[unisog] Freedom of Information Act

Martin, James E. martin at more.net
Tue Sep 9 15:14:26 GMT 2003


In Missouri, we've exempted any details of computer security configuration from disclosure (Section 610.021, R.S.MO 2002). This section was passed as part of Missouri's homeland defense planning. 

While there's no redaction requirement, a number of Missouri public sector orgs seem to be removing public user directories under this provision while citing viruses and spam as the threat.   

Jim

========================================
James E. Martin               
JD, CISSP             
MOREnet Network Security Coordinator 
University of Missouri System                     
voice: 573-884-7200   fax: 573-884-6673
========================================


-----Original Message-----
From: Bob Kalal [mailto:kalal.1 at osu.edu]
Sent: Monday, September 08, 2003 6:27 PM
To: Chris Stoermer
Cc: unisog at sans.org
Subject: Re: [unisog] Freedom of Information Act


Chris,

You're lucky if it took the federal Freedom of Information Act.
Addresses, and almost everything else, about all employees of
the state of Ohio, including state university employees, are
available to any "person" in the broadest legal sense under
the Ohio Public Records Law. There are recent anti-terrorism
exceptions for fire fighters and law enforcement personnel
involved in certain active cases.

Bob Kalal
The Ohio State University

At 1:14 PM -0500 9/8/03, Chris Stoermer wrote:
>Howdy!
>
>An email came through the other day that had one of my alternate 
>addresses as the delivery address.  After doing a little snooping, I 
>found that our email addresses are part of "directory information" 
>covered in the FIA.
>
>In light of all the security concerns we have with viruses, would 
>any of us agree that the definition of "directory information" needs 
>to change?
>
>I have already written my reps.  I even sent a message to "Homeland Security".
>
>--Chris




More information about the unisog mailing list