[unisog] IDS vs. Privacy

Russell Fulton r.fulton at auckland.ac.nz
Tue Feb 3 03:52:26 GMT 2004

> They would like to know: has anyone been in a similar situation? If so,
> were you able to bring back your IDS? What arguments were compelling to
> management? Are other institutions similarly concerned about the privacy
> issues involved? Why or why not?

Hmmm.... Things are a bit different here in NZ since we have quite
strict privacy legislation.   The key point of the legislation is that
you must be up front about what data you are collecting *and* what you
are collecting it for.

For many years I have collected all sorts of stuff on the DMZ, both
aggregate and raw data.  The data is collected to allow the security
section to detect attacks and possible compromise of machines.  There is
also a secondary use for planning (using aggregated data).

>From time to time I get enquires from administrators "Can you find out
what so in so is doing?" the answer is invariably NO.  Some times
however we get a request from a users who has got a big traffic bill
"Err... what happened --- how did I use this much?"  This can be
answered with out problems since it is from the owner of the data.

What I am saying is that it should be possible to use policy which
carefully protects privacy.  It won't be as effective as legislation but
should be enough to protect individuals.

Russell Fulton                                    /~\  The ASCII
Network Security Officer                          \ /  Ribbon Campaign
The University of Auckland                         X   Against HTML
New Zealand                                       / \  Email!

More information about the unisog mailing list