On Friday, February 26, 2010 10:43 AM Andrew McNabb wrote: >3: most-sensitive: Data such as keystrokes, passwords, cookies, and >contents of email may be extremely sensitive. It should be illegal to >invite a guest to use your computer and to steal their password with a >keystroke logger. ...
Thanks for your previous e-mail Andrew. It helped me understand better your point of view. I just want to clarify that I believe that restrictions are certainly necessary, but sometimes the restrictions seem a little extreme to me. For instance, as per above, it would be too much for me if I was told I could not use a keylogger on my personal computer. (And, for the record, I don't use a keylogger and never have and don't really see a reason to use one on my computer. I'm more concerned with the principle of government involvement in private affairs than in being able to have a key logger.) It would obviously be wrong to try to steal someone's password, but would it be wrong to have logged it if you told the person in advance that it was going to happen? I think the transparency makes the difference -- if you know about it you can simply not do it. If you trust the person, you can take your chances in using their computer. I agree that it seems a breach of privacy if university employees were randomly or even systematically reading any e-mail coming through its network. However, if there is a legitimate reason, when a trigger prompts it, to have an employee to look at the contents of an e-mail if there is a reason to believe it is a danger to the system, I feel the university should have that right. I'm not savvy enough to know how likely an e-mail is to be a problem and what sort of monitoring is warranted. If the same level of protection can be achieved in other ways, I think the other ways should be preferred. >1: least-sensitive: I agree that there is a reasonable need to be able to >monitor a network for purposes of quality control. Some information, such as >IP headers and packet sizes seem perfectly >reasonable to monitor (they're the >equivalent of looking at the envelope but not opening it), even though they >occasionally contain somewhat sensitive information. This reminds me of training I got when I was an intern for a senator in Washington D.C. They took us to the mail room and showed us some examples of suspicious mail. Big packages with paper hanging out of them were one of the things they said to look out for. They said sometimes bomb makers would insert a picture of some sort (usually of a pretty woman ...) between the contacts of an electronic detonation device inside the package. Then they left a part of the picture hanging out of the box. Then, some hapless employee of the senator would pull out the picture to get a better view and detonate the explosive. You can be sure that they took that package someplace safe and an explosives expert opened it (one way or another) to see what was (or wasn't) inside. Christijan -------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info (unsubscribe here): http://uug.byu.edu/mailman/listinfo/uug-list
