Wednesday, May 25, 2011

So You've Decided To Die...

Per IBM Social Computing Guidelines: "The postings on this site are my own and don't necessarily represent IBM's positions, strategies or opinions."

What happens when an IBM employee takes disability leave? Although there is some information regarding the process (which is accessible via the IBM intranet, i.e. the "w3") first-hand experience reveals that some subtleties of the process (and the way in which it unfolds) are not documented; one might suppose the reason for the discrepancy is a matter of exposure to the same (i.e. not that many IBM employees wind up on disability leave), though cost and evolution of business processes are probably also a factor.

Some things to note:
  • During the period of wage-replacement by IBM (typically the first six months and also referred to as the "elimination period") the company issues checks just as when an employee is on the payroll full-time (i.e. taxes are deducted and statements are sent)
  • Reimbursement is given for any "time-off" which has accrued when the employee's status changes to long-term disabled
  • If a delay occurs between the time when an employee's short-term disability period ends and an LTD benefit date is specified the health insurance in effect is the plan which would be applicable were the employee to return to work when short-term disability is exhausted; said plan is the plan under which claims are processed until an insurance option which applies to retirees and disabled employees is elected (a grace period of thirty days is afforded for an employee to make an election choice for long-term disability coverage; the period is counted from the time short-term disability ends)
  • The default health insurance option for long-term disabled employees was (as of January 2009) the IBM High Deductible PPO; other choices are available but must be elected
  • Any deductible and out-of-pocket totals which have accumulated before a change in status occurs (e.g. short-term disability to long-term disability) can be carried forward but an explicit request must be made (carry-forward does not occur by default)
  • Discounts and charitable deductions can still be accessed by disabled employees
  • Twelve months after the elimination period ends the definition of disabled is considered to be different (i.e. the definition changes from "one cannot perform the important duties of one's regular job with IBM because of a sickness or injury" to "one cannot perform the important duties of any other gainful occupation for which one is fit by education, training, or experience")
  • Requests for information from IBM HR, MetLife, and the Social Security Administration may require self-reported information for which no instructions are provided by IBM; such requests seem to only occur after the elimination period
Also, what happens when a manager initiates a separation action?
  • One's badge is relinquished (a badge is required for DHL shipping discounts)
  • Remote access (i.e. VPN access) to the w3 is restricted
  • Voluntary separation can occur under the auspices of an Individual Separation Allowance Plan whereby some period of severance and health-insurance continuity is offered
  • At Almaden Research Center the small conference room just astride the entrance (which is furnished with tables, chairs, and a phone) can serve as a forum in which one's manager and a representative from IBM HR attempt to execute IBM's involuntary separation process; attempting to call IBM HR to clarify process (e.g. with respect to pending disability paperwork) can result in security being called for assistance and the call not being completed
What happens when a separation action is attempted while short-term disability paperwork is pending?
  • IBM HR may be unable to answer any questions which specifically pertain to the circumstances
  • Items stored on Global Storage Architecture (GSA) space are subject to deletion and GSA's TSM retention policies (six months as of February 2008)
  • One's Bluepages record may become inaccessible
  • Requests for replacement badges (required for DHL shipping discounts) can be subjected to manager approval
  • Requests regarding restoration of GSA-based materials can be subjected to manager approval
  • ISAP agreement signatures may expire before a disability "return-to-work" date is established

Saturday, February 26, 2011

Lawless Border Region or Federally-Administered Tribal Area? The World of "Enemy Combatants", "Militant Extremists", and "Terrorist Threats"...

Once upon a time it was fashionable to be a samurai on the internet: bushido was the only code one had to live by.  Honor was everything and corporations were held to the same standard as individuals.

Somewhere along the line things changed; the internet became ubiquitous and little more corporate.  Gone were the days of feeling like the internet was a well-worn sweatshirt or a portly uncle.  Although there are now billions of people online and zillions of profit motives there seems to be little attention paid to business "basics": no account "passports", no account security, no particular mindfulness of standards, no promise of satisfaction.  How it's possible that anyone could get away with suggesting that changing one's password regularly might yield some measure of security is beyond reason; how so many otherwise "technology-savvy" individuals could believe such a thing is beyond comprehension.

An introductory survey of fascism leads one to understand how rapid industrialization takes place.  Observing the growth of the internet from the late 90's until today offers a real-world lesson in a fascism of sorts and it's legacy can still be seen today: why are so many sites/start-ups/companies focused on growth at the expense of the experience offered?  Perhaps the fascism has given way to a kleptocracy: once upon a time being at the center of internet power was a function of being literate in code and knowledgeable of engineering arts; these days it seems that being part of the 1% is good enough.

Truth be told: were it not for getting the short end of a security stick over the last two years I would still assume that one can stay high and dry despite the existence of a cesspool.  My experience with a small set of companies (beginning in Fall 2010) is telling...

As a customer since 1999 I had made a few purchases here and there (no more than 5-10 in any given year) and was always pleased with's customer service and vast catalog of products.  At one point I even had an credit card (which I closed for the sake of my credit score) and was able to get a pair of accounts merged as a courtesy.  When got into the MP3 business I used some Pepsi Rewards Points to download a Metallica album (take that Napster!); when cloud computing services became available I installed the command-line tools and created some machine images.  Although I never signed up for's "Prime" service (I don't make enough purchases to make such a decision cost-effective) I had always considered myself to be a model customer.

My account was closed in late September 2010.  As I would later learn such closure is not unheard of and has been known to occur when customers are suspected (though not necessarily proven) to have abused's returns policy.  In my particular case the basis for my account being closed was the account's security having been compromised: a Sony Playstation 3 was somehow ordered and shipped to my home.  Further review of the account history shows a number of gift cards being purchased (more on that under "Paypal") by one "".  I have since learned that such purchases are made for something known as "dropshipping" (using to engage in shipping fee arbitrage).

All of the same wouldn't necessarily be remarkable but the manner in which the events were brought to my attention and they way in which they were resolved is worth noting.  Although it may be hard to believe the actual account closure email message was somehow not delivered.  When the Playstation arrived it became clear that something was wrong but only later would I find out that $1560 worth of charges had been processed (I was not held responsible); discussions with Customer Service (via the listed customer service phone number) regarding the errant shipment resulted in my account being closed but it was only after a dozen or so email messages (to '' and '', which is the only way to request assistance with security-related account issues) and a final direct plea to Jeff Bezos' office that my account was returned.  While I did my best to point out some of the issues which the incident broached (i.e. no notification of any change to account policies which would allow account seizure, a typo in's Conditions of Use help page, and no established account reinstatement process) I was lucky enough not to require use of my account for the year it took for the matter to be resolved.  The most curious aspect of the situation was that representatives stated that there was no way to transfer a community profile (i.e. reviews, Listmania Lists, etc.) or item ratings to a new account; even the $75 gift card which was sent was to me was not enough incentive to just forget the old account (I had my mom open her own account to make use of the card).  While customer service was able to offer me a copy of my order history and a transfer of my Wish List items and Amazon EC2 support was ready to provide directions for moving over my AMIs it turns out that there was (and possibly is) no way to recover the MP3 files which one has purchased when one's account is closed.

To me it's strange to think that these type of things (i.e. customers having their accounts closed for suspected drop-shipping activity) have been covered by the local news in Seattle or that an email to Jeff Bezos would be needed for resolution; after all, claims to be "the world's most customer-centric company" and (in my experience anyway) has always had a very friendly veneer.


Apparently I really like Playstation 3 because two of them were bought under my account in late September 2010; also, my name is Mohammed and I live in Ohio (according to the shipping details anyway).  Nevertheless, a 10-minute online chat with eBay resolved the issue with no out-of-pocket cost; there was no effect to my eBay profile (i.e. feedback) either, which was fortunate since I've garnered a positive score of more than 100 as a result of small transactions over the last ten years.

The thought occurred to me that, at this rate of Playstation accumulation, my weapons program will be ahead of Sadam's in no time...


For the longest time my biggest gripe about PayPal was not that it wasn't GNUCash but rather that one had to upgrade one's account to "Premier"/"Business" in order to accept credit card payments; such a policy is understandable if one is processing many transactions... but is it reasonable for someone who gets the occasional payment funded via credit card by a new user/clueless friend/etc.?  A few years ago PayPal changed its policies so my decade-old gripe (which I not only had mentioned to company representatives on multiple occasions but even had a cousin submit in person when he interviewed for a job) became irrelevant.  Nothing more to consider, yeah?

As it turns out one's PayPal account can become a subject of one's consideration counter to one's will; discovering that a number of transactions have occurred (in the form of payments being sent to parties which are not known) means that one has officially descended into the seventh layer of hell.  OK, calling PayPal and getting the transactions marked as fraudulent was actually not that bad; getting a two-factor authorization key and then having to mark more (subsequent) transactions as fraudulent... still not *that* bad (in practice anyway - such an event sort of dispels any illusion one might have that, in theory, two-factor authentication is a panacea for all woes security-related).  Finding out that the PayPal Resolution Center web form doesn't play nice with Safari... annoying, but not catastrophic.  Realizing that PayPal can decide a dispute in some way other than in your favor and not provide you with a bit of information aside from an address where you can send a subpoena... irritating, but not a physical harm.  Taken together?  Perhaps Dante's Inferno is not altogether an inappropriate analogy for where I found myself in September 2010.

Looking into how one might handle such a situation I discovered that there are websites that advocate something like full-scale media war in order to get PayPal's attention; one such website ('F*', etc.) has a picture of George W. Bush flipping the reader the bird and lists a number of organizations (media outlets, Congressional representatives, etc.) that can be contacted on your behalf.

Rather than taking what I thought to be a drastic approach I decided to wait.  Ultimately my funds were returned (about six months after the initial transactions) and I sent a letter to PayPal detailing the situation which had occurred such that the algorithms used to identify unauthorized transactions can be reviewed to confirm that transactions are properly correlated (e.g. identifying that multiple large-sum payments to a single party in an account with sparse low-sum activity to varied parties might be suspect) and hopefully improved.  It seems odd that the funds were used to purchase gift cards (more on that under "") and later hosting, files ("Hotfiles" and "Rapidshare"), and small-denomination private-party transactions; why would anyone want to buy any of these things, let alone feel the need to steal the money for them?

Antecedent to the incident which occurred the only security problem I had ever had with PayPal was when my PayPal Plus MasterCard was blocked from making an exhaust purchase in 2007 "for my protection"; when I called to explain that (a) I had never agreed to such terms of service, (b) such terms were not explicitly part of the membership agreement in place when I signed up for an account, and (c) my preference is to opt-out of any such "protection" (as any freedom-loving American would) I was informed of the fact that this is PayPal's world, not mine (i.e. that one cannot opt-out of such "protection" and that accountability regarding changes to membership agreements is not something to which I can hold PayPal to account).  One later incident in which a payment for a flight lesson was similarly rejected has led me to rely on another credit card for purchases but I'm pretty sure PayPal is an eBay company and, as such, is headquartered (and governed) by American law; maybe one of my elected officials will ultimately become aware of the problem and help PayPal out.


Having lived in The United States of America for most of my life (sans the occasional holiday travel abroad) it takes quite a bit for me to think of a customer service experience as having set a new low in customer relations; somehow Skype lowered the bar.

The five or so chats with Skype customer service which took place before I could even get to the point where someone understood what I was asking was like talking to Luna Lovegood (from the Harry Potter movies)... only with her having suffered a full-frontal lobotomy and with a severe case of amnesia.  When I got stuck I tried posting to '' as I had read that others had gotten results by way of Skype employees who were monitoring the forum... though I had no such luck (the site has since been closed).  Getting my account back was a relief in some sense as one's ID is linked to an account and can't be re-used under a new account.

A few additional chats resulted in the payments which had been made being reversed but it's not clear why someone would need to use my Skype account to make unauthorized calls to Egypt in October 2010 (fomenting revolution perhaps?); as John Chambers said over ten years ago "bandwidth is free" (long-distance phone calls are correspondingly cheap and have been so for quite some time)... apparently whoever used my account didn't get the memo.  While it's annoying that there was no offer to clean the call history as a result of the unauthorized activity it was nice to not ultimately have to quit using Skype (though at this point Google Voice seems more compelling on a cost basis).

...It's foreboding (and scary) to think that an organization like TRUSTe (with whom I interviewed in late 2010) has become a for-profit business.  What hope do we have of seeing sites/start-ups/companies become compliant with a more well-reasoned set of standards, practices, policies, and procedures?

Although there are some aspects of internet security which have been a joke for as long as can be remembered (e.g. arbitrary session timeouts, junk email, CAPTCHA, etc.) I've always found that such things can be safely ignored: some researchers can't get past security pork and the public is always an object of abuse... but we still go on living.  It's too bad that things get more complicated when there's money involved and it seems pretty obvious that culture has a large part to play in what becomes of that which has captivated and charmed so many: the internet experience.