Enron Mail

From:mark.taylor@enron.com
To:leslie.hansen@enron.com
Subject:Re: Kennecott ETA
Cc:
Bcc:
Date:Thu, 20 Jul 2000 11:37:00 -0700 (PDT)

My back office suggestion is that the master user id and password be held by
the back office. The master user has the ability to open and close sub-user
(i.e. individual trader) user ids and passwords. So if a trader leaves, the
back office master user can immediately turn off the user id for that trader.
They can react much more quickly than we can and certainly faster than 5
days. I suppose the remaining risk there is that the back office person is
the disgruntled employee.



Leslie Hansen
07/20/2000 02:23 PM

To: Mark Taylor/HOU/ECT@ECT
cc:
Subject: Re: Kennecott ETA

I agree that it's their responsibility for dealing with rogues. However,
Kennecott's position is that all they can do is notify us and rely on us to
cut off access once they terminate an employee. They cannot ensure that the
employee doesn't write the password on his or her palm to take it with them.
Apparently, they have had some bad experiences with disgruntled traders.
Thus, their proposal that their notice must be by certified mail and the
proviso that we have 5 days to act on the notice.

I have a question regarding the back office suggestion -- are you suggesting
that no individual trader be given an id but rather you give the id to
someone in the back office and the trader has to call that individual to
actually submit a trade. If that's not what you intend, even if the back
office or control group holds the password, if the trader knows the password
to get into EOL, what's to stop him or her from continuing to access EOL
after leaving the company. The back office can notify EOL that the password
should be cancelled, but if we don't act on the notice, what is left for the
CP to do.

Who should be my EOL contact on this issue and other ETA issues?

Leslie



Mark Taylor
07/20/2000 01:55 PM

To: Leslie Hansen/HOU/ECT@ECT
cc:
Subject: Re: Kennecott ETA

You're right, we have not agreed to the final sentence with any of our other
counterparties. I doubt that the EOL people will let us do it (though we can
always ask). I have sometimes gotten counterparties comfortable with this
issue by suggesting that the master user id and password should be held by
someone in the back office, the control group or even the legal department so
that when a trader leaves the master user can immediately shut them off. It
seems to me that this puts the risk and responsibility for dealing with
rogues where it belongs - why should we be at risk if one of their traders
decides to damage the company? Having said that, I think that even without
the last sentence requested we are probably in that position - if we have
actually received the notice and request for termination of the password and
don't do it, it would be very hard to defend if we kept doing trades and they
can show they weren't authorized.



Leslie Hansen
07/20/2000 12:25 PM

To: Mark Taylor/HOU/ECT@ECT
cc:
Subject: Kennecott ETA

Mark:

As I mentioned in my voice mail, Kennecott Coal Sales has requested the
following modification to the ETA:

Section 6(a) shall be revised to provide that Enron shall use reasonable
efforts to cancel CP's master user password and/or user IDs upon receipt of
notice from CP. Notwithstanding anything in Section 6(e) to the contrary,
all such notices must be sent by certified mail to Enron at the following
address: [TO COME], or such other address as may be specified by Enron from
time to time. The notice shall be deemed effective five (5) days after its
receipt by Enron. After the effective date of the notice, the Counterparty
shall have no liability to Enron for any Transaction initiated with the use
of the master user password and/or user ID identified in the notice.

Please advise.

Leslie