You can only access what you are given permission to access. Yes, the
logs are private. Example: IT cannot go to IE to read the history of
what web sites were accessed by the user without a search warrant or
permission from the Vice Provost.
Please read the AUP at http://www.msu.edu/au/. The section entitled: IV.
Good Citizenship in "Cyberspace" should answer questions that you have
raised privacy.
There is also another document that might assist in some definitions.
http://www.msu.edu/~ncc/Documents/SysOp/SysopD10.pdf This is the
proposed system administrator's guide that is also under review and
will, hopefully, be shorter than the current version. This guide is
just a discussion document and is not official policy but it does
reflect the current AUP and the definitions used within the AUP.
I am concerned because I can see possibilities of possible misuse.
-----Original Message-----
From: MSU Network Administrators Group [mailto:[log in to unmask]] On
Behalf Of Michael Surato
Sent: Tuesday, March 29, 2005 5:10 PM
To: [log in to unmask]
Subject: Re: [MSUNAG] Virtual Network Computing
Hi,
Perhaps some clarification would help.
Are you stating that this software is in violation of the AUP because it
does not ask the user before beginning? If it does ask the user
permission, is it still in violation if the user then uses it to access
the logs or any other item besides the desktop?
What is a private log? Are the system logs private? If so, on which
systems (i.e. are domain controllers considered "private" systems, and
thus the logs are inaccessible)?
The biggest concern I see in the AUP is the idea of private information.
That is to say, the delineation of public/accessible information and
private/inaccessible information creates several headaches for IT.
Especially if logs are included in the area of "private" information.
+-------------------------------------------+
| Michael Surato |
| Resource Center for Persons |
| with Disabilities |
| Michigan State University |
| 120 Bessey Hall |
| East Lansing, MI 48824 |
| Voice: (517) 353-9643 Fax: (517) 432-3191 |
+-------------------------------------------+
________________________________
From: MSU Network Administrators Group
[mailto:[log in to unmask]] On Behalf Of Linda Losik
Sent: Tuesday, March 29, 2005 4:43 PM
To: [log in to unmask]
Subject: Re: [MSUNAG] Virtual Network Computing
As a member of the AUP rewrite committee, here are some
thoughts.
If the end user agrees to allow you to access the desktop, you
will be able to access the desktop and only the desktop. You can only
access what you are given permission to access, and only enough that
will allow the current technical issue to be resolved. And you cannot
access anything else without the user's permission. This means that the
user should not have to look for the color change from blue to green.
The user should know immediately when IT logs on and logs off. The user
should be able to terminate the process at any time.
Under the current AUP and upcoming Statement of Acceptable Use,
accessing private files, emails, logs, etc. are still inaccessible to
IT. The only time IT is allowed to access systems logs and/or files is
either having written approval from the Vice-Provost or by responding to
a search warrant. The right to privacy is still paramount within both
documents. For troubleshooting, the process has been described as
"peeling an onion" on order to preserve privacy.
I would have real concerns as to whether this app is approved by
either the AUP or the SAU. Perhaps others of the rewrite committee
would care to address this as well
Linda Losik
Health Information Technology
________________________________
From: MSU Network Administrators Group
[mailto:[log in to unmask]] On Behalf Of Jesse Howard
Sent: Tuesday, March 29, 2005 3:47 PM
To: [log in to unmask]
Subject: Re: [MSUNAG] Virtual Network Computing
Troy,
Thanks for the reply. In the email that was sent out describing
UltraVNC and what it does, the staffer who wrote the email used screen
captures of both the features that you mention, the pop-up permission
window and the system tray icon changing from blue to green.
Okay, so there's at least one department that uses VNC. Any
others? Anyone want to address whether or not VNC is legal under the
AUP?
And what about the privacy issue? Anyone care to make an
interpretation of the AUP on where the IT admin's responsibilities end
and the users rights begin at the workstation?
Jesse Howard
_______________________
IT Administrator
Michigan State University Press
[log in to unmask]
www.msupress.msu.edu
-----Original Message-----
From: MSU Network Administrators Group
[mailto:[log in to unmask]]On Behalf Of Samone E. Jones
Sent: Tuesday, March 29, 2005 3:34 PM
To: [log in to unmask]
Subject: Re: [MSUNAG] Virtual Network Computing
Years ago when I used PCAnywhere for the same purpose,
we had the same issue.
PCAnywhere had a visual indicator - I think it was a
little pc that turned green when someone
else connected to the machine. So to soothe the users
that were leery, we taught them how to identify when
one of the IT staff were connected to the PC by using
the visual indicator in the task bar.
My point is maybe UltraVNC has a visual indicator like
PCAnywhere - I think that would be a good way to get the
users to put their guards down.
SJ
Samone E. Jones
Information Technologist
Family Consumer Sciences
Phone: 517.432.4552
Email: [log in to unmask]
-----Original Message-----
From: MSU Network Administrators Group
[mailto:[log in to unmask]] On Behalf Of Jesse Howard
Sent: Tuesday, March 29, 2005 2:10 PM
To: [log in to unmask]
Subject: [MSUNAG] Virtual Network Computing
I want to start using UltraVNC in our office
domain, for tech support and helpdesk purposes at the workstation level.
A few of our users have gotten the idea that we are going to use it to
spy on them, and look at their email. It's become a bit of a PR problem
for the IT Admin staff.
So I am wondering, is it legal to use software
like this at MSU, under the AUP? If so, who here is using it? Have you
run into issues with users like this, where they interpret something you
are doing as an attack on their privacy? If so, how did you handle it?
We have sent out an email describing the software, what it does, and the
fact that we won't use it without their permission. It doesn't seem to
have helped much.
Any ideas?
Jesse Howard
_______________________
IT Administrator
Michigan State University Press
[log in to unmask]
www.msupress.msu.edu
