taylor@hplabsc.UUCP (02/14/87)
For the past three years I have been the liason between UCSD's Academic Computer Center and the Department of Communication, dealing with undergraduate class accounts. I am also a graduate student in Communication. As part of my graduate independent study work for this quarter I am attempting to write a code of ethics for for our use of the ACC's computer systems and our obligation(s) to the students. Or, put another way, a manual of ethics for distributed comuter systems management. Not necessarily for public consumption but just as a set of guidelines for our own use. The circumstances that prompted this are detailed below. The department's use of computers is limited to electronic mail and word processing. My job is to oversee the undergraduate course accounts and faculty course development accounts: setting up login/profile files, maintainting a few programs, answering questions, teaching people how to use mail and edit text. In the past this meant about 25 to 50 accounts per quarter. This quarter, due to the influx of more computer-oriented faculty, the numbers are in the 450 to 500 account range. With the increased numbers comes an increased level of complaints. In particular two students complained when I placed a "broadcast" (i.e. /etc/motd) message that showed up at login. The message listed my office hours and took up three lines. The students were upset about the invasion of privacy. They previously thought that their files were somehow inviolate. If someone could put broadcast messages in their account it was obvious that the same person or persons could do more, and might. Let's set aside for the moment the fact that their knowledge of the file system and file -rwx- permissions was nil. All they saw was an invasion of privacy. What I am interested in is how the issue of "access" is handled at other sites, not necessarily just academic computer centers but in the corporate world as well. Is there a codified policy for handling accounts? Are there implicit norms for the use of (for lack of a better term) higher level accounts (i.e. root)? I'm not talking about going into accounts to snoop through files. Besides the existing social norms and expectations of privacy I can't imagine anything more tedious than trying to find the few gems of insight in the mega-bytes of boring text such a search would entail :-). I am talking about the extent to which the user of a given account is informed about the relative privacy of his/her files. Any ideas/reflections/anecdotes on this subject will be appreciated. I will maintain confidentiality if requested and document sources where used. If there is a large response or sufficient inquiry I will post the paper I'm supposed to write (or mail it out) at the end of the quarter. Thank you, Bruce Jones