In "Distraction" the US government (whats left of it) has software to do this, and it works. But it has been repurposed. Now the idea is to find the borderline crazy guys and spam them with messages saying that is a drug dealing paedophile commie terrorist who needs to be shot. So now has to cope with a steady stream of crazy shooters. Even if survives, they will be too busy dodging the crazies to cause any more trouble.

When we moved to and from the US, we just packed the back-up disks in our luggage (one copy each) and sent the computers with the rest of our stuff in a shipping container. No problems, apart from on the way back when the combination of buggy-board case mechanics, a USB disk and a piece of jewellery managed to combine into a suspicious shape on an X-ray. If you're not happy taking the back-ups with you then just ship them via some other route. The important thing is to make sure that two copies of your data go by separate routes in case one doesn't make it; our stuff in the container was insured, but you can't insure pictures of your son growing up.

Someone didn't go to college enough. Remember: "All models are wrong, but some models are useful." Any model of the future is going to be inaccurate to some degree, maybe a lot. But any model is better than "I just know that...". Even at the worst, it provides a framework for the conversation about the costs and benefits. Besides, sometimes when you plug in the numbers you find that the difference is so great, the debate is over. But you have to run the numbers to get there.

Basically you have to develop a mathematical model of the costs of the current situation, and compare it with a mathematical model of the costs of using tests. As part of this you will have to produce a plan for introducing tests, with the costs for each step itemised. Use the best numbers available, but don't worry if some of those numbers are "best guess". Just don't try to hide the fact. Put both models in a spreadsheet and come up with a number for how long it will take to recoup the initial investment (break even). Don't forget to discount future cash flows. In MBA-speak this is known as a "business case".

So they send up half a dozen flights without problems, but this doesn't prove anything. The ash is not evenly distributed; it appears to be in layers in the atmosphere. If you fly up or down through a layer the exposure is brief and you don't see a problem. But if ATC unknowingly tell an aircraft to fly at the same altitude as a layer of ash then you have a big problem. The bottom line is that a few flights prove nothing. If the risk to a single flight is 1% then you won't see anything, but when you restart aviation aircraft will be dropping out of the sky.

In this case I think that is literally true. The CP laws in the UK have an exemption for those with a legal reason to possess or create the stuff (making a copy counts as "creation"). It was intended for lawyers and policemen who have to handle CP in the course of prosecutions, but it looks to me like it would be pretty trivial to extend it to the normal operation of full body scanners, just by having the home office declare this to be the case.

Besides, a nude image of a child is not necessarily CP. The key word is "indecent", which in this context has its normal dictionary meaning of "not generally acceptable". This means that the context matters as much the image itself. I seem to recall a case where a collection of cuttings from the underwear sections of child clothing catalogues was found to be indecent, even though none of the source catalogues were. Similarly a collection of scanner images made in the normal course of someone's work would be OK, but if some employee excerpted just the images of children then that would probably be indecent.

Of course, IANAL.

Check out the book "Terry Pratchett: Guilty of Literature". Its a book of critical essays on the writings of comic fantasy author Terry Pratchett. It would be a good way of introducing the class to ideas of literary criticism within the context of SF.

It sounds from what you say that your boss is making this suggestion in a spirit of fairness and helpfulness, and hence you have a good relationship. Normally the best advice over something like this is "consult a lawyer", except that a lawyer is probably going to cost more than the advice is actually worth. There is another issue you don't mention: if you use a company laptop for your own purposes, or take it away with you when you leave the job, then the taxman may view it as a "benefit in kind" and want his percentage. Thats the real reason why most company AUPs forbid personal use of company resources. I suggest drafting a memo saying that the computer will be used 20% for private purposes, and 80% for company purposes (or whatever the right proportion will be) and then claim the company percentage of the price as a business expense. You and the company will jointly own the laptop; you own your data and the company owns theirs. You might even set up separate accounts on it for company use and personal use, just to keep an effective wall between the two. The value of the company share will be depreciated in line with normal company IT equipment (probably linear over a year or two), and if you leave for any reason before that expires you can take the laptop by paying the remaining value of the company share in it. Then you and the boss sign two copies and keep one each. If you do this then the taxman will be happy, your boss will be happy, nobody is paying for anything they don't get, and the position is clear.

From the linked article:

Extreme Associates was the subject of a PBS Frontline documentary entitled "American Porn,"

I suspect this is the real reason they went to prison. You can enjoy your odd habits, as long as you keep them out of sight. Its telling other people about it that is the real crime.

I'd recommend going into testing in a medium or large company. A big product with lots of user interface needs a lot of testing, and a significant part of this testing requires someone to sit at the console and follow a script. So not much software skill is required. This is a pretty boring job, but it gets you in the door.

Then look for ways to do software-like things. Start by writing some of the scripts, based on the requirements. Test groups tend to be small, under-funded and loosely organised, so anyone with brains and gumption will be given responsibility. From there, try to get into writing automated test scripts. This should give you an opportunity to do some real programming, but on a small scale. After that try to migrate to development.

It sounds like this is a knee-jerk reaction to all those "data-loss" stories. Encrypting *everything* is probably the wrong answer. Start by deciding what the goals are. Then look for the answers that meet those goals in the most cost-effective manner. Security is not a product, its an emergent property of the entire system, including the people who use it. If you don't tackle it in a system-wide manner then you haven't a hope.

* Goals: what are you trying to protect? (Confidential data, presumably).

* How might it leak out? (Lost mobile devices, trashed hard drives, posted CDs, angry/corrupt/public-spirited employees all spring to mind).

* Who does the data have to be shared with? Do they have similar polices? Are they enforced?

* How can you prevent leaks? Depends on the problem. Declaring an "everything encrypted" policy probably won't help much, because you can't stop someone bringing their own unencrypted thumb drive in and stuffing data on to it. Also its not cost-effective to encrypt ordinary applications. Its user data you need to encrypt.

So you have to start with an education job. Get the senior management to see that this policy is not going to fix their problem, then show them something more intelligent.

Windows is probably not capable of supporting a complex security policy. But SE Linux might. If you declared that all mobile devices (laptops, thumb drives, PDAs, mobile phones) must not have sensitive data unencrypted, then put a SE-Linux policy in that divides directories into "sensitive" and "unrestricted", and won't let data move from sensitive to unrestricted without passing through an approved encryption process. That will help stop dumb accidents, but it won't stop deliberate leaks, and it won't stop someone writing the key on a post-it note on the CD.

I don't know how to set up something like this in SE-Linux: you are likely to need a guru for that.

I seem to recall that in the US terms of service have been found to define "authorised access" to a computer, and access outside of the TOS is therefore unauthorised. That puts you in direct violation of US anti-cracker laws about unauthorised access to a computer. If more than $5,000 worth of "damage" is caused (including investigation and cleanup costs) then it carries a maximum of 5 years in the pen. If its done for gain (as in this case) then thats 10 years.