Information [Technology] Policies, Rules and Guidelines Roundup 2002

Deliverable A: Existing MIT Policies, Rules & Guidelines

Rule Detail

 

PRG Title

P/R/G

Date

Author

MITnet Rules of Use, Rule 3:
Don't violate the privacy of other users
Rule

30 August 1995

Unknown

 Rule Text [captured on May 30, 2002 from http://mit.edu/olh/Rules/#rule_3]

3. Don't violate the privacy of other users.

The Electronic Communications Privacy Act (18 USC 2510 et seq., as amended) and other federal laws protect the privacy of users of wire and electronic communications.

The facilities of MITnet, and the operating systems used by Athena and other MITnet systems, encourage sharing of information. Security mechanisms for protecting information from unintended access, from within the system or from the outside, are minimal. These mechanisms, by themselves, are not sufficient for a large community in which protection of individual privacy is as important as sharing (see, for example, sections 11.2, 11.3, and 13.2 of MIT's Policies and Procedures). Users must therefore supplement the system's security mechanisms by using the system in a manner that preserves the privacy of themselves and others.

As Section 11.1 of MIT's Policies and Procedures notes, "Invasions of privacy can take many forms, often inadvertent or well-intended." All users of MITnet should make sure that their actions don't violate the privacy of other users, if even unintentionally.

Some specific areas to watch for include the following:

  • Don't try to access the files or directories of another user without clear authorization from that user. Typically, this authorization is signaled by the other user's setting file-access permissions to allow public or group reading of the files. If you are in doubt, ask the user.
  • Don't try to intercept or otherwise monitor any network communications not explicitly intended for you. These include logins, e-mail, user-to-user dialog, and any other network traffic not explicitly intended for you.
  • Unless you understand how to protect private information on a computer system, don't use the system to store personal information about individuals which they would not normally disseminate freely about themselves (e.g., grades, address information, etc.)
  • Don't make any personal information about individuals publicly available without their permission. This includes both text and number data about the person (biographical information, phone numbers, etc.), as well as representations of the person (graphical images, video segments, sound bites, etc.) For instance, it is not appropriate to include a picture of someone on a World Wide Web page without that person's permission. (Depending on the source of the information or image, there may also be copyright issues involved; cf. Rule 4).
  • Don't create any shared programs that secretly collect information about their users. Software on MITnet is subject to the same guidelines for protecting privacy as any other information-gathering project at the Institute. (This means, for example, that you may not collect information about individual users without their consent.)
  • Don't remotely log into (or otherwise use) any workstation or computer not designated explicitly for public logins over the network -- even if the configuration of the computer permits remote access -- unless you have explicit permission from the owner and the current user of that computer to log into that machine.

Related URL's

Rationale

Findings

Next Steps (recommendations)

Results

 

MIT Information Services and Technology

Ask a question or send a comment about this web page
Last modified: 6/6/2002