Newsgroups: news.sysadmin Path: utzoo!henry From: henry@utzoo.uucp (Henry Spencer) Subject: Re: Privacy of computer files... Message-ID: <1988Nov11.180920.21736@utzoo.uucp> Organization: U of Toronto Zoology References: <183@gloom.UUCP> Date: Fri, 11 Nov 88 18:09:20 GMT In article <183@gloom.UUCP> cory@gloom.UUCP (Cory Kempf) writes: >Joe User has an account on a system that you are running. Is it >proper for you (the sysadmin) to go poking through his files? Unless open access was an explicit condition of his getting the account, his files are his own. There are some gray areas if his files are world-readable, but if they are protected, use of sysadmin powers to poke through them just out of curiosity is improper. >What about if he is suspected of some wrong doing? Should it >require a court order? A complicated problem; normally the user does not actually own the resources he is using, so the owner and his agents retain rights of some sort. What those rights are is less clear. Big paternalistic organizations, e.g. companies and universities, have a tendency to assert their right to investigate suspected wrongdoing on their property without asking permission. A complicating issue is that courts and such are not used to dealing with computers, and might have trouble coping with such a request. The rule we try to follow is "be sensible". Investigation of a user's files should be limited to that which appears necessary in the case at hand. Likewise disclosure of their contents. First priority is averting further wrongdoing; if Joe User is suspected of repeatedly crashing the system to harass other users, immediate investigation is in order to prevent further crashes. Second priority is minimizing the adverse consequences of existing wrongdoing; if Joe has been getting copies of other users's proprietary files, making sure he can't get them offsite is urgent. Third priority is preserving possible evidence against accidental or malicious destruction. Finding out whether Joe is guilty or not is the responsibility of either the legal system or the organization that owns the facility, not the sysadmin, unless a tentative determination of guilt or innocence bears on one of these three high-priority items (as it often does). Revealing the contents of Joe's files, or announcing a tentative conclusion of guilt, to others is grossly improper unless it is necessary for one of the three high priorities or is formally requested by the "proper authorities". The only time we've actually run into something like this was when one of our users was strongly suspected (by another department) of using an account on our system to assist in cheating. Priorities one and two did not seem to apply: my understanding was that the suspected cheating was past tense, not present or future, and the damage was done. Priority three did seem relevant, so we made a tape of the user's files and put it in protected storage. We told the other department that the tape's contents would be investigated on, and only on, formal request by a formal investigation. They wanted us to suspend the account. We told them that the user was entitled to the presumption of innocence, and that we wouldn't suspend without proof of guilt or a formal request from higher authority. I never heard anything more about it; either the matter was dropped or they got the goods on him without needing our evidence. -- Sendmail is a bug, | Henry Spencer at U of Toronto Zoology not a feature. | uunet!attcan!utzoo!henry henry@zoo.toronto.edu