George J. Perkins wrote:
> The NCC sub-committee for setting up anti-virus recommendations a couple
> of years ago discussed the issues of "opt-in" vs "opt-out" and even
> though we wanted to recommend "opt-out" in this unusual case, we were
> told in no uncertain terms that non-header information in mail messages
> was clearly "user-generated", and whether it technically belonged to
> the sender or to the recipient in its course through the network between
> the two did not matter, it could NOT be scanned, automatically or not.
> Any notification of changes in the way E-mail was to be handled _had_ to
> be approved by the users. We were thus forced to water down the
> recommendation from "opt-out" to "opt-in" -- on any *existing* E-mail
> system (i.e., pilot).
And the sub-committee recommended the ability to "opt-out", which isn't
possible under the planned changes.
> The loophole was that the soon-to-be-announced-at-that-time upgrade to
> mail.msu.edu was considered as setting up a new system, so a user making
> the switchover could look at the fine print (somewhere) and see that the
> possibility for anti-virus scanning was part of the system and, by
> continuing to make the switchover, implicitly opt in to that behavior
> (whether it was actually activated at the time or not).
> So, as long as the mail.msu.edu upgrade procedure or documentation mention
> anti-virus scanning somewhere, it's probably not an issue (at least not a
> major one).
I just looked at the first two steps of the switchover procedure. There
doesn't appear to be any explicit mention of anti-virus. The Sanitizer
is mentioned at step 3, but I can't get that far without a new ID to
upgrade. But I do remember the Sanitizer is optional. And just
mentioning "anti-virus scanning" is somewhat vague. Many people might
assume messages will still be delivered, just tagged as infected or
clean. And you are presented with the OLD/FLAWED/CURRENTLY in effect
version of the AUP.
I see how the Computer Lab is between a rock and a hard place here.
Emailing a message directly to 60,000+ people is bound to confuse some
of them. But the hit or miss method currently used to advertise this
just seems dishonest to me. In the words of Vice Provost Gift: "Network
policies should be made known to users..." Slide 5 from
> There are two other mitigating factors:
> (a) the original edict about automatic anti-virus scanning of the contents
> of E-mail was from someone no longer in a position to enforce it;
But that edict was drummed into us long and hard. I certainly repeated
it to people that wondered if the administration was monitoring their
email - as an example of MSU's strong and even overzealous commitment to
academic freedom. I agree that times have changed and being more
proactive is wise, but feel this is a major change that should be widely