[Dshield] "Academic Freedom" vs Computer Security

John Holmblad jholmblad at aol.com
Mon Feb 16 16:20:37 GMT 2004


The context of these remarks is the US although much if what I have to 
say is at least indirectly also applicable elsewhere.

If by anonymity you mean transactions whose source and destination are 
kept private between the communicating parties then I would assert that 
when the communications medium is a public data network service such as 
that provided by the Internet Service Providers, maintaining such 
privacy is the rule with the necessary exceptions for law enforcement 
needs.  Law enforcement has the means (e.g. Communications Assistance 
for Law Enforcement Act of 1994 (CALEA)) (http://www.askcalea.net/) at 
least on certain kinds of networks and with the right legal 
authorizations to find out when necessary, what they need to find out 
regarding such transactions.  For public service providers, I for one, 
would not want my provider to be routinely surveil my transactions and 
would not expect they would do so without the aforementioned legal 

Enterprise networks are another matter altogether. In that case the 
enterprise as the owner of those network assets has every right to 
surveil the enterprise  network as they see fit. Ethical businesses 
would of course inform their employees that such workplace surveillance 
is taking place.

Academic institutions in my opinion fall somewhere in between these two 
extremes with respect to privacy of communications, depending upon 
whether or not  they take money from the public for providing their 
educational services.  Public universities, are funded by US taxpayer 
dollars, and even private academic institutions derive economic benefits 
from the US public  by maintaining a classification as a non-profit 
institution thereby earning a reduction in their tax payments. As a 
consequence I believe such institutions should be no more intrusive with 
respect to telecommunications services provided on campus (whether voice 
or data) than a public telecom service provider. To me this has nothing 
to do with academic freedom but a lot to do with privacy. Just because a 
student, an adult, after all,  is communicating from a campus network  
does not in and of itself justify a higher level of surveillance than if 
they were in their home, directly connected to their favorite voice or 
data service provider.  A truly private institution that does not use 
the national. state or local treasury as a source of funding would fall 
into the category of an enterprise and should be free to conduct 
surveillance as they see fit. I think that smart CIO's/CTO's/CISO's of 
public institutions understand this and they will act wisely with 
respect to their surveillance activities.


Best Regards,


John Holmblad


Televerage International


(H) 703 620 0672

(M) 703 407 2278

(F) 703 620 5388


www page:                      www.vtext.com/users/jholmblad

primary email address: jholmblad at aol.com

backup email address:  jholmblad at verizon.net


text email address:         jholmblad at vtext.com

More information about the list mailing list