[unisog] Freedom of Information Act

Brezin, Wendy wbrezin at unf.edu
Tue Sep 9 15:42:10 GMT 2003

At UNF, our directory is divided into that which is publicly viewable,
name and phone number, and that which is only viewable when the request
comes from within a range of IP address, which also includes e-mail

On each directory page, a link to
http://www.unf.edu/phonedir/web-dir-agreement.html is place.  This link
is essentially a notice provided by our legal counsel that warns UNF
will seek damages from anyone who uses the directory for commercial or
solicitation purposes.  That should distress a few potential spammers.
The source code rendered for each page formats an e-mail address that
looks like:  jsmith<STUPID>@<SPAM>unf<MUST>.<STOP>edu.  It looks
perfectly normal to the viewer of the page (jsmith at unf.edu), but again,
slows down the spammers.  It is unfortunate that the information is
still so easily accessed due to various laws and acts, but since it must
be, we use whatever tools we can to cut down on the consequences. 

Wendy Brezin
Network/Systems Administrator
Information Technology Services
University of North Florida
Jacksonville, Florida

-----Original Message-----
From: Jordan Wiens [mailto:jwiens at nersp.nerdc.ufl.edu] 
Sent: Tuesday, September 09, 2003 11:07 AM
To: Bob Kalal
Cc: Chris Stoermer; unisog at sans.org
Subject: Re: [unisog] Freedom of Information Act

Print out the list of emails in a non easily OCR'ed form, but still
understandable to a human?  The list could not be argued to be a
of FoIA (or Sunshine laws here in florida) as it can easily be used to
email anyone on the list, it's just difficult to email EVERYONE on the
list which would be a violation of our (and I would assume most U's)
Might not fly legally, but maybe it would.

Jordan Wiens, CISSP
UF Network Incident Response Team

On Mon, 8 Sep 2003, Bob Kalal wrote:

> Chris,
> You're lucky if it took the federal Freedom of Information Act.
> Addresses, and almost everything else, about all employees of
> the state of Ohio, including state university employees, are
> available to any "person" in the broadest legal sense under
> the Ohio Public Records Law. There are recent anti-terrorism
> exceptions for fire fighters and law enforcement personnel
> involved in certain active cases.
> Bob Kalal
> The Ohio State University
> At 1:14 PM -0500 9/8/03, Chris Stoermer wrote:
> >Howdy!
> >
> >An email came through the other day that had one of my alternate
> >addresses as the delivery address.  After doing a little snooping, I
> >found that our email addresses are part of "directory information"
> >covered in the FIA.
> >
> >In light of all the security concerns we have with viruses, would
> >any of us agree that the definition of "directory information" needs
> >to change?
> >
> >I have already written my reps.  I even sent a message to "Homeland
> >
> >--Chris

More information about the unisog mailing list