[unethical_ban]

"Legal" and "compliance" offices are not unusual in large organizations; they do exactly what they sound like they do. Legal is the lawyers. Compliance is the group that audits the organization and ensures all relevant legal and industry regulations are being met.

Alternatively, the "office of Trustworthy Computing" over which Scott Charney[1] presides does sound creepy.

https://www.youtube.com/watch?v=AUfSp5SnKL0

[Retric]

'Legal's' advice tends to be extremely conservative because the cost of court cases are high even if you win.

[dragonwriter]

I think it goes beyond that: internal Legal Offices' advice tends to be even more conservative than that would explain because:

1) If the advice is too conservative, and the company refrains from some action that it could have undertaken safely, then leadership blames the law.

2) If the advice is insufficiently conservative, and the company undertakes some action from which it should have refrained and it blows up in their face, then leadership blames Legal for blessing the action.

[Retric]

Err, that explains being conservative.

My point is being within the law is not quite enough. You want to be so far within the law that you can get most court cases thrown out without actual litigation.

Or as a rich friend of mine put it. I like paying a little extra in taxes every year. Sure, I could take every deduction but I like knowing if I am ever audited I will end up with a nice check.

[marshray]

(Microsoft employee here)

Note that "Trustworthy Computing (TWC)", by name and mission, is intentionally distinct from the "Trusted Computing" initiatives.

It's a subtle but essential distinction between trust meaning "to rely upon another party" and trustworthy meaning basically "reliable". (my own definitions)