[unisog] Freedom of Information Act

Chris Stoermer stoermer at unt.edu
Wed Sep 10 14:27:49 GMT 2003

Thanks, Martin!

This is the stuff I was hoping to get.  It looks like Missouri is the only state that has taken some initiative.

I don't mind traditional directory information.  I can hang up on phone calls; there's not much damage you can do to a fax; and snail mail is easy to dispose of.  I just can't believe that something as dangerous as email has become so simple to get.


>>> "Martin, James E." <martin at more.net> 09/09/03 10:14AM >>>
In Missouri, we've exempted any details of computer security configuration from disclosure (Section 610.021, R.S.MO 2002). This section was passed as part of Missouri's homeland defense planning. 

While there's no redaction requirement, a number of Missouri public sector orgs seem to be removing public user directories under this provision while citing viruses and spam as the threat.   


James E. Martin               
JD, CISSP             
MOREnet Network Security Coordinator 
University of Missouri System                     
voice: 573-884-7200   fax: 573-884-6673

-----Original Message-----
From: Bob Kalal [mailto:kalal.1 at osu.edu] 
Sent: Monday, September 08, 2003 6:27 PM
To: Chris Stoermer
Cc: unisog at sans.org 
Subject: Re: [unisog] Freedom of Information Act


You're lucky if it took the federal Freedom of Information Act.
Addresses, and almost everything else, about all employees of
the state of Ohio, including state university employees, are
available to any "person" in the broadest legal sense under
the Ohio Public Records Law. There are recent anti-terrorism
exceptions for fire fighters and law enforcement personnel
involved in certain active cases.

Bob Kalal
The Ohio State University

At 1:14 PM -0500 9/8/03, Chris Stoermer wrote:
>An email came through the other day that had one of my alternate 
>addresses as the delivery address.  After doing a little snooping, I 
>found that our email addresses are part of "directory information" 
>covered in the FIA.
>In light of all the security concerns we have with viruses, would 
>any of us agree that the definition of "directory information" needs 
>to change?
>I have already written my reps.  I even sent a message to "Homeland Security".

More information about the unisog mailing list