Sem 083 Ethics in Cyberspace

Assignment # 2. Privacy on Campus and in the Workplace

Be prepared to discuss the following in class::

1. What are your concerns regarding privacy on campus?
   
   
2. What is your understanding of the privacy of student information? How is that information protected at MIT?



3. Everyone using the network has an obligation to not violate the privacy of other users on the system. What do the Athena Rules of Use say about this?



4. Who has access to student files and under what conditions? Many universities reserve the right to inspect, alter or delete files on their systems. They perform searches for pirated software, cracker programs, pornography, etc. What is MIT's policy?



5. Who has access to student's email and under what circumstances?. What is MIT's policy?



6. Students at Stanford recently learned that backup tapes of their deleted email was kept on the system for a year? How long does MIT keep such tapes? How long does MIT keep logs of Athena logins, etc? Under what conditions would IS turn over these logs and to whom?



7. As MIT cards are required more and more for access to buildings, what is being done with the data collected? How long is this information stored? Who has access to it? Under what circumstances could it be used?
   

To find the answers, read the following (they are all quite brief):

1. The Federal Education Recorda and Privacy Act: (The Buckley Amendment) (optional reading)
   
   This law gives students five rights:
   • the right to inspect and review education records
   • the right to seek the amendment of education records
   • the right to consent to the disclosure of education records
   • the right to obtain a copy of the schools Student Records policy
   • the right to file a complaint with the FERPA Office in Washington, D.C.
   
   
2. MIT’s Student Information Policy
   
   
3. Who's Reading Your E-Mail? Facts You Should Know
   
   
4. Information System's Policy and Procedures
   


5. Athena Rules of Use: Rule #3
   


6. MIT Card privacy statement
   
   

Here are some other university privacy policy statements. What do you think?

1. Harvard Law School Information Technology Services Handbook 5, 1997

   "Network-based system activity, such as sending e-mail messages, is automatically logged on a continuous basis. These logs include a record of user processes, message subjects, and other user-related data that may be examined by authorized system administrators when necessary to maintain or prevent damage to systems or to ensure compliance with Harvard Law School guidelines. In addition, contents of messages are stored on the system until deleted by the message recipient and may also be available on backup tapes; under certain circumstances, these may be examined in accordance with University guidelines.”

2. Boston University Faculty Handbook: Computer Policies: Conditions of Use
   
   
3. University of Virginia: E-mail: Rules, Responsibilities, and Privacy

For an excellent summary of laws related to email privacy in the workplace read one of the following:

1. Monitoring Employee Email: Efficient Workplaces vs. Employee Privacy
   
   
2. Privacy in Cyberspace: Is Your E-mail Safe From the Boss, the SysOp, the Hackers, and the Cops?
   
   

last updated 28-Aug-2001 by: joanne@mit.edu