal advice is a strawman. Once it gets to the level of disciplining/firing an employee, it's out of our (IT) realm. We're not the arbiters of what access to give in this case. It seems, from other comments about the CISSP, that it confirms this - everything must be cleared with upper management.

In my experience, we've always run any access requests of this sort by company lawyers, and they've cleared it, based on our company policy and subsequent reminders of said policy. No po-leece around.

And when you refer back to that other case, the one that "offers a counterpoint where the employer did not prevail," that's a whole different scenario. I actually think that's kind of a strawman, because it's not talking about company emails stored on a company server, it's in reference to emails that the plantiff sent from a work laptop, but using Yahoo - and they only got the content of the emails by doing some forensics on the drive.
posted by HopperFan at 6:52 PM on November 17, 2009


I'm puzzled by the redesign - it appears to be some pretty empty Web2.0-lite shuffling about, and doesn't seem to address how you;d go about the broad range of tasks you'd want to carry out.

Yeah. I found it super-weak as well. I mean, just a bunch of white space plus some bigger fonts. Very 'google-ish' except with bigger fonts. The whole thing seemed unstructured very bland.
posted by delmoi at 6:54 PM on November 17, 2009


Presumably if your monitor is too small or you're using IE6 or whatever it displays a message telling you to go buy a mac.
posted by Artw at 7:12 PM on November 17, 2009


Position 1: As an FYI, you're not allowed to go snooping into your employee's email, even on your own server. You need Law Enforcement involved if you do...

That got softer to read:

Position 2: It's much harder to go through employee email these days, a legal minefield requiring so much due care almost no organization will be able to meet the criteria in which it's allowed. In nearly every instance, it's not worth the bother, especially for something so petty.

Then, an actual cite. Which says, much in line with everybody else in this thread: "If a company feels it necessary to monitor e-mail messages and usage, this must be explained to the employees, first through a security policy and then through a constant reminder such as a computer banner or regular training". No mention of law enforcement, or being "not allowed". The closest it gets to risk is to say "[if a company hasn't warned staff about monitoring then a terminated] employee could win the suit and receive a large chunk of money.

Position 3: Don't get me wrong, you can do it, and some organizations do find it essential to take the time and effort

That "time and effort" amounts to, according to your cite, warning employees that they're going to be monitored.

The study guide is not wrong, if you bother to read it, in that it gives much the same advice as in the links provided by HopperFan - you are at risk when searching employee email, so be damn careful how, when and why.

No, the study guide is not wrong. It says the same things as everybody else. What it doesn't do is back up Position 1, because that's not true. It does suggest there are potential risks, but not nearly as strenuously as positions 2 or 3 would imply. It doesn't even say that any employees have won any of these suits, and I can't find examples of any who have.

It's position 1 that everyone was pushing back against because it's wrong to say they're not allowed to go snooping, and it's wrong to say that all Mr X has to do to get his job back is call a lawyer. Position 2 is also wrong (there's no minefield, just potential exposure). Position 3 suggests that the efforts involved are huge, when they're not, they amount to proper disclaimers.

It's not a traditional pile-on here, because this isn't a matter of opinion. Your facts seem to be wrong, and the only evidence you've given doesn't support your positions. I know it seems like we're being idiots indulging in groupthink who want to enrage you, but if we are all wrong, there should be more cites than this, because employers not being allowed to search their own email servers is a damn big deal, and there'd be a whole lotta linking going on.
posted by bonaldi at 7:15 PM on November 17, 2009 [4 favorites]


This thread went in a weird direction.
posted by Bageena at 8:25 PM on November 17, 2009 [2 favorites]


This thread went in a weird direction.

I know, hey? It's like when you're flying from New York to L.A. and the idiots at American Airlines decide to route you through Minneapolis AND Houston.
posted by rokusan at 9:16 PM on November 17, 2009 [2 favorites]


joshwa++ for that blog post. Mr. Curtis is anything but courteous and his posts leave a bad taste in my mouth. The AA employee was a fool to let him publish the email exchange, too. Part of me wonders if the AA employee actually gave a green light to publish it or was just too vague and wishy-washy with his "no" answer. :( Has anyone actually found a published statement by the AA employee? Do we have his side on this?

Oh and hey Slap*Happy I once worked in a call center monitoring my coworkers in every way possible. I listened to what they said on the phone, watched what was on their computer screens during the call, and read any and all text they wrote. Believe me: it is very possible and legal to snoop on employees in the US of A, whether it's email or anything else. You can sign away all sorts of rights with that contract they put in front of you on day 1. If you have concerns about snooping on people's mail at your job, then by all means insist that corporate council back you up in writing, but I suggest you do that early on and not when $BOSS walks in with the request to pull $COWORKER's mail. Oh, and before you ask: yes, they snooped on me, too. If I had snooped on somebody not on my schedule of to-be-snooped-on employees without a really good reason1 I would have caught hell.

Anyway, the point is that if you admin an in-house mail server for a company in the US, I guarantee you there will be snooping and you'll be moving to a new job soon enough if you can't figure out a legal way to do that snooping. Congratulations on getting as far as that exam, but please realize that running a mail system involves a lot of realities that no exam will fully capture, and listen to the people here who are giving you good advice. HopperFan gave the best summary: "I would not advise that you give legal advice of any kind to upper management."

Slap*Happy: I get the impression there are a few mail admins following this who may need to modernize their policy, now...

root@ and postmaster@ go to me for ... a few domains. No. You're in a hole. Stop digging.

1 I did this once when an employee was clearly cheating the company by staying on a call that had failed to hang up properly. Dealing with that individual on that day taught me quite a lot, but that's not a story for this thread.
posted by tarheelcoxn at 9:26 PM on November 17, 2009


I'm wondering if any of the people here who are criticising the redesign have ever be part of a re-design for a large website or if they're just offering their experience-free opinions.
posted by Soupisgoodfood at 10:12 PM on November 17, 2009


There are many reasons "old" systems are kept in place, some wise and some foolish.

See Joel's seminal essay on the wise reasons.

It's a loss for honest communication

Where's the honest communication? It's some random guy with a chip on his shoulder slagging his employer off. Mr. X's worldview may well have only a tangental relationship with reality.

posted by rodgerd at 10:38 PM on November 17, 2009


posts like this illustrate why I have an iphone and never check my gmail or bank statements via the corporate network. solid, golden rule.

it should also be noted that more than one person in the history of mankind has been fired for voicing opinions internally about a website, procedure, etc. - teamplayer can be a cruel term.
posted by krautland at 12:11 AM on November 18, 2009 [1 favorite]


Believe me: it is very possible and legal to snoop on employees in the US of A, whether it's email or anything else.

How important is this?

At the office, I correct people when they say "My computer" to refer to the office computer, because I want them thinking, all the time, that this isn't their computer, the office owns it, everything on it, and everything that passes through it, and for both of our sakes, use it for work and work only.

It's just safer. I dislike that this has to be my position, but it's the only rational one here in the US.
posted by eriko at 7:24 AM on November 18, 2009 [1 favorite]


I'm wondering if any of the people here who are criticising the redesign have ever be part of a re-design for a large website or if they're just offering their experience-free opinions.

Yes, twice. Here's what I learned: there's a reason why experienced people advise you to take an incremental approach, not a monolithic redesign project, even when incremental sounds terribly painful.
posted by dreamyshade at 8:00 AM on November 18, 2009 [1 favorite]


In the USA you have no union power to speak of. You have "freedom of speech" unless and until your speech looks like it might cost someone with power over you money. Your employers treat you as little more than walking property and from the commentary in this thread a good chunk of you not only think this is natural, you actually approve of it.

The opposite of union is division. "Divide and ..." what was that word again?
posted by aeschenkarnos at 8:04 PM on November 18, 2009


"Divide and ..." what was that word again?
conquer.

hardyhar
posted by krautland at 2:21 AM on November 19, 2009


Apparently, "Mr X." is going to write an article on Dustin's site within a week or two, "revealing his true identity".

By the way, I love the AmericanAirlines website, especially the use of whitespace.
posted by lodev at 2:34 AM on November 19, 2009


« Older Autumn   |   Mammograms for some, miniature American flags for... Newer »


This thread has been archived and is closed to new comments