Check out the book "Terry Pratchett: Guilty of Literature". Its a book of critical essays on the writings of comic fantasy author Terry Pratchett. It would be a good way of introducing the class to ideas of literary criticism within the context of SF.

It sounds from what you say that your boss is making this suggestion in a spirit of fairness and helpfulness, and hence you have a good relationship. Normally the best advice over something like this is "consult a lawyer", except that a lawyer is probably going to cost more than the advice is actually worth. There is another issue you don't mention: if you use a company laptop for your own purposes, or take it away with you when you leave the job, then the taxman may view it as a "benefit in kind" and want his percentage. Thats the real reason why most company AUPs forbid personal use of company resources. I suggest drafting a memo saying that the computer will be used 20% for private purposes, and 80% for company purposes (or whatever the right proportion will be) and then claim the company percentage of the price as a business expense. You and the company will jointly own the laptop; you own your data and the company owns theirs. You might even set up separate accounts on it for company use and personal use, just to keep an effective wall between the two. The value of the company share will be depreciated in line with normal company IT equipment (probably linear over a year or two), and if you leave for any reason before that expires you can take the laptop by paying the remaining value of the company share in it. Then you and the boss sign two copies and keep one each. If you do this then the taxman will be happy, your boss will be happy, nobody is paying for anything they don't get, and the position is clear.

From the linked article:

Extreme Associates was the subject of a PBS Frontline documentary entitled "American Porn,"

I suspect this is the real reason they went to prison. You can enjoy your odd habits, as long as you keep them out of sight. Its telling other people about it that is the real crime.

I'd recommend going into testing in a medium or large company. A big product with lots of user interface needs a lot of testing, and a significant part of this testing requires someone to sit at the console and follow a script. So not much software skill is required. This is a pretty boring job, but it gets you in the door.

Then look for ways to do software-like things. Start by writing some of the scripts, based on the requirements. Test groups tend to be small, under-funded and loosely organised, so anyone with brains and gumption will be given responsibility. From there, try to get into writing automated test scripts. This should give you an opportunity to do some real programming, but on a small scale. After that try to migrate to development.

It sounds like this is a knee-jerk reaction to all those "data-loss" stories. Encrypting *everything* is probably the wrong answer. Start by deciding what the goals are. Then look for the answers that meet those goals in the most cost-effective manner. Security is not a product, its an emergent property of the entire system, including the people who use it. If you don't tackle it in a system-wide manner then you haven't a hope.

* Goals: what are you trying to protect? (Confidential data, presumably).

* How might it leak out? (Lost mobile devices, trashed hard drives, posted CDs, angry/corrupt/public-spirited employees all spring to mind).

* Who does the data have to be shared with? Do they have similar polices? Are they enforced?

* How can you prevent leaks? Depends on the problem. Declaring an "everything encrypted" policy probably won't help much, because you can't stop someone bringing their own unencrypted thumb drive in and stuffing data on to it. Also its not cost-effective to encrypt ordinary applications. Its user data you need to encrypt.

So you have to start with an education job. Get the senior management to see that this policy is not going to fix their problem, then show them something more intelligent.

Windows is probably not capable of supporting a complex security policy. But SE Linux might. If you declared that all mobile devices (laptops, thumb drives, PDAs, mobile phones) must not have sensitive data unencrypted, then put a SE-Linux policy in that divides directories into "sensitive" and "unrestricted", and won't let data move from sensitive to unrestricted without passing through an approved encryption process. That will help stop dumb accidents, but it won't stop deliberate leaks, and it won't stop someone writing the key on a post-it note on the CD.

I don't know how to set up something like this in SE-Linux: you are likely to need a guru for that.

I seem to recall that in the US terms of service have been found to define "authorised access" to a computer, and access outside of the TOS is therefore unauthorised. That puts you in direct violation of US anti-cracker laws about unauthorised access to a computer. If more than $5,000 worth of "damage" is caused (including investigation and cleanup costs) then it carries a maximum of 5 years in the pen. If its done for gain (as in this case) then thats 10 years.