[unisog] IDS vs. Privacy

Peter Moody peter at ucsc.edu
Tue Feb 3 00:43:45 GMT 2004

> They would like to know: has anyone been in a similar situation? If so,
> were you able to bring back your IDS? What arguments were compelling to
> management? Are other institutions similarly concerned about the privacy
> issues involved? Why or why not?

As far as I know, we've never had administration shut down our IDS
systems (I've been here a little over a year. In university terms, I'm
still a babe), however every time we have had to defend our use of these
security devices, we point to the UCOP (University of California Office
of the President) electronic communications policy.

"The University does not routinely inspect, monitor, or disclose
electronic communications without the holder s (as defined in Appendix
A, Definitions) consent. Nonetheless, subject to the requirements for
authorization, notification, and other conditions specified in this
Policy, the University may deny access to its electronic communications
services and may inspect, monitor, or disclose electronic communications
under very limited circumstances as described in Sections III.E, Access
Restriction, and IV.B, Access Without Consent."

In the context of this discussion, we read this paragraph to mean:
"we don't go hunting for stuff, but if we see something that catches our
eye we will investigate"

The entire policy can be found at:

So, as much as I hate policy (writing it anyway), it can be a real

Hope this helps.


Peter Moody                             <peter at ucsc.edu>
Information Security Administrator      831/459.5409
Communications and Technology Services. UC, Santa Cruz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/unisog/attachments/20040202/42dfcdbc/attachment-0003.bin

More information about the unisog mailing list