cory@gloom.UUCP (Cory Kempf) (11/10/88)
(excuse me if this is the wrong group, but I wasn't sure what the right group was, and the question is directed towards sysadmins...) This vir- excuse me, worm has brought to light an interesting (at least to me, and my so who originally thought it up) question: Joe User has an account on a system that you are running. Is it proper for you (the sysadmin) to go poking through his files? What about if he is suspected of some wrong doing? Should it require a court order? What if the user is PAYING for the computer services via a pay-for-access type organization? Is this any different from a class account in a school? (where the student's fees/lab fees are paying the costs of maintaining the system, etc) -- Cory (the last person to escape alive from riverside) Kempf UUCP: encore.com!gloom!cory "...it's a mistake in the making." -KT
henry@utzoo.uucp (Henry Spencer) (11/12/88)
In article <183@gloom.UUCP> cory@gloom.UUCP (Cory Kempf) writes: >Joe User has an account on a system that you are running. Is it >proper for you (the sysadmin) to go poking through his files? Unless open access was an explicit condition of his getting the account, his files are his own. There are some gray areas if his files are world-readable, but if they are protected, use of sysadmin powers to poke through them just out of curiosity is improper. >What about if he is suspected of some wrong doing? Should it >require a court order? A complicated problem; normally the user does not actually own the resources he is using, so the owner and his agents retain rights of some sort. What those rights are is less clear. Big paternalistic organizations, e.g. companies and universities, have a tendency to assert their right to investigate suspected wrongdoing on their property without asking permission. A complicating issue is that courts and such are not used to dealing with computers, and might have trouble coping with such a request. The rule we try to follow is "be sensible". Investigation of a user's files should be limited to that which appears necessary in the case at hand. Likewise disclosure of their contents. First priority is averting further wrongdoing; if Joe User is suspected of repeatedly crashing the system to harass other users, immediate investigation is in order to prevent further crashes. Second priority is minimizing the adverse consequences of existing wrongdoing; if Joe has been getting copies of other users's proprietary files, making sure he can't get them offsite is urgent. Third priority is preserving possible evidence against accidental or malicious destruction. Finding out whether Joe is guilty or not is the responsibility of either the legal system or the organization that owns the facility, not the sysadmin, unless a tentative determination of guilt or innocence bears on one of these three high-priority items (as it often does). Revealing the contents of Joe's files, or announcing a tentative conclusion of guilt, to others is grossly improper unless it is necessary for one of the three high priorities or is formally requested by the "proper authorities". The only time we've actually run into something like this was when one of our users was strongly suspected (by another department) of using an account on our system to assist in cheating. Priorities one and two did not seem to apply: my understanding was that the suspected cheating was past tense, not present or future, and the damage was done. Priority three did seem relevant, so we made a tape of the user's files and put it in protected storage. We told the other department that the tape's contents would be investigated on, and only on, formal request by a formal investigation. They wanted us to suspend the account. We told them that the user was entitled to the presumption of innocence, and that we wouldn't suspend without proof of guilt or a formal request from higher authority. I never heard anything more about it; either the matter was dropped or they got the goods on him without needing our evidence. -- Sendmail is a bug, | Henry Spencer at U of Toronto Zoology not a feature. | uunet!attcan!utzoo!henry henry@zoo.toronto.edu
gmp@rayssd.ray.com (Gregory M. Paris) (11/14/88)
In article <183@gloom.UUCP> cory@gloom.UUCP (Cory Kempf) writes: >Joe User has an account on a system that you are running. Is it >proper for you (the sysadmin) to go poking through his files? In <1988Nov11.180920.21736@utzoo.uucp> henry@utzoo.uucp (Henry Spencer) writes: > Unless open access was an explicit condition of his getting the account, > his files are his own. There are some gray areas if his files are > world-readable, but if they are protected, use of sysadmin powers to > poke through them just out of curiosity is improper. Given that courts in the US have upheld the "right" of schools to search student lockers, even without cause, I suspect that they would rule similarly in the case of sysadmins searching user files and directories. My guess is that Henry's rules of propriety should be viewed as ethical rather than legal guidelines (at least in the US). -- Greg Paris <gmp@rayssd.ray.com> {decuac,gatech,necntc,sun,uiucdcs,ukma}!rayssd!gmp I don't care what people say about pain relievers.
dhesi@bsu-cs.UUCP (Rahul Dhesi) (11/14/88)
For a sysadmin to look through a user's files is somewhat similar to a law-enforcement officer putting on a pair of magic x-ray vision glasses. The intrusion is then psychological, not physical. I see no direct legal precedent for this. But aerial surveys over land for the purpose of ferreting out marijuana are legal in the USA, even though they violate the farmer's privacy. -- Rahul Dhesi UUCP: <backbones>!{iuvax,pur-ee}!bsu-cs!dhesi
cuccia@chaos.UUCP (Nick Cuccia) (11/15/88)
In article <4702@rayssd.ray.com> gmp@rayssd.RAY.COM (Gregory M. Paris) writes: >Given that courts in the US have upheld the "right" of schools to search >student lockers, even without cause, I suspect that they would rule similarly >in the case of sysadmins searching user files and directories. My guess is >that Henry's rules of propriety should be viewed as ethical rather than legal >guidelines (at least in the US). >-- >Greg Paris <gmp@rayssd.ray.com> The "right" of schools to search school lockers, to the best of my knowledge, exists only at the K-12 level, and such "rights" assume that Privacy Rights do not fully extend to those under the age of majority (disclaimer: my inter- pretation; I am not a lawyer). But this diverges from the real issue of "Who owns files in any given account on a given computer?" Some places spell this out at the time that the account is granted: one of the clauses in the contract that students sign for accounts at UCB explicitly states that all files are the property of the Regents of the University of California. In other cases, I'd venture that it is still an open legal problem. --Nick =============================================================================== Nick Cuccia System Admin/Postmaster, Sybase, Incorporated sybase!cuccia@sun.com 6475 Christie Av. Emeryville, CA 94608 {sun,lll-tis,pyramid,pacbell}!sybase!cuccia +1 415 596-3500
yba@arrow.bellcore.com (Mark Levine) (11/15/88)
In article <4746@bsu-cs.UUCP> dhesi@bsu-cs.UUCP (Rahul Dhesi) writes: >For a sysadmin to look through a user's files is somewhat similar to a >law-enforcement officer putting on a pair of magic x-ray vision >glasses. The intrusion is then psychological, not physical. > >I see no direct legal precedent for this. I think you will find there _is_ a Federal law prohibiting the sysadmin from looking at the contents of electronic mail queues. I recall a bulletin circulating at MIT shortly after this law took effect. It makes troubleshooting mail systems harder, and makes me question having bounced mail go to "postmaster", and I sure hope it gets interpreted liberally -- but it may be the precedent you are seeking (or not seeking). Perhaps someone else has more up to date info? Eleazor bar Shimon, once and future Carolingian yba@sabre.bellcore.com
lyndon@nexus.ca (Lyndon Nerenberg) (11/15/88)
Assuming an employer-employee relationship, what (legally) is the difference between the employer examining an employees files on a computer vs. examining the employees files in a filing cabinet? As a case in point, I have a paper file containing prices from one of our distributors. I also have this same information in a file on the computer. If my employer has legal access to my paper files, why would she not have access to the computer data? [ For the purposes of argument, consider the root password being the same as the master key to the filing cabinets. ]
yba@arrow.bellcore.com (Mark Levine) (11/16/88)
[Thanks James] I received a reply which rings true, that the law I was thinking of is the Federal Computer Privacy Act of 1986. The writer suggested it allows an admin to look at failing mail "as necessary" (but also said he needs to read it some more). Still not sure what is says about the larger question (outside mail) -- I would ask anyone with access to the text of the Act to post the significant parts. If I can find our legal department, I intend to ask them for guidelines. Eleazor bar Shimon, once and future Carolingian yba@sabre.bellcore.com
debra@alice.UUCP (Paul De Bra) (11/16/88)
In article <936@sword.bellcore.com> yba@sabre.bellcore.com (Mark Levine) writes: >[Thanks James] > >I received a reply which rings true, that the law I was thinking of is >the Federal Computer Privacy Act of 1986. The writer suggested it allows >an admin to look at failing mail "as necessary" (but also said he needs to >read it some more). Still not sure what is says about the larger question >(outside mail) -- I would ask anyone with access to the text of the Act to >post the significant parts. If I can find our legal department, I intend >to ask them for guidelines. > I don't know to much about legal issues, but it seems odd to me that it would be illegal to read files that have "r" permission for everyone. I always assumed that everyone with an account on a system was entitled to read all the files with "r" permission for everyone. By the same logic it is not appropriate for root to read files that are not readable to ordinarry users. I can't imagine that anyone would feel that the file permissions don't mean anything and that we are not supposed to look at files even if we have the file-permission to do so. Now there are some generally agreed upon exceptions like uucp and mail, which are accidently world-readable on many machines, due to what i would call bugs in the way mail and uucp handle permissions. Some versions of these programs already do it "right". Paul. -- ------------------------------------------------------ |debra@research.att.com | uunet!research!debra | ------------------------------------------------------
dave@galaxia.zone1.com (David H. Brierley) (11/18/88)
In article <2003@sybase.sybase.com> cuccia@chaos.sybase.com (Nick Cuccia) writes: >In article <4702@rayssd.ray.com> gmp@rayssd.RAY.COM (Gregory M. Paris) writes: >>Given that courts in the US have upheld the "right" of schools to search >>student lockers, even without cause, I suspect that they would rule similarly >>in the case of sysadmins searching user files and directories. > >The "right" of schools to search school lockers, to the best of my knowledge, >exists only at the K-12 level, ... > >But this diverges from the real issue of "Who owns files in any given account >on a given computer?" Some places spell this out at the time that the account >is granted: one of the clauses in the contract that students sign for accounts The closest analogy I can think of to both of these issues, school lockers and computer files, is the rights of landlords to inspect their property. This has been hashed out in court many times and the courts are on the side of the landlords. Most rental property is governed by leases that usually state that the landlord has to *attempt* to ask permission to enter the property but if those attempts are not successfull, or if the tenant is not cooperative, the landlord may legally enter and inspect the property. I suspect that the landlord does not have the right to remove or destroy any property that belongs to the tenant but he certainly has the right to notify the authorities of any illegal activities and I believe he also has the right to immediately deny the tenant any further access to the property if the terms of the lease are not being adhered to (for example: if the tenant had broken holes in all of the walls or otherwise damaged or abused the property). Of course, the tenant would then have the right to be allowed access to the property for the purpose of removing any personal belongings. Now, take the previous paragraph and substitute "user" for "tenant" and substitute "computer owner" for "landlord". -- David H. Brierley Home: dave@galaxia.zone1.com ...!rayssd!galaxia!dave Work: dhb@rayssd.ray.com {sun,decuac,gatech,necntc,ukma}!rayssd!dhb
leonard@qiclab.UUCP (Leonard Erickson) (11/24/88)
(Mark Levine) writes:
<[Thanks James]
<
<I received a reply which rings true, that the law I was thinking of is
<the Federal Computer Privacy Act of 1986. The writer suggested it allows
<an admin to look at failing mail "as necessary" (but also said he needs to
<read it some more). Still not sure what is says about the larger question
<(outside mail) -- I would ask anyone with access to the text of the Act to
<post the significant parts. If I can find our legal department, I intend
<to ask them for guidelines.
Check out the Electronic Communications Privacy Act of 1986 as well. It
has sections dealing with e-mail and inter-computer communications.
--
Leonard Erickson ...!tektronix!reed!percival!bucket!leonard
CIS: [70465,203] ...!tektronix!reed!qiclab!leonard
"I used to be a hacker. Now I'm a 'microcomputer specialist'.
You know... I'd rather be a hacker."